US-CERT Bulletin (SB22-031):Vulnerability Summary for the Week of January 24, 2022
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache — shenyu | Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1. | 2022-01-25 | 7.5 | CVE-2021-45029 CONFIRM MLIST MLIST |
asus — vc65-c1_firmware | ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service. | 2022-01-21 | 7.2 | CVE-2022-21933 CONFIRM |
budget_and_expense_tracker_system_project — budget_and_expense_tracker_system | SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field. | 2022-01-21 | 7.5 | CVE-2021-40247 MISC MISC |
cached-path-relative_project — cached-path-relative | The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path. When using the origin path as __proto__, the attribute of the object is accessed instead of a path. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573 | 2022-01-21 | 7.5 | CVE-2021-23518 CONFIRM CONFIRM CONFIRM |
courier_management_system_project — courier_management_system | An SQL Injection vulnerability exists in Sourceodester Courier Management System 1.0 via the email parameter in /cms/ajax.php app. | 2022-01-21 | 10 | CVE-2021-46198 MISC MISC |
dell — emc_appsync | Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI. An adjacent unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users. | 2022-01-21 | 7.5 | CVE-2022-22553 MISC |
dell — emc_unity_operating_environment | Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the Unity underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege. | 2022-01-24 | 7.2 | CVE-2021-43589 CONFIRM |
employee_and_visitor_gate_pass_logging_system_project — employee_and_visitor_gate_pass_logging_system | An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username parameter. | 2022-01-21 | 10 | CVE-2021-46309 MISC |
europa — technical_specifications_for_digital_covid_certificates | The EU Technical Specifications for Digital COVID Certificates before 1.1 mishandle certificate governance. A non-production public key certificate could have been used in production. | 2022-01-21 | 7.5 | CVE-2021-40855 MISC MISC |
exiftool_project — exiftool | lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check. | 2022-01-25 | 7.5 | CVE-2022-23935 MISC |
forestblog_project — forestblog | In ForestBlog, as of 2021-12-28, File upload can bypass verification. | 2022-01-25 | 7.5 | CVE-2021-46033 MISC |
freecadweb — freecad | Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename. | 2022-01-25 | 7.6 | CVE-2021-45844 MISC MISC |
fresenius-kabi — agilia_connect_firmware | The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently. | 2022-01-21 | 7.5 | CVE-2021-23196 MISC |
fresenius-kabi — agilia_partner_maintenance_software | Requests may be used to interrupt the normal operation of the device. When exploited, Fresenius Kabi Agilia Link+ version 3.0 must be rebooted via a hard reset triggered by pressing a button on the rack system. | 2022-01-21 | 7.8 | CVE-2021-23236 MISC |
fresenius-kabi — agilia_partner_maintenance_software | Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypass the client-side checks. An attacker with knowledge of the service user could circumvent the client-side control and login with service privileges. | 2022-01-21 | 7.5 | CVE-2021-43355 MISC |
fresenius-kabi — agilia_partner_maintenance_software | Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoints as an unauthenticated user to perform critical actions or modify critical configuration parameters. | 2022-01-21 | 7.5 | CVE-2021-23233 MISC |
hms_project — hms | HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php. | 2022-01-21 | 7.5 | CVE-2022-23366 MISC |
hms_project — hms | HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php. | 2022-01-21 | 7.5 | CVE-2022-23364 MISC |
hms_project — hms | HMS v1.0 was discovered to contain a SQL injection vulnerability via doctorlogin.php. | 2022-01-21 | 7.5 | CVE-2022-23365 MISC |
ibm — cognos_controller | IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847. | 2022-01-21 | 7.5 | CVE-2020-4879 CONFIRM XF |
ibm — cognos_controller | IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843. | 2022-01-21 | 7.5 | CVE-2020-4877 XF CONFIRM |
iconics — analytix | Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI versions 10.95.3 to 10.97 allows a remote unauthenticated attacker to bypass the authentication of MC Works64, GENESIS64, Hyper Historian, AnalytiX and MobileHMI, and gain unauthorized access to the products, by sending specially crafted WebSocket packets to FrameWorX server, one of the functions of the products. | 2022-01-21 | 7.5 | CVE-2022-23128 MISC MISC MISC |
iresturant_project — iresturant | MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because the email and phone parameter values are added to the SQL query without any verification at the time of membership registration. | 2022-01-25 | 7.5 | CVE-2021-45802 MISC MISC |
jeecg — jeecg_boot | In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges. | 2022-01-25 | 10 | CVE-2021-46089 MISC |
libexpat_project — libexpat | Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. | 2022-01-24 | 7.5 | CVE-2022-23852 MISC |
librecad — librecad | A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. | 2022-01-25 | 9.3 | CVE-2021-45341 MISC |
loguru_project — loguru | Code Injection in PyPi loguru prior to and including 0.5.3. | 2022-01-21 | 7.5 | CVE-2022-0329 MISC CONFIRM MISC MISC |
mediatek — linkit_software_development_kit | In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc. | 2022-01-24 | 7.5 | CVE-2021-30636 MISC |
mingsoft — mcms | MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file. | 2022-01-21 | 7.5 | CVE-2022-22929 MISC |
mingsoft — mcms | MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code. | 2022-01-21 | 7.5 | CVE-2022-22928 MISC |
mingsoft — mcms | MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do. | 2022-01-21 | 7.5 | CVE-2022-23314 MISC |
mingsoft — mcms | A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload. | 2022-01-21 | 7.5 | CVE-2022-22930 MISC |
mingsoft — mcms | MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do. | 2022-01-21 | 7.5 | CVE-2022-23315 MISC |
online_banking_system_project — online_banking_system | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via index.php. | 2022-01-21 | 7.5 | CVE-2022-23363 MISC |
online_learning_system_project — online_learning_system | SQL injection vulnerability in Login.php in sourcecodester Online Learning System v2 by oretnom23, allows attackers to execute arbitrary SQL commands via the faculty_id parameter. | 2022-01-24 | 7.5 | CVE-2021-40596 MISC |
online_leave_management_system_project — online_leave_management_system | SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /leave_system/classes/Login.php. | 2022-01-21 | 7.5 | CVE-2021-40595 MISC MISC |
online_payment_hub_project — online_payment_hub | SQL injection vulnerability in Login.php in Sourcecodester Online Payment Hub v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter. | 2022-01-24 | 7.5 | CVE-2021-43420 MISC |
online_project_time_management_system_project — online_project_time_management_system | An SQL Injection vulnerabilty exists in Sourcecodester Online Project Time Management System 1.0 via the pid parameter in the load_file function. | 2022-01-24 | 7.5 | CVE-2021-46451 MISC |
online_railway_reservation_system_project — online_railway_reservation_system | An SQL Injection vulnerability exists in Sourcecodester Online Railway Reservation Sysytem 1.0 via the sid parameter. | 2022-01-21 | 10 | CVE-2021-46308 MISC |
online_resort_management_system_project — online_resort_management_system | An SQL Injection vulnerability exists in Sourcecodester Online Resort Management System 1.0 via the id parameterv in /orms/ node. | 2022-01-21 | 10 | CVE-2021-46201 MISC |
projectworlds — online-shopping-webvsite-in-php | Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the “id” parameter in cart_add.php, No login is required. | 2022-01-23 | 7.5 | CVE-2021-46024 MISC |
projectworlds — online_examination_system | An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php. | 2022-01-21 | 10 | CVE-2021-46307 MISC |
purchase_order_management_system_project — purchase_order_management_system | SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter. | 2022-01-24 | 7.5 | CVE-2021-40908 MISC |
quickbox — quickbox | In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shell_exec(”); function without properly sanitizing any shell arguments, therefore remote code execution is possible. Additionally, as the media server is running as root by default attackers can use the sudo command within this shell_exec(”); function, which allows for privilege escalation by means of RCE. | 2022-01-24 | 9 | CVE-2021-44981 MISC MISC |
saviynt — enterprise_identity_cloud | An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An authentication bypass in ECM/maintenance/forgotpasswordstep1 allows an unauthenticated user to reset passwords and login as any local account. | 2022-01-24 | 7.5 | CVE-2022-23855 MISC |
simple_membership_system_using_php_and_ajax_project — simple_membership_system_using_php_and_ajax | SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password parameters. | 2022-01-24 | 7.5 | CVE-2021-41472 MISC |
simple_music_cloud_community_system_project — simple_music_cloud_community_system | An SQL Injection vulnerability exists in Sourcecodester Simple Music Clour Community System 1.0 via the email parameter in /music/ajax.php. | 2022-01-21 | 10 | CVE-2021-46200 MISC |
south_gate_inn_online_reservation_system_project — south_gate_inn_online_reservation_system | SQL injection vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the email and Password parameters. | 2022-01-24 | 7.5 | CVE-2021-41471 MISC |
starwindsoftware — command_center | In StarWind Command Center before V2 build 6021, an authenticated read-only user can elevate privileges to administrator through the REST API. | 2022-01-24 | 9 | CVE-2022-23858 MISC |
storage_unit_rental_management_system_project — storage_unit_rental_management_system | SQL injection vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /storage/classes/Login.php. | 2022-01-24 | 7.5 | CVE-2021-40907 MISC |
telosalliance — z\/ip_one_firmware | A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an unauthenticated individual root level access to the device’s file system. This can be used to identify configuration settings, password hashes for built-in accounts, and the cleartext password for remote configuration of the device through the WebUI. | 2022-01-24 | 10 | CVE-2020-17383 MISC MISC MISC |
teslamate_project — teslamate | TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occurs because an attacker can leverage Grafana login access to obtain a token for Tesla API calls. | 2022-01-24 | 7.5 | CVE-2022-23126 MISC MISC CONFIRM MISC MISC |
tp-link — archer_c90_firmware | This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer C90 1.0.6 Build 20200114 rel.73164(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14655. | 2022-01-21 | 10 | CVE-2021-35003 MISC |
tp-link — tl-wa1201_firmware | This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link TL-WA1201 1.0.1 Build 20200709 rel.66244(5553) wireless access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14656. | 2022-01-21 | 10 | CVE-2021-35004 MISC |
try_my_recipe_project — try_my_recipe | SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website – CMS) 1.0 by oretnom23, allows attackers to execute arbitrary code via the rid parameter to the view_recipe page. | 2022-01-24 | 7.5 | CVE-2021-41928 MISC |
usbview_project — usbview | USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the –gtk-module option. This affects Ubuntu, Debian, and Gentoo. | 2022-01-21 | 7.2 | CVE-2022-23220 MISC MISC DEBIAN MLIST |
vim — vim | Heap-based Buffer Overflow in vim/vim prior to 8.2. | 2022-01-21 | 7.5 | CVE-2022-0318 MISC CONFIRM |
wedevs — wp_user_frontend | The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting | 2022-01-24 | 7.5 | CVE-2021-25076 MISC CONFIRM |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
accesspressthemes — wp_cookie_user_info | The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection | 2022-01-24 | 6.5 | CVE-2021-24858 MISC |
acf-extended — advanced_custom_fields\ | The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 does not validate the order and orderby parameters before using them in a SQL statement, leading to a SQL Injection issue | 2022-01-24 | 6.5 | CVE-2021-24865 CONFIRM MISC |
adodb_project — adodb | Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21. | 2022-01-25 | 6.4 | CVE-2021-3850 MISC CONFIRM |
appcms — appcms | AppCMS 2.0.101 has a XSS injection vulnerability in \templates\m\inc_head.php | 2022-01-23 | 4.3 | CVE-2021-45380 MISC |
asgaros — asgaros_forum | The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue | 2022-01-24 | 6.5 | CVE-2021-25045 MISC CONFIRM |
bingrep_project — bingrep | Bingrep v0.8.5 was discovered to contain a memory allocation failure which can cause a Denial of Service (DoS). | 2022-01-21 | 5 | CVE-2021-39480 MISC |
camunda — min-dash | The package min-dash before 3.8.1 are vulnerable to Prototype Pollution via the set method due to missing enforcement of key types. | 2022-01-21 | 5 | CVE-2021-23460 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
codeigniter — codeigniter | CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting (XSS) vulnerability was found in `API\ResponseTrait` in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using `API\ResponseTrait`. Version 4.1.8 contains a patch for this vulnerability. There are two potential workarounds available. Users may avoid using `API\ResponseTrait` or `ResourceController` Users may also disable Auto Route and use defined routes only. | 2022-01-24 | 4.3 | CVE-2022-21715 MISC CONFIRM MISC |
codesnippets — code_snippets | The Code Snippets WordPress plugin before 2.14.3 does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue | 2022-01-24 | 4.3 | CVE-2021-25008 MISC |
coins-global — construction_cloud | An issue was discovered in COINS Construction Cloud 11.12. Due to improper validation of user-controlled HTTP headers, attackers can cause it to send password-reset e-mails pointing to arbitrary websites. | 2022-01-24 | 4.3 | CVE-2021-45226 MISC MISC MISC |
coins-global — construction_cloud | An issue was discovered in COINS Construction Cloud 11.12. Due to improper input neutralization, it is vulnerable to reflected cross-site scripting (XSS) via malicious links (affecting the search window and activity view window). | 2022-01-24 | 4.3 | CVE-2021-45225 MISC MISC MISC |
coins-global — construction_cloud | An issue was discovered in COINS Construction Cloud 11.12. In several locations throughout the application, JavaScript code is passed as a URL parameter. Attackers can trivially alter this code to cause malicious behaviour. The application is therefore vulnerable to reflected XSS via malicious URLs. | 2022-01-24 | 4.3 | CVE-2021-45224 MISC MISC MISC |
coins-global — construction_cloud | An issue was discovered in COINS Construction Cloud 11.12. Due to logical flaws in the human ressources interface, it is vulnerable to privilege escalation by HR personnel. | 2022-01-24 | 6.5 | CVE-2021-45222 MISC MISC MISC |
coins-global — construction_cloud | An issue was discovered in COINS Construction Cloud 11.12. Due to insufficient input neutralization, it is vulnerable to denial of service attacks via forced server crashes. | 2022-01-24 | 4 | CVE-2021-45223 MISC MISC MISC |
conda_loguru_project — conda_loguru | Improper Privilege Management in Conda loguru prior to 0.5.3. | 2022-01-25 | 4 | CVE-2022-0338 CONFIRM MISC |
contribsys — sidekiq | In api.rb in Sidekiq before 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users. | 2022-01-21 | 5 | CVE-2022-23837 MISC MISC |
convert-svg-core_project — convert-svg-core | This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a converted PNG file. | 2022-01-21 | 5 | CVE-2021-23631 CONFIRM CONFIRM CONFIRM CONFIRM |
crmperks — contact_form_entries | The Contact Form Entries WordPress plugin before 1.2.4 does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the admin page | 2022-01-24 | 4.3 | CVE-2021-25079 MISC CONFIRM |
crmperks — contact_form_entries | The Contact Form Entries WordPress plugin before 1.1.7 does not validate, sanitise and escape the IP address retrieved via headers such as CLIENT-IP and X-FORWARDED-FOR, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against logged in admins viewing the created entry | 2022-01-24 | 4.3 | CVE-2021-25080 MISC CONFIRM |
dell — emc_appsync | Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing state changing operations. | 2022-01-21 | 5.8 | CVE-2022-22552 MISC |
dell — emc_appsync | DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session. | 2022-01-21 | 5.8 | CVE-2022-22551 MISC |
dell — emc_data_protection_central | Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. | 2022-01-24 | 5 | CVE-2021-43588 CONFIRM |
dell — emc_data_protection_central | Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts. | 2022-01-24 | 4 | CVE-2021-36349 CONFIRM |
dell — solutions_enabler | The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance. | 2022-01-21 | 4.6 | CVE-2021-36339 MISC |
dell — solutions_enabler | Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. | 2022-01-21 | 5.2 | CVE-2021-36338 MISC |
elfspirit_project — elfspirit | elfspirit is an ELF static analysis and injection framework that parses, manipulates, and camouflages ELF files. When analyzing the ELF file format in versions prior to 1.1, there is an out-of-bounds read bug, which can lead to application crashes or information leakage. By constructing a special format ELF file, the information of any address can be leaked. elfspirit version 1.1 contains a patch for this issue. | 2022-01-24 | 5.8 | CVE-2022-21711 MISC MISC CONFIRM |
epub2txt_project — epub2txt | xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through 2.02 allows a stack-based buffer overflow via a crafted EPUB document. | 2022-01-23 | 6.8 | CVE-2022-23850 MISC |
forestblog_project — forestblog | A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vulnerability that can be injected through the nickname input box. | 2022-01-25 | 4.3 | CVE-2021-46034 MISC |
fresenius-kabi — agilia_connect_firmware | Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains service credentials likely to be common across all instances. An attacker in possession of the password may gain privileges on all installations of this software. | 2022-01-21 | 6.5 | CVE-2021-44464 MISC |
fresenius-kabi — agilia_connect_firmware | The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies that may allow an attacker to compromise SSL/TLS sessions in different ways. An attacker may be able to eavesdrop on transferred data, manipulate data allegedly secured by SSL/TLS, and impersonate an entity to gain access to sensitive information. | 2022-01-21 | 6.4 | CVE-2021-31562 MISC |
fresenius-kabi — agilia_connect_firmware | Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 has the option for automated indexing (directory listing) activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all content of the directory will be displayed, allowing an attacker to identify and access files on the server. | 2022-01-21 | 5 | CVE-2021-23195 MISC |
fresenius-kabi — agilia_connect_firmware | Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 is vulnerable to reflected cross-site scripting attacks. An attacker could inject JavaScript in a GET parameter of HTTP requests and perform unauthorized actions such as stealing internal information and performing actions in context of an authenticated user. | 2022-01-21 | 4.3 | CVE-2021-33848 MISC |
fresenius-kabi — agilia_connect_firmware | Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configuration page accessible without authentication. An attacker may use this functionality to change the exposed configuration values such as network settings. | 2022-01-21 | 5 | CVE-2021-33843 MISC |
fresenius-kabi — agilia_partner_maintenance_software | Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore, transmitted data may be sent in cleartext. Transport layer encryption is offered on Port TCP/443, but the affected service does not perform an automated redirect from the unencrypted service on Port TCP/80 to the encrypted service. | 2022-01-21 | 5 | CVE-2021-41835 MISC |
fresenius-kabi — agilia_partner_maintenance_software | Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possession of the key can issue valid JWTs and impersonate arbitrary users. | 2022-01-21 | 6.5 | CVE-2021-33846 MISC |
golang — go | In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196. | 2022-01-24 | 5 | CVE-2021-39293 CONFIRM |
gpac — gpac | A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_dump_vrml_sffield () at scene_manager/scene_dump.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-21 | 4.3 | CVE-2021-46240 MISC |
gpac — gpac | A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-21 | 4.3 | CVE-2021-46234 MISC |
gpac — gpac | A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_vrml_field_pointer_del () at scenegraph/vrml_tools.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-21 | 4.3 | CVE-2021-46236 MISC |
gpac — gpac | An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-21 | 4.3 | CVE-2021-46237 MISC |
gpac — gpac | GPAC v1.1.0 was discovered to contain a stack overflow via the function gf_node_get_name () at scenegraph/base_scenegraph.c. This vulnerability can lead to a program crash, causing a Denial of Service (DoS). | 2022-01-21 | 4.3 | CVE-2021-46238 MISC |
gpac — gpac | The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid free vulnerability via the function gf_free () at utils/alloc.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-21 | 4.3 | CVE-2021-46239 MISC |
gpac — gpac | The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentation fault via the function __memmove_avx_unaligned_erms (). This vulnerability can lead to a Denial of Service (DoS). | 2022-01-21 | 4.3 | CVE-2021-46313 MISC |
gpac — gpac | A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_destroy_routes () at scenegraph/vrml_route.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-21 | 4.3 | CVE-2021-46311 MISC |
hdfgroup — hdf5 | A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS). | 2022-01-21 | 4.3 | CVE-2021-46244 MISC |
hdfgroup — hdf5 | An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-21 | 4.3 | CVE-2021-46243 MISC |
hdfgroup — hdf5 | HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry. | 2022-01-21 | 6.8 | CVE-2021-46242 MISC |
hospital\’s_patient_records_management_system_project — hospital\’s_patient_records_management_system | Sourcecodester Hospital’s Patient Records Management System 1.0 is vulnerable to Insecure Permissions via the id parameter in manage_user endpoint. Simply change the value and data of other users can be displayed. | 2022-01-24 | 5 | CVE-2022-22296 MISC |
ibm — cognos_controller | IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190839. | 2022-01-21 | 6.4 | CVE-2020-4876 CONFIRM XF |
ibm — cognos_controller | IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190838. | 2022-01-21 | 6.4 | CVE-2020-4875 CONFIRM XF |
ibm — websphere_application_server | IBM WebSphere Application Server – Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 213875. | 2022-01-25 | 6.5 | CVE-2021-39031 XF CONFIRM |
iconics — genesis64 | Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.97 and prior and ICONICS Hyper Historian versions 10.97 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64 or MC Works64 and execute commands against the database from GENESIS64 or MC Works64. | 2022-01-21 | 4.3 | CVE-2022-23130 MISC MISC MISC |
iconics — mobilehmi | Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of an MC Works64 or MobileHMI and perform any operation using the acquired authentication information, by injecting a malicious script in the URL of a monitoring screen delivered from the MC Works64 server or MobileHMI server to an application for mobile devices and leading a legitimate user to access this URL. | 2022-01-21 | 4.3 | CVE-2022-23127 MISC MISC MISC |
iresturant_project — iresturant | MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because this view parameter value is added to the SQL query without additional verification when viewing reservation. | 2022-01-25 | 6.5 | CVE-2021-45803 MISC MISC |
isomorphic-git — cors-proxy | The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to Server-side Request Forgery (SSRF) due to missing sanitization and validation of the redirection action in middleware.js. | 2022-01-21 | 5 | CVE-2021-23664 CONFIRM CONFIRM |
jerryscript — jerryscript | Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_lcache_lookup in /jerry-core/ecma/base/ecma-lcache.c. | 2022-01-21 | 6.8 | CVE-2022-22894 MISC |
jerryscript — jerryscript | Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via ecma_ref_object_inline in /jerry-core/ecma/base/ecma-gc.c. | 2022-01-21 | 4.3 | CVE-2022-22891 MISC |
jerryscript — jerryscript | There is an Assertion ‘ecma_is_value_undefined (value) || ecma_is_value_null (value) || ecma_is_value_boolean (value) || ecma_is_value_number (value) || ecma_is_value_string (value) || ecma_is_value_bigint (value) || ecma_is_value_symbol (value) || ecma_is_value_object (value)’ failed at jerry-core/ecma/base/ecma-helpers-value.c in Jerryscripts 3.0.0. | 2022-01-21 | 4.3 | CVE-2022-22892 MISC |
jerryscript — jerryscript | There is an Assertion ”ecma_object_is_typedarray (obj_p)” failed at /jerry-core/ecma/operations/ecma-typedarray-object.c in Jerryscript 3.0.0. | 2022-01-25 | 4.3 | CVE-2021-44992 MISC MISC |
jerryscript — jerryscript | Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_loop.lto_priv.304 in /jerry-core/vm/vm.c. | 2022-01-21 | 6.8 | CVE-2022-22893 MISC |
jerryscript — jerryscript | Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ecma_utf8_string_to_number_by_radix in /jerry-core/ecma/base/ecma-helpers-conversion.c. | 2022-01-21 | 6.8 | CVE-2022-22895 MISC MISC |
jerryscript — jerryscript | Jerryscript v3.0.0 and below was discovered to contain a stack overflow via ecma_find_named_property in ecma-helpers.c. | 2022-01-25 | 6.8 | CVE-2021-44988 MISC MISC MISC |
jerryscript — jerryscript | There is an Assertion ”JERRY_CONTEXT (jmem_heap_allocated_size) == 0” failed at /jerry-core/jmem/jmem-heap.c in Jerryscript 3.0.0. | 2022-01-25 | 4.3 | CVE-2021-44994 MISC MISC MISC |
jerryscript — jerryscript | There is an Assertion ”ecma_is_value_boolean (base_value)” failed at /jerry-core/ecma/operations/ecma-get-put-value.c in Jerryscript 3.0.0. | 2022-01-25 | 4.3 | CVE-2021-44993 MISC MISC |
jsish — jsish | Jsish v3.5.0 was discovered to contain a heap buffer overflow via NumberConstructor at src/jsiNumber.c. | 2022-01-25 | 6.8 | CVE-2021-46482 MISC |
jsish — jsish | Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiValueObjDelete in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-25 | 4.3 | CVE-2021-46480 MISC |
jsish — jsish | Jsish v3.5.0 was discovered to contain a memory leak via linenoise at src/linenoise.c. | 2022-01-25 | 4.3 | CVE-2021-46481 MISC |
jsish — jsish | Jsish v3.5.0 was discovered to contain a heap buffer overflow via RegExp_constructor in src/jsiRegexp.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-25 | 4.3 | CVE-2021-46477 MISC |
jsish — jsish | Jsish v3.5.0 was discovered to contain a heap buffer overflow via BooleanConstructor at src/jsiBool.c. | 2022-01-25 | 6.8 | CVE-2021-46483 MISC |
jsish — jsish | Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiEvalCodeSub in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-25 | 4.3 | CVE-2021-46474 MISC |
jsish — jsish | Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiClearStack in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-25 | 4.3 | CVE-2021-46478 MISC |
jsish — jsish | Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsi_ArraySliceCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-25 | 4.3 | CVE-2021-46475 MISC |
kea-hotel-erp_project — kea-hotel-erp | In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote code execution vulnerability can be exploited by uploading PHP files using the file upload vulnerability in this service. | 2022-01-25 | 6.5 | CVE-2021-46113 MISC MISC MISC |
librecad — librecad | In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document. | 2022-01-25 | 4.3 | CVE-2021-45343 MISC |
librecad — librecad | A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. | 2022-01-25 | 6.8 | CVE-2021-45342 MISC |
libsixel_project — libsixel | In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file. | 2022-01-25 | 4.3 | CVE-2021-45340 MISC |
linux — linux_kernel | A race condition was found in the Linux kernel’s ebpf verifier between bpf_map_update_elem and bpf_map_freeze due to a missing lock in kernel/bpf/syscall.c. In this flaw, a local user with a special privilege (cap_sys_admin or cap_bpf) can modify the frozen mapped address space. This flaw affects kernel versions prior to 5.16 rc2. | 2022-01-21 | 4.7 | CVE-2021-4001 MISC MISC |
linux — linux_kernel | A vulnerability was found in the Linux kernel’s KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due to mishandling of memory errors that happens during VCPU construction, which allows an attacker with special user privilege to cause a denial of service. This flaw affects kernel versions prior to 5.15 rc7. | 2022-01-21 | 4.9 | CVE-2021-4032 MISC MISC MISC |
mcafee — data_loss_prevention | SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server with privilege escalation. | 2022-01-24 | 6.5 | CVE-2021-4088 CONFIRM |
mediawiki — shortdescription | ShortDescription is a MediaWiki extension that provides local short description support. A cross-site scripting (XSS) vulnerability exists in versions prior to 2.3.4. On a wiki that has the ShortDescription enabled, XSS can be triggered on any page or the page with the action=info parameter, which displays the shortdesc property. This is achieved using the wikitext `{{SHORTDESC:<img src=x onerror=alert()>}}`. This issue has a patch in version 2.3.4. | 2022-01-24 | 4.3 | CVE-2022-21710 MISC MISC CONFIRM |
mruby — mruby | NULL Pointer Dereference in Homebrew mruby prior to 3.2. | 2022-01-21 | 4.3 | CVE-2022-0326 CONFIRM MISC |
mustache_project — mustache | Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1. | 2022-01-21 | 6.5 | CVE-2022-0323 MISC CONFIRM |
mycred — mycred | The myCred WordPress plugin before 2.4 does not sanitise and escape the search query before outputting it back in the history dashboard page, leading to a Reflected Cross-Site Scripting issue | 2022-01-24 | 4.3 | CVE-2021-25015 CONFIRM MISC |
navidrome — navidrome | model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table (which contains sensitive information such as the users’ encrypted passwords). | 2022-01-24 | 4 | CVE-2022-23857 MISC MISC |
nlnetlabs — ldns | When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the 0xfe – ldns_rdf_size(salt_rdf) byte data can be copied, causing heap overflow information leakage. | 2022-01-21 | 5 | CVE-2020-19861 MISC |
nlnetlabs — ldns | When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload. | 2022-01-21 | 4.3 | CVE-2020-19860 MISC MISC |
online_covid_vaccination_scheduler_system_project — online_covid_vaccination_scheduler_system | Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid Vaccination Scheduler System v1 by oretnom23, allows attackers to execute arbitrary code via the lid parameter to /scheduler/addSchedule.php. | 2022-01-24 | 4.3 | CVE-2021-41930 MISC |
oxilab — image_hover_effects_ultimate | The Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) WordPress plugin before 9.7.1 does not escape the effects parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | 2022-01-24 | 4.3 | CVE-2021-25031 MISC CONFIRM |
php_crud_without_refresh\/reload_using_ajax_and_datatables_tutorial_project — php_crud_without_refresh\/reload_using_ajax_and_datatables_tutorial | Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the first_name, last_name, and email parameters to /ajax_crud. | 2022-01-24 | 6.8 | CVE-2021-40909 MISC |
phpmyadmin — phpmyadmin | An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection. | 2022-01-22 | 4.3 | CVE-2022-23808 MISC |
phpmyadmin — phpmyadmin | An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances. | 2022-01-22 | 4 | CVE-2022-23807 MISC |
plutinosoft — platinum | Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerability. The attack could remote attack victim by sending http://ip:port/../privacy.avi URL to compromise a victim’s privacy. | 2022-01-21 | 5 | CVE-2020-19858 MISC MISC |
revmakx — backup_and_staging_by_wp_time_capsule | The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | 2022-01-24 | 4.3 | CVE-2021-25035 MISC CONFIRM |
roundupwp — registrations_for_the_events_calendar | The Registrations for the Events Calendar WordPress plugin before 2.7.10 does not escape the qtype parameter before outputting it back in an attribute in the settings page, leading to a Reflected Cross-Site Scripting | 2022-01-24 | 4.3 | CVE-2021-25083 CONFIRM MISC |
saviynt — enterprise_identity_cloud | An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An attacker can enumerate users by changing the id parameter, such as for the ECM/maintenance/forgotpasswordstep1 URI. | 2022-01-24 | 5 | CVE-2022-23856 MISC |
sendinblue — newsletter\,_smtp\,_email_marketing_and_subscribe | The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.25 does not escape the sib-statistics-date parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue | 2022-01-24 | 4.3 | CVE-2021-24923 MISC |
simple_college_website_project — simple_college_website | Simple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution via UNION-based SQL injection in the username parameter on /admin/login.php. | 2022-01-21 | 6.8 | CVE-2021-44593 MISC MISC |
slic3r — slic3r | A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an attacker to cause an application crash using a crafted AMF document, where a metadata tag lacks a “type” attribute. | 2022-01-25 | 4.3 | CVE-2021-45846 MISC |
slic3r — slic3r | Several missing input validations in the 3MF parser component of Slic3r libslic3r 1.3.0 can each allow an attacker to cause an application crash using a crafted 3MF input file. | 2022-01-25 | 4.3 | CVE-2021-45847 MISC MISC MISC |
themeum — qubely | The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubely_delete_saved_block AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts | 2022-01-24 | 4 | CVE-2021-25013 MISC |
themeum — tutor_lms | The Tutor LMS WordPress plugin before 1.9.12 does not escape the search parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | 2022-01-24 | 4.3 | CVE-2021-25017 MISC CONFIRM |
tipsandtricks-hq — simple_download_monitor | The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which could allow attackers to perform CSRF attacks to 1) make admins export logs to exploit a separate log disclosure vulnerability (fixed in 3.9.6), 2) delete logs (fixed in 3.9.9), 3) remove thumbnail image from downloads | 2022-01-24 | 6.8 | CVE-2021-24696 MISC |
tri — event_tickets | The Event Tickets WordPress plugin before 5.2.2 does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue | 2022-01-24 | 5.8 | CVE-2021-25028 MISC |
try_my_recipe_project — try_my_recipe | Cross Site Scripting (XSS) in Sourcecodester Try My Recipe (Recipe Sharing Website – CMS) by oretnom23, allows attackers to gain the PHPSESID or other unspecified impacts via the fullname parameter to the login_registration page. | 2022-01-24 | 4.3 | CVE-2021-42168 MISC |
villatheme — orders_tracking_for_woocommerce | The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 does not sanitise and escape the file_url before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | 2022-01-24 | 4.3 | CVE-2021-25062 CONFIRM MISC |
vim — vim | Out-of-bounds Read in vim/vim prior to 8.2. | 2022-01-21 | 4.3 | CVE-2022-0319 CONFIRM MISC |
wasmcloud — host_runtime | wasmCloud Host Runtime is a server process that securely hosts and provides dispatch for web assembly (WASM) actors and capability providers. In versions prior to 0.52.2 actors can bypass capability authorization. Actors are normally required to declare their capabilities for inbound invocations, but with this vulnerability actor capability claims are not verified upon receiving invocations. This compromises the security model for actors as they can receive unauthorized invocations from linked capability providers. The problem has been patched in versions `0.52.2` and greater. There is no workaround and users are advised to upgrade to an unaffected version as soon as possible. | 2022-01-21 | 5.5 | CVE-2022-21707 CONFIRM MISC |
webmaster-source — wp125 | The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in various action, for example when deleting an ad, allowing attackers to make a logged in admin delete them via a CSRF attack | 2022-01-24 | 6.8 | CVE-2021-25073 MISC CONFIRM |
webp_converter_for_media_project — webp_converter_for_media | The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue | 2022-01-24 | 5.8 | CVE-2021-25074 MISC |
wp-experts — protect_wp_admin | The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib/pwa-deactivate.php file, which could allow unauthenticated users to disable the plugin (and therefore the protection offered) via a crafted request | 2022-01-24 | 5 | CVE-2021-24906 MISC |
wp_extra_file_types_project — wp_extra_file_types | The WP Extra File Types WordPress plugin before 0.5.1 does not have CSRF check when saving its settings, nor sanitise and escape some of them, which could allow attackers to make a logged in admin change them and perform Cross-Site Scripting attacks | 2022-01-24 | 6 | CVE-2021-24936 MISC |
wp_post_page_clone_project — wp_post_page_clone | The WP Post Page Clone WordPress plugin before 1.2 allows users with a role as low as Contributor to clone and view other users’ draft and password-protected posts which they cannot view normally. | 2022-01-24 | 4 | CVE-2021-24733 MISC |
wpaffiliatemanager — affiliates_manager | The Affiliates Manager WordPress plugin before 2.9.0 does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admin viewing the tracked requests. | 2022-01-24 | 4.3 | CVE-2021-25078 CONFIRM MISC |
wpplugin — accept_donations_with_paypal | The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place and does not ensure that the post to be deleted belongs to the plugin, allowing attackers to make a logged in admin delete arbitrary posts from the blog | 2022-01-24 | 4.3 | CVE-2021-24989 MISC |
yetiforce — yetiforce_customer_relationship_management | Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0. | 2022-01-24 | 6 | CVE-2022-0269 CONFIRM MISC |
yikesinc — easy_forms_for_mailchimp | The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the field_name and field_type parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues | 2022-01-24 | 4.3 | CVE-2021-24985 MISC CONFIRM |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adtribes — product_feed_pro_for_woocommerce | The Product Feed PRO for WooCommerce WordPress plugin before 11.0.7 does not have authorisation and CSRF check in some of its AJAX actions, allowing any authenticated users to call then, which could lead to Stored Cross-Site Scripting issue (which will be triggered in the admin dashboard) due to the lack of escaping. | 2022-01-24 | 3.5 | CVE-2021-24974 MISC |
b3log — vditor | Cross-site Scripting (XSS) – Stored in GitHub repository vanessa219/vditor prior to 1.0.34. | 2022-01-23 | 3.5 | CVE-2021-4103 MISC CONFIRM |
dell — emc_system_update | Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials vulnerability. A local attacker with user privleges could potentially exploit this vulnerability leading to the disclosure of user passwords. | 2022-01-24 | 2.1 | CVE-2022-22554 CONFIRM |
etoilewebdesign — ultimate_faq | The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_page AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FAQ and FAQ questions | 2022-01-24 | 3.5 | CVE-2021-24968 CONFIRM MISC |
fivestarplugins — five_star_restaurant_reservations | The Five Star Restaurant Reservations WordPress plugin before 2.4.8 does not have capability and CSRF checks in the rtb_welcome_set_schedule AJAX action, allowing any authenticated users to call it. Due to the lack of sanitisation and escaping, users with a role as low as subscriber could perform Cross-Site Scripting attacks against logged in admins | 2022-01-24 | 3.5 | CVE-2021-24965 MISC |
fresenius-kabi — agilia_connect | An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users. An attacker could manipulate RabbitMQ queues and messages by impersonating users. | 2022-01-21 | 2.1 | CVE-2021-23207 MISC |
getgrav — grav | Cross-site Scripting (XSS) – Stored in Packagist getgrav/grav prior to 1.7.28. | 2022-01-25 | 3.5 | CVE-2022-0268 MISC CONFIRM |
graphql-go_project — graphql-go | graphql-go is a GraphQL server with a focus on ease of use. In versions prior to 1.3.0 there exists a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries to cause stack overflow panics. Any user with access to the GraphQL handler can send these queries and cause stack overflows. This in turn could potentially compromise the ability of the server to serve data to its users. The issue has been patched in version `v1.3.0`. The only known workaround for this issue is to disable the `graphql.MaxDepth` option from your schema which is not recommended. | 2022-01-21 | 3.5 | CVE-2022-21708 CONFIRM MISC |
iconics — genesis64 | Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attacker to gain authentication information and to access the database illegally. This is because when configuration information of GridWorX, a database linkage function of GENESIS64 and MC Works64, is exported to a CSV file, the authentication information is saved in plaintext, and an attacker who can access this CSV file can gain the authentication information. | 2022-01-21 | 2.1 | CVE-2022-23129 MISC MISC MISC |
jflyfox — jfinal_cms | In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the background system of CMS. Because developers do not filter the parameters submitted by the user input form, any user with background permission can affect the system security by entering malicious code. | 2022-01-25 | 3.5 | CVE-2021-46087 MISC |
mobile_events_manager_project — mobile_events_manager | The Mobile Events Manager WordPress plugin before 1.4.4 does not sanitise and escape various of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2022-01-24 | 3.5 | CVE-2021-25049 MISC CONFIRM |
rapid7 — insight_agent | Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3. | 2022-01-21 | 2.1 | CVE-2021-4016 CONFIRM |
showdoc — showdoc | Cross-site Scripting (XSS) – Stored in GitHub repository star7th/showdoc prior to 2.10.2. | 2022-01-22 | 3.5 | CVE-2021-4172 CONFIRM MISC |
spotweb_project — spotweb | Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page. | 2022-01-21 | 3.5 | CVE-2021-33966 MISC |
student_quarterly_grading_system_project — student_quarterly_grading_system | Cross Site Scripting (XSS) in Sourcecodester Student Quarterly Grading System by oretnom23, allows attackers to execute arbitrary code via the fullname and username parameters to the users page. | 2022-01-24 | 3.5 | CVE-2021-41658 MISC |
tipsandtricks-hq — simple_download_monitor | The Simple Download Monitor WordPress plugin before 3.9.11 could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attack via 1) “color” or “css_class” argument of sdm_download shortcode, 2) “class” or “placeholder” argument of sdm_search_form shortcode. | 2022-01-24 | 3.5 | CVE-2021-24694 MISC |
updraftplus — updraftplus | The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraft_service settings, allowing high privilege users to set malicious JavaScript payload in it and leading to a Stored Cross-Site Scripting issue | 2022-01-24 | 3.5 | CVE-2021-24423 MISC MISC |
uscat_project — uscat | uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via the input box of the statistical code. | 2022-01-25 | 3.5 | CVE-2021-46083 MISC |
uscat_project — uscat | uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via “close registration information” input box. | 2022-01-25 | 3.5 | CVE-2021-46084 MISC |
wbolt — smart_seo_tool | The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting | 2022-01-24 | 2.6 | CVE-2021-24976 MISC CONFIRM |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
acer — care_center |
In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerability in the loading mechanism of Windows DLLs could allow a local attacker to perform a DLL hijacking attack. This vulnerability is due to incorrect handling of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with local administrator privileges. | 2022-01-26 | not yet calculated | CVE-2021-45975 MISC MISC MISC |
advantech — deviceon/iedge_server |
A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-40389 MISC |
advantech — deviceon/iedge_server |
A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-40396 MISC |
advantech — sq_manager_server |
A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-40388 MISC |
advantech — wise-paas/ota_server |
A privilege escalation vulnerability exists in the installation of Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-40397 MISC |
apache — karaf |
Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions (JMX). JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against unauthenticated deserialization attacks, the implementation used by Apache Karaf is not protected against this kind of attack. The impact of Java deserialization vulnerabilities strongly depends on the classes that are available within the targets class path. Generally speaking, deserialization of untrusted data does always represent a high security risk and should be prevented. The risk is low as, by default, Karaf uses a limited set of classes in the JMX server class path. It depends of system scoped classes (e.g. jar in the lib folder). | 2022-01-26 | not yet calculated | CVE-2021-41766 CONFIRM |
apache — karaf |
Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr:* commands are not very used and the entry is set by user. This has been fixed in revision: https://gitbox.apache.org/repos/asf?p=karaf.git;h=36a2bc4 https://gitbox.apache.org/repos/asf?p=karaf.git;h=52b70cf Mitigation: Apache Karaf users should upgrade to 4.2.15 or 4.3.6 or later as soon as possible, or use correct path. JIRA Tickets: https://issues.apache.org/jira/browse/KARAF-7326 | 2022-01-26 | not yet calculated | CVE-2022-22932 CONFIRM |
apache — shenyu |
The HTTP response will disclose the user password. This issue affected Apache ShenYu 2.4.0 and 2.4.1. | 2022-01-25 | not yet calculated | CVE-2022-23223 CONFIRM MLIST MLIST |
apache — shenyu |
Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1. | 2022-01-25 | not yet calculated | CVE-2022-23945 CONFIRM MLIST MLIST |
apache — shenyu |
User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1. | 2022-01-25 | not yet calculated | CVE-2022-23944 CONFIRM MLIST MLIST MLIST |
apache — tomcat |
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore. | 2022-01-27 | not yet calculated | CVE-2022-23181 MISC |
apache — xerces |
There’s a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions. | 2022-01-24 | not yet calculated | CVE-2022-23437 CONFIRM MLIST |
autodesk — design_review |
A Memory Corruption Vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 and prior may lead to remote code execution through maliciously crafted DWF and TGA files. | 2022-01-25 | not yet calculated | CVE-2021-40167 MISC |
autodesk — inventor |
A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability can be exploited to execute arbitrary code | 2022-01-25 | not yet calculated | CVE-2021-40158 MISC |
autodesk — inventor |
An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 may lead to code execution through maliciously crafted JT files. | 2022-01-25 | not yet calculated | CVE-2021-40159 MISC |
bmoor — bmoor |
The package bmoor before 0.10.1 are vulnerable to Prototype Pollution due to missing sanitization in set function. **Note:** This vulnerability derives from an incomplete fix in [CVE-2020-7736](https://security.snyk.io/vuln/SNYK-JS-BMOOR-598664) | 2022-01-28 | not yet calculated | CVE-2021-23558 MISC MISC MISC |
bosch — multiple_products |
HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3. or earlier, when successfully exploited allows an attacker to inject random HTML code into a component loaded by WebView, thus allowing the Application to display web resources controlled by the attacker. | 2022-01-28 | not yet calculated | CVE-2021-23863 CONFIRM |
bromite — bromite |
In Bromite through 78.0.3904.130, there are adblock rules in the release APK; therefore, probing which resources are blocked and which aren’t can identify the application version and defeat the User-Agent protection mechanism. | 2022-01-26 | not yet calculated | CVE-2019-25056 MISC |
buddyboss — platform |
BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the email address of each user. When creating a new user, it generates a Unique ID for their profile. This UID is their private email address with symbols removed and periods replaced with hyphens. For example. [email protected] would become /members/johndoeexample-com and [email protected] would become /members/jo-testexample-com. The members list is available to everyone and (in a default configuration) often without authentication. It is therefore trivial to collect a list of email addresses. | 2022-01-26 | not yet calculated | CVE-2021-44692 MISC MISC |
buddyboss — platform |
BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Group Description field. | 2022-01-26 | not yet calculated | CVE-2021-43334 MISC MISC |
casdoor — casdoor |
The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations. | 2022-01-29 | not yet calculated | CVE-2022-24124 MISC MISC MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a stack overflow via snquote at mjs/src/mjs_json.c. | 2022-01-27 | not yet calculated | CVE-2021-46509 MISC |
cesanta — mjs | There is an Assertion `s < mjs->owned_strings.buf + mjs->owned_strings.len’ failed at src/mjs_gc.c in Cesanta MJS v2.20.0. | 2022-01-27 | not yet calculated | CVE-2021-46510 MISC |
cesanta — mjs | There is an Assertion `m->len >= sizeof(v)’ failed at src/mjs_core.c in Cesanta MJS v2.20.0. | 2022-01-27 | not yet calculated | CVE-2021-46511 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_apply at src/mjs_exec.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46512 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_disown at src/mjs_core.c. | 2022-01-27 | not yet calculated | CVE-2021-46518 MISC |
cesanta — mjs | There is an Assertion ‘ppos != NULL && mjs_is_number(*ppos)’ failed at src/mjs_core.c in Cesanta MJS v2.20.0. | 2022-01-27 | not yet calculated | CVE-2021-46514 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_stack_size at mjs/src/mjs_core.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46516 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via snquote at src/mjs_json.c. | 2022-01-27 | not yet calculated | CVE-2021-46526 MISC |
cesanta — mjs | There is an Assertion `mjs_stack_size(&mjs->scopes) > 0′ failed at src/mjs_exec.c in Cesanta MJS v2.20.0. | 2022-01-27 | not yet calculated | CVE-2021-46517 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via mjs_mk_string at mjs/src/mjs_string.c. | 2022-01-27 | not yet calculated | CVE-2021-46513 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_array_length at src/mjs_array.c. | 2022-01-27 | not yet calculated | CVE-2021-46519 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_jprintf at src/mjs_util.c. | 2022-01-27 | not yet calculated | CVE-2021-46520 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via c_vsnprintf at mjs/src/common/str_util.c. | 2022-01-27 | not yet calculated | CVE-2021-46521 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via /usr/lib/x86_64-linux-gnu/libasan.so.4+0xaff53. | 2022-01-27 | not yet calculated | CVE-2021-46522 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via snquote at mjs/src/mjs_json.c. | 2022-01-27 | not yet calculated | CVE-2021-46524 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a heap-use-after-free via mjs_apply at src/mjs_exec.c. | 2022-01-27 | not yet calculated | CVE-2021-46525 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via free_json_frame at src/mjs_json.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46550 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_next at src/mjs_object.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46546 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_bcode_insert_offset at src/mjs_bcode.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46556 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_set_internal at src/mjs_object.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46553 MISC |
cesanta — mjs | There is an Assertion `i < parts_cnt’ failed at src/mjs_bcode.c in Cesanta MJS v2.20.0. | 2022-01-27 | not yet calculated | CVE-2021-46508 MISC |
cesanta — mjs | There is an Assertion `mjs_stack_size(&mjs->scopes) >= scopes_len’ failed at src/mjs_exec.c in Cesanta MJS v2.20.0. | 2022-01-27 | not yet calculated | CVE-2021-46515 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_get_cstring at src/mjs_string.c. | 2022-01-27 | not yet calculated | CVE-2021-46527 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_get_mjs at src/mjs_builtin.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46540 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x45a1f. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46539 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_execute at src/mjs_exec.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46530 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x8d28e. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46531 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via exec_expr at src/mjs_exec.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46532 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via getprop_builtin_foreign at src/mjs_exec.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46534 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0xe533e. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46535 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x9a30e. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46537 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_compact_strings at src/mjs_gc.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46538 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x5361e. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46528 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x2c6ae. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46541 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_print at src/mjs_builtin.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46542 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x18e810. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46543 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x59e19. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46544 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x4b44b. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46545 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x2c17e. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46547 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via add_lineno_map_item at src/mjs_bcode.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46548 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via parse_cval_type at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46549 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x8814e. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46529 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_json_stringify at src/mjs_json.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46554 MISC |
cesanta — mjs |
Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via to_json_or_debug at mjs/src/mjs_json.c. | 2022-01-27 | not yet calculated | CVE-2021-46523 MISC |
charactell — formstorm_enterprise_account |
Charactell – FormStorm Enterprise Account takeover – An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file. | 2022-01-25 | not yet calculated | CVE-2022-22789 MISC |
classapps — selectsurvey.net | A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of the ID parameter in sequential order beginning from 1. | 2022-01-28 | not yet calculated | CVE-2021-41608 MISC MISC |
classapps — selectsurvey.net |
SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application’s backend database via boolean-based blind and UNION injection. | 2022-01-28 | not yet calculated | CVE-2021-41609 MISC MISC |
connman — connman |
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received. | 2022-01-28 | not yet calculated | CVE-2022-23098 MISC MISC |
connman — connman |
An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read. | 2022-01-28 | not yet calculated | CVE-2022-23097 MISC MISC |
connman — connman |
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read. | 2022-01-28 | not yet calculated | CVE-2022-23096 MISC MISC |
crater — crater |
Cross-site Scripting (XSS) – Stored in Packagist bytefury/crater prior to 6.0.2. | 2022-01-27 | not yet calculated | CVE-2022-0372 CONFIRM MISC |
crater-invoice — crater |
Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2. | 2022-01-26 | not yet calculated | CVE-2022-0203 MISC CONFIRM |
cszcms — cszcms |
There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.php#viewUser | 2022-01-27 | not yet calculated | CVE-2021-46377 MISC |
cve_project — cve_services_api |
controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an organizational administrator to transfer a user account to an arbitrary new organization, and thereby achieve unintended access within the context of that new organization. | 2022-01-26 | not yet calculated | CVE-2021-46561 CONFIRM |
dell — bios |
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | 2022-01-24 | not yet calculated | CVE-2021-36343 CONFIRM |
dell — bios |
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | 2022-01-24 | not yet calculated | CVE-2021-36342 CONFIRM |
dell — idrac8 |
Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to deny access to the iDRAC webserver. | 2022-01-25 | not yet calculated | CVE-2021-36346 MISC |
dell — idrac9 | iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to iDRAC. | 2022-01-25 | not yet calculated | CVE-2021-36348 MISC |
dell — idrac9 | iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating system. | 2022-01-25 | not yet calculated | CVE-2021-36347 MISC |
dell — vnx2_oe_for_file |
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on the system. | 2022-01-25 | not yet calculated | CVE-2021-36295 MISC |
dell — vnx2_oe_for_file |
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerability. A remote unauthenticated attacker may exploit this vulnerability by forging a cookie to login as any user. | 2022-01-25 | not yet calculated | CVE-2021-36294 MISC |
dell — vnx2_oe_for_file |
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it. | 2022-01-25 | not yet calculated | CVE-2021-36289 MISC |
dell — vnx2_oe_for_file |
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on the system. | 2022-01-25 | not yet calculated | CVE-2021-36296 MISC |
dolphinphp — dolphinphp |
Dolphinphp v1.5.0 contains a remote code execution vulnerability in /application/common.php#action_log | 2022-01-27 | not yet calculated | CVE-2021-46097 MISC |
download_monitor — download_monitor |
Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadable_file_urls[0] parameter data. It’s also possible to escape from the web server home directory and download any file within the OS. | 2022-01-28 | not yet calculated | CVE-2021-31567 CONFIRM CONFIRM CONFIRM |
download_monitor — download_monitor |
Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0]. | 2022-01-28 | not yet calculated | CVE-2021-23174 CONFIRM CONFIRM CONFIRM |
embedthis — goahead |
The code that performs password matching when using ‘Basic’ HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver’s response time until the unauthorized (401) response. | 2022-01-25 | not yet calculated | CVE-2021-43298 MISC |
emerson — deltaV_distributed_control_system_controllers_and_workstations |
A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition. | 2022-01-28 | not yet calculated | CVE-2021-26264 MISC |
emerson — deltav_distributed_control_system_controllers_and_workstations |
Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started. | 2022-01-28 | not yet calculated | CVE-2021-44463 MISC |
expat — expat |
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. | 2022-01-26 | not yet calculated | CVE-2022-23990 MISC |
f5 — big-ip | On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-01-25 | not yet calculated | CVE-2022-23026 MISC |
f5 — big-ip | On version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when the BIG-IP Virtual Edition (VE) uses the ixlv driver (which is used in SR-IOV mode and requires Intel X710/XL710/XXV710 family of network adapters on the Hypervisor) and TCP Segmentation Offload configuration is enabled, undisclosed requests may cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-01-25 | not yet calculated | CVE-2022-23030 MISC |
f5 — big-ip | On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices managed by the same BIG-IQ system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-01-25 | not yet calculated | CVE-2022-23009 MISC |
f5 — big-ip | On BIG-IP version 16.1.x before 16.1.1, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, when a SIP ALG profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-01-25 | not yet calculated | CVE-2022-23025 MISC |
f5 — big-ip | On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-01-25 | not yet calculated | CVE-2022-23029 MISC |
f5 — big-ip | On BIG-IP version 16.1.x before 16.1.2, when any of the following configurations are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate: HTTP redirect rule in an LTM policy, BIG-IP APM Access Profile, and Explicit HTTP Proxy in HTTP Profile. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-01-25 | not yet calculated | CVE-2022-23021 MISC |
f5 — big-ip | On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile and an HTTP profile are configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-01-25 | not yet calculated | CVE-2022-23010 MISC |
f5 — big-ip | On BIG-IP version 16.1.x before 16.1.2, when an HTTP profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-01-25 | not yet calculated | CVE-2022-23022 MISC |
f5 — big-ip | On BIG-IP versions 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, 13.1.x beginning in 13.1.3.6, 12.1.5.3-12.1.6, and 11.6.5.2, when a FastL4 profile and an HTTP, FIX, and/or hash persistence profile are configured on the same virtual server, undisclosed requests can cause the virtual server to stop processing new client connections. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-01-25 | not yet calculated | CVE-2022-23027 MISC |
f5 — big-ip | On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, when the HTTP/2 profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-01-25 | not yet calculated | CVE-2022-23012 MISC |
f5 — big-ip | On certain hardware BIG-IP platforms, in version 15.1.x before 15.1.4 and 14.1.x before 14.1.3, virtual servers may stop responding while processing TCP traffic due to an issue in the SYN Cookie Protection feature. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-01-25 | not yet calculated | CVE-2022-23011 MISC |
f5 — big-ip | On BIG-IP version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x and 12.1.x, when a message routing type virtual server is configured with both Diameter Session and Router Profiles, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-01-25 | not yet calculated | CVE-2022-23019 MISC |
f5 — big-ip | On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and 13.1.x beginning in 13.1.3.4, when a virtual server is configured with both HTTP protocol security and HTTP Proxy Connect profiles, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-01-25 | not yet calculated | CVE-2022-23018 MISC |
f5 — big-ip | On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when a virtual server is configured with a DNS profile with the Rapid Response Mode setting enabled and is configured on a BIG-IP system, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-01-25 | not yet calculated | CVE-2022-23017 MISC |
f5 — big-ip | On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, and BIG-IQ all versions of 8.x and 7.x, undisclosed requests by an authenticated iControl REST user can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-01-25 | not yet calculated | CVE-2022-23023 MISC |
f5 — big-ip | On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, and 14.1.2.6-14.1.4.4, when a Client SSL profile is configured on a virtual server with Client Certificate Authentication set to request/require and Session Ticket enabled and configured, processing SSL traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-01-25 | not yet calculated | CVE-2022-23015 MISC |
f5 — big-ip | On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-01-25 | not yet calculated | CVE-2022-23013 MISC |
f5 — big-ip | On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP APM portal access is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-01-25 | not yet calculated | CVE-2022-23014 MISC |
f5 — big-ip | On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.2, and all versions of 13.1.x, when the IPsec application layer gateway (ALG) logging profile is configured on an IPsec ALG virtual server, undisclosed IPsec traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-01-25 | not yet calculated | CVE-2022-23024 MISC |
f5 — big-ip |
On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when global AFM SYN cookie protection (TCP Half Open flood vector) is activated in the AFM Device Dos or DOS profile, certain types of TCP connections will fail. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-01-25 | not yet calculated | CVE-2022-23028 MISC |
f5 — big-ip |
In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-01-25 | not yet calculated | CVE-2022-23032 MISC |
f5 — big-ip |
On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP SSL Forward Proxy with TLS 1.3 is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-01-25 | not yet calculated | CVE-2022-23016 MISC |
f5 — big-ip |
On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15.1.x before 15.1.4, and 14.1.x before 14.1.4.4, an XML External Entity (XXE) vulnerability exists in an undisclosed page of the F5 Advanced Web Application Firewall (Advanced WAF) and BIG-IP ASM Traffic Management User Interface (TMUI), also referred to as the Configuration utility, that allows an authenticated high-privileged attacker to read local files and force BIG-IP to send HTTP requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-01-25 | not yet calculated | CVE-2022-23031 MISC |
f5 — big-ip |
On BIG-IP version 16.1.x before 16.1.2, when the ‘Respond on Error’ setting is enabled on the Request Logging profile and configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-01-25 | not yet calculated | CVE-2022-23020 MISC |
freecad — freecad |
The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document. | 2022-01-25 | not yet calculated | CVE-2021-45845 MISC MISC |
gerapy — gerapy |
Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds. | 2022-01-26 | not yet calculated | CVE-2021-32849 MISC MISC CONFIRM MISC MISC |
gibbon — cms |
Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting (XSS) vulnerability, that allows attackers to inject arbitrary script via name parameters. | 2022-01-28 | not yet calculated | CVE-2022-22868 MISC MISC MISC |
github — enterprise_server |
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App’s user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but if the user later updated the set of repositories the app was installed on after the GitHub App had configured additional user-level permissions, those additional permissions would not be displayed, leading to more permissions being granted than the user potentially intended. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.2.5, 3.1.13, 3.0.21. This vulnerability was reported via the GitHub Bug Bounty program. | 2022-01-25 | not yet calculated | CVE-2021-41598 MISC MISC MISC |
glpi — glpi |
GLPI is a free asset and IT management software package. All GLPI versions prior to 9.5.7 are vulnerable to reflected cross-site scripting. Version 9.5.7 contains a patch for this issue. There are no known workarounds. | 2022-01-28 | not yet calculated | CVE-2022-21719 CONFIRM MISC MISC |
glpi — glpi |
GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this issue. As a workaround, disabling the `Entities` update right prevents exploitation of this vulnerability. | 2022-01-28 | not yet calculated | CVE-2022-21720 CONFIRM MISC MISC |
h.h.g_multistore — h.h.g_multistore | H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_access_group_edit&aagID. | 2022-01-28 | not yet calculated | CVE-2021-46446 MISC MISC |
h.h.g_multistore — h.h.g_multistore | H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_group_edit&agID. | 2022-01-28 | not yet calculated | CVE-2021-46444 MISC MISC |
h.h.g_multistore — h.h.g_multistore | H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/categories.php?box_group_id. | 2022-01-28 | not yet calculated | CVE-2021-46445 MISC MISC |
h.h.g_multistore — h.h.g_multistore |
H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/customers.php?page=1&cID. | 2022-01-28 | not yet calculated | CVE-2021-46448 MISC MISC |
h.h.g_multistore — h.h.g_multistore |
A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the State parameter under the Address Book module. | 2022-01-28 | not yet calculated | CVE-2021-46447 MISC MISC |
hitachi — energy_linkone |
Configuration vulnerability in Hitachi Energy LinkOne application due to the lack of HTTP Headers, allows an attacker that manages to exploit this vulnerability to retrieve sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26. | 2022-01-28 | not yet calculated | CVE-2021-40339 CONFIRM |
hitachi — energy_linkone |
Hitachi Energy LinkOne product, has a vulnerability due to a web server misconfiguration, that enables debug mode and reveals the full path of the filesystem directory when an attacker generates errors during a query operation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26. | 2022-01-28 | not yet calculated | CVE-2021-40338 CONFIRM |
hitachi — energy_linkone |
Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne allows an attacker that manages to exploit the vulnerability can take advantage to exploit multiple web attacks and stole sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26. | 2022-01-25 | not yet calculated | CVE-2021-40337 CONFIRM |
hitachi — energy_linkone |
Information Exposure vulnerability in Hitachi Energy LinkOne application, due to a misconfiguration in the ASP server exposes server and ASP.net information, an attacker that manages to exploit this vulnerability can use the exposed information as a reconnaissance for further exploitation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26. | 2022-01-28 | not yet calculated | CVE-2021-40340 CONFIRM |
hp — support_assistant |
Potential arbitrary file deletion vulnerability has been identified in HP Support Assistant software. | 2022-01-28 | not yet calculated | CVE-2022-23456 MISC |
ibm — security_guardium_insights | IBM Security Guardium Insights 3.0 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 205256. | 2022-01-26 | not yet calculated | CVE-2021-29846 CONFIRM XF |
ibm — security_guardium_insights |
IBM Security Guardium Insights 3.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. IBM X-Force ID: 205255. | 2022-01-26 | not yet calculated | CVE-2021-29845 CONFIRM XF |
ibm — security_guardium_insights |
IBM Security Guardium Insights 3.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | 2022-01-26 | not yet calculated | CVE-2021-29838 CONFIRM XF |
jpress_projects — jpress |
jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. | 2022-01-26 | not yet calculated | CVE-2021-46114 MISC MISC MISC |
jpress_projects — jpress |
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. | 2022-01-26 | not yet calculated | CVE-2021-46118 MISC MISC MISC |
jpress_projects — jpress |
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. | 2022-01-26 | not yet calculated | CVE-2021-46117 MISC MISC MISC |
jpress_projects — jpress |
jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code. | 2022-01-26 | not yet calculated | CVE-2021-46115 MISC MISC MISC |
jpress_projects — jpress |
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code. | 2022-01-26 | not yet calculated | CVE-2021-46116 MISC MISC MISC |
jsish — jsish |
Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_IncrRefCount in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46484 MISC |
jsish — jsish |
Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_DecrRefCount in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46489 MISC |
jsish — jsish |
Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ValueCopyMove in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46499 MISC |
jsish — jsish |
Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_ArraySpliceCmd at src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46486 MISC |
jsish — jsish |
Jsish v3.5.0 was discovered to contain a heap-use-after-free via DeleteTreeValue in src/jsiObj.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46495 MISC |
jsish — jsish |
Jsish v3.5.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x18e506. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46487 MISC |
jsish — jsish |
Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_ArrayConcatCmd at src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46488 MISC |
jsish — jsish |
Jsish v3.5.0 was discovered to contain a stack overflow via Jsi_LogMsg at src/jsiUtils.c. | 2022-01-27 | not yet calculated | CVE-2021-46507 MISC |
jsish — jsish |
Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_CommandPkgOpts at src/jsiCmds.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46491 MISC |
jsish — jsish |
Jsish v3.5.0 was discovered to contain a SEGV vulnerability via NumberConstructor at src/jsiNumber.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46490 MISC |
jsish — jsish |
Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ValueLookupBase in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46494 MISC |
jsish — jsish |
Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46503 MISC |
jsish — jsish |
There is an Assertion ‘v->d.lval != v’ failed at src/jsiValue.c in Jsish v3.5.0. | 2022-01-27 | not yet calculated | CVE-2021-46506 MISC |
jsish — jsish |
Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_UserObjDelete in src/jsiUserObj.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46497 MISC |
jsish — jsish |
Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_FunctionInvoke at src/jsiFunc.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46492 MISC |
jsish — jsish |
Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_ValueIsNumber at src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46485 MISC |
jsish — jsish |
Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_wswebsocketObjFree in src/jsiWebSocket.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46498 MISC |
jsish — jsish |
Jsish v3.5.0 was discovered to contain a stack overflow via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5b1e5. | 2022-01-27 | not yet calculated | CVE-2021-46505 MISC |
jsish — jsish |
Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ArgTypeCheck in src/jsiFunc.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46500 MISC |
jsish — jsish |
Jsish v3.5.0 was discovered to contain a heap-use-after-free via SortSubCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46501 MISC |
jsish — jsish |
Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5166d. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46502 MISC |
jsish — jsish |
Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_ObjFree in src/jsiObj.c. This vulnerability can lead to a Denial of Service (DoS). | 2022-01-27 | not yet calculated | CVE-2021-46496 MISC |
jsish — jsish |
There is an Assertion ‘vp != resPtr’ failed at jsiEval.c in Jsish v3.5.0. | 2022-01-27 | not yet calculated | CVE-2021-46504 MISC |
jupyter_hub — server_proxy |
Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery (SSRF). Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled is affected. A lack of input validation allows authenticated clients to proxy requests to other hosts, bypassing the `allowed_hosts` check. Because authentication is required, which already grants permissions to make the same requests via kernel or terminal execution, this is considered low to moderate severity. Users may upgrade to version 3.2.1 to receive a patch or, as a workaround, install the patch manually. | 2022-01-25 | not yet calculated | CVE-2022-21697 MISC CONFIRM MISC |
keycloak — keycloak |
A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled. | 2022-01-25 | not yet calculated | CVE-2021-4133 MISC MISC MISC |
keyget — keyget |
The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-28272](https://security.snyk.io/vuln/SNYK-JS-KEYGET-1048048) | 2022-01-28 | not yet calculated | CVE-2021-23760 MISC |
laminas — laminas-form |
laminas-form is a package for validating and displaying simple and complex forms. When rendering validation error messages via the `formElementErrors()` view helper shipped with laminas-form, many messages will contain the submitted value. However, in laminas-form prior to version 3.1.1, the value was not being escaped for HTML contexts, which could potentially lead to a reflected cross-site scripting attack. Versions 3.1.1 and above contain a patch to mitigate the vulnerability. A workaround is available. One may manually place code at the top of a view script where one calls the `formElementErrors()` view helper. More information about this workaround is available on the GitHub Security Advisory. | 2022-01-28 | not yet calculated | CVE-2022-23598 MISC MISC CONFIRM |
lg — webos_tvs |
There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may cause the attacker to obtain a higher privilege | 2022-01-28 | not yet calculated | CVE-2022-23727 MISC |
liferay — portal_server |
Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS command on the Liferay Portal Sever. | 2022-01-28 | not yet calculated | CVE-2020-28885 MISC |
liferay — portal_server |
Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject Groovy script to execute any OS command on the Liferay Portal Sever. | 2022-01-28 | not yet calculated | CVE-2020-28884 MISC |
line_motorcycle_rental_system — online_motorcycle_rental_system | Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials. | 2022-01-28 | not yet calculated | CVE-2021-44249 MISC MISC |
linux — kernel |
kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace. | 2022-01-29 | not yet calculated | CVE-2022-24122 MISC MISC MISC |
linux — kernel |
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14689. | 2022-01-25 | not yet calculated | CVE-2021-34866 MISC |
livehelperchat — livehelperchat | Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v. | 2022-01-27 | not yet calculated | CVE-2022-0387 CONFIRM MISC |
livehelperchat — livehelperchat | Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v. | 2022-01-28 | not yet calculated | CVE-2022-0395 MISC CONFIRM |
livehelperchat — livehelperchat | Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v. | 2022-01-28 | not yet calculated | CVE-2022-0394 MISC CONFIRM |
livehelperchat — livehelperchat |
Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v. | 2022-01-27 | not yet calculated | CVE-2022-0370 MISC CONFIRM |
livehelperchat — livehelperchat |
Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v. | 2022-01-26 | not yet calculated | CVE-2022-0374 CONFIRM MISC |
livehelperchat — livehelprchat | Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v. | 2022-01-26 | not yet calculated | CVE-2022-0375 MISC CONFIRM |
mariadb — mariadb | save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. | 2022-01-29 | not yet calculated | CVE-2021-46658 MISC |
mariadb — mariadb |
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. | 2022-01-29 | not yet calculated | CVE-2021-46659 MISC |
mariadb — mariadb |
get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. | 2022-01-29 | not yet calculated | CVE-2021-46657 MISC |
marktext — marktext |
MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting (XSS) payload. | 2022-01-29 | not yet calculated | CVE-2022-24123 MISC MISC |
micro_focus — operations_agent |
Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Operations Agent. | 2022-01-25 | not yet calculated | CVE-2021-38129 MISC |
microsoft — edge_for_android |
Microsoft Edge for Android Spoofing Vulnerability. | 2022-01-25 | not yet calculated | CVE-2022-23258 MISC |
microweber — microweber |
Cross-site Scripting (XSS) – Stored in Packagist microweber/microweber prior to 1.2.11. | 2022-01-26 | not yet calculated | CVE-2022-0379 MISC CONFIRM |
microweber — microweber |
Cross-site Scripting (XSS) – Reflected in Packagist microweber/microweber prior to 1.2.11. | 2022-01-26 | not yet calculated | CVE-2022-0378 MISC CONFIRM |
mingsoft — mcms |
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: File Upload. The impact is: execute arbitrary code (remote). The component is: net.mingsoft.basic.action.web.FileAction#upload. The attack vector is: jspx webshell. ¶¶ MCMS has a file upload vulnerability through which attacker can upload a webshell. Successful attacks of this vulnerability can result in takeover of MCMS | 2022-01-26 | not yet calculated | CVE-2021-46386 MISC |
mingsoft — mcms |
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database. | 2022-01-26 | not yet calculated | CVE-2021-46385 MISC |
mingsoft — mcms |
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database. | 2022-01-26 | not yet calculated | CVE-2021-46383 MISC |
mirantis — mirantis |
Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers allowing a user to override assigned user name and groups. | 2022-01-25 | not yet calculated | CVE-2022-0270 MISC |
moodle — moodle |
A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data. | 2022-01-25 | not yet calculated | CVE-2022-0332 MISC MISC |
moodle — moodle |
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The “delete badge alignment” functionality did not include the necessary token check to prevent a CSRF risk. | 2022-01-25 | not yet calculated | CVE-2022-0335 MISC MISC |
moodle — moodle |
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events. | 2022-01-25 | not yet calculated | CVE-2022-0333 MISC MISC |
moodle — moodle |
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability. | 2022-01-25 | not yet calculated | CVE-2022-0334 MISC MISC |
moxa — tn-5900_devices |
The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage. | 2022-01-26 | not yet calculated | CVE-2021-46560 MISC |
moxa — tn-5900_devices |
The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection. | 2022-01-26 | not yet calculated | CVE-2021-46559 MISC |
naver — whaler |
A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs. | 2022-01-28 | not yet calculated | CVE-2022-24071 CONFIRM |
net/packet/af_packet.c — net/packet/af_packet.c |
A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 | 2022-01-26 | not yet calculated | CVE-2021-22600 MISC |
netgear — routers |
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13313. | 2022-01-25 | not yet calculated | CVE-2021-34865 MISC MISC |
netgear — routers |
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 1.0.0.52_1.0.38 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP messages. The issue results from a lack of authentication required for a privileged request. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13325. | 2022-01-25 | not yet calculated | CVE-2021-34870 MISC MISC |
netgear — routers |
This vulnerability allows local attackers to disclose sensitive information on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TeamViewer service. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated array. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-13818. | 2022-01-24 | not yet calculated | CVE-2021-35005 N/A N/A |
nextcloud — android |
The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. An issue in versions prior to 3.17.1 may lead to sensitive information disclosure. An unauthorized app that does not have the otherwise required `MANAGE_DOCUMENTS` permission may view image thumbnails for images it does not have permission to view. Version 3.17.1 contains a patch. There are no known workarounds. | 2022-01-26 | not yet calculated | CVE-2021-41166 MISC MISC CONFIRM MISC |
nextcloud — android_app |
The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the providers `FileContentProvider` and `DiskLruImageCacheFileProvider` have security issues (an SQL injection, and an insufficient permission control, respectively) that allow malicious apps in the same device to access Nextcloud’s data bypassing the permission control system. Users should upgrade to version 3.18.1 to receive a patch. There are no known workarounds aside from upgrading. | 2022-01-25 | not yet calculated | CVE-2021-43863 CONFIRM MISC MISC |
nginx — controller_api_management |
On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the “user” or “admin” role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-01-25 | not yet calculated | CVE-2022-23008 MISC |
npm — simple-get |
Exposure of Sensitive Information to an Unauthorized Actor in NPM simple-get prior to 4.0.1. | 2022-01-26 | not yet calculated | CVE-2022-0355 MISC CONFIRM |
oneblog — oneblog |
OneBlog <= 2.2.8 is vulnerable to Insecure Permissions. Low level administrators can delete high-level administrators beyond their authority. | 2022-01-25 | not yet calculated | CVE-2021-46085 MISC |
openssl — openssl |
There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb). | 2022-01-28 | not yet calculated | CVE-2021-4160 CONFIRM CONFIRM CONFIRM CONFIRM |
opensuse — backports |
A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects: openSUSE Backports SLE-15-SP3 watchman versions prior to 4.9.0. openSUSE Factory watchman versions prior to 4.9.0-9.1. | 2022-01-26 | not yet calculated | CVE-2022-21944 CONFIRM |
parallels — desktop | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an uncontrolled memory allocation. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13797. | 2022-01-25 | not yet calculated | CVE-2021-34869 MISC MISC |
parallels — desktop | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an uncontrolled memory allocation. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13712. | 2022-01-25 | not yet calculated | CVE-2021-34868 MISC MISC |
parallels — desktop |
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an uncontrolled memory allocation. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13672. | 2022-01-25 | not yet calculated | CVE-2021-34867 MISC MISC |
pega — pega |
Forgotten password reset functionality for local accounts can be used to bypass local authentication checks. | 2022-01-28 | not yet calculated | CVE-2021-27654 MISC |
pfsense — pfsense |
/usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST[‘pkg_filter’] in a PHP echo call. | 2022-01-26 | not yet calculated | CVE-2022-23993 MISC |
pimcore — pimcore |
Cross-site Scripting (XSS) – Stored in Packagist pimcore/pimcore prior to 10.2. | 2022-01-27 | not yet calculated | CVE-2022-0348 CONFIRM MISC |
pimcore — pimcore |
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.2.10. | 2022-01-26 | not yet calculated | CVE-2022-0251 CONFIRM MISC |
piwigo — piwigo |
Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmt_rand in order to generate password reset tokens. mt_rand output can be predicted after recovering the seed used to generate it. This low an unauthenticated attacker to take over an account providing they know an administrators email address in order to be able to request password reset. | 2022-01-28 | not yet calculated | CVE-2016-3735 MISC MISC MISC |
pjsip — pjsip |
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the `master` branch. There are no known workarounds. | 2022-01-27 | not yet calculated | CVE-2022-21722 CONFIRM MISC |
pjsip — pjsip |
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds. | 2022-01-27 | not yet calculated | CVE-2022-21723 CONFIRM MISC |
plone — products.atcontenttypes |
Products.ATContentTypes are the core content types for Plone 2.1 – 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the image_view_fullscreen page in a cache, for example in Varnish. The technique is known as cache poisoning. Any later visitor can get redirected when clicking on a link on this page. Usually only anonymous users are affected, but this depends on the user’s cache settings. Version 3.0.6 of Products.ATContentTypes has been released with a fix. This version works on Plone 5.2, Python 2 only. As a workaround, make sure the image_view_fullscreen page is not stored in the cache. More information about the vulnerability and cvmitigation measures is available in the GitHub Security Advisory. | 2022-01-28 | not yet calculated | CVE-2022-23599 MISC CONFIRM |
polkit — polkit |
A local privilege escalation vulnerability was found on polkit’s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn’t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it’ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. | 2022-01-28 | not yet calculated | CVE-2021-4034 MISC MISC MISC MISC |
prestashop — prestashop |
PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds. | 2022-01-26 | not yet calculated | CVE-2022-21686 MISC CONFIRM MISC |
protocol_buffers — protocol_buffers |
Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file’s name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater. | 2022-01-26 | not yet calculated | CVE-2021-22570 CONFIRM |
pypi — calibreweb |
Cross-site Scripting (XSS) – Reflected in Pypi calibreweb prior to 0.6.16. | 2022-01-28 | not yet calculated | CVE-2022-0352 MISC CONFIRM |
qemu — qemu |
A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it’s not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node. | 2022-01-25 | not yet calculated | CVE-2021-4145 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzPreset param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44387 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetIsp param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44376 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. StartZoomFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44405 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetAutoFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44373 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetIsp param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44393 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetDevName param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44365 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetUpnp param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44367 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNetPort param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44368 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNtp param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44369 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetFtp param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44370 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Format param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44390 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetEnc param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44391 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetImage param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44392 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetLocalLink param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44372 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzPatrol param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44386 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. rtmp=stop param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44398 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzPreset param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44399 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzPatrol param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44400 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetEmail param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44371 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMask param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44395 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Preview param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44396 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. rtmp=start param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44397 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot.SetIrLights param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44382 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetAutoUpgrade param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44383 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44385 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPowerLed param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44381 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPush param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44363 MISC |
reolink — rlc-410w | An information disclosure vulnerability exists due to a web server misconfiguration in the Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2022-21236 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAbility param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44389 MISC |
reolink — rlc-410w | A memory corruption vulnerability exists in the netserver parse_command_list functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2022-21796 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the netserver recv_command functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to a reboot. An attacker can send a malicious packet to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2022-21801 MISC |
reolink — rlc-410w | An out-of-bounds write vulnerability exists in the device TestEmail functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2022-21217 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetCloudSchedule param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44362 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetTime param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44380 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetCrop param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44359 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNorm param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44360 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Set3G param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44361 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Login param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44388 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetRec param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44358 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetWifi param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44364 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44402 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzTattern param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44403 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetZoomFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44404 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetAutoMaint param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44379 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAutoFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44406 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestEmail param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44407 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetImage param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44377 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetMask param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44374 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetEnc param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44378 MISC |
reolink — rlc-410w | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. PtzCtrl param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44401 MISC |
reolink — rlc-410w |
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [4] the dns_data->dns1 variable, that has the value of the dns1 parameter provided through the SetLocal API, is not validated properly. This would lead to an OS command injection. | 2022-01-28 | not yet calculated | CVE-2021-40410 MISC |
reolink — rlc-410w |
An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. All the Get APIs that are not included in cgi_check_ability are already executable by any logged-in users. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-40416 MISC |
reolink — rlc-410w |
An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The SetMdAlarm API sets the movement detection parameters, giving the ability to set the sensitivity of the camera per a range of hours, and which of the camera spaces to ignore when considering movement detection. Because in cgi_check_ability the SetMdAlarm API does not have a specific case, the user permission will default to 7. This will give non-administrative users the possibility to change the movement detection parameters. | 2022-01-28 | not yet calculated | CVE-2021-40414 MISC |
reolink — rlc-410w |
An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The UpgradePrepare is the API that checks if a provided filename identifies a new version of the RLC-410W firmware. If the version is new, it would be possible, allegedly, to later on perform the Upgrade. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-40413 MISC |
reolink — rlc-410w |
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [6] the dns_data->dns2 variable, that has the value of the dns2 parameter provided through the SetLocalLink API, is not validated properly. This would lead to an OS command injection. | 2022-01-28 | not yet calculated | CVE-2021-40411 MISC |
reolink — rlc-410w |
An authentication bypass vulnerability exists in the cgiserver.cgi Login functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-40404 MISC |
reolink — rlc-410w |
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->password variable, that has the value of the password parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. | 2022-01-28 | not yet calculated | CVE-2021-40409 MISC |
reolink — rlc-410w |
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->username variable, that has the value of the userName parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. | 2022-01-28 | not yet calculated | CVE-2021-40408 MISC |
reolink — rlc-410w |
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->domain variable, that has the value of the domain parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-40407 MISC |
reolink — rlc-410w |
A denial of service vulnerability exists in the cgiserver.cgi session creation functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to prevent users from logging in. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-40406 MISC |
reolink — rlc-410w |
An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. In cgi_check_ability the Format API does not have a specific case, the user permission will default to 7. This will give non-administrative users the possibility to format the SD card and reboot the device. | 2022-01-28 | not yet calculated | CVE-2021-40415 MISC |
reolink — rlc-410w |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzTattern param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44384 MISC |
reolink — rlc-410w |
A denial of service vulnerability exists in the cgiserver.cgi API command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of HTTP requests can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-40423 MISC |
reolink — rlc-410w |
A firmware update vulnerability exists in the ‘factory’ binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-40419 MISC |
reolink — rlc-410w |
An OScommand injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [8] the devname variable, that has the value of the name parameter provided through the SetDevName API, is not validated properly. This would lead to an OS command injection. | 2022-01-28 | not yet calculated | CVE-2021-40412 MISC |
reolink — rlc-410w |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Search param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44411 MISC |
reolink — rlc-410w |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44419 MISC |
reolink — rlc-410w |
A firmware update vulnerability exists in the "update" firmware checks functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2022-21134 MISC |
reolink — rlc-410w |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. DelUser param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44414 MISC |
reolink — rlc-410w |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdState param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44418 MISC |
reolink — rlc-410w |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44417 MISC |
reolink — rlc-410w |
An information disclosure vulnerability exists due to the hardcoded TLS key of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2022-21199 MISC |
reolink — rlc-410w |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Disconnect param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44416 MISC |
reolink — rlc-410w |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetRec param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44412 MISC |
reolink — rlc-410w |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestFtp param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44408 MISC |
reolink — rlc-410w |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestWifi param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44409 MISC |
reolink — rlc-410w |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. UpgradePrepare param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44410 MISC |
reolink — rlc-410w |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. AddUser param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44413 MISC |
reolink — rlc-410w |
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. ModifyUser param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 2022-01-28 | not yet calculated | CVE-2021-44415 MISC |
schneider_electric — ecostruxure_power_monitoring_expert |
A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22826. Affected Product: EcoStruxure? Power Monitoring Expert 9.0 and prior versions | 2022-01-28 | not yet calculated | CVE-2021-22827 MISC |
schneider_electric — ecostruxure_power_monitoring_expert |
A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22827. Affected Product: EcoStruxure? Power Monitoring Expert 9.0 and prior versions | 2022-01-28 | not yet calculated | CVE-2021-22826 MISC |
schneider_electric — eurotherm_guicon | A CWE-125:Out-of-Bounds Read vulnerability exists that could cause unintended data disclosure when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and prior | 2022-01-28 | not yet calculated | CVE-2021-22809 MISC |
schneider_electric — eurotherm_guicon | A CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and prior | 2022-01-28 | not yet calculated | CVE-2021-22808 MISC |
schneider_electric — eurotherm_guicon |
A CWE-787: Out-of-bounds Write vulnerability exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and prior | 2022-01-28 | not yet calculated | CVE-2021-22807 MISC |
schneider_electric — multiple_evlink_products | A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) | 2022-01-28 | not yet calculated | CVE-2021-22819 MISC |
schneider_electric — multiple_evlink_products | A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his password. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) | 2022-01-28 | not yet calculated | CVE-2021-22820 MISC |
schneider_electric — multiple_evlink_products |
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) | 2022-01-28 | not yet calculated | CVE-2021-22818 MISC |
schneider_electric — multiple_evlink_products |
A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) | 2022-01-28 | not yet calculated | CVE-2021-22725 MISC |
schneider_electric — multiple_evlink_products |
A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that could cause the station web server to forward requests to unintended network targets when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) | 2022-01-28 | not yet calculated | CVE-2021-22821 MISC |
schneider_electric — multiple_evlink_products |
A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) | 2022-01-28 | not yet calculated | CVE-2021-22724 MISC |
schneider_electric — multiple_evlink_products |
A CWE-79 Improper Neutralization of Input During Web Page Generation (?Cross-site Scripting?) vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) | 2022-01-28 | not yet calculated | CVE-2021-22822 MISC |
schneider_electric — network_management_cards | A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches – AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier) | 2022-01-28 | not yet calculated | CVE-2021-22815 MISC |
schneider_electric — network_management_cards | A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches – AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier) | 2022-01-28 | not yet calculated | CVE-2021-22814 MISC |
schneider_electric — network_management_cards |
A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches – AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier) | 2022-01-28 | not yet calculated | CVE-2021-22811 MISC |
schneider_electric — network_management_cards |
A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches – AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier) | 2022-01-28 | not yet calculated | CVE-2021-22810 MISC |
schneider_electric — network_management_cards |
A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to an edit policy file. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches – AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier) | 2022-01-28 | not yet calculated | CVE-2021-22813 MISC |
schneider_electric — network_management_cards |
A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches – AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier) | 2022-01-28 | not yet calculated | CVE-2021-22812 MISC |
schneider_electric — rack_pdu_products |
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could allow an attacker to access the system with elevated privileges when a privileged account clicks on a malicious URL that compromises the security token. Affected Products: AP7xxxx and AP8xxx with NMC2 (V6.9.6 or earlier), AP7xxx and AP8xxx with NMC3 (V1.1.0.3 or earlier), and APDU9xxx with NMC3 (V1.0.0.28 or earlier) | 2022-01-28 | not yet calculated | CVE-2021-22825 MISC |
schneider_electric — scadapack_300e_series_rtu |
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a Denial of Service of the RTU when receiving a specially crafted request over Modbus, and the RTU is configured as a Modbus server. Affected Products: SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E and 357E RTUs with firmware V8.18.1 and prior | 2022-01-28 | not yet calculated | CVE-2021-22816 MISC |
schneider_electric — software_update |
A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric Software Update, V2.3.0 through V2.5.1 | 2022-01-28 | not yet calculated | CVE-2021-22799 MISC |
sharpziplib — sharpziplib | SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that `_baseDirectory` ends with slash. If the _baseDirectory is not slash terminated like `/home/user/dir` it is possible to create a file with a name thats begins as the destination directory one level up from the directory, i.e. `/home/user/dir.sh`. Because of the file name and destination directory constraints, the arbitrary file creation impact is limited and depends on the use case. Version 1.3.3 fixed this vulnerability. | 2022-01-26 | not yet calculated | CVE-2021-32842 MISC CONFIRM |
sharpziplib — sharpziplib | SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destination file is under destination directory. However, it is not enforced that `destDir` ends with slash. If the `destDir` is not slash terminated like `/home/user/dir` it is possible to create a file with a name thats begins with the destination directory, i.e. `/home/user/dir.sh`. Because of the file name and destination directory constraints, the arbitrary file creation impact is limited and depends on the use case. Version 1.3.3 contains a patch for this vulnerability. | 2022-01-26 | not yet calculated | CVE-2021-32841 MISC MISC CONFIRM |
sharpziplib — sharpziplib |
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in version 1.3.3. | 2022-01-26 | not yet calculated | CVE-2021-32840 MISC MISC CONFIRM |
showdoc — showdoc |
SQL Injection in Packagist showdoc/showdoc prior to 2.10.3. | 2022-01-26 | not yet calculated | CVE-2022-0362 CONFIRM MISC |
silabs — micrium_os_common |
An issue was discovered in lib_mem.c in Micrium uC/OS uC/LIB 1.38.x and 1.39.00. The following memory allocation functions do not check for integer overflow when allocating a pool whose size exceeds the address space: Mem_PoolCreate, Mem_DynPoolCreate, and Mem_DynPoolCreateHW. Because these functions use multiplication to calculate the pool sizes, the operation may cause an integer overflow if the arguments are large enough. The resulting memory pool will be smaller than expected and may be exploited by an attacker. | 2022-01-24 | not yet calculated | CVE-2021-26706 MISC MISC MISC |
single_connect — single_connect |
Single Connect does not perform an authorization check when using the “sc-diagnostic-ui” module. A remote attacker could exploit this vulnerability to access the device information page. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information. | 2022-01-27 | not yet calculated | CVE-2021-44794 CONFIRM |
single_connect — single_connect |
Single Connect does not perform an authorization check when using the sc-reports-ui” module. A remote attacker could exploit this vulnerability to access the device configuration page and export the data to an external file. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information including the database credentials. Since the database runs with high privileges it is possible to execute commands with the attained credentials. | 2022-01-27 | not yet calculated | CVE-2021-44793 CONFIRM |
single_connect — single_connect |
Single Connect does not perform an authorization check when using the “log-monitor” module. A remote attacker could exploit this vulnerability to access the logging interface. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information. | 2022-01-27 | not yet calculated | CVE-2021-44792 CONFIRM |
single_connect — single_connect |
Single Connect does not perform an authorization check when using the “sc-assigned-credential-ui” module. A remote attacker could exploit this vulnerability to modify users permissions. The exploitation of this vulnerability might allow a remote attacker to delete permissions from other users without authenticating. | 2022-01-27 | not yet calculated | CVE-2021-44795 CONFIRM |
solana-labs — rbpf |
From version 0.2.14 to 0.2.16 for Solana rBPF, function “relocate” in the file src/elf.rs has an integer overflow bug because the sym.st_value is read directly from ELF file without checking. If the sym.st_value is rather large, an integer overflow is triggered while calculating the variable “addr” via “addr = (sym.st_value + refd_pa) as u64”; | 2022-01-27 | not yet calculated | CVE-2021-46102 MISC MISC MISC MISC |
sourcecodester — banking_system |
SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username or password field. | 2022-01-24 | not yet calculated | CVE-2021-41659 MISC |
sourcecodester — gadet_works_online_ordering_system |
A Cross Site Scripting (XSS) vulnerabilty exists in Sourcecodester Gadget Works Online Ordering System in PHP/MySQLi 1.0 via the Category parameter in an add function in category/index.php. | 2022-01-28 | not yet calculated | CVE-2021-34073 MISC |
sourcecodester — hospitals_patient_records_management_system | A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Hospital’s Patient Records Management System 1.0 via the description parameter in room_types. | 2022-01-26 | not yet calculated | CVE-2022-22850 MISC MISC |
sourcecodester — hospitals_patient_records_management_system |
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Hospital’s Patient Records Management System 1.0 via the specialization parameter in doctors.php | 2022-01-26 | not yet calculated | CVE-2022-22851 MISC MISC |
sourcecodester — hospitals_patient_records_management_system |
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Hospital’s Patient Records Management System 1.0 via the description parameter in room_list. | 2022-01-26 | not yet calculated | CVE-2022-22852 MISC MISC |
sourcecodester — mobile_shop_system |
An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2) LoginAsAdmin.php. | 2022-01-28 | not yet calculated | CVE-2020-25905 MISC |
sourcecodester — patient_appointment_scheduler_system |
SQL injection vulnerability in Sourcecodester Patient Appointment Scheduler System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password fields to login.php. | 2022-01-24 | not yet calculated | CVE-2021-41660 MISC |
sourcecodester — simple_chatbot_application |
An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 via the message parameter in Master.php. | 2022-01-27 | not yet calculated | CVE-2021-46427 MISC MISC |
sourcecodester — simple_chatbot_application |
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 ( and previous versions via the bot_avatar parameter in SystemSettings.php. | 2022-01-27 | not yet calculated | CVE-2021-46428 MISC MISC |
sourcecodester — simple_cold_storage_management_system |
An SQL Injection vulnerability exists in Sourcecodester Simple Cold Storage Management System using PHP/OOP 1.0 via the username field in login.php. | 2022-01-28 | not yet calculated | CVE-2021-45435 MISC |
sourcecodester — the_electric_billing_management_system |
Cross Site Scripting (XSS) in Sourcecodester The Electric Billing Management System 1.0 by oretnom23, allows attackers to execute arbitrary code via the about page. | 2022-01-24 | not yet calculated | CVE-2021-41929 MISC |
spip — spip | SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users (stored XSS). | 2022-01-26 | not yet calculated | CVE-2021-44118 MISC MISC MISC |
spip — spip | SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes to the public site and wants to read the author’s information, the malicious code will be executed. The “Who are you” and “Website Name” fields are vulnerable. | 2022-01-26 | not yet calculated | CVE-2021-44120 MISC |
spip — spip | SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a visitor must visit a malicious website which redirects to the SPIP website. It is also possible to combine XSS vulnerabilities in SPIP 4.0.0 to exploit it. The vulnerability allows an authenticated attacker to execute malicious code without the knowledge of the user on the website (CSRF). | 2022-01-26 | not yet calculated | CVE-2021-44122 MISC |
spip — spip |
SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to execute it. | 2022-01-26 | not yet calculated | CVE-2021-44123 MISC |
stormshield — stormshield_network_security |
An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections. | 2022-01-27 | not yet calculated | CVE-2021-28096 MISC |
suitecrm — suitecrm |
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution. | 2022-01-28 | not yet calculated | CVE-2021-45899 MISC MISC |
suitecrm — suitecrm |
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution. | 2022-01-28 | not yet calculated | CVE-2021-45897 MISC MISC |
suitecrm — suitecrm |
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion. | 2022-01-28 | not yet calculated | CVE-2021-45898 MISC MISC |
synametrics — synaman |
An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string. | 2022-01-27 | not yet calculated | CVE-2022-22828 MISC MISC |
synel — eharmony_authenticated__blind_and_stored_xss |
SYNEL – eharmony Authenticated Blind & Stored XSS. Inject JS code into the “comments” field could lead to potential stealing of cookies, loading of HTML tags and JS code onto the system. | 2022-01-28 | not yet calculated | CVE-2022-22791 MISC |
synel — eharmony_directory_traversal |
SYNEL – eharmony Directory Traversal. Directory Traversal – is an attack against a server or a Web application aimed at unauthorized access to the file system. on the “Name” parameter the attacker can return to the root directory and open the host file. The path exposes sensitive files that users upload | 2022-01-28 | not yet calculated | CVE-2022-22790 MISC |
tenda — multiple_devices |
Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE. | 2022-01-28 | not yet calculated | CVE-2021-44971 MISC MISC MISC |
tightvnc– tightvnc |
In TightVNC 1.3.10, there is an integer signedness error and resultant heap-based buffer overflow in InitialiseRFBConnection in rfbproto.c (for the vncviewer component). There is no check on the size given to malloc, e.g., -1 is accepted. This allocates a chunk of size zero, which will give a heap pointer. However, one can send 0xffffffff bytes of data, which can have a DoS impact or lead to remote code execution. | 2022-01-26 | not yet calculated | CVE-2022-23967 MISC MISC |
ultimate_reviews — ultimate_reviews |
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in Ultimate Reviews WordPress plugin (versions <= 3.0.15). | 2022-01-28 | not yet calculated | CVE-2022-23979 CONFIRM CONFIRM |
unisys — o2_2200_messaging_integration_services |
Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm. An LDAP password is not properly validated. | 2022-01-24 | not yet calculated | CVE-2021-43394 MISC |
varnish — cache |
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections. | 2022-01-26 | not yet calculated | CVE-2022-23959 MISC MISC |
vercel — next.js |
Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom server and the built-in i18n support. Deployments on Vercel, along with similar environments where invalid requests are filtered before reaching Next.js, are not affected. A patch has been released, `[email protected]`, that mitigates this issue. As a workaround, one may ensure `/${locale}/_next/` is blocked from reaching the Next.js instance until it becomes feasible to upgrade. | 2022-01-28 | not yet calculated | CVE-2022-21721 MISC CONFIRM MISC |
veridiumid — veridiumad |
An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text contained in the push notification can also be modified. If a user who receives the notification accepts it, then the user who triggered the notification can obtain the accepting user’s login certificate. | 2022-01-28 | not yet calculated | CVE-2021-42791 MISC MISC MISC |
vim — vim |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | 2022-01-26 | not yet calculated | CVE-2022-0359 CONFIRM MISC |
vim — vim |
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | 2022-01-26 | not yet calculated | CVE-2022-0368 CONFIRM MISC |
vim — vim |
Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. | 2022-01-25 | not yet calculated | CVE-2022-0351 MISC CONFIRM |
vim — vim |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | 2022-01-26 | not yet calculated | CVE-2022-0361 CONFIRM MISC |
vim — vim |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | 2022-01-28 | not yet calculated | CVE-2022-0392 MISC CONFIRM |
vim — vim |
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | 2022-01-28 | not yet calculated | CVE-2022-0393 CONFIRM MISC |
vmware — workstation_and_horizon_client_for_windows |
VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font parser. A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed. | 2022-01-28 | not yet calculated | CVE-2022-22938 MISC |
western_digital — my_cloud_devices |
A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input. | 2022-01-28 | not yet calculated | CVE-2022-22992 MISC |
western_digital — my_cloud_devices |
A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. The vulnerability was addressed by creating a whitelist for valid parameters. | 2022-01-28 | not yet calculated | CVE-2022-22993 MISC |
western_digital — my_cloud_devices |
A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an unsecured HTTP call. This was a result insufficient verification of calls to the device. The vulnerability was addressed by disabling checks for internet connectivity using HTTP. | 2022-01-28 | not yet calculated | CVE-2022-22994 MISC |
wp_google_map — wp_google_map |
The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin (versions <= 1.8.0) allows authenticated low-role users to create, edit, and delete maps. | 2022-01-25 | not yet calculated | CVE-2021-45729 CONFIRM CONFIRM |
xen — xen |
A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unmapping of such a mapping can be requested in two steps. The reference count for such a mapping would then mistakenly be decremented twice. Underflow of the counters gets detected, resulting in the triggering of a hypervisor bug check. | 2022-01-25 | not yet calculated | CVE-2022-23034 MISC |
xen — xen |
arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if the entry doesn’t have the valid bit set. It is possible to have a valid pagetable entry without the valid bit set when a guest operating system uses set/way cache maintenance instructions. For instance, a guest issuing a set/way cache maintenance instruction, then calling the XENMEM_decrease_reservation hypercall to give back memory pages to Xen, might be able to retain access to those pages even after Xen started reusing them for other purposes. | 2022-01-25 | not yet calculated | CVE-2022-23033 MISC |
xen — xen |
Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest’s use of the device. In the case where an interrupt is not quiescent yet at the time this cleanup gets invoked, the cleanup attempt may be scheduled to be retried. When multiple interrupts are involved, this scheduling of a retry may get erroneously skipped. At the same time pointers may get cleared (resulting in a de-reference of NULL) and freed (resulting in a use-after-free), while other code would continue to assume them to be valid. | 2022-01-25 | not yet calculated | CVE-2022-23035 MISC |
xerox — versalink |
Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing is restarted as soon as the boot process finishes. However, this boot loop can be resolved by a field technician. The TIFF file must have an incomplete Image Directory. Affected firmware versions include xx.42.01 and xx.50.61. NOTE: the 2022-01-24 NeoSmart article included “believed to affect all previous and later versions as of the date of this posting” but a 2022-01-26 vendor statement reports “the latest versions of firmware are not vulnerable to this issue.” | 2022-01-26 | not yet calculated | CVE-2022-23968 MISC MISC |
xzs-mysql — xzs-mysql |
xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The front end of this open source system is an online examination system. There is an unsafe vulnerability in the functional method of submitting examination papers. An attacker can use burpuite to modify parameters in the packet to destroy real data. | 2022-01-25 | not yet calculated | CVE-2021-46086 MISC |
yzmcms — yzmcms | YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSRF) via the component /yzmcms/comment/index/init.html. | 2022-01-28 | not yet calculated | CVE-2022-23888 MISC |
yzmcms — yzmcms | YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily delete user accounts via /admin/admin_manage/delete. | 2022-01-28 | not yet calculated | CVE-2022-23887 MISC |
yzmcms — yzmcms |
The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments. | 2022-01-28 | not yet calculated | CVE-2022-23889 MISC |
zabbix — zabbix |
Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution (RCE). Any user with the “Zabbix Admin” role is able to run custom shell script on the application server in the context of the application user. | 2022-01-27 | not yet calculated | CVE-2021-46088 MISC |
zfaka — zfaka |
A SQL injection vulnerability exists in ZFAKA<=1.43 which an attacker can use to complete SQL injection in the foreground and add a background administrator account. | 2022-01-28 | not yet calculated | CVE-2022-22294 MISC MISC |
zip-local — zip-local |
The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) which can lead to an extraction of a crafted file outside the intended extraction directory. | 2022-01-28 | not yet calculated | CVE-2021-23484 MISC MISC MISC |
zoho — manageengine_desktop_central |
Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user’s login password. | 2022-01-28 | not yet calculated | CVE-2022-23863 CONFIRM |
zoho — manageengine_servicedesk_plus |
A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code. | 2022-01-27 | not yet calculated | CVE-2021-46065 MISC MISC |
zulip — zulip |
Zulip is an open-source team collaboration tool. Zulip Server installs RabbitMQ for internal message passing. In versions of Zulip Server prior to 4.9, the initial installation (until first reboot, or restart of RabbitMQ) does not successfully limit the default ports which RabbitMQ opens; this includes port 25672, the RabbitMQ distribution port, which is used as a management port. RabbitMQ’s default “cookie” which protects this port is generated using a weak PRNG, which limits the entropy of the password to at most 36 bits; in practicality, the seed for the randomizer is biased, resulting in approximately 20 bits of entropy. If other firewalls (at the OS or network level) do not protect port 25672, a remote attacker can brute-force the 20 bits of entropy in the “cookie” and leverage it for arbitrary execution of code as the rabbitmq user. They can also read all data which is sent through RabbitMQ, which includes all message traffic sent by users. Version 4.9 contains a patch for this vulnerability. As a workaround, ensure that firewalls prevent access to ports 5672 and 25672 from outside the Zulip server. | 2022-01-25 | not yet calculated | CVE-2021-43799 CONFIRM MISC MISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.