US-CERT Bulletin (SB22-171):Vulnerability Summary for the Week of June 13, 2022
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
citrix — application_delivery_management | Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted. | 2022-06-16 | 7.8 | CVE-2022-27511 MISC |
convert-svg_project — convert-svg | The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file. | 2022-06-10 | 7.5 | CVE-2022-24278 CONFIRM CONFIRM CONFIRM CONFIRM |
dell — supportassist_for_business_pcs | Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system. | 2022-06-10 | 7.2 | CVE-2022-29092 CONFIRM |
dell — supportassist_for_business_pcs | Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system. | 2022-06-10 | 7.6 | CVE-2022-29095 CONFIRM |
dynamicvision — dynamicmarkt | dynamicMarkt <= 3.10 is affected by SQL injection in the parent parameter of index.php. | 2022-06-10 | 7.5 | CVE-2021-41754 MISC MISC |
dynamicvision — dynamicmarkt | dynamicMarkt <= 3.10 is affected by SQL injection in the kat1 parameter of index.php. | 2022-06-10 | 7.5 | CVE-2021-41755 MISC MISC |
dynamicvision — dynamicmarkt | dynamicMarkt <= 3.10 is affected by SQL injection in the kat parameter of index.php. | 2022-06-10 | 7.5 | CVE-2021-41756 MISC MISC |
gatsbyjs — gatsby | The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible when passing input in both webpack (MDX files in src/pages or MDX file imported as a component in frontend / React code) and data mode (querying MDX nodes via GraphQL). Workaround: If an older version of gatsby-plugin-mdx must be used, input passed into the plugin should be sanitized ahead of processing. | 2022-06-10 | 7.5 | CVE-2022-25863 CONFIRM CONFIRM CONFIRM CONFIRM |
git-promise_project — git-promise | All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this package. **Note:** Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue. | 2022-06-10 | 7.5 | CVE-2022-24376 CONFIRM CONFIRM |
huawei — cv81-wdm_firmware | There is a buffer overflow vulnerability in CV81-WDM FW 01.70.49.29.46. Successful exploitation of this vulnerability may lead to privilege escalation. | 2022-06-13 | 10 | CVE-2022-29797 MISC |
huawei — cv81-wdm_firmware | There is a denial of service vulnerability in CV81-WDM FW versions 01.70.49.29.46. Successful exploitation could cause denial of service. | 2022-06-13 | 7.8 | CVE-2022-29798 MISC |
huawei — flmg-10_firmware | There is an improper authentication vulnerability in FLMG-10 10.0.1.0(H100SP22C00). Successful exploitation of this vulnerability may lead to a control of the victim device. | 2022-06-13 | 7.2 | CVE-2022-22259 MISC |
ideaco — idealms | IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID= pathname. | 2022-06-10 | 7.5 | CVE-2022-31788 MISC MISC |
iqonic — kivicare | The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users | 2022-06-13 | 7.5 | CVE-2022-0786 MISC |
memberhero — member_hero | The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments. | 2022-06-13 | 7.5 | CVE-2022-0885 MISC |
nystudio107 — seomatic | In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution. | 2022-06-12 | 7.5 | CVE-2021-41749 MISC MISC |
phplist — phplist | A vulnerability was found in PHPList 3.2.6 and classified as critical. This issue affects some unknown processing of the file /lists/index.php of the component Edit Subscription. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. | 2022-06-10 | 7.5 | CVE-2017-20029 MISC MISC |
phplist — phplist | A vulnerability was found in PHPList 3.2.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Subscription. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. | 2022-06-10 | 7.5 | CVE-2017-20032 MISC MISC |
presspage — bestbooks | The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users | 2022-06-13 | 7.5 | CVE-2022-0827 MISC |
realvnc — vnc_server | RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM. | 2022-06-10 | 7.2 | CVE-2022-27502 MISC MISC |
sicunet — access_control | A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been classified as very critical. This affects an unknown part. The manipulation leads to weak authentication. It is possible to initiate the attack remotely. | 2022-06-11 | 7.5 | CVE-2017-20039 N/A N/A |
sicunet — access_control | A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this issue is some unknown functionality of the file card_scan_decoder.php. The manipulation of the argument No/door leads to privilege escalation. The attack may be launched remotely. | 2022-06-11 | 7.5 | CVE-2017-20038 N/A N/A |
tendacn — ac18_firmware | Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac. | 2022-06-14 | 10 | CVE-2022-31446 MISC |
vim — vim | Use After Free in GitHub repository vim/vim prior to 8.2. | 2022-06-10 | 7.5 | CVE-2022-2042 CONFIRM MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
alibaba — fastjson | The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode). | 2022-06-10 | 6.8 | CVE-2022-25845 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
artbees — jupiter_x_core | Vulnerable versions of the JupiterX Theme (<=2.0.6) allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterx_api_ajax_ actions registered by the JupiterX Core Plugin (<=2.0.6). This includes the ability to deactivate arbitrary plugins as well as update the theme’s API key. | 2022-06-13 | 5.5 | CVE-2022-1656 MISC |
axiosys — bento4 | An issue was discovered in Bento4 v1.2. There is an allocation size request error in /Ap4RtpAtom.cpp. | 2022-06-10 | 4.3 | CVE-2022-31287 MISC |
axiosys — bento4 | Bento4 MP4Dump v1.2 was discovered to contain a segmentation violation via an unknown address at /Source/C++/Core/Ap4DataBuffer.cpp:175. | 2022-06-10 | 4.3 | CVE-2022-31282 MISC |
axiosys — bento4 | An issue was discovered in Bento4 1.2. The allocator is out of memory in /Source/C++/Core/Ap4Array.h. | 2022-06-10 | 4.3 | CVE-2022-31285 MISC |
byonepress — social_locker | The OnePress Social Locker WordPress plugin through 5.6.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2022-06-13 | 4.3 | CVE-2022-1608 MISC |
citrix — application_delivery_management | Temporary disruption of the ADM license service. The impact of this includes preventing new licenses from being issued or renewed by Citrix ADM. | 2022-06-16 | 5 | CVE-2022-27512 MISC |
combodo — itop | ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php. | 2022-06-10 | 4.3 | CVE-2022-31402 MISC MISC MISC |
convert-svg-core_project — convert-svg-core | The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file. | 2022-06-10 | 6.8 | CVE-2022-24429 CONFIRM CONFIRM CONFIRM |
couchbase — sync_gateway | An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, the admin credentials provided to the Admin REST API are ignored, resulting in privilege escalation for unauthenticated users. The Public REST API is not impacted by this issue. A workaround is to replace X.509 certificate based authentication with Username and Password authentication inside the bootstrap configuration. | 2022-06-10 | 6.8 | CVE-2022-32563 MISC MISC |
email_users_project — email_users | The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users | 2022-06-13 | 4.3 | CVE-2022-1605 MISC |
enqueue_anything_project — enqueue_anything | The Enqueue Anything WordPress plugin through 1.0.1 does not have authorisation and CSRF checks in the remove_asset AJAX action, and does not ensure that the item to be deleted is actually an asset. As a result, low privilege users such as subscriber could delete arbitrary assets, as well as put arbitrary posts in the trash. | 2022-06-13 | 4 | CVE-2021-25116 MISC |
generex — rccmd | Directory traversal vulnerability in RCCMD 4.26 and earlier allows a remote authenticated attacker with an administrative privilege to read or alter an arbitrary file on the server via unspecified vectors. | 2022-06-13 | 5.5 | CVE-2022-26041 MISC MISC |
gtm4wp — google_tag_manager | The Google Tag Manager for WordPress plugin for WordPress is vulnerable to reflected Cross-Site Scripting via the s parameter due to the site search populating into the data layer of sites with insufficient sanitization in versions up to an including 1.15. The affected file is ~/public/frontend.php and this could be exploited by unauthenticated attackers. | 2022-06-13 | 4.3 | CVE-2022-1707 MISC MISC MISC MISC |
gunet — open_eclass_platform | GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter. | 2022-06-11 | 4.3 | CVE-2021-44266 MISC MISC MISC |
guzzlephp — guzzle | Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Authorization` header on. This is much the same as to how we don’t forward on the header if the host changes. Prior to this fix, `https` to `http` downgrades did not result in the `Authorization` header being removed, only changes to the host. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach which would be to use their own redirect middleware. Alternately users may simply disable redirects all together if redirects are not expected or required. | 2022-06-10 | 5 | CVE-2022-31043 CONFIRM MISC MISC CONFIRM |
guzzlephp — guzzle | Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward the `Cookie` header on. Prior to this fix, only cookies that were managed by our cookie middleware would be safely removed, and any `Cookie` header manually added to the initial request would not be stripped. We now always strip it, and allow the cookie middleware to re-add any cookies that it deems should be there. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach to use your own redirect middleware, rather than ours. If you do not require or expect redirects to be followed, one should simply disable redirects all together. | 2022-06-10 | 5 | CVE-2022-31042 CONFIRM MISC MISC CONFIRM |
hc_custom_wp-admin_url_project — hc_custom_wp-admin_url | The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request | 2022-06-13 | 5 | CVE-2022-1595 MISC |
huawei — harmonyos | The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitation of this vulnerability may affect system availability. | 2022-06-13 | 4.9 | CVE-2022-31763 MISC MISC |
huawei — harmonyos | The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this vulnerability may affect data integrity. | 2022-06-13 | 5 | CVE-2021-46812 MISC MISC |
huawei — magic_ui | Configuration defects in the secure OS module. Successful exploitation of this vulnerability can affect availability. | 2022-06-13 | 5 | CVE-2021-46815 MISC |
huawei — magic_ui | The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability. | 2022-06-13 | 5 | CVE-2021-46814 MISC MISC |
huawei — magic_ui | The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege escalation. | 2022-06-13 | 4.6 | CVE-2022-31762 MISC MISC |
huawei — magic_ui | Logical defects in code implementation in some products. Successful exploitation of this vulnerability may affect the availability of some features. | 2022-06-13 | 5 | CVE-2022-31754 MISC |
huawei — magic_ui | The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability may affect system availability. | 2022-06-13 | 4.9 | CVE-2022-31751 MISC MISC |
huawei — magic_ui | Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality. | 2022-06-13 | 5 | CVE-2022-31761 MISC |
ibm — spectrum_copy_data_management | IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 225887. | 2022-06-10 | 6.8 | CVE-2022-22479 XF CONFIRM |
ibm — spectrum_copy_data_management | IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow a remote attacker to view product configuration information stored in PostgreSQL, which could be used in further attacks against the system. IBM X-Force ID: 228219. | 2022-06-10 | 5 | CVE-2022-31769 XF CONFIRM |
jpeg — libjpeg | There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan. | 2022-06-10 | 4.3 | CVE-2022-32978 MISC MISC |
jpeg-js_project — jpeg-js | The package jpeg-js before 0.4.4 are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return. | 2022-06-10 | 5 | CVE-2022-25851 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
kuroit — advanced_admin_search | The Advanced Admin Search WordPress plugin before 1.1.6 does not sanitize and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting. | 2022-06-13 | 4.3 | CVE-2022-0626 MISC |
latest_tweets_widget_project — latest_tweets_widget | The Latest Tweets Widget WordPress plugin through 1.1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2022-06-13 | 4.3 | CVE-2022-1624 MISC |
lighttpd — lighttpd | Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers. | 2022-06-11 | 5 | CVE-2022-30780 MISC MISC MISC MISC |
likebtn — like_button_rating | The Like Button Rating WordPress plugin before 2.6.45 allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and body | 2022-06-13 | 4 | CVE-2022-0745 MISC |
mailerlite — mailerlite_signup_forms | The MailerLite WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | 2022-06-13 | 4.3 | CVE-2022-1604 MISC |
money_transfer_management_system_project — money_transfer_management_system | A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1.0, which allows a remote malicious user to gain elevated privileges to the Admin role via any URL. | 2022-06-10 | 6.5 | CVE-2021-44582 MISC MISC |
navetti — pricepoint | A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component. | 2022-06-13 | 6.8 | CVE-2017-20045 MISC MISC |
navetti — pricepoint | A vulnerability has been found in Navetti PricePoint 4.6.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection (Blind). The attack can be launched remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component. | 2022-06-13 | 6.5 | CVE-2017-20042 MISC MISC |
netwavepr — indoor_ip_camera_firmware | There is a memory dump vulnerability on Netwave IP camera devices at //proc/kcore that allows an unauthenticated attacker to exfiltrate sensitive information from the network configuration (e.g., username and password). | 2022-06-10 | 5 | CVE-2018-17240 MISC MISC MISC |
nystudio107 — seomatic | A cross-site scripting (XSS) vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName parameter containing an arbitrary filename with the intended content-type to be rendered in the user’s browser as the extension. | 2022-06-12 | 4.3 | CVE-2021-41750 MISC MISC MISC |
octopus — octopus_deploy | In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space. | 2022-06-13 | 4.3 | CVE-2022-2013 MISC |
phplist — phplist | A vulnerability was found in PHPList 3.2.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument sortby with the input password leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. | 2022-06-10 | 4 | CVE-2017-20031 MISC MISC |
phplist — phplist | A vulnerability was found in PHPList 3.2.6. It has been classified as critical. Affected is an unknown function of the file /lists/admin/ of the component Sending Campain. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. | 2022-06-10 | 6.5 | CVE-2017-20030 MISC MISC |
phplist — phplist | A vulnerability classified as problematic has been found in PHPList 3.2.6. This affects an unknown part of the file /lists/admin/. The manipulation of the argument page with the input send\’\”;><script>alert(8)</script> leads to cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. | 2022-06-10 | 4.3 | CVE-2017-20033 MISC MISC |
posix_project — posix | This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with type-check. | 2022-06-10 | 5 | CVE-2022-21211 CONFIRM |
premierethemes — log_wp_mail | The Log WP_Mail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords. | 2022-06-13 | 5 | CVE-2022-1412 MISC |
sicunet — access_control | A vulnerability has been found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument c leads to privilege escalation. The attack can be launched remotely. | 2022-06-11 | 6.5 | CVE-2017-20037 N/A N/A |
simple-membership-plugin — simple_membership | The Simple Membership WordPress plugin before 4.1.1 does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting | 2022-06-13 | 4.3 | CVE-2022-1724 MISC |
thalesgroup — safenet_keysecure | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in SafeNet KeySecure allows an authenticated user to read arbitrary files from the underlying system on which the product is deployed. | 2022-06-10 | 4 | CVE-2021-42811 MISC |
thedaylightstudio — fuel_cms | A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4. | 2022-06-10 | 6.8 | CVE-2021-44117 MISC MISC |
themify — woocommerce_product_filter | Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | 2022-06-13 | 4.3 | CVE-2022-1532 MISC |
usabilitydynamics — wp-crm | The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability. | 2022-06-13 | 6.8 | CVE-2022-1202 MISC |
useful_banner_manager_project — useful_banner_manager | The Useful Banner Manager WordPress plugin through 1.6.1 does not perform CSRF checks on POST requests to its admin page, allowing an attacker to trick a logged in admin to add, modify or delete banners from the plugin by submitting a form. | 2022-06-13 | 4.3 | CVE-2022-1694 MISC |
veronalabs — wp_statistics | Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product. | 2022-06-13 | 4.3 | CVE-2022-27231 MISC MISC MISC |
webriti — webriti_smtp_mail | The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2022-06-13 | 4.3 | CVE-2022-1612 MISC |
wp_svg_icons_project — wp_svg_icons | The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution. | 2022-06-13 | 6.5 | CVE-2022-0863 MISC |
xgenecloud — nocodb | Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository nocodb/nocodb prior to 0.91.7+. | 2022-06-13 | 5 | CVE-2022-2062 MISC CONFIRM |
zeroshell — zeroshell | ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands. | 2022-06-11 | 6.5 | CVE-2021-41738 MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
ceikay — carousel_ck | The Carousel CK WordPress plugin through 1.1.0 does not sanitize and escape Slide’s descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed | 2022-06-13 | 3.5 | CVE-2022-1336 MISC |
ceikay — slideshow_ck | The Slideshow CK WordPress plugin before 1.4.10 does not sanitize and escape Slide’s descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed | 2022-06-13 | 3.5 | CVE-2022-1335 MISC |
dell — supportassist_for_business_pcs | Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system. | 2022-06-10 | 3.6 | CVE-2022-29093 CONFIRM |
dell — supportassist_for_business_pcs | Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files on the system. | 2022-06-10 | 3.6 | CVE-2022-29094 CONFIRM |
dolibarr — dolibarr | Cross-site Scripting (XSS) – Stored in GitHub repository dolibarr/dolibarr prior to 16.0. | 2022-06-13 | 3.5 | CVE-2022-2060 MISC CONFIRM |
dwbooster — appointment_hour_booking | The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. | 2022-06-13 | 3.5 | CVE-2022-1710 MISC |
flatcore — flatcore-cms | flatCore-CMS version 2.0.8 is affected by Cross Site Scripting (XSS) in the “Create New Page” option through the index page. | 2022-06-13 | 3.5 | CVE-2021-40902 MISC |
helpdeskz — helpdeskz | A cross-site scripting (XSS) vulnerability in /staff/setup/email-addresses of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field. | 2022-06-13 | 3.5 | CVE-2022-31400 MISC |
helpdeskz — helpdeskz | A cross-site scripting (XSS) vulnerability in /staff/tools/custom-fields of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field. | 2022-06-13 | 3.5 | CVE-2022-31398 MISC |
huawei — magic_ui | AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability. | 2022-06-13 | 2.1 | CVE-2022-31759 MISC MISC |
huawei — magic_ui | The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data confidentiality. | 2022-06-13 | 2.1 | CVE-2022-31756 MISC MISC |
huawei — magic_ui | The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability. | 2022-06-13 | 2.1 | CVE-2022-31755 MISC MISC |
huawei — magic_ui | Missing authorization vulnerability in the system components. Successful exploitation of this vulnerability will affect confidentiality. | 2022-06-13 | 2.1 | CVE-2022-31752 MISC |
ibm — spectrum_copy_data_management | IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 227363. | 2022-06-10 | 3.5 | CVE-2022-30610 XF CONFIRM |
ibm — spectrum_copy_data_management | IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could exploit this vulnerability to bypass authentication and gain unauthorized access to the Spectrum Copy Data Management catalog which contains metadata. IBM X-Force ID: 223718. | 2022-06-10 | 2.1 | CVE-2022-22426 XF CONFIRM |
ibm — spectrum_copy_data_management | IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using some fields of the form in the portal UI to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. IBM X-Force ID: 227364. | 2022-06-10 | 3.5 | CVE-2022-30611 XF CONFIRM |
intelliants — subrion_cms | An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute. | 2022-06-11 | 3.5 | CVE-2021-41502 MISC |
lepin_ep-kp001_project — lepinep-kp001_firmware | Due to an insecure design, the Lepin EP-KP001 flash drive through KP001_V19 is vulnerable to an authentication bypass attack that enables an attacker to gain access to the stored encrypted data. Normally, the encrypted disk partition with this data is unlocked by entering the correct passcode (6 to 14 digits) via the keypad and pressing the Unlock button. This authentication is performed by an unknown microcontroller. By replacing this microcontroller on a target device with one from an attacker-controlled Lepin EP-KP001 whose passcode is known, it is possible to successfully unlock the target device and read the stored data in cleartext. | 2022-06-10 | 2.1 | CVE-2022-29948 MISC FULLDISC |
navetti — pricepoint | A vulnerability was found in Navetti PricePoint 4.6.0.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting (Persistent). The attack may be launched remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component. | 2022-06-13 | 3.5 | CVE-2017-20043 MISC MISC |
navetti — pricepoint | A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been classified as problematic. This affects an unknown part. The manipulation leads to basic cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component. | 2022-06-13 | 3.5 | CVE-2017-20044 MISC MISC |
phplist — phplist | A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting (Persistent). The attack can be initiated remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. | 2022-06-10 | 3.5 | CVE-2017-20034 MISC MISC |
phplist — phplist | A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting (Persistent). The attack may be initiated remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. | 2022-06-10 | 3.5 | CVE-2017-20035 MISC MISC |
phplist — phplist | A vulnerability, which was classified as problematic, was found in PHPList 3.2.6. Affected is an unknown function of the file /lists/admin/ of the component Bounce Rule. The manipulation leads to cross site scripting (Persistent). It is possible to launch the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. | 2022-06-10 | 3.5 | CVE-2017-20036 MISC MISC |
sicunet — access_control | A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been declared as problematic. This vulnerability affects unknown code of the component Password Storage. The manipulation leads to weak encryption. Attacking locally is a requirement. | 2022-06-11 | 2.1 | CVE-2017-20040 N/A N/A |
ultimatemember — ultimate_member | The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web scripts with HTML encoding that is reflected back on the page. This affects versions up to, and including, 2.3.2. Please note this issue was partially fixed in version 2.3.2 then subsequently fully patched in version 2.3.3. | 2022-06-13 | 3.5 | CVE-2022-1208 MISC MISC MISC |
wp_athletics_project — wp_athletics | The WP Athletics WordPress plugin through 1.1.7 does not sanitize parameters before storing them in the database, nor does it escape the values when outputting them back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability. | 2022-06-13 | 3.5 | CVE-2022-1549 MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe — indesign |
Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-16 | not yet calculated | CVE-2022-30658 MISC |
zzcms — zzcms |
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/dl_sendmail.php (when the attacker has admin authority) via the id parameter. | 2022-06-17 | not yet calculated | CVE-2019-12353 MISC |
1password — agilebits |
An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue allowed a malicious server to convince a 1Password app or integration it is communicating with the 1Password service. | 2022-06-15 | not yet calculated | CVE-2022-32550 MISC |
acunetix — sonatype_nexus_repository_manager |
https://ossindex.sonatype.org/ Sonatype Nexus Repository Manager OSS 3.37.3-02 is affected by: Incorrect Access Control. The impact is: Authentication Bypass (remote). The component is: Admin Panel. The attack vector is: With the help of response manipulation Attacker can bypass the login panel and view the dashboard menus, No user interaction is required. ¶¶ 1. Go to https://nexus.e-goi.com 2. Click on the Sign In button. 3. Enter the password as admin:admin. 4. Intercept the request in Burp Suite. 5. Capture the Response of the Request. 6. Change the Status Code from 403 Forbidden to 200 OK. 7. You will see the dashboard which provides the admin access. | 2022-06-14 | not yet calculated | CVE-2022-31289 MISC MISC |
adaware — protect |
Insecure permissions configuration in Adaware Protect v1.2.439.4251 allows attackers to escalate privileges via changing the service binary path. | 2022-06-16 | not yet calculated | CVE-2022-31464 MISC MISC |
adobe — after_effects |
Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2022-06-15 | not yet calculated | CVE-2021-43755 MISC |
adobe — bridge | Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-15 | not yet calculated | CVE-2022-28843 MISC |
adobe — bridge |
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-15 | not yet calculated | CVE-2022-28847 MISC |
adobe — bridge |
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-15 | not yet calculated | CVE-2022-28844 MISC |
adobe — bridge |
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-15 | not yet calculated | CVE-2022-28850 MISC |
adobe — bridge |
Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-15 | not yet calculated | CVE-2022-28849 MISC |
adobe — bridge |
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-15 | not yet calculated | CVE-2022-28848 MISC |
adobe — bridge |
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-15 | not yet calculated | CVE-2022-28839 MISC |
adobe — bridge |
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-15 | not yet calculated | CVE-2022-28846 MISC |
adobe — bridge |
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-15 | not yet calculated | CVE-2022-28845 MISC |
adobe — bridge |
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-15 | not yet calculated | CVE-2022-28841 MISC |
adobe — bridge |
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-15 | not yet calculated | CVE-2022-28840 MISC |
adobe — bridge |
Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-15 | not yet calculated | CVE-2022-28842 MISC |
adobe — illustrator |
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-15 | not yet calculated | CVE-2022-30668 MISC |
adobe — illustrator |
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-15 | not yet calculated | CVE-2022-30669 MISC |
adobe — illustrator |
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-15 | not yet calculated | CVE-2022-30666 MISC |
adobe — illustrator |
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-15 | not yet calculated | CVE-2022-30667 MISC |
adobe — indesign | Access of Memory Location After End of Buffer (CWE-788 | 2022-06-15 | not yet calculated | CVE-2021-40727 MISC |
adobe — lightroom_classic |
Adobe Lightroom Classic 10.3 (and earlier) are affected by a privilege escalation vulnerability in the Offline Lightroom Classic installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability. | 2022-06-15 | not yet calculated | CVE-2021-40776 MISC |
adobe — media_encoder |
Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. | 2022-06-13 | not yet calculated | CVE-2021-46818 MISC |
adobe — media_encoder |
Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. | 2022-06-13 | not yet calculated | CVE-2021-46817 MISC |
adobe — photoshop |
Adobe Photoshop version 22.5.1 (and earlier versions ) is affected by an Access of Memory Location After End of Buffer vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2022-06-15 | not yet calculated | CVE-2021-42735 MISC |
adobe — prelude |
Adobe Prelude version 22.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2022-06-15 | not yet calculated | CVE-2021-43754 MISC |
adobe — premiere_pro |
Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. | 2022-06-13 | not yet calculated | CVE-2021-46816 MISC |
adobe — animate |
Adobe Animate version 22.0.5 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-16 | not yet calculated | CVE-2022-30664 MISC |
adobe — illustrator | Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-15 | not yet calculated | CVE-2022-30647 MISC |
adobe — illustrator | Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-15 | not yet calculated | CVE-2022-30649 MISC |
adobe — illustrator | Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-15 | not yet calculated | CVE-2022-30648 MISC |
adobe — incopy | Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-16 | not yet calculated | CVE-2022-30656 MISC |
adobe — incopy | Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-16 | not yet calculated | CVE-2022-30655 MISC |
adobe — incopy | Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-16 | not yet calculated | CVE-2022-30652 MISC |
adobe — incopy | Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-16 | not yet calculated | CVE-2022-30651 MISC |
adobe — incopy |
Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-16 | not yet calculated | CVE-2022-30653 MISC |
adobe — incopy |
Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-16 | not yet calculated | CVE-2022-30650 MISC |
adobe — incopy |
Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-16 | not yet calculated | CVE-2022-30657 MISC |
adobe — incopy |
Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-16 | not yet calculated | CVE-2022-30654 MISC |
adobe — indesign | Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-16 | not yet calculated | CVE-2022-30665 MISC |
adobe — indesign | Access of Memory Location After End of Buffer (CWE-788) | 2022-06-15 | not yet calculated | CVE-2021-42732 MISC |
adobe — indesign | Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-16 | not yet calculated | CVE-2022-30661 MISC |
adobe — indesign | Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-16 | not yet calculated | CVE-2022-30663 MISC |
adobe — indesign | Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-16 | not yet calculated | CVE-2022-30662 MISC |
adobe — indesign |
Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-16 | not yet calculated | CVE-2022-30660 MISC |
adobe — indesign |
Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2022-06-15 | not yet calculated | CVE-2021-39820 MISC |
adobe — indesign |
Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-16 | not yet calculated | CVE-2022-30659 MISC |
adobe — media_encoder |
Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-06-15 | not yet calculated | CVE-2021-43756 MISC |
adsk — autodesk |
A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can be used to write beyond the allocated buffer while parsing TIF files. This vulnerability in conjunction with other vulnerabilities could lead to arbitrary code execution. | 2022-06-16 | not yet calculated | CVE-2022-27532 MISC |
adsk — autodesk |
A maliciously crafted TIF file can be forced to read beyond allocated boundaries in Autodesk 3ds Max 2022, and 2021 when parsing the TIF files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-06-16 | not yet calculated | CVE-2022-27531 MISC |
amazon — aws_apache_log4j |
Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. This Hotpatch package is not a replacement for updating to a log4j version that mitigates CVE-2021-44228 or CVE-2021-45046; it provides a temporary mitigation to CVE-2021-44228 by hotpatching the local Java virtual machines. To do so, it iterates through all running Java processes, performs several checks, and executes the Java virtual machine with the same permissions and capabilities as the running process to load the hotpatch. A local user could cause the hotpatch script to execute a binary with elevated privileges by running a custom java process that performs exec() of an SUID binary after the hotpatch has observed the process path and before it has observed its effective user ID. | 2022-06-17 | not yet calculated | CVE-2022-33915 MISC MISC |
amd — processors |
A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure. | 2022-06-15 | not yet calculated | CVE-2022-23823 MISC |
amodat — mobile_application_gateway | attacker needs to craft a SQL payload. the vulnerable parameter is “agentid” must be authenticated to the admin panel. | 2022-06-13 | not yet calculated | CVE-2022-23169 MISC |
amodat — mobile_application_gateway | The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin’– | 2022-06-13 | not yet calculated | CVE-2022-23168 MISC |
amodat — mobile_application_gateway | Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is UNAUTHENTICATED. | 2022-06-13 | not yet calculated | CVE-2022-23167 MISC |
amozing — ariang | AriaNg v0.1.0~v1.2.2 is affected by an incorrect access control vulnerability through not authenticating visitors’ access rights. | 2022-06-15 | not yet calculated | CVE-2021-41418 MISC |
android — windowmanager |
In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when processing user input. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-157929241 | 2022-06-15 | not yet calculated | CVE-2021-39691 MISC |
android — closef |
In closef of label_backends_android.c, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege during startup of servicemanager, if an attacker can trigger an initialization failure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215387420 | 2022-06-15 | not yet calculated | CVE-2021-39806 MISC |
anker — eufy_homebase_2 |
A use-after-free vulnerability exists in the mips_collector appsrv_server functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to remote code execution. The device is exposed to attacks from the network. | 2022-06-17 | not yet calculated | CVE-2022-21806 MISC |
apache — hadoop |
There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher. | 2022-06-13 | not yet calculated | CVE-2021-37404 CONFIRM |
apache — hadoop |
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher. | 2022-06-15 | not yet calculated | CVE-2021-33036 MISC MLIST |
apache– flume |
Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol. | 2022-06-14 | not yet calculated | CVE-2022-25167 CONFIRM CONFIRM MLIST |
apache — nifi |
The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellUserGroupProvider to be one of the enabled User Group Providers in the Authorizers configuration. Command injection also requires an authenticated user with elevated privileges. Apache NiFi requires an authenticated user with authorization to modify access policies in order to execute the command. Apache NiFi Registry requires an authenticated user with authorization to read user groups in order to execute the command. The resolution removes command formatting based on user-provided arguments. | 2022-06-15 | not yet calculated | CVE-2022-33140 MISC MISC |
apple — mobaku-auction&flea_market |
‘Mobaoku-Auction&Flea Market’ App for iOS versions prior to 5.5.16 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack. | 2022-06-14 | not yet calculated | CVE-2022-29482 MISC |
apple — swift-corelibs-foundation |
A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producing a JSON document containing a type mismatch. This vulnerability is caused by the interaction between a deserialization mechanism offered by the Swift standard library, the Codable protocol; and the JSONDecoder class offered by swift-corelibs-foundation, which can deserialize types that adopt the Codable protocol based on the content of a provided JSON document. When a type that adopts Codable requests the initialization of a field with an integer value, the JSONDecoder class uses a type-erased container with different accessor methods to attempt and coerce a corresponding JSON value and produce an integer. In the case the JSON value was a numeric literal with a floating-point portion, JSONDecoder used different type-eraser methods during validation than it did during the final casting of the value. The checked casting produces a deterministic crash due to this mismatch. The JSONDecoder class is often wrapped by popular Swift-based web frameworks to parse the body of HTTP requests and perform basic type validation. This makes the attack low-effort: sending a specifically crafted JSON document during a request to these endpoints will cause them to crash. The attack does not have any confidentiality or integrity risks in and of itself; the crash is produced deterministically by an abort function that ensures that execution does not continue in the face of this violation of assumptions. However, unexpected crashes can lead to violations of invariants in services, so it’s possible that this attack can be used to trigger error conditions that escalate the risk. Producing a denial of service may also be the goal of an attacker in itself. This issue is solved in Swift 5.6.2 for Linux and Windows. This issue was solved by ensuring that the same methods are invoked both when validating and during casting, so that no type mismatch occurs. Swift for Linux and Windows versions are not ABI-interchangeable. To upgrade a service, its owner must update to this version of the Swift toolchain, then recompile and redeploy their software. The new version of Swift includes an updated swift-corelibs-foundation package. Versions of Swift running on Darwin-based operating systems are not affected. | 2022-06-16 | not yet calculated | CVE-2022-1642 MISC |
argo_project — argo |
The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. This could allow arbitrary file reads if the GitArtifactReader is provided a pathname containing a symbolic link or an implicit directory name such as … | 2022-06-17 | not yet calculated | CVE-2022-25856 CONFIRM CONFIRM CONFIRM |
argopro — argo_events |
Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several `HandleRoute` endpoints make use of the deprecated `ioutil.ReadAll()`. `ioutil.ReadAll()` reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server will be able to crash it and cause denial of service. A patch for this vulnerability has been released in Argo Events version 1.7.1. | 2022-06-13 | not yet calculated | CVE-2022-31054 CONFIRM MISC MISC MISC |
asg_technologies — asg-zena_cross_platform_server_enterprise | ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cleartext Storage of Sensitive Information in a Cookie. | 2022-06-17 | not yet calculated | CVE-2021-45025 MISC MISC MISC |
asg_technologies — asg-zena_cross_platform_server_enterprise | ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cross Site Scripting (XSS). | 2022-06-17 | not yet calculated | CVE-2021-45026 MISC MISC MISC |
asg_technologies — asg-zena_cross_platform_server_enterprise | ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to XML External Entity (XXE). | 2022-06-17 | not yet calculated | CVE-2021-45024 MISC MISC MISC |
asus — rt-n53 | ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface. | 2022-06-17 | not yet calculated | CVE-2022-31874 MISC |
av1 — video_extension | AV1 Video Extension Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30167. | 2022-06-15 | not yet calculated | CVE-2022-30193 MISC |
axis_communications — multiple_products | A vulnerability, which was classified as critical, was found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. | 2022-06-15 | not yet calculated | CVE-2017-20049 N/A N/A |
axis_communications — multiple_products | A vulnerability has been found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007 and classified as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended to upgrade the affected component. | 2022-06-15 | not yet calculated | CVE-2017-20050 N/A N/A |
axis_communications — multiple_products |
A vulnerability, which was classified as critical, has been found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. Affected by this issue is some unknown functionality of the component Script Editor. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | 2022-06-15 | not yet calculated | CVE-2017-20048 N/A N/A N/A |
axis_communications — multiple_products |
A vulnerability classified as problematic has been found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. It is recommended to upgrade the affected component. | 2022-06-15 | not yet calculated | CVE-2017-20046 N/A N/A |
axis_communications — multiple_products |
A vulnerability classified as problematic was found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | 2022-06-15 | not yet calculated | CVE-2017-20047 N/A N/A N/A |
bachmann_visutec — atvise |
An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | 2022-06-17 | not yet calculated | CVE-2022-21184 MISC |
bestwebsoft — contact_form_plugin |
A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0.2 is able to address this issue. It is recommended to upgrade the affected component. | 2022-06-16 | not yet calculated | CVE-2017-20055 MISC MISC MISC |
biscuit — biscuit |
Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid ?-signatures. Such an attack would allow an attacker to create a token with any access level. The version 2 of the specification mandates a different algorithm than gamma signatures and as such is not affected by this vulnerability. The Biscuit implementations in Rust, Haskell, Go, Java and Javascript all have published versions following the v2 specification. There are no known workarounds for this issue. | 2022-06-13 | not yet calculated | CVE-2022-31053 CONFIRM MISC |
bitmainer — antminer_monitor |
A vulnerability in Antminer Monitor 0.50.0 exists because of backdoor or misconfiguration inside a settings file in flask server. Settings file has a predefined secret string, which would be randomly generated, however it is static. | 2022-06-17 | not yet calculated | CVE-2021-40903 MISC MISC MISC |
blynk — blynk_library | A stack-based buffer overflow vulnerability exists in the BlynkConsole.h runCommand functionality of Blynk -Library v1.0.1. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability. | 2022-06-17 | not yet calculated | CVE-2022-29496 MISC |
brackeen — brackeen |
ok-file-formats master 2021-9-12 is affected by a buffer overflow in ok_jpg_convert_data_unit_grayscale and ok_jpg_convert_YCbCr_to_RGB. | 2022-06-15 | not yet calculated | CVE-2021-41413 MISC MISC |
broadcom — ca_automic_automation | CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code. | 2022-06-16 | not yet calculated | CVE-2022-33752 MISC |
broadcom — ca_automic_automation | CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data. | 2022-06-16 | not yet calculated | CVE-2022-33751 MISC |
broadcom — ca_automic_automation | CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands. | 2022-06-16 | not yet calculated | CVE-2022-33750 MISC |
broadcom — ca_automic_automation | CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code. | 2022-06-16 | not yet calculated | CVE-2022-33754 MISC |
broadcom — ca_automic_automation | CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users. | 2022-06-16 | not yet calculated | CVE-2022-33755 MISC |
broadcom — ca_automic_automation | CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges. | 2022-06-16 | not yet calculated | CVE-2022-33753 MISC |
broadcom — ca_automic_automation |
CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data. | 2022-06-16 | not yet calculated | CVE-2022-33756 MISC |
broadcom — ca_clarity |
CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system. | 2022-06-16 | not yet calculated | CVE-2022-33739 MISC |
checkmk — debian |
A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped version of the agents, the maintainer scripts located at /var/lib/dpkg/info/ will be owned by the user and the group with ID 1001. If such a user exists on the system, they can change the content of these files (which are then executed by root). This leads to a local privilege escalation on the monitored host. Version 1.6 through 1.6.9p29, version 2.0 through 2.0.0p26, version 2.1 through 2.1.0p3, and version 2.2.0i1 are affected. | 2022-06-17 | not yet calculated | CVE-2022-33912 MISC |
cisc0 — identity_services_engine |
A vulnerability in the login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions. This vulnerability is due to exposed sensitive Security Assertion Markup Language (SAML) metadata. An attacker could exploit this vulnerability by using the exposed SAML metadata to bypass authentication to the user portal. A successful exploit could allow the attacker to access all roles without any restrictions. | 2022-06-15 | not yet calculated | CVE-2022-20733 CISCO |
cisco — appdynamics_controller_software |
A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access. This vulnerability is due to improper authorization checking for HTTP requests that are submitted to the affected web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected instance of AppDynamics Controller. A successful exploit could allow the attacker to access the login page for an administrative console. AppDynamics has released software updates that address this vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-20736 CISCO |
cisco — identity_servies_engine |
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because administrative privilege levels for sensitive data are not properly enforced. An attacker with read-only privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information about the system configuration. | 2022-06-15 | not yet calculated | CVE-2022-20819 CISCO |
cisco — small_business_routers |
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Cisco has not released software updates that address this vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-20825 CISCO |
cisco — unified_ip_phones |
A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user’s phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user’s phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-20817 CISCO |
cisco –secure_email_and_web_manager |
A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device. This vulnerability is due to improper authentication checks when an affected device uses Lightweight Directory Access Protocol (LDAP) for external authentication. An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device. A successful exploit could allow the attacker to gain unauthorized access to the web-based management interface of the affected device. | 2022-06-15 | not yet calculated | CVE-2022-20798 CISCO |
cisco –secure_email_and_web_manager |
A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol (LDAP) external authentication server connected to an affected device. This vulnerability is due to a lack of proper input sanitization while querying the external authentication server. An attacker could exploit this vulnerability by sending a crafted query through an external authentication web page. A successful exploit could allow the attacker to gain access to sensitive information, including user credentials from the external authentication server. To exploit this vulnerability, an attacker would need valid operator-level (or higher) credentials. | 2022-06-15 | not yet calculated | CVE-2022-20664 CISCO |
connx — connx | In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the secure flag set. | 2022-06-14 | not yet calculated | CVE-2021-40650 MISC MISC |
connx — connx |
In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the HttpOnly flag set. | 2022-06-14 | not yet calculated | CVE-2021-40649 MISC MISC |
couchbase — couchbase_server | Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. | 2022-06-13 | not yet calculated | CVE-2022-32192 MISC MISC |
couchbase — couchbase_server | Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. | 2022-06-13 | not yet calculated | CVE-2022-32193 MISC MISC |
couchbase — couchbase_server | An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network. | 2022-06-14 | not yet calculated | CVE-2022-32561 MISC MISC MISC |
couchbase — couchbase_server | An issue was discovered in Couchbase Server before 7.0.4. Sample bucket loading may leak internal user passwords during a failure. | 2022-06-13 | not yet calculated | CVE-2022-32558 MISC MISC MISC |
couchbase — couchbase_server | An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission. | 2022-06-13 | not yet calculated | CVE-2022-32562 MISC MISC MISC |
couchbase — couchbase_server | An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings. | 2022-06-13 | not yet calculated | CVE-2022-32560 MISC MISC MISC |
couchbase — couchbase_server | An issue was discovered in Couchbase Server before 7.0.4. The Index Service does not enforce authentication for TCP/TLS servers. | 2022-06-14 | not yet calculated | CVE-2022-32557 MISC MISC MISC |
couchbase — couchbase_server | An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics. | 2022-06-14 | not yet calculated | CVE-2022-32559 MISC MISC MISC |
couchbase — couchbase_server |
An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids. | 2022-06-13 | not yet calculated | CVE-2022-32565 MISC MISC MISC |
couchbase — couchbase_server |
An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie. | 2022-06-13 | not yet calculated | CVE-2022-32564 MISC MISC MISC |
covesa — covesa |
An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets. | 2022-06-16 | not yet calculated | CVE-2022-31291 MISC |
d-link — dir-850l |
An issue was discovered on D-Link DIR-850L 1.21WW devices. A partially completed WPA handshake is sufficient for obtaining full access to the wireless network. A client can access the network by sending packets on Data Frames to the AP without encryption. | 2022-06-16 | not yet calculated | CVE-2018-18907 MISC MISC |
deno — deno |
Deno <=1.14.0 file sandbox does not handle symbolic links correctly. When running Deno with specific write access, the Deno.symlink method can be used to gain access to any directory. | 2022-06-12 | not yet calculated | CVE-2021-41641 MISC MISC |
devolutions — remote_desktop_manager |
A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information. This issue affects: Devolutions Remote Desktop Manager 2022.1.24 version and prior versions. | 2022-06-15 | not yet calculated | CVE-2022-1342 MISC |
discordjs — opus |
All versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash. | 2022-06-17 | not yet calculated | CVE-2022-25345 CONFIRM CONFIRM |
discourse — calendar |
Discourse Calendar is a calendar plugin for Discourse, an open-source messaging app. Prior to version 1.0.1, parsing and rendering of Event names can be susceptible to cross-site scripting (XSS) attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Content Security Policy. This issue is patched in version 1.0.1 of the Discourse Calendar plugin. As a workaround, ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks. | 2022-06-14 | not yet calculated | CVE-2022-31059 CONFIRM MISC MISC |
discourse — discourse |
Discourse is an open-source discussion platform. Prior to version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches of Discourse. As a workaround, one may disable banners. | 2022-06-14 | not yet calculated | CVE-2022-31060 MISC CONFIRM MISC |
drive_composer — drive_composer |
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a “repair” operation on the product. | 2022-06-15 | not yet calculated | CVE-2022-31217 MISC |
drive_composer — drive_composer |
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a “repair” operation on the product. | 2022-06-15 | not yet calculated | CVE-2022-31216 MISC |
drive_composer — drive_composer |
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a “repair” operation on the product. | 2022-06-15 | not yet calculated | CVE-2022-31218 MISC |
drive_composer — drive_composer |
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a “repair” operation on the product. | 2022-06-15 | not yet calculated | CVE-2022-31219 MISC |
edgex_foundry — edgex_foundry |
EdgeX Foundry is an open source project for building a common open framework for Internet of Things edge computing. Prior to version 2.1.1, the /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to be kept in the EdgeX secret store and require authentication to access. This vulnerability bypasses the access controls on message bus credentials when running in security-enabled mode. (No credentials are required when running in security-disabled mode.) As a result, attackers could intercept data or inject fake data into the EdgeX message bus. Users should upgrade to EdgeXFoundry Kamakura release (2.2.0) or to the June 2022 EdgeXFoundry LTS Jakarta release (2.1.1) to receive a patch. More information about which go modules, docker containers, and snaps contain patches is available in the GitHub Security Advisory. There are currently no known workarounds for this issue. | 2022-06-14 | not yet calculated | CVE-2022-31066 MISC CONFIRM MISC |
electron — electron |
Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. This kind of attack would require significant privileges in a potential victim’s own auto updating infrastructure and the ease of that attack entirely depends on the potential victim’s infrastructure security. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. There are no known workarounds. | 2022-06-13 | not yet calculated | CVE-2022-29257 CONFIRM |
electron — electron |
Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`. | 2022-06-13 | not yet calculated | CVE-2022-29247 CONFIRM |
electrum — electrum |
paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request (e.g., within QR code data). On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename. | 2022-06-17 | not yet calculated | CVE-2022-31246 MISC MISC |
elementor — website_builder |
DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor’s Elementor Website Builder plugin <= 3.5.5 versions. | 2022-06-13 | not yet calculated | CVE-2022-29455 CONFIRM CONFIRM CONFIRM |
employee_leaves_management_system — employee_leaves_management_system | Employee Leaves Management System (ELMS) V 2.1 is vulnerable to Cross Site Request Forgery (CSRF) via /myprofile.php. | 2022-06-14 | not yet calculated | CVE-2022-30931 MISC MISC |
en100 — ethernet_module |
A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint. This could allow an attacker to crash the affected application leading to a denial of service condition. | 2022-06-14 | not yet calculated | CVE-2022-30937 MISC |
fast-string-search — fast-string-search |
All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker to read previously allocated memory. | 2022-06-17 | not yet calculated | CVE-2022-25872 CONFIRM CONFIRM |
fast-string-search — fast-string-search |
All versions of package fast-string-search are vulnerable to Denial of Service (DoS) when computations are incorrect for non-string inputs. One can cause the V8 to attempt reading from non-permitted locations and cause a segmentation fault due to the violation. | 2022-06-17 | not yet calculated | CVE-2022-22138 CONFIRM |
fedai — fate |
An issue was discovered in function sync_tree in hetero_decision_tree_guest.py in WeBank FATE (Federated AI Technology Enabler) 0.1 through 1.4.2 allows attackers to read sensitive information during the training process of machine learning joint modeling. | 2022-06-16 | not yet calculated | CVE-2020-25459 MISC |
festo — controller |
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint “cecc-x-refresh-request” POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. | 2022-06-13 | not yet calculated | CVE-2022-30311 CONFIRM |
festo — controller |
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint “cecc-x-acknerr-request” POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. | 2022-06-13 | not yet calculated | CVE-2022-30310 CONFIRM |
festo — controller |
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint “cecc-x-web-viewer-request-on” POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. | 2022-06-13 | not yet calculated | CVE-2022-30308 CONFIRM |
festo — controller |
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint “cecc-x-web-viewer-request-off” POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. | 2022-06-13 | not yet calculated | CVE-2022-30309 CONFIRM |
filecloud — filecloud | A vulnerability classified as critical has been found in FileCloud. Affected is the NTFS handler which leads to improper access controls. It is possible to launch the attack remotely but it demands some form of authentication. Upgrading to version 21.3.5.18513 is able to address this issue. It is recommended to upgrade the affected component. | 2022-06-15 | not yet calculated | CVE-2022-1958 MISC MISC MISC |
finastra — nestjs_proxy |
NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to block sensitive cookies (e.g. session cookies) from being forwarded to backend services configured by the application developer. This could have led to sensitive cookies being inadvertently exposed to such services that should not see them. The patched version now blocks cookies from being forwarded by default. However developers can configure an allow-list of cookie names by using the `allowedCookies` config setting. This issue has been fixed in version 0.7.0 of `@finastra/nestjs-proxy`. Users of `@ffdc/nestjs-proxy` are advised that this package has been deprecated and is no longer being maintained or receiving updates. Such users should update their package.json file to use `@finastra/nestjs-proxy` instead. | 2022-06-15 | not yet calculated | CVE-2022-31070 MISC CONFIRM |
finastra — nestjs_proxy |
NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to control when Authorization headers should should be forwarded for specific backend services configured by the application developer. This could have resulted in sensitive information such as OAuth bearer access tokens being inadvertently exposed to such services that should not see them. A new feature has been introduced in the patched version of nestjs-proxy that allows application developers to opt out of forwarding the Authorization headers on a per service basis using the `forwardToken` config setting. Developers are advised to review the README for this library on Github or NPM for further details on how this configuration can be applied. This issue has been fixed in version 0.7.0 of `@finastra/nestjs-proxy`. Users of `@ffdc/nestjs-proxy` are advised that this package has been deprecated and is no longer being maintained or receiving updates. Such users should update their package.json file to use `@finastra/nestjs-proxy` instead. | 2022-06-15 | not yet calculated | CVE-2022-31069 CONFIRM MISC |
flatcore — flatcore_cms | flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote malicious user execute arbitrary PHP code. | 2022-06-16 | not yet calculated | CVE-2021-41402 MISC |
flatcore — flatcore_cms | flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery vulnerabilities. | 2022-06-15 | not yet calculated | CVE-2021-41403 MISC |
francoisjacquet — rosariosis |
SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0. | 2022-06-13 | not yet calculated | CVE-2022-2067 MISC CONFIRM |
fuji_electric — v-server |
Out-of-bounds write vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | 2022-06-14 | not yet calculated | CVE-2022-29524 MISC MISC MISC |
fuji_electric — v-sft | Use after free vulnerability exists in the simulator module contained in the graphic editor ‘V-SFT’ versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | 2022-06-14 | not yet calculated | CVE-2022-29522 MISC MISC |
fuji_electric — v-sft | Out-of-bounds read vulnerability exist in the simulator module contained in the graphic editor ‘V-SFT’ v6.1.3.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | 2022-06-14 | not yet calculated | CVE-2022-29506 MISC MISC MISC |
fuji_electric — v-sft | Heap-based buffer overflow exists in the simulator module contained in the graphic editor ‘V-SFT’ versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | 2022-06-14 | not yet calculated | CVE-2022-26302 MISC MISC |
fuji_electric — v-sft |
Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphic editor ‘V-SFT’ versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | 2022-06-14 | not yet calculated | CVE-2022-29925 MISC MISC |
fujielectric — v-server | Out-of-bounds read vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | 2022-06-16 | not yet calculated | CVE-2022-30549 MISC MISC MISC |
fujielectric — v-sft |
Out-of-bounds write vulnerability exists in the simulator module contained in the graphic editor ‘V-SFT’ versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | 2022-06-16 | not yet calculated | CVE-2022-30538 MISC MISC |
fujielectric — v-sft |
Out-of-bounds read vulnerability exists in the simulator module contained in the graphic editor ‘V-SFT’ versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | 2022-06-16 | not yet calculated | CVE-2022-30546 MISC MISC |
ge — voluson_s8 |
A vulnerability classified as critical was found in GE Voluson S8. Affected is the underlying Windows XP operating system. Missing patches might introduce an excessive attack surface. Access to the local network is required for this attack to succeed. | 2022-06-17 | not yet calculated | CVE-2020-36549 N/A N/A |
ge — voluson_s8 |
A vulnerability classified as problematic has been found in GE Voluson S8. Affected is the file /uscgi-bin/users.cgi of the Service Browser. The manipulation leads to improper authentication and elevated access possibilities. It is possible to launch the attack on the local host. | 2022-06-17 | not yet calculated | CVE-2020-36548 N/A N/A |
ge — voluson_s8 |
A vulnerability was found in GE Voluson S8. It has been rated as critical. This issue affects the Service Browser which itroduces hard-coded credentials. Attacking locally is a requirement. It is recommended to change the configuration settings. | 2022-06-17 | not yet calculated | CVE-2020-36547 N/A N/A |
ghostscript — ghostscript |
A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash. | 2022-06-16 | not yet calculated | CVE-2022-2085 MISC MISC MISC |
giflib — gif2rgb |
A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file. | 2022-06-14 | not yet calculated | CVE-2021-40633 MISC |
git.videolan — ffmpeg | A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function decode_frame of the file libavcodec/ansi.c. The manipulation leads to integer coercion error. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. | 2022-06-18 | not yet calculated | CVE-2014-125011 MISC MISC |
git.videolan — ffmpeg | A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is the function intra_pred of the file libavcodec/hevcpred_template.c. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. | 2022-06-18 | not yet calculated | CVE-2014-125007 MISC MISC |
git.videolan — ffmpeg |
A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function add_yblock of the file libavcodec/snow.h. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. | 2022-06-18 | not yet calculated | CVE-2014-125009 MISC MISC |
git.videolan — ffmpeg |
A vulnerability classified as critical has been found in FFmpeg 2.0. Affected is the function read_var_block_data. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. | 2022-06-18 | not yet calculated | CVE-2014-125015 MISC MISC |
git.videolan — ffmpeg |
A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is an unknown functionality of the component HEVC Video Decoder. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. | 2022-06-18 | not yet calculated | CVE-2014-125014 MISC MISC |
git.videolan — ffmpeg |
A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function msrle_decode_frame of the file libavcodec/msrle.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. | 2022-06-18 | not yet calculated | CVE-2014-125013 MISC MISC |
git.videolan — ffmpeg |
A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is an unknown function of the file libavcodec/dxtroy.c. The manipulation leads to integer coercion error. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. | 2022-06-18 | not yet calculated | CVE-2014-125012 MISC MISC |
git.videolan — ffmpeg |
A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpza_decode_stream. The manipulation leads to memory corruption. The attack can be initiated remotely. The name of the patch is Fixes Invalid Writes. It is recommended to apply a patch to fix this issue. | 2022-06-18 | not yet calculated | CVE-2014-125017 MISC MISC |
git.videolan — ffmpeg |
A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function decode_slice_header of the file libavcodec/h64.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. | 2022-06-18 | not yet calculated | CVE-2014-125010 MISC MISC |
git.videolan — ffmpeg |
A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function get_siz of the file libavcodec/jpeg2000dec.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. | 2022-06-18 | not yet calculated | CVE-2014-125003 MISC MISC |
git.videolan — ffmpeg |
A vulnerability classified as problematic has been found in FFmpeg 2.0. Affected is the function vorbis_header of the file libavformat/oggparsevorbis.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. | 2022-06-18 | not yet calculated | CVE-2014-125008 MISC MISC |
git.videolan — ffmpeg |
A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function output_frame of the file libavcodec/h264.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. | 2022-06-18 | not yet calculated | CVE-2014-125006 MISC MISC |
git.videolan — ffmpeg |
A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been classified as critical. Affected is an unknown function of the component HTML Handler. The manipulation of the argument title leads to improper restriction of rendered ui layers (URL). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2022-06-13 | not yet calculated | CVE-2017-20041 MISC MISC |
git.videolan — ffmpeg |
A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_vol_header of the file libavcodec/mpeg4videodec.c. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. | 2022-06-18 | not yet calculated | CVE-2014-125005 MISC MISC |
git.videolan — ffmpeg |
A vulnerability has been found in FFmpeg 2.0 and classified as problematic. This vulnerability affects the function decode_hextile of the file libavcodec/vmnc.c. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. | 2022-06-18 | not yet calculated | CVE-2014-125004 MISC MISC |
git.videolan — ffmpeg |
A vulnerability was found in FFmpeg 2.0. It has been rated as problematic. This issue affects the function ff_init_buffer_info of the file utils.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. | 2022-06-18 | not yet calculated | CVE-2014-125016 MISC MISC |
git.videolan — ffmpeg |
A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. | 2022-06-18 | not yet calculated | CVE-2014-125002 MISC MISC |
google — android |
The UE and the EMM communicate with each other using NAS messages. When a new NAS message arrives from the EMM, the modem parses it and fills in internal objects based on the received data. A bug in the parsing code could be used by an attacker to remotely crash the modem, which could lead to DoS or RCE.Product: AndroidVersions: Android SoCAndroid ID: A-228868888 | 2022-06-15 | not yet calculated | CVE-2022-20210 MISC |
google — android |
In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-207502397 | 2022-06-15 | not yet calculated | CVE-2022-20209 MISC |
google — android |
In parseRecursively of cppbor_parse.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192743373 | 2022-06-15 | not yet calculated | CVE-2022-20208 MISC |
google — android |
In static definitions of GattServiceConfig.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-185513714 | 2022-06-15 | not yet calculated | CVE-2022-20207 MISC |
google — android |
In setPackageOrComponentEnabled of NotificationManagerService.java, there is a missing permission check. This could lead to local information disclosure about enabled notification listeners with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-220737634 | 2022-06-15 | not yet calculated | CVE-2022-20206 MISC |
google — android |
In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215212561 | 2022-06-15 | not yet calculated | CVE-2022-20205 MISC |
google — android |
In getUniqueUsagesWithLabels of PermissionUsageHelper.java, there is a possible incorrect permission attribution due to a logic error in the code. This could lead to local escalation of privilege by conflating apps with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-212434116 | 2022-06-15 | not yet calculated | CVE-2022-20193 MISC |
google — android |
In getAppSize of InstalldNativeService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-220733817 | 2022-06-15 | not yet calculated | CVE-2022-20201 MISC |
google — android |
In registerRemoteBugreportReceivers of DevicePolicyManagerService.java, there is a possible reporting of falsified bug reports due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-171495100 | 2022-06-15 | not yet calculated | CVE-2022-20204 MISC |
google — android |
In ih264_resi_trans_quant_4x4_sse42 of ih264_resi_trans_quant_sse42.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204704614 | 2022-06-15 | not yet calculated | CVE-2022-20202 MISC |
google — android |
In onCreate of ChooseLockGeneric.java, there is a possible permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-222684510 | 2022-06-15 | not yet calculated | CVE-2022-20194 MISC |
google — android |
In updateApState of SoftApManager.java, there is a possible leak of hotspot state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-212695058 | 2022-06-15 | not yet calculated | CVE-2022-20200 MISC |
google — android |
In llcp_dlc_proc_connect_pdu of llcp_dlc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure from the NFC stack with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-221851879 | 2022-06-15 | not yet calculated | CVE-2022-20198 MISC |
google — android |
In recycle of Parcel.java, there is a possible way to start foreground activity from background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-208279300 | 2022-06-15 | not yet calculated | CVE-2022-20197 MISC |
google — android |
In gallery3d and photos, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201535148 | 2022-06-15 | not yet calculated | CVE-2022-20196 MISC |
google — android |
In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-213172664 | 2022-06-15 | not yet calculated | CVE-2022-20195 MISC |
google — android |
In param_find_digests_internal and related functions of the Titan-M source, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222472803References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20233 MISC |
google — android |
Product: AndroidVersions: Android kernelAndroid ID: A-207116951References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20173 MISC |
google — android |
In grantEmbeddedWindowFocus of WindowManagerService.java, there is a possible way to change an input channel for embedded hierarchy due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215912712 | 2022-06-15 | not yet calculated | CVE-2022-20192 MISC |
google — android |
Product: AndroidVersions: Android kernelAndroid ID: A-209324757References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20191 MISC |
google — android |
Product: AndroidVersions: Android kernelAndroid ID: A-210594998References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20168 MISC |
google — android |
Product: AndroidVersions: Android kernelAndroid ID: A-208744915References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20190 MISC |
google — android |
Product: AndroidVersions: Android kernelAndroid ID: A-207254598References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20188 MISC |
google — android |
In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-215001024References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20186 MISC |
google — android |
In TBD of TBD, there is a possible use after free bug. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208842348References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20185 MISC |
google — android |
Product: AndroidVersions: Android kernelAndroid ID: A-209153114References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20184 MISC |
google — android |
In hypx_create_blob_dmabuf of faceauth_hypx.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188911154References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20183 MISC |
google — android |
Product: AndroidVersions: Android kernelAndroid ID: A-210936609References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20181 MISC |
google — android |
In onbind of ShannonRcsService.java, there is a possible access to protect data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206987222References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20172 MISC |
google — android |
In ioctl_dpm_qos_update and ioctl_event_control_set of (TBD), there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-224932775References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20178 MISC |
google — android |
Product: AndroidVersions: Android kernelAndroid ID: A-211162353References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20169 MISC |
google — android |
In auth_store of sjtag-driver.c, there is a possible read of uninitialized memory due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-197787879References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20176 MISC |
google — android |
Product: AndroidVersions: Android kernelAndroid ID: A-209252491References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20175 MISC |
google — android |
In exynos_secEnv_init of mach-gs101.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210847407References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20174 MISC |
google — android |
Product: AndroidVersions: Android kernelAndroid ID: A-215565667References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20171 MISC |
google — android |
Product: AndroidVersions: Android kernelAndroid ID: A-211683760References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20179 MISC |
google — android |
In multiple locations of the nanopb library, there is a possible way to corrupt memory when decoding untrusted protobuf files. This could lead to local escalation of privilege,with no additional execution privileges needed. User interaction is not needed for exploitation. | 2022-06-15 | not yet calculated | CVE-2022-20203 MISC |
google — android |
In handle_ramdump of pixel_loader.c, there is a possible way to create a ramdump of non-secure memory due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222348453References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20182 MISC |
google — android |
Product: AndroidVersions: Android kernelAndroid ID: A-209906686References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20177 MISC |
google — android |
In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-217934478 | 2022-06-15 | not yet calculated | CVE-2022-20129 MISC |
google — android |
In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-203431023 | 2022-06-15 | not yet calculated | CVE-2022-20126 MISC |
google — android |
In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221862119 | 2022-06-15 | not yet calculated | CVE-2022-20127 MISC |
google — android |
In multiple functions of AvatarPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-187702830 | 2022-06-15 | not yet calculated | CVE-2022-20144 MISC |
google — android |
In deletePackageX of DeletePackageHelper.java, there is a possible way for a Guest user to reset pre-loaded applications for other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-170646036 | 2022-06-15 | not yet calculated | CVE-2022-20124 MISC |
google — android |
In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221856662 | 2022-06-15 | not yet calculated | CVE-2022-20131 MISC |
google — android |
In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel | 2022-06-15 | not yet calculated | CVE-2022-20132 MISC |
google — android |
In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-206807679 | 2022-06-15 | not yet calculated | CVE-2022-20133 MISC |
google — android |
In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220303465 | 2022-06-15 | not yet calculated | CVE-2022-20135 MISC |
google — android |
In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220735360 | 2022-06-15 | not yet calculated | CVE-2022-20143 MISC |
google — android |
In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216631962 | 2022-06-15 | not yet calculated | CVE-2022-20142 MISC |
google — android |
In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel | 2022-06-15 | not yet calculated | CVE-2022-20141 MISC |
google — android |
In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-218341397 | 2022-06-15 | not yet calculated | CVE-2022-20134 MISC |
google — android |
In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-210469972 | 2022-06-15 | not yet calculated | CVE-2022-20138 MISC |
google — android |
In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-227618988 | 2022-06-15 | not yet calculated | CVE-2022-20140 MISC |
google — android |
In onCreateContextMenu of NetworkProviderSettings.java, there is a possible way for non-owner users to change WiFi settings due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-206986392 | 2022-06-15 | not yet calculated | CVE-2022-20137 MISC |
google — android |
In TBD of TBD, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219513976References: Upstream kernel | 2022-06-15 | not yet calculated | CVE-2022-20148 MISC |
google — android |
In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape. This could lead to local escalation of privilege if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-194402515 | 2022-06-15 | not yet calculated | CVE-2022-20125 MISC |
google — android |
In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224314979 | 2022-06-15 | not yet calculated | CVE-2022-20130 MISC |
google — android |
In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222091980References: Upstream kernel | 2022-06-15 | not yet calculated | CVE-2022-20153 MISC |
google — android |
In uploadFile of FileUploadServiceImpl.java, there is a possible incorrect file access due to a confused deputy. This could lead to local information disclosure of private files with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-211757677References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20146 MISC |
google — android |
In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221216105 | 2022-06-15 | not yet calculated | CVE-2022-20147 MISC |
google — android |
Product: AndroidVersions: Android kernelAndroid ID: A-209421931References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20170 MISC |
google — android |
In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious Wi-Fi AP is used, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-201660636 | 2022-06-15 | not yet calculated | CVE-2022-20145 MISC |
google — android |
Product: AndroidVersions: Android kernelAndroid ID: A-210712565References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20151 MISC |
google — android |
In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202006198References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20152 MISC |
google — android |
In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221852424 | 2022-06-15 | not yet calculated | CVE-2022-20123 MISC |
google — android |
In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel | 2022-06-15 | not yet calculated | CVE-2022-20154 MISC |
google — android |
Product: AndroidVersions: Android kernelAndroid ID: A-211685939References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20149 MISC |
google — android |
In ipu_core_jqs_msg_transport_kernel_write_sync of ipu-core-jqs-msg-transport.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176754369References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20155 MISC |
google — android |
In asn1_ec_pkey_parse of acropora/crypto/asn1_common.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210971465References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20159 MISC |
google — android |
Product: AndroidVersions: Android kernelAndroid ID: A-210083655References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20160 MISC |
google — android |
In asn1_p256_int of crypto/asn1.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223492713References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20162 MISC |
google — android |
Product: AndroidVersions: Android kernelAndroid ID: A-204891956References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20164 MISC |
google — android |
In asn1_parse of asn1.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-220868345References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20165 MISC |
google — android |
In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182388481References: Upstream kernel | 2022-06-15 | not yet calculated | CVE-2022-20166 MISC |
google — android |
Product: AndroidVersions: Android kernelAndroid ID: A-204956204References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20167 MISC |
google — android |
In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212803946References: N/A | 2022-06-15 | not yet calculated | CVE-2022-20156 MISC |
google — kctf |
kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark them as `public: false` and use `kctf chal debug port-forward` to connect. | 2022-06-13 | not yet calculated | CVE-2022-31055 MISC CONFIRM MISC |
got — got |
The got package before 12.1.0 for Node.js allows a redirect to a UNIX socket. | 2022-06-18 | not yet calculated | CVE-2022-33987 MISC MISC |
gpac — mp4box |
In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability. | 2022-06-16 | not yet calculated | CVE-2021-41458 MISC |
grafana — grafana | ** DISPUTED ** Grafana 8.4.3 allows unauthenticated access via (for example) a /dashboard/snapshot/*?orgId=0 URI. NOTE: the vendor considers this a UI bug, not a vulnerability. | 2022-06-17 | not yet calculated | CVE-2022-32276 MISC MISC |
haraj — haraj | A cross-site scripting vulnerability in the ads comment section of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | 2022-06-16 | not yet calculated | CVE-2022-31298 MISC MISC MISC |
haraj — haraj | A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | 2022-06-16 | not yet calculated | CVE-2022-31300 MISC MISC MISC |
haraj — haraj | Haraj v3.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Post Ads component. | 2022-06-16 | not yet calculated | CVE-2022-31301 MISC MISC MISC |
haraj — haraj |
Haraj v3.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the User Upgrade Form. | 2022-06-16 | not yet calculated | CVE-2022-31299 MISC MISC MISC |
harmonyos — bone_voice_id_ta |
The bone voice ID TA has a memory overwrite vulnerability. Successful exploitation of this vulnerability may result in malicious code execution. | 2022-06-13 | not yet calculated | CVE-2021-40036 MISC |
harmonyos — huawei | The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality. | 2022-06-13 | not yet calculated | CVE-2022-31757 MISC MISC |
harmonyos — huawei | The kernel module has the race condition vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | 2022-06-13 | not yet calculated | CVE-2022-31758 MISC MISC |
harmonyos — huawei |
The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability. | 2022-06-13 | not yet calculated | CVE-2022-31753 MISC MISC |
harmonyos — huawei |
Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality. | 2022-06-13 | not yet calculated | CVE-2022-31760 MISC MISC |
harmonyos — permission_management |
HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information. | 2022-06-13 | not yet calculated | CVE-2021-46811 MISC MISC |
hevc — video_extensions |
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22018, CVE-2022-29111, CVE-2022-29119. | 2022-06-15 | not yet calculated | CVE-2022-30188 MISC |
hpjansson — chafa |
Heap-based Buffer Overflow in GitHub repository hpjansson/chafa prior to 1.12.0. | 2022-06-13 | not yet calculated | CVE-2022-2061 MISC CONFIRM |
huawei — emui |
Vulnerability of residual files not being deleted after an update in the ChinaDRM module. Successful exploitation of this vulnerability may affect availability. | 2022-06-13 | not yet calculated | CVE-2021-46813 MISC |
ibm — financial_transaction_manager_for_digital_payments_for_multi-platform |
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 166801. | 2022-06-15 | not yet calculated | CVE-2019-4575 XF CONFIRM |
ibm — iax |
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM X-Force ID: 224444. | 2022-06-15 | not yet calculated | CVE-2022-22444 CONFIRM XF |
ibm — spectrum_project_operations_center | In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator’s invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325. | 2022-06-17 | not yet calculated | CVE-2022-22485 XF CONFIRM |
ibm — x-force_exchange |
The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c. | 2022-06-18 | not yet calculated | CVE-2021-46822 MISC MISC |
ibm — robotic_process_automation | IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow a user to obtain sensitive information due to information properly masked in the control center UI. IBM X-Force ID: 227294. | 2022-06-17 | not yet calculated | CVE-2022-30607 CONFIRM XF |
imagemagick — imagemagick | A vulnerability was found in ImageMagick, causing an outside the range of representable values of type ‘unsigned char’ at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. | 2022-06-16 | not yet calculated | CVE-2022-32545 MISC MISC MISC |
imagemagick — imagemagick | A vulnerability was found in ImageMagick, causing an outside the range of representable values of type ‘unsigned long’ at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. | 2022-06-16 | not yet calculated | CVE-2022-32546 MISC MISC MISC |
imagemagick — imagemagick |
In ImageMagick, there is load of misaligned address for type ‘double’, which requires 8 byte alignment and for type ‘float’, which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior. | 2022-06-16 | not yet calculated | CVE-2022-32547 MISC MISC MISC |
innosetup — installer |
A vulnerability was found in InnoSetup Installer. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to uncontrolled search path. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2022-06-16 | not yet calculated | CVE-2017-20051 MISC MISC |
intel — processors |
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 2022-06-15 | not yet calculated | CVE-2022-21125 MISC MLIST CONFIRM FEDORA FEDORA |
intel — processors |
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 2022-06-15 | not yet calculated | CVE-2022-21123 MISC MLIST FEDORA FEDORA |
intel — processors |
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 2022-06-15 | not yet calculated | CVE-2022-21166 MISC MLIST FEDORA FEDORA |
intel — processors |
Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access. | 2022-06-15 | not yet calculated | CVE-2022-21180 MISC MLIST |
intel — processors |
Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access. | 2022-06-15 | not yet calculated | CVE-2022-24436 MISC |
intel — processors |
Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 2022-06-15 | not yet calculated | CVE-2022-21127 MISC MLIST |
inventree — inventree |
Cross-site Scripting (XSS) – Stored in GitHub repository inventree/inventree prior to 0.7.2. | 2022-06-17 | not yet calculated | CVE-2022-2113 MISC CONFIRM |
inventree — inventree |
Unrestricted Upload of File with Dangerous Type in GitHub repository inventree/inventree prior to 0.7.2. | 2022-06-17 | not yet calculated | CVE-2022-2111 MISC CONFIRM |
inventree — inventree |
Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2. | 2022-06-17 | not yet calculated | CVE-2022-2112 MISC CONFIRM |
invision_community — ips_community_suite |
A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically. In some cases an exploitation is possible by an unauthenticated user. | 2022-06-13 | not yet calculated | CVE-2021-40604 MISC |
iobit — iotransfer | In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim’s endpoint, which can result in data theft and remote code execution. | 2022-06-16 | not yet calculated | CVE-2022-24562 MISC MISC MISC |
itop — itops |
ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/pages/ajax.render.php. | 2022-06-14 | not yet calculated | CVE-2022-31403 MISC MISC MISC |
itsourcecode — advanced_school_management_system | itsourcecode Advanced School Management System v1.0 is vulnerable to Arbitrary code execution via ip/school/view/all_teacher.php. | 2022-06-15 | not yet calculated | CVE-2022-32433 MISC |
itsourcecode — advanced_school_management_system | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_events.php?event_id=. | 2022-06-15 | not yet calculated | CVE-2022-32376 MISC |
itsourcecode — advanced_school_management_system | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_student_subject.php?index=. | 2022-06-15 | not yet calculated | CVE-2022-32380 MISC |
itsourcecode — advanced_school_management_system | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_parents_profile.php?my_index=. | 2022-06-15 | not yet calculated | CVE-2022-32379 MISC |
itsourcecode — advanced_school_management_system | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher_profile.php?my_index=. | 2022-06-15 | not yet calculated | CVE-2022-32378 MISC |
itsourcecode — advanced_school_management_system | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_exam_timetable.php?id=. | 2022-06-15 | not yet calculated | CVE-2022-32377 MISC |
itsourcecode — advanced_school_management_system | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_subject.php?id=. | 2022-06-15 | not yet calculated | CVE-2022-32372 MISC |
itsourcecode — advanced_school_management_system | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_admin_profile.php?my_index=. | 2022-06-15 | not yet calculated | CVE-2022-32381 MISC |
itsourcecode — advanced_school_management_system | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_timetable.php?id=. | 2022-06-15 | not yet calculated | CVE-2022-32375 MISC |
itsourcecode — advanced_school_management_system | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_subject_routing.php?id=. | 2022-06-15 | not yet calculated | CVE-2022-32374 MISC |
itsourcecode — advanced_school_management_system | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_exam.php?id=. | 2022-06-15 | not yet calculated | CVE-2022-32373 MISC |
itsourcecode — advanced_school_management_system | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher.php?id=. | 2022-06-15 | not yet calculated | CVE-2022-32371 MISC |
itsourcecode — advanced_school_management_system | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_classroom.php?id=. | 2022-06-15 | not yet calculated | CVE-2022-32370 MISC |
itsourcecode — advanced_school_management_system | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_grade.php?id=. | 2022-06-15 | not yet calculated | CVE-2022-32368 MISC |
javadelight — delight_nashorn_sandox |
An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can be exploited to launching a denial of service (DoS) attack. | 2022-06-14 | not yet calculated | CVE-2021-40660 MISC |
jforum — jforum |
JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via http://target_host:port/jforum-2.8.0/jforum.page, which allows attackers to arbitrarily add admin accounts. | 2022-06-16 | not yet calculated | CVE-2022-26173 MISC MISC MISC MISC MISC |
joplin — desktop_app | Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html. | 2022-06-16 | not yet calculated | CVE-2021-33295 MISC MISC MISC |
jupyter — notebook |
Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents of hidden directories, not accessing individual hidden files or files in hidden directories (i.e. hidden files were ‘hidden’ but not ‘inaccessible’). This could lead to notebook configurations allowing authenticated access to files that may reasonably be expected to be disallowed. Because fully authenticated requests are required, this is of relatively low impact. But if a server’s root directory contains sensitive files whose only protection from the server is being hidden (e.g. `~/.ssh` while serving $HOME), then any authenticated requests could access files if their names are guessable. Such contexts also necessarily have full access to the server and therefore execution permissions, which also generally grants access to all the same files. So this does not generally result in any privilege escalation or increase in information access, only an additional, unintended means by which the files could be accessed. Version 6.4.12 contains a patch for this issue. There are currently no known workarounds. | 2022-06-14 | not yet calculated | CVE-2022-29238 CONFIRM |
jupyter — server |
Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of `root_dir` that contains the starting user’s home directory, then the underlying REST API can be used to leak the access token assigned at start time by guessing/brute forcing the PID of the jupyter server. While this requires an authenticated user session, this URL can be used from a cross-site scripting payload or from a hooked or otherwise compromised browser to leak this access token to a malicious third party. This token can be used along with the REST API to interact with Jupyter services/notebooks such as modifying or overwriting critical files, such as .bashrc or .ssh/authorized_keys, allowing a malicious user to read potentially sensitive data and possibly gain control of the impacted system. This issue is patched in version 1.17.1. | 2022-06-14 | not yet calculated | CVE-2022-29241 CONFIRM |
jvn — ec-cube4 |
Cross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and earlier allows a remote unauthenticated attacker to hijack the authentication of the administrator and delete a blog article or a category via a specially crafted page. | 2022-06-13 | not yet calculated | CVE-2022-27174 MISC MISC |
jvn — revoworks |
Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using ‘File Sanitization Library’ 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using ‘File Sanitization Option’), and RevoWorks Desktop 2.1.84 and prior versions (when using ‘File Sanitization Option’), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment. | 2022-06-14 | not yet calculated | CVE-2022-27176 MISC MISC |
jvn — t&d_data_server |
Directory traversal vulnerability in T&D Data Server (Japanese Edition) Ver.2.22 and earlier, T&D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors. | 2022-06-14 | not yet calculated | CVE-2022-29509 MISC MISC MISC |
kiegroup — drools |
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability. | 2022-06-16 | not yet calculated | CVE-2021-41411 MISC |
kreado — kreasfero |
Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution. | 2022-06-14 | not yet calculated | CVE-2021-42675 MISC MISC MISC |
kromitgmbh — titra |
Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1. | 2022-06-16 | not yet calculated | CVE-2022-2098 MISC CONFIRM |
linux — linux_kernel |
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function. | 2022-06-18 | not yet calculated | CVE-2022-33981 MISC MISC MISC MISC |
linux — linux_kernel |
An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. | 2022-06-10 | not yet calculated | CVE-2022-32981 MISC MLIST |
magicpin — magicpin | An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file. | 2022-06-14 | not yet calculated | CVE-2022-31447 MISC MISC |
maianaffiliate — maianaffiliate | A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker to gain RCE through the MaianAffiliate admin panel. | 2022-06-16 | not yet calculated | CVE-2021-41421 MISC MISC |
maianaffiliate — maianaffiliate |
A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker for arbitrary JavaScript code execution in the context of authenticated and unauthenticated users through the MaianAffiliate admin panel. | 2022-06-16 | not yet calculated | CVE-2021-41420 MISC MISC |
mendix — saml_module | A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). In certain configurations SAML module is vulnerable to Cross Site Scripting (XSS) attacks due to insufficient error message sanitation. This could allow an attacker to execute malicious code by tricking users into accessing a malicious link. | 2022-06-14 | not yet calculated | CVE-2022-32286 MISC |
mendix — saml_module |
A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). The affected module is vulnerable to XML External Entity (XXE) attacks due to insufficient input sanitation. This may allow an attacker to disclose confidential data under certain circumstances. | 2022-06-14 | not yet calculated | CVE-2022-32285 MISC |
mercury — mipc451-4 |
MERCURY MIPC451-4 1.0.22 Build 220105 Rel.55642n was discovered to contain a remote code execution (RCE) vulnerability which is exploitable via a crafted POST request. | 2022-06-16 | not yet calculated | CVE-2022-31849 MISC |
metasys — ads_adx_oas |
Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the MUI Graphics web interface. | 2022-06-15 | not yet calculated | CVE-2022-21938 CONFIRM CERT |
metasys — ads_adx_oas |
A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change. | 2022-06-15 | not yet calculated | CVE-2022-21935 CONFIRM CERT |
metasys — ads_adx_oas |
Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the web interface. | 2022-06-15 | not yet calculated | CVE-2022-21937 CONFIRM CERT |
microsoft — av1_vide_extension | AV1 Video Extension Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30193. | 2022-06-15 | not yet calculated | CVE-2022-30167 MISC |
microsoft — azure | Azure Service Fabric Container Elevation of Privilege Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-30137 MISC |
microsoft — azure | Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30177, CVE-2022-30179. | 2022-06-15 | not yet calculated | CVE-2022-30178 MISC |
microsoft — azure | Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30177, CVE-2022-30178. | 2022-06-15 | not yet calculated | CVE-2022-30179 MISC |
microsoft — azure | Azure RTOS GUIX Studio Information Disclosure Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-30180 MISC |
microsoft — azure |
Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30178, CVE-2022-30179. | 2022-06-15 | not yet calculated | CVE-2022-30177 MISC |
microsoft — azure |
Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-29149 MISC |
microsoft — excel |
Microsoft Excel Remote Code Execution Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-30173 MISC |
microsoft — hevc_video_extensions |
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22018, CVE-2022-29111, CVE-2022-30188. | 2022-06-15 | not yet calculated | CVE-2022-29119 MISC |
microsoft — hevc_video_extensions |
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-29111, CVE-2022-29119, CVE-2022-30188. | 2022-06-15 | not yet calculated | CVE-2022-22018 MISC |
microsoft — hevc_video_extensions |
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22018, CVE-2022-29119, CVE-2022-30188. | 2022-06-15 | not yet calculated | CVE-2022-29111 MISC |
microsoft — kerberos |
Kerberos AppContainer Security Feature Bypass Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-30164 MISC |
microsoft — office | Microsoft Office Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30159, CVE-2022-30171. | 2022-06-15 | not yet calculated | CVE-2022-30172 MISC |
microsoft — office |
Microsoft Office Remote Code Execution Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-30174 MISC |
microsoft — office |
Microsoft Office Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30159, CVE-2022-30172. | 2022-06-15 | not yet calculated | CVE-2022-30171 MISC |
microsoft — photos |
Microsoft Photos App Remote Code Execution Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-30168 MISC |
microsoft — sql_server |
Microsoft SQL Server Remote Code Execution Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-29143 MISC |
microsoft — windows | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-30131 MISC |
microsoft — windows | Windows Media Center Elevation of Privilege Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-30135 MISC |
microsoft — windows | Windows Container Manager Service Elevation of Privilege Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-30132 MISC |
microsoft — windows |
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-30166 MISC |
microsoft– edge |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-22021 MISC |
microsoft — file_server | Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-30154 MISC |
microsoft — office |
Microsoft Office Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30171, CVE-2022-30172. | 2022-06-15 | not yet calculated | CVE-2022-30159 MISC |
microsoft — office365 |
A vulnerability was found in Microsoft O365 and classified as critical. This issue affects the Conditional Access Policy which leads to improper access controls. By default the policy is not verified for every request. The attack may be initiated remotely. Exploit details have been disclosed to the public. It is recommended to change the configuration settings. NOTE: Vendor claims that pre-requisites are very high, the feature works as intended, and that configuration settings might mitigate the issue. | 2022-06-14 | not yet calculated | CVE-2022-2077 N/A N/A N/A N/A |
microsoft — office365 |
** DISPUTED ** A vulnerability has been found in Microsoft O365 and classified as critical. The session cookies introduce a session expiration issue as they might be used by two clients at the same time. The attack can be initiated remotely. Exploit details have been disclosed to the public. The real-world consequences of this vulnerability are still doubted at the moment. It is recommended to change the configuration settings. NOTE: Vendor claims that pre-requisites are very high, the feature works as intended, and that configuration settings might mitigate the issue. | 2022-06-14 | not yet calculated | CVE-2022-2076 N/A N/A N/A N/A |
microsoft — sharepoint |
Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30157. | 2022-06-15 | not yet calculated | CVE-2022-30158 MISC |
microsoft — sharepoint |
Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30158. | 2022-06-15 | not yet calculated | CVE-2022-30157 MISC |
microsoft — windows | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30139, CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30161. | 2022-06-15 | not yet calculated | CVE-2022-30153 MISC |
microsoft — windows | Windows Kernel Denial of Service Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-30155 MISC |
microsoft — windows | Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-30160 MISC |
microsoft — windows |
Windows File History Remote Code Execution Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-30142 MISC |
microsoft — windows |
Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-30150 MISC |
microsoft — windows |
Windows Desired State Configuration (DSC) Information Disclosure Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-30148 MISC |
microsoft — windows |
Windows Installer Elevation of Privilege Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-30147 MISC |
microsoft — windows |
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30139, CVE-2022-30141, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161. | 2022-06-15 | not yet calculated | CVE-2022-30143 MISC |
microsoft — windows |
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30139, CVE-2022-30141, CVE-2022-30143, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161. | 2022-06-15 | not yet calculated | CVE-2022-30146 MISC |
microsoft — windows |
Windows Encrypting File System (EFS) Remote Code Execution Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-30145 MISC |
microsoft — windows |
Windows Network Address Translation (NAT) Denial of Service Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-30152 MISC |
microsoft — windows |
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30139, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161. | 2022-06-15 | not yet calculated | CVE-2022-30141 MISC |
microsoft — windows |
Windows Hyper-V Remote Code Execution Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-30163 MISC |
microsoft — windows |
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-30151 MISC |
microsoft — windows |
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161. | 2022-06-15 | not yet calculated | CVE-2022-30139 MISC |
microsoft — windows |
Windows Kerberos Elevation of Privilege Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-30165 MISC |
microsoft — windows |
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30139, CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30153, CVE-2022-30161. | 2022-06-15 | not yet calculated | CVE-2022-30149 MISC |
microsoft — windows |
Windows Kernel Information Disclosure Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-30162 MISC |
microsoft — windows |
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30139, CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153. | 2022-06-15 | not yet calculated | CVE-2022-30161 MISC |
microsoft — windows |
Windows iSCSI Discovery Service Remote Code Execution Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-30140 MISC |
microsoft — windows |
Windows Network File System Remote Code Execution Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-30136 MISC |
microsoft — windows_smbv3 |
Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot. | 2022-06-14 | not yet calculated | CVE-2022-32230 CONFIRM MISC MISC MISC |
mini_cms — mini_cns |
A cross-site scripting (XSS) vulnerability exists in Mini CMS V1.11. The vulnerability exists in the article upload: post-edit.php page. | 2022-06-13 | not yet calculated | CVE-2021-41663 MISC MISC MISC |
mint — workbench |
Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Mint WorkBench installer file allows a low-privileged user to run a “repair” operation on the product | 2022-06-15 | not yet calculated | CVE-2022-26057 MISC |
mitel — mivoice_business |
A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker (that has network access to the management interface) to conduct a buffer overflow attack due to insufficient validation of URL parameters. A successful exploit could allow arbitrary code execution. | 2022-06-17 | not yet calculated | CVE-2022-31784 MISC MISC |
mitsubishi_electric — melsec-Q |
Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC-Q Series Q03UDECPU all versions, Mitsubishi Electric MELSEC-Q Series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU the first 5 digits of serial number “24051” and prior, Mitsubishi Electric MELSEC-Q Series Q04/06/13/26UDPVCPU the first 5 digits of serial number “24051” and prior, Mitsubishi Electric MELSEC-L series L02/06/26CPU(-P) the first 5 digits of serial number “24051” and prior and Mitsubishi Electric MELSEC-L series L26CPU-(P)BT the first 5 digits of serial number “24051” and prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition in Ethernet communications by sending specially crafted packets. A system reset of the products is required for recovery. | 2022-06-15 | not yet calculated | CVE-2022-24946 MISC MISC |
modern_events_calendar — lite | Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors. | 2022-06-16 | not yet calculated | CVE-2022-30533 MISC MISC |
monstra — monstra_cms | Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability. | 2022-06-15 | not yet calculated | CVE-2021-40940 MISC |
mout — mout |
This affects all versions of package mout. The deepFillIn function can be used to ‘fill missing properties recursively’, while the deepMixIn mixes objects into the target object, recursively mixing existing child objects as well. In both cases, the key used to access the target object recursively is not checked, leading to exploiting this vulnerability. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-7792](https://security.snyk.io/vuln/SNYK-JS-MOUT-1014544). | 2022-06-17 | not yet calculated | CVE-2022-21213 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
naver — cloud_explorer | Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection. | 2022-06-13 | not yet calculated | CVE-2022-24077 CONFIRM |
neorazorx — facturascripts |
Cross-site Scripting (XSS) – Stored in GitHub repository neorazorx/facturascripts prior to 2022.06. | 2022-06-13 | not yet calculated | CVE-2022-2065 MISC CONFIRM |
neorazorx — facturascripts |
Cross-site Scripting (XSS) – Reflected in GitHub repository neorazorx/facturascripts prior to 2022.06. | 2022-06-13 | not yet calculated | CVE-2022-2066 MISC CONFIRM |
netgear — wnap320_router | netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies. | 2022-06-17 | not yet calculated | CVE-2022-31876 MISC MISC |
nocodb — ncodb | Cross-site Scripting (XSS) – Stored in GitHub repository nocodb/nocodb prior to 0.91.7+. | 2022-06-14 | not yet calculated | CVE-2022-2079 MISC CONFIRM |
nocodb — nocodb |
Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+. | 2022-06-13 | not yet calculated | CVE-2022-2064 MISC CONFIRM |
nocodb — nocodb |
Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+. | 2022-06-13 | not yet calculated | CVE-2022-2063 MISC CONFIRM |
nokia — bharti_airtel_routers |
Nokia “G-2425G-A” Bharti Airtel Routers Hardware version “3FE48299DEAA” Software Version “3FE49362IJHK42” is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management. | 2022-06-14 | not yet calculated | CVE-2022-30903 MISC MISC |
nokia — vitalsuite_spm |
NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName’. | 2022-06-16 | not yet calculated | CVE-2021-41487 MISC MISC |
npm — pack |
npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `–workspaces`, `–workspace=<name>`). Anyone who has run `npm pack` or `npm publish` inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published files into the npm registry they did not intend to include. Users should upgrade to the latest, patched version of npm v8.11.0, run: npm i -g npm@latest . Node.js versions v16.15.1, v17.19.1, and v18.3.0 include the patched v8.11.0 version of npm. | 2022-06-13 | not yet calculated | CVE-2022-29244 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
npm — pg-native |
All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. **Note:** pg-native is a mere binding to npm’s libpq library, which in turn has the addons and bindings to the actual C libpq library. This means that problems found in pg-native may transitively impact npm’s libpq. | 2022-06-17 | not yet calculated | CVE-2022-25852 CONFIRM CONFIRM |
npm — querymen |
All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of [CVE-2020-7600](https://security.snyk.io/vuln/SNYK-JS-QUERYMEN-559867). | 2022-06-17 | not yet calculated | CVE-2022-25871 CONFIRM |
nuitka — nuitka |
Command Injection in GitHub repository nuitka/nuitka prior to 0.9. | 2022-06-12 | not yet calculated | CVE-2022-2054 CONFIRM MISC |
octokit — octokit |
Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r–r–` (i.e. 0644). This means everyone who is not the owner (Group and Public) with access to the instance where this release had been installed could modify the world-writable files from this gem. This issue is patched in Octokit 4.25.0. Two workarounds are available. Users can use the previous version of the gem, v4.22.0. Alternatively, users can modify the file permissions manually until they are able to upgrade to the latest version. | 2022-06-15 | not yet calculated | CVE-2022-31072 MISC CONFIRM |
octokit — octopoller |
Octopoller is a micro gem for polling and retrying. Version 0.2.0 of the octopoller gem was published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r–r–` (i.e. 0644). This means everyone who is not the owner (Group and Public) with access to the instance where this release had been installed could modify the world-writable files from this gem. This issue is patched in Octopoller 0.3.0. Two workarounds are available. Users can use the previous version of the gem, v0.1.0. Alternatively, users can modify the file permissions manually until they are able to upgrade to the latest version. | 2022-06-15 | not yet calculated | CVE-2022-31071 CONFIRM MISC |
ompl — opml |
Memory leaks in LazyPRM.cpp of OMPL v1.5.0 can cause unexpected behavior. | 2022-06-17 | not yet calculated | CVE-2021-41490 MISC |
online_tours_and_travels_management_system — online_tours_and_travels_management_system | Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the tname parameter at /admin/operations/tax.php. | 2022-06-15 | not yet calculated | CVE-2022-32992 MISC |
opc_foundation — opc_ua_net_standard_stack |
OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to exhaust the memory resources of a server via a crafted request that triggers Uncontrolled Resource Consumption. | 2022-06-16 | not yet calculated | CVE-2022-29866 MISC MISC |
opc_foundation — opc_ua_net_standard_stack |
OPC UA .NET Standard Stack allows a remote attacker to bypass the application authentication check via crafted fake credentials. | 2022-06-16 | not yet calculated | CVE-2022-29865 MISC MISC |
opc_foundation — opc_ua_net_standard_stack |
OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause a server to crash via a large number of messages that trigger Uncontrolled Resource Consumption. | 2022-06-16 | not yet calculated | CVE-2022-29864 MISC MISC |
opc_foundation — opc_ua_net_standard_stack |
OPC UA .NET Standard Stack 1.04.368 allows remote attacker to cause a crash via a crafted message that triggers excessive memory allocation. | 2022-06-16 | not yet calculated | CVE-2022-29863 MISC MISC |
opc_foundation — opc_ua_net_standard_stack |
An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message. | 2022-06-16 | not yet calculated | CVE-2022-29862 MISC MISC |
open_forms — open_forms |
Open Forms is an application for creating and publishing smart forms. Prior to versions 1.0.9 and 1.1.1, the cookie consent page in Open Forms contains an open redirect by injecting a `referer` querystring parameter and failing to validate the value. A malicious actor is able to redirect users to a website under their control, opening them up for phishing attacks. The redirect is initiated by the open forms backend which is a legimate page, making it less obvious to end users they are being redirected to a malicious website. Versions 1.0.9 and 1.1.1 contain patches for this issue. There are no known workarounds avaialble. | 2022-06-13 | not yet calculated | CVE-2022-31040 MISC CONFIRM |
open_forms — open_forms |
Open Forms is an application for creating and publishing smart forms. Open Forms supports file uploads as one of the form field types. These fields can be configured to allow only certain file extensions to be uploaded by end users (e.g. only PDF / Excel / …). The input validation of uploaded files is insufficient in versions prior to 1.0.9 and 1.1.1. Users could alter or strip file extensions to bypass this validation. This results in files being uploaded to the server that are of a different file type than indicated by the file name extension. These files may be downloaded (manually or automatically) by staff and/or other applications for further processing. Malicious files can therefore find their way into internal/trusted networks. Versions 1.0.9 and 1.1.1 contain patches for this issue. As a workaround, an API gateway or intrusion detection solution in front of open-forms may be able to scan for and block malicious content before it reaches the Open Forms application. | 2022-06-13 | not yet calculated | CVE-2022-31041 CONFIRM MISC |
oracle — cloud_infrastructure |
Vulnerability in the Oracle Cloud Infrastructure product of Oracle Cloud Services. Easily exploitable vulnerability allows high privileged attacker with network access to compromise Oracle Cloud Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to Oracle Cloud Infrastructure accessible data. All affected customers were notified of CVE-2022-21503 by Oracle. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N) | 2022-06-17 | not yet calculated | CVE-2022-21503 MISC |
oracle — linux_uek |
The code in UEK6 U3 was missing an appropiate file descriptor count to be missing. This resulted in a use count error that allowed a file descriptor to a socket to be closed and freed while it was still in use by another portion of the kernel. An attack with local access can operate on the socket, and cause a denial of service. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | 2022-06-14 | not yet calculated | CVE-2022-21504 MISC |
otrs — otrs | Attacker is able to determine if the provided username exists (and it’s valid) using Request New Password feature, based on the response time. | 2022-06-13 | not yet calculated | CVE-2022-32741 CONFIRM |
otrs — otrs | When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number. | 2022-06-13 | not yet calculated | CVE-2022-32739 CONFIRM |
otrs — otrs | A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances. | 2022-06-13 | not yet calculated | CVE-2022-32740 CONFIRM |
palantir — multipass |
The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0. This issue affects: Palantir Foundry Multipass versions prior to 3.647.0. | 2022-06-14 | not yet calculated | CVE-2022-27889 MISC |
parse_community — parse_server |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and 5.2.2, the certificate in the Parse Server Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake certificate accessible via certain Apple domains and providing the URL to that certificate in an authData object. Versions 4.0.11 and 5.2.2 prevent this by introducing a new `rootCertificateUrl` property to the Parse Server Apple Game Center auth adapter which takes the URL to the root certificate of Apple’s Game Center authentication certificate. If no value is set, the `rootCertificateUrl` property defaults to the URL of the current root certificate as of May 27, 2022. Keep in mind that the root certificate can change at any time and that it is the developer’s responsibility to keep the root certificate URL up-to-date when using the Parse Server Apple Game Center auth adapter. There are no known workarounds for this issue. | 2022-06-17 | not yet calculated | CVE-2022-31083 MISC CONFIRM MISC MISC |
peel — shopping_cms |
PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. A user that belongs to the administrator group can inject a malicious SQL query in order to affect the execution logic of the application and retrive information from the database. | 2022-06-15 | not yet calculated | CVE-2021-41672 MISC MISC |
phpcms — phpcms | There is a reflective cross-site scripting (XSS) vulnerability in the PHPCMS V9.6.3 management side. | 2022-06-15 | not yet calculated | CVE-2021-40910 MISC |
php — fedora |
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service. | 2022-06-16 | not yet calculated | CVE-2022-31625 MISC FEDORA FEDORA |
php — fedora |
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. | 2022-06-16 | not yet calculated | CVE-2022-31626 MISC FEDORA FEDORA |
piwigo — piwigo | In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batch_manager&mode=unit. | 2022-06-14 | not yet calculated | CVE-2021-40678 MISC |
potplayer — potplayer |
An exploitable out-of-bounds write vulnerability in PotPlayer 1.7.21523 build 210729 may lead to code execution, information disclosure, and denial of service. | 2022-06-15 | not yet calculated | CVE-2021-40212 MISC MISC |
powerjob — powerjob |
An issue was discovered in PowerJob through 3.2.2, allows attackers to change arbitrary user passwords via the id parameter to /appinfo/save. | 2022-06-16 | not yet calculated | CVE-2020-28865 MISC |
powertek_corporation — powertek_firmware |
Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. This bypasses an active session authorization check. This can be then used to fetch the values of protected sys.passwd and sys.su.name fields that contain the username and password in cleartext. | 2022-06-13 | not yet calculated | CVE-2022-33174 MISC |
powertek_corporation — powertek_firmware |
Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/get_param.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrators. The session id can then be reused to act as the administrator, allowing reading of the cleartext password, or reconfiguring the device. | 2022-06-13 | not yet calculated | CVE-2022-33175 MISC |
proietti — tech_srl_planet_time_enterprise | Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0.0,3.3.1.0,3.3.0.0 is vulnerable to Remote code execution via the Viewstate parameter. | 2022-06-17 | not yet calculated | CVE-2022-30422 MISC MISC |
python — pgadmin4 |
A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2022-06-16 | not yet calculated | CVE-2017-20052 MISC MISC |
python-idap — python_idap |
python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. | 2022-06-18 | not yet calculated | CVE-2021-46823 MISC MISC |
qualcomm — snapdragon | Improper memory allocation during counter check DLM handling can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-06-14 | not yet calculated | CVE-2021-35096 CONFIRM |
qualcomm — snapdragon | Memory corruption in graphics support layer due to use after free condition in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2022-06-14 | not yet calculated | CVE-2021-35130 CONFIRM |
qualcomm — snapdragon | Possible buffer overflow due to lack of validation for the length of NAI string read from EFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile | 2022-06-14 | not yet calculated | CVE-2021-35102 CONFIRM |
qualcomm — snapdragon | Improper validation of session id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-06-14 | not yet calculated | CVE-2021-35098 CONFIRM |
qualcomm — snapdragon | Memory corruption in BT controller due to improper length check while processing vendor specific commands in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 2022-06-14 | not yet calculated | CVE-2021-35129 CONFIRM |
qualcomm — snapdragon | Improper handling of writes to virtual GICR control can lead to assertion failure in the hypervisor in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile | 2022-06-14 | not yet calculated | CVE-2021-35101 CONFIRM |
qualcomm — snapdragon | Possible null pointer access due to improper validation of system information message to be processed in Snapdragon Industrial IOT, Snapdragon Mobile | 2022-06-14 | not yet calculated | CVE-2021-35087 CONFIRM |
qualcomm — snapdragon | Possible out of bounds read due to improper typecasting while handling page fault for global memory in Snapdragon Connectivity, Snapdragon Mobile | 2022-06-14 | not yet calculated | CVE-2021-35091 CONFIRM |
qualcomm — snapdragon | Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-06-14 | not yet calculated | CVE-2021-35090 CONFIRM |
qualcomm — snapdragon | Improper validation of tag id while RRC sending tag id to MAC can lead to TOCTOU race condition in Snapdragon Connectivity, Snapdragon Mobile | 2022-06-14 | not yet calculated | CVE-2021-35111 CONFIRM |
qualcomm — snapdragon | Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register with same label in Snapdragon Connectivity, Snapdragon Mobile | 2022-06-14 | not yet calculated | CVE-2021-35095 CONFIRM |
qualcomm — snapdragon | Memory corruption in DSP service due to improper validation of input parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-06-14 | not yet calculated | CVE-2021-35126 CONFIRM |
qualcomm — snapdragon | Buffer copy in GATT multi notification due to improper length check for the data coming over-the-air in Snapdragon Connectivity, Snapdragon Industrial IOT | 2022-06-14 | not yet calculated | CVE-2021-35123 CONFIRM |
qualcomm — snapdragon | Possible use after free due to lack of null check of DRM file status after file structure is freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | 2022-06-14 | not yet calculated | CVE-2021-30334 CONFIRM |
qualcomm — snapdragon | Improper verification of timeout-based authentication in identity credential can lead to invalid authorization in HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-06-14 | not yet calculated | CVE-2021-35094 CONFIRM |
qualcomm — snapdragon | Lack of MBN header size verification against input buffer can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables | 2022-06-14 | not yet calculated | CVE-2021-30350 CONFIRM |
qualcomm — snapdragon | Possible memory leak due to improper validation of certificate chain length while parsing server certificate chain in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2022-06-14 | not yet calculated | CVE-2021-35078 CONFIRM |
qualcomm — snapdragon | RPM secure Stream can access any secure resource due to improper SMMU configuration and can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile | 2022-06-14 | not yet calculated | CVE-2021-35070 CONFIRM |
qualcomm — snapdragon | Possible buffer over read due to improper validation of SIB type when processing a NR system Information message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-06-14 | not yet calculated | CVE-2021-35086 CONFIRM |
qualcomm — snapdragon | Reachable assertion due to improper validation of coreset in PDCCH configuration in SA mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-06-14 | not yet calculated | CVE-2021-30340 CONFIRM |
qualcomm — snapdragon | RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-06-14 | not yet calculated | CVE-2021-30346 CONFIRM |
qualcomm — snapdragon | Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC security mode command packet has been received in Snapdragon Industrial IOT | 2022-06-14 | not yet calculated | CVE-2021-35082 CONFIRM |
qualcomm — snapdragon | Improper validation of permissions for third party application accessing Telephony service API can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-06-14 | not yet calculated | CVE-2021-35079 CONFIRM |
qualcomm — snapdragon | APK can load a crafted model into the CDSP which can lead to a compromise of CDSP and other APK`s data executing there in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2022-06-14 | not yet calculated | CVE-2021-35116 CONFIRM |
qualcomm — snapdragon | Possible null pointer dereference due to improper validation of RRC connection reconfiguration message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-06-14 | not yet calculated | CVE-2021-35076 CONFIRM |
qualcomm — snapdragon | Possible assertion due to improper validation of rank restriction field in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-06-14 | not yet calculated | CVE-2021-35073 CONFIRM |
qualcomm — snapdragon | Possible buffer overflow due to improper validation of array index while processing external DIAG command in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-06-14 | not yet calculated | CVE-2021-35072 CONFIRM |
qualcomm — snapdragon | Disabled SMMU from secure side while RPM is assigned a secure stream can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2022-06-14 | not yet calculated | CVE-2021-35080 CONFIRM |
qualcomm — snapdragon | Possible buffer overflow due to lack of buffer length check during management frame Rx handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-06-14 | not yet calculated | CVE-2021-35085 CONFIRM |
qualcomm — snapdragon | Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-06-14 | not yet calculated | CVE-2021-30349 CONFIRM |
qualcomm — snapdragon | Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-06-14 | not yet calculated | CVE-2021-30347 CONFIRM |
qualcomm — snapdragon | Possible buffer over read due to lack of size validation while copying data from DBR buffer to RX buffer and can lead to Denial of Service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-06-14 | not yet calculated | CVE-2021-35071 CONFIRM |
qualcomm — snapdragon |
Possible buffer over read due to improper calculation of string length while parsing Id3 tag in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-06-14 | not yet calculated | CVE-2021-35100 CONFIRM |
qualcomm — snapdragon |
Processing DCB/AVB algorithm with an invalid queue index from IOCTL request could lead to arbitrary address modification in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 2022-06-14 | not yet calculated | CVE-2021-35092 CONFIRM |
qualcomm — snapdragon |
Possible buffer overflow due to improper validation of SSID length received from beacon or probe response during an IBSS session in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 2022-06-14 | not yet calculated | CVE-2021-35081 CONFIRM |
qualcomm — snapdragon |
RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-06-14 | not yet calculated | CVE-2021-30345 CONFIRM |
qualcomm — snapdragon |
Improper buffer size validation of DSM packet received can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables | 2022-06-14 | not yet calculated | CVE-2021-30341 CONFIRM |
qualcomm — snapdragon |
Memory corruption in bluetooth host due to integer overflow while processing BT HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 2022-06-14 | not yet calculated | CVE-2022-25651 CONFIRM |
qualcomm — snapdragon |
Reading PRNG output may lead to improper key generation due to lack of buffer validation in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-06-14 | not yet calculated | CVE-2021-30339 CONFIRM |
qualcomm — snapdragon |
Buffer overflow in sahara protocol while processing commands leads to overwrite of secure configuration data in Snapdragon Mobile, Snapdragon Compute, Snapdragon Auto, Snapdragon IOT, Snapdragon Connectivity, Snapdragon Voice & Music | 2022-06-14 | not yet calculated | CVE-2021-30327 CONFIRM |
qualcomm — snapdragon |
Possible out of bound read due to improper validation of certificate chain in SSL or Internet key exchange in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-06-14 | not yet calculated | CVE-2021-35083 CONFIRM |
qualcomm — snapdragon |
Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | 2022-06-14 | not yet calculated | CVE-2021-30342 CONFIRM |
qualcomm — snapdragon |
Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-06-14 | not yet calculated | CVE-2021-30343 CONFIRM |
qualcomm — snapdragon |
A user with user level permission can access graphics protected region due to improper access control in register configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-06-14 | not yet calculated | CVE-2021-35112 CONFIRM |
qualcomm — snapdragon |
Improper handling between export and release functions on the same handle from client can lead to use after free in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-06-14 | not yet calculated | CVE-2021-35120 CONFIRM |
qualcomm — snapdragon |
Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-06-14 | not yet calculated | CVE-2021-30344 CONFIRM |
qualcomm — snapdragon |
An out-of-bounds write can occur due to an incorrect input check in the camera driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-06-14 | not yet calculated | CVE-2021-35118 CONFIRM |
qualcomm — snapdragon |
An array index is improperly used to lock and unlock a mutex which can lead to a Use After Free condition In the Synx driver in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-06-14 | not yet calculated | CVE-2021-35121 CONFIRM |
qualcomm — snapdragon |
Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-06-14 | not yet calculated | CVE-2021-35104 CONFIRM |
qualcomm — snapdragon |
Potential out of Bounds read in FIPS event processing due to improper validation of the length from the firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-06-14 | not yet calculated | CVE-2021-35119 CONFIRM |
qualcomm — snapdragon |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-06-14 | not yet calculated | CVE-2021-30281 CONFIRM |
qualcomm — snapdragon |
Possible out of bound read due to lack of length check of data length for a DIAG event in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 2022-06-14 | not yet calculated | CVE-2021-35084 CONFIRM |
qualcomm — snapdragon_auto | Improper buffer initialization on the backend driver can lead to buffer overflow in Snapdragon Auto | 2022-06-14 | not yet calculated | CVE-2021-35114 CONFIRM |
qualcomm — snapdrgaon | Out of bound read in WLAN HOST due to improper length check can lead to DOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-06-14 | not yet calculated | CVE-2022-22065 CONFIRM |
qualcomm — snapdrgaon |
kernel event may contain unexpected content which is not generated by NPU software in asynchronous execution mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-06-14 | not yet calculated | CVE-2022-22068 CONFIRM |
qualcomm — snapdrgaon |
Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 2022-06-14 | not yet calculated | CVE-2022-22071 CONFIRM |
qualcomm — snapdrgaon |
Memory corruption due to possible buffer overflow while parsing DSF header with corrupted channel count in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-06-14 | not yet calculated | CVE-2022-22082 CONFIRM |
qualcomm — snapdrgaon |
Memory corruption when extracting qcp audio file due to lack of check on data length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-06-14 | not yet calculated | CVE-2022-22084 CONFIRM |
qualcomm — snapdrgaon |
memory corruption in video due to buffer overflow while parsing mkv clip with no codechecker in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-06-14 | not yet calculated | CVE-2022-22087 CONFIRM |
qualcomm — snapdrgaon |
Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 2022-06-14 | not yet calculated | CVE-2022-22072 CONFIRM |
qualcomm — snapdrgaon |
Possible buffer over read due to lack of size validation while unpacking frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-06-14 | not yet calculated | CVE-2022-22064 CONFIRM |
qualcomm — snapdrgaon |
Denial of service due to memory corruption while extracting ape header from clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-06-14 | not yet calculated | CVE-2022-22083 CONFIRM |
qualcomm — snapdrgaon |
Memory corruption in audio due to use after free while managing buffers from internal cache in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile | 2022-06-14 | not yet calculated | CVE-2022-22090 CONFIRM |
qualcomm — snapdrgaon |
Memory corruption in video due to double free while parsing 3gp clip with invalid meta data atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-06-14 | not yet calculated | CVE-2022-22086 CONFIRM |
qualcomm — snapdrgaon |
Use after free in graphics fence due to a race condition while closing fence file descriptor and destroy graphics timeline simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2022-06-14 | not yet calculated | CVE-2022-22057 CONFIRM |
qualcomm — snapdrgaon |
Memory corruption in video due to buffer overflow while reading the dts file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-06-14 | not yet calculated | CVE-2022-22085 CONFIRM |
qualcomm — snapdrgaon |
Memory corruption in multimedia driver due to double free while processing data from user in Snapdragon Auto | 2022-06-14 | not yet calculated | CVE-2022-22103 CONFIRM |
qualcomm — trustzone_memory_interface |
Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Compute | 2022-06-14 | not yet calculated | CVE-2021-30338 CONFIRM |
rakuten — casa |
Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default. | 2022-06-13 | not yet calculated | CVE-2022-26834 MISC MISC |
rakuten — casa |
Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings. | 2022-06-13 | not yet calculated | CVE-2022-28704 MISC MISC |
rakuten — casa |
Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation. | 2022-06-13 | not yet calculated | CVE-2022-29525 MISC MISC |
redcap — redacap |
A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11. This issue allows any authenticated user to inject arbitrary code into the messenger title (aka new_title) field when editing an existing conversation. The payload executes in the browser of any conversation participant with the sidebar shown. | 2022-06-15 | not yet calculated | CVE-2022-24004 MISC MISC |
redcap — redacap |
A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. This issue allows any user with project management permissions to inject arbitrary code into the project title (app_title) field when editing an existing project. The payload is then reflected within the title tag of the page. | 2022-06-15 | not yet calculated | CVE-2022-24127 MISC MISC |
robohelp — server |
RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization vulnerability which could lead to privilege escalation. An authenticated attacker could leverage this vulnerability to achieve full administrator privileges. Exploitation of this issue does not require user interaction. | 2022-06-16 | not yet calculated | CVE-2022-30670 MISC |
rundeck — rundeck |
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. The Key Storage converter plugin mechanism was not enabled correctly in Rundeck 4.2.0 and 4.2.1, resulting in use of the encryption layer for Key Storage possibly not working. Any credentials created or overwritten using Rundeck 4.2.0 or 4.2.1 might result in them being written in plaintext to the backend storage. This affects those using any `Storage Converter` plugin. Rundeck 4.3.1 and 4.2.2 have fixed the code and upon upgrade will re-encrypt any plain text values. Version 4.3.0 does not have the vulnerability, but does not include the patch to re-encrypt plain text values if 4.2.0 or 4.2.1 were used. To prevent plaintext credentials from being stored in Rundeck 4.2.0/4.2.1, write access to key storage can be disabled via ACLs. After upgrading to 4.3.1 or later, write access can be restored. | 2022-06-15 | not yet calculated | CVE-2022-31044 CONFIRM |
sap — 3d_visual_enterprise_viewer | When a user opens manipulated AutoCAD (.dwg, TeighaTranslator.exe) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 2022-06-14 | not yet calculated | CVE-2022-32235 MISC MISC |
sap — 3d_visual_enterprise_viewer | When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 2022-06-14 | not yet calculated | CVE-2022-32239 MISC MISC |
sap — 3d_visual_enterprise_viewer | When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 2022-06-14 | not yet calculated | CVE-2022-32242 MISC MISC |
sap — 3d_visual_enterprise_viewer | When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 2022-06-14 | not yet calculated | CVE-2022-32241 MISC MISC |
sap — 3d_visual_enterprise_viewer | When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 2022-06-14 | not yet calculated | CVE-2022-32240 MISC MISC |
sap — 3d_visual_enterprise_viewer | When a user opens manipulated Windows Bitmap (.bmp, 2d.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 2022-06-14 | not yet calculated | CVE-2022-32236 MISC MISC |
sap — 3d_visual_enterprise_viewer | When a user opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 2022-06-14 | not yet calculated | CVE-2022-32237 MISC MISC |
sap — 3d_visual_enterprise_viewer |
When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 2022-06-14 | not yet calculated | CVE-2022-32238 MISC MISC |
sap — financial_consolidation |
SAP Financial Consolidation – version 1010,?does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 2022-06-14 | not yet calculated | CVE-2022-31595 MISC MISC |
sap — netweaver |
Depending on the configuration of the route permission table in file ‘saprouttab’, it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform – versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability. | 2022-06-14 | not yet calculated | CVE-2022-27668 MISC MISC |
sap — netweaver |
Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) – versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | 2022-06-14 | not yet calculated | CVE-2022-29618 MISC MISC |
sap — netweaver |
Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system’s Availability by causing system to crash. | 2022-06-13 | not yet calculated | CVE-2022-28217 MISC MISC |
sap — netweaver |
SAP NetWeaver, ABAP Platform and SAP Host Agent – versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application. | 2022-06-14 | not yet calculated | CVE-2022-29612 MISC MISC |
sap — netweaver |
SAP startservice – of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database – versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, – on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability. | 2022-06-14 | not yet calculated | CVE-2022-29614 MISC MISC |
sap — netweaver |
SAP NetWeaver Developer Studio (NWDS) – version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application’s confidentiality and integrity could have a low impact due to the vulnerabilities associated with version 1.x. | 2022-06-14 | not yet calculated | CVE-2022-29615 MISC MISC |
sap — one_support_launchpad |
A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system. | 2022-06-14 | not yet calculated | CVE-2022-31594 MISC MISC |
sap — one_support_launchpad |
Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted. | 2022-06-14 | not yet calculated | CVE-2022-31589 MISC MISC |
sap — powerdesigner_proxy | SAP PowerDesigner Proxy – version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system. | 2022-06-14 | not yet calculated | CVE-2022-31590 MISC MISC |
scalanace — multiple_versions |
A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.) (All versions < V6.5), SCALANCE XM416-4C (All versions < V6.5), SCALANCE XM416-4C (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 1x230V (All versions < V6.5), SCALANCE XR524-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 24V (All versions < V6.5), SCALANCE XR524-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 2x230V (All versions < V6.5), SCALANCE XR524-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 1x230V (All versions < V6.5), SCALANCE XR526-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 24V (All versions < V6.5), SCALANCE XR526-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 2x230V (All versions < V6.5), SCALANCE XR526-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR528-6M (All versions < V6.5), SCALANCE XR528-6M (2HR2) (All versions < V6.5), SCALANCE XR528-6M (2HR2, L3 int.) (All versions < V6.5), SCALANCE XR528-6M (L3 int.) (All versions < V6.5), SCALANCE XR552-12M (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2, L3 int.) (All versions < V6.5). The OSPF protocol implementation in affected devices fails to verify the checksum and length fields in the OSPF LS Update messages. An unauthenticated remote attacker could exploit this vulnerability to cause interruptions in the network by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device. | 2022-06-14 | not yet calculated | CVE-2021-37182 MISC |
shirasagi — shirasagi |
Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors. | 2022-06-14 | not yet calculated | CVE-2022-29485 MISC MISC MISC MISC |
sicam — gridedge_essential_arm |
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not apply cross-origin resource sharing (CORS) restrictions for critical operations. In case an attacker tricks a legitimate user into accessing a special resource a malicious request could be executed. | 2022-06-14 | not yet calculated | CVE-2022-30228 MISC |
sicam — gridedge_essential_arm |
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change data of an user, such as credentials, in case that user’s id is known. | 2022-06-14 | not yet calculated | CVE-2022-30229 MISC |
sicam — gridedge_essential_arm |
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to create a new user with administrative permissions. | 2022-06-14 | not yet calculated | CVE-2022-30230 MISC |
sicam — gridedge_essential_arm |
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software discloses password hashes of other users upon request. This could allow an authenticated user to retrieve another users password hash. | 2022-06-14 | not yet calculated | CVE-2022-30231 MISC |
siemens — sinema_remote_connect_server |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS) attacks. | 2022-06-14 | not yet calculated | CVE-2022-29034 MISC FULLDISC |
siemens — spectrum_power_4 |
A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). An unauthenticated attacker could log into the component Shared HIS used in Spectrum Power systems by using an account with default credentials. A successful exploitation could allow the attacker to access the component Shared HIS with administrative privileges. | 2022-06-14 | not yet calculated | CVE-2022-26476 MISC |
siemens — teamcenter |
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions). Java EE Server Manager HTML Adaptor in Teamcenter consists of default hardcoded credentials. Access to the application allows a user to perform a series of actions that could potentially lead to remote code execution with elevated permissions. | 2022-06-14 | not yet calculated | CVE-2022-31619 MISC |
siemens — teamcenter_active_workspace |
A vulnerability has been identified in Teamcenter Active Workspace V5.2 (All versions < V5.2.9), Teamcenter Active Workspace V6.0 (All versions < V6.0.3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious code by tricking users into accessing a malicious link. | 2022-06-14 | not yet calculated | CVE-2022-32145 MISC |
siemens — sinema_remote_connect_server |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors. | 2022-06-14 | not yet calculated | CVE-2022-27219 MISC |
siemens — sinema_remote_connect_server |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a “BREACH” attack. | 2022-06-14 | not yet calculated | CVE-2022-27221 MISC |
siemens — sinema_remote_connect_server |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors. | 2022-06-14 | not yet calculated | CVE-2022-27220 MISC |
sinema — remote_connect_server | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure. | 2022-06-14 | not yet calculated | CVE-2022-32258 MISC |
sinema — remote_connect_server | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and gain the privileges of an administrative user. | 2022-06-14 | not yet calculated | CVE-2022-32251 MISC |
sinema — remote_connect_server | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios. | 2022-06-14 | not yet calculated | CVE-2022-32260 MISC |
sinema — remote_connect_server | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration. | 2022-06-14 | not yet calculated | CVE-2022-32259 MISC |
sinema — remote_connect_server | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application. | 2022-06-14 | not yet calculated | CVE-2022-32261 MISC |
sinema — remote_connect_server | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information. | 2022-06-14 | not yet calculated | CVE-2022-32255 MISC |
sinema — remote_connect_server | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker. | 2022-06-14 | not yet calculated | CVE-2022-32254 MISC |
sinema — remote_connect_server | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Due to improper input validation, the OpenSSL certificate’s password could be printed to a file reachable by an attacker. | 2022-06-14 | not yet calculated | CVE-2022-32253 MISC |
sinema — remote_connect_server | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an attacker. | 2022-06-14 | not yet calculated | CVE-2022-32252 MISC |
sinema — remote_connect_server | When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 2022-06-14 | not yet calculated | CVE-2022-32243 MISC MISC |
sinema — remote_connect_server | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information. | 2022-06-14 | not yet calculated | CVE-2022-32256 MISC |
sinema — remote_connect_server |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution. | 2022-06-14 | not yet calculated | CVE-2022-32262 MISC |
sourcecodester — online_discussion_forum_site | Online Discussion Forum Site v1.0 is vulnerable to SQL Injection via /odfs/classes/Master.php?f=delete_team. | 2022-06-16 | not yet calculated | CVE-2022-31911 MISC |
sourcecodester — online_discussion_forum_site | Online Discussion Forum Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /odfs/classes/Master.php?f=save_category, name. | 2022-06-16 | not yet calculated | CVE-2022-31913 MISC |
sourcecodester — zoo_management_system | Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via zms/admin/public_html/save_animal?an_id=24. | 2022-06-16 | not yet calculated | CVE-2022-31914 MISC |
sourcecodester — bank_management_system |
A vulnerability, which was classified as critical, has been found in SourceCodester Bank Management System 1.0. Affected by this issue is login.php. The manipulation of the argument password with the input 1’and 1=2 union select 1,sleep(10),3,4,5 –+ leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2022-06-15 | not yet calculated | CVE-2022-2086 N/A N/A |
sourcecodester — bank_management_system |
A vulnerability, which was classified as problematic, was found in SourceCodester Bank Management System 1.0. This affects the file /mnotice.php?id=2. The manipulation of the argument notice with the input <script>alert(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2022-06-15 | not yet calculated | CVE-2022-2087 N/A N/A |
sourcecodester — church_management_system |
Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell. | 2022-06-13 | not yet calculated | CVE-2021-41661 MISC |
sourcecodester — fast_food_ordering_system | Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=delete_menu. | 2022-06-14 | not yet calculated | CVE-2022-32330 MISC |
sourcecodester — fast_food_ordering_system | Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/categories/view_category.php?id=. | 2022-06-14 | not yet calculated | CVE-2022-32331 MISC |
sourcecodester — fast_food_ordering_system | Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=delete_category. | 2022-06-14 | not yet calculated | CVE-2022-32332 MISC |
sourcecodester — fast_food_ordering_system | Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/view_menu.php?id=. | 2022-06-14 | not yet calculated | CVE-2022-32336 MISC |
sourcecodester — fast_food_ordering_system | Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/categories/manage_category.php?id=. | 2022-06-14 | not yet calculated | CVE-2022-32334 MISC |
sourcecodester — fast_food_ordering_system | Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/sales/receipt.php?id=. | 2022-06-14 | not yet calculated | CVE-2022-32333 MISC |
sourcecodester — fast_food_ordering_system | Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/manage_menu.php?id=. | 2022-06-14 | not yet calculated | CVE-2022-32335 MISC |
sourcecodester — fast_food_ordering_system | Fast Food Ordering System v1.0 is vulnerable to Delete any file. via /ffos/classes/Master.php?f=delete_img. | 2022-06-14 | not yet calculated | CVE-2022-32328 MISC |
sourcecodester — hospitals_patient_records_management_system | Hospital’s Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient. | 2022-06-14 | not yet calculated | CVE-2022-32344 MISC |
sourcecodester — hospitals_patient_records_management_system | Hospital’s Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_room_type. | 2022-06-14 | not yet calculated | CVE-2022-32350 MISC |
sourcecodester — hospitals_patient_records_management_system | Hospital’s Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/doctors/view_doctor.php?id=. | 2022-06-14 | not yet calculated | CVE-2022-32339 MISC |
sourcecodester — hospitals_patient_records_management_system | Hospital’s Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/doctors/manage_doctor.php?id=. | 2022-06-14 | not yet calculated | CVE-2022-32338 MISC |
sourcecodester — hospitals_patient_records_management_system | Hospital’s Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/patients/manage_patient.php?id=. | 2022-06-14 | not yet calculated | CVE-2022-32337 MISC |
sourcecodester — hospitals_patient_records_management_system | Hospital’s Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/room_types/view_room_type.php?id=. | 2022-06-14 | not yet calculated | CVE-2022-32342 MISC |
sourcecodester — hospitals_patient_records_management_system | Hospital’s Patient Records Management System v1.0 is vulnerable to SQL Injection via hprms/admin/room_types/manage_room_type.php?id=. | 2022-06-14 | not yet calculated | CVE-2022-32343 MISC |
sourcecodester — hospitals_patient_records_management_system | Hospital’s Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient_history. | 2022-06-14 | not yet calculated | CVE-2022-32349 MISC |
sourcecodester — hospitals_patient_records_management_system | Hospital’s Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/rooms/manage_room.php?id=. | 2022-06-14 | not yet calculated | CVE-2022-32345 MISC |
sourcecodester — hospitals_patient_records_management_system | Hospital’s Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_room. | 2022-06-14 | not yet calculated | CVE-2022-32347 MISC |
sourcecodester — hospitals_patient_records_management_system | Hospital’s Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_doctor. | 2022-06-14 | not yet calculated | CVE-2022-32348 MISC |
sourcecodester — hospitals_patient_records_management_system | Hospital’s Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/?page=user/manage_user&id=. | 2022-06-14 | not yet calculated | CVE-2022-32341 MISC |
sourcecodester — hospitals_patient_records_management_system | Hospital’s Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient_admission. | 2022-06-14 | not yet calculated | CVE-2022-32352 MISC |
sourcecodester — hospitals_patient_records_management_system | Hospital’s Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_message. | 2022-06-14 | not yet calculated | CVE-2022-32351 MISC |
sourcecodester — hospitals_patient_records_management_system | Hospital’s Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/rooms/view_room.php?id=. | 2022-06-14 | not yet calculated | CVE-2022-32346 MISC |
sourcecodester — hospitals_patient_records_management_system | Hospital’s Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/?page=patients/view_patient&id=. | 2022-06-14 | not yet calculated | CVE-2022-32340 MISC |
sourcecodester — online_fire_reporting_system | Online Fire Reporting System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ofrs/classes/Master.php. | 2022-06-16 | not yet calculated | CVE-2022-31906 MISC |
sourcecodester — online_fire_reporting_system | Online Fire Reporting System v1.0 was discovered to contain a SQL injection vulnerability via the GET parameter in /report/list.php. | 2022-06-14 | not yet calculated | CVE-2022-31415 MISC |
sourcecodester — online_tutor_portal_site | Online Tutor Portal Site v1.0 is vulnerable to SQL Injection via /otps/classes/Master.php?f=delete_team. | 2022-06-16 | not yet calculated | CVE-2022-31912 MISC |
sourcecodester — online_tutor_portal_site | Online Tutor Portal Site v1.0 is vulnerable to Cross Site Scripting (XSS). via /otps/classes/Master.php. | 2022-06-16 | not yet calculated | CVE-2022-31910 MISC |
sourcecodester — product_show_room_site | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/manage_field.php?id=. | 2022-06-14 | not yet calculated | CVE-2022-32365 MISC |
sourcecodester — product_show_room_site | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=user/manage_user&id=. | 2022-06-14 | not yet calculated | CVE-2022-32354 MISC |
sourcecodester — product_show_room_site | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/view_category.php?id=. | 2022-06-14 | not yet calculated | CVE-2022-32363 MISC |
sourcecodester — product_show_room_site | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/view_field.php?id=. | 2022-06-14 | not yet calculated | CVE-2022-32366 MISC |
sourcecodester — product_show_room_site | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/manage_product&id=. | 2022-06-14 | not yet calculated | CVE-2022-32364 MISC |
sourcecodester — product_show_room_site | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_field_order.php?id=. | 2022-06-14 | not yet calculated | CVE-2022-32353 MISC |
sourcecodester — product_show_room_site | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/view_product&id=. | 2022-06-14 | not yet calculated | CVE-2022-32355 MISC |
sourcecodester — product_show_room_site | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=inquiries/view_inquiry&id=. | 2022-06-14 | not yet calculated | CVE-2022-32367 MISC |
sourcecodester — product_show_room_site | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_category. | 2022-06-14 | not yet calculated | CVE-2022-32359 MISC |
sourcecodester — product_show_room_site | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_inquiry. | 2022-06-14 | not yet calculated | CVE-2022-32358 MISC |
sourcecodester — product_show_room_site | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_category.php?id=. | 2022-06-14 | not yet calculated | CVE-2022-32362 MISC |
sourcecodester — rescue_dispatch_management_system | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via \rdms\admin?page=user\manage_user&id=. | 2022-06-17 | not yet calculated | CVE-2022-31941 MISC |
sourcecodester — south_gate_inn_online_reservation_system | The South Gate Inn Online Reservation System v1.0 contains an SQL injection vulnerability that can be chained with a malicious PHP file upload, which is caused by improper file handling in the editImg function. This vulnerability leads to remote code execution. | 2022-06-13 | not yet calculated | CVE-2021-41662 MISC |
sourcecodester — student_registration_and_fee_payment_system | Student Registration and Fee Payment System v1.0 is vulnerable to SQL Injection via /scms/student.php. | 2022-06-16 | not yet calculated | CVE-2022-31908 MISC |
sourcecodester — theme_park_ticketing_system | Theme Park Ticketing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edit_ticket.php. | 2022-06-15 | not yet calculated | CVE-2022-32302 MISC |
sourcesodester — directory_management_system | Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php. | 2022-06-16 | not yet calculated | CVE-2022-31384 MISC MISC MISC |
sourcesodester — directory_management_system |
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php. | 2022-06-16 | not yet calculated | CVE-2022-31383 MISC MISC MISC |
sourcesodester — directory_management_system |
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php. | 2022-06-16 | not yet calculated | CVE-2022-31382 MISC MISC MISC |
sourcesodester — online_discussion_forum_site | An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts. | 2022-06-16 | not yet calculated | CVE-2022-31295 MISC MISC |
sourcesodester — online_discussion_forum_site | An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts. | 2022-06-16 | not yet calculated | CVE-2022-31294 MISC MISC |
sourcesodester — online_discussion_forum_site | Online Discussion Forum Site 1 was discovered to contain a blind SQL injection vulnerability via the component /odfs/posts/view_post.php. | 2022-06-17 | not yet calculated | CVE-2022-31296 MISC MISC |
sourcesodester — online_ordering_system | Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/index.php?q=category&search=. | 2022-06-17 | not yet calculated | CVE-2022-31355 MISC |
sourcesodester — online_ordering_system | Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/inventory/index.php?view=edit&id=. | 2022-06-17 | not yet calculated | CVE-2022-31357 MISC |
sourcesodester — online_ordering_system | Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/store/index.php?view=edit&id=. | 2022-06-17 | not yet calculated | CVE-2022-31356 MISC |
splunk_enterprise — splunk_universal_forwarder |
In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, connections from misconfigured nodes without valid certificates did not fail by default. After updating to version 9.0, see Configure TLS host name validation for the Splunk CLI (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_TLS_host_name_validation_for_the_Splunk_CLI) to enable the remediation. | 2022-06-15 | not yet calculated | CVE-2022-32156 CONFIRM CONFIRM CONFIRM |
splunk_enterprise — dashboard |
Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will. | 2022-06-15 | not yet calculated | CVE-2022-32154 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
splunk_enterprise — splunk_enterprise_deployment_servers |
Splunk Enterprise deployment servers in versions before 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal Forwarder endpoint could use the vulnerability to execute arbitrary code on all other Universal Forwarder endpoints subscribed to the deployment server. | 2022-06-15 | not yet calculated | CVE-2022-32158 CONFIRM CONFIRM |
splunk_enterprise — splunk_enterprise_deployment_servers |
Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation. | 2022-06-15 | not yet calculated | CVE-2022-32157 CONFIRM CONFIRM CONFIRM CONFIRM |
splunk_enterprise — splunk_enterprise_peers | Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation. | 2022-06-15 | not yet calculated | CVE-2022-32153 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
splunk_enterprise — splunk_enterprise_peers |
The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation. | 2022-06-15 | not yet calculated | CVE-2022-32151 CONFIRM CONFIRM CONFIRM CONFIRM |
splunk_enterprise — splunk_enterprise_peers |
Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation. | 2022-06-15 | not yet calculated | CVE-2022-32152 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
splunk_enterprise — splunk_universal_forwarder |
In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services. | 2022-06-15 | not yet calculated | CVE-2022-32155 CONFIRM CONFIRM CONFIRM |
strapi — strapi |
Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege. | 2022-06-13 | not yet calculated | CVE-2022-29894 MISC MISC MISC |
subscription-manager — subscription-manager | Subscription-Manager v1.0 /main.js has a cross-site scripting (XSS) vulnerability in the machineDetail parameter. | 2022-06-15 | not yet calculated | CVE-2021-41415 MISC |
synaptics — fingerprint_driver |
Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.1.xxx.26 versions prior to xxx=340 on x86/64; 5.2.xxxx.26 versions prior to xxxx=3541 on x86/64; 5.2.2xx.26 versions prior to xx=29 on x86/64; 5.2.3xx.26 versions prior to xx=25 on x86/64; 5.3.xxxx.26 versions prior to xxxx=3543 on x86/64; 5.5.xx.1058 versions prior to xx=44 on x86/64; 5.5.xx.1102 versions prior to xx=34 on x86/64; 5.5.xx.1116 versions prior to xx=14 on x86/64; 6.0.xx.1104 versions prior to xx=50 on x86/64; 6.0.xx.1108 versions prior to xx=31 on x86/64; 6.0.xx.1111 versions prior to xx=58 on x86/64. | 2022-06-16 | not yet calculated | CVE-2021-3675 MISC CONFIRM MISC |
tenda — hg9 | Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function. | 2022-06-16 | not yet calculated | CVE-2022-30023 MISC MISC MISC |
textpattern — textpattern | Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”. | 2022-06-14 | not yet calculated | CVE-2021-40658 MISC |
thinkcmf — thinkcmf |
thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required. | 2022-06-14 | not yet calculated | CVE-2021-40616 MISC |
thomson — tcw710 |
A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been declared as problematic. This vulnerability affects unknown code of the file /goform/RgUrlBlock.asp. The manipulation of the argument BasicParentalNewKeyword with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2022-06-12 | not yet calculated | CVE-2018-25039 MISC MISC |
thomson — tcw710 |
A vulnerability was found in Thomson TCW710 ST5D.10.05 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/RgDdns. The manipulation of the argument DdnsHostName with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2022-06-12 | not yet calculated | CVE-2018-25037 MISC MISC |
thomson — tcw710 |
A vulnerability has been found in Thomson TCW710 ST5D.10.05 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /goform/RgTime. The manipulation of the argument TimeServer1/TimeServer2/TimeServer3 with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2022-06-12 | not yet calculated | CVE-2018-25036 MISC MISC |
thomson — tcw710 |
A vulnerability, which was classified as problematic, was found in Thomson TCW710 ST5D.10.05. Affected is an unknown function of the file /goform/RGFirewallEL. The manipulation of the argument EmailAddress/SmtpServerName with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2022-06-12 | not yet calculated | CVE-2018-25035 MISC MISC |
thomson — tcw710 |
A vulnerability, which was classified as problematic, has been found in Thomson TCW710 ST5D.10.05. This issue affects some unknown processing of the file /goform/wlanPrimaryNetwork. The manipulation of the argument ServiceSetIdentifier with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2022-06-12 | not yet calculated | CVE-2018-25034 MISC MISC |
thomson — tcw710 |
A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been classified as problematic. This affects an unknown part of the file /goform/RgDhcp. The manipulation of the argument PppUserName with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2022-06-12 | not yet calculated | CVE-2018-25038 MISC MISC |
topsec — topidp3000 |
An issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smpidp allows attackers to perform a brute-force attack via a crafted session_id cookie. | 2022-06-14 | not yet calculated | CVE-2022-31273 MISC |
tourism_management_system_version — tourism_management_system_version | Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF). | 2022-06-14 | not yet calculated | CVE-2022-30930 MISC MISC |
trendnet — tew-831dr |
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The web interface is vulnerable to CSRF. An attacker can change the pre-shared key of the Wi-Fi router if the interface’s IP address is known. | 2022-06-16 | not yet calculated | CVE-2022-30327 MISC MISC |
trendnet — tew-831dr |
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key for the Wi-Fi networks is the same for every router except for the last four digits. The device default pre-shared key for both 2.4 GHz and 5 GHz networks can be guessed or brute-forced by an attacker within range of the Wi-Fi network. | 2022-06-16 | not yet calculated | CVE-2022-30325 MISC MISC |
trendnet — tew-831dr |
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. An OS injection vulnerability exists within the web interface, allowing an attacker with valid credentials to execute arbitrary shell commands. | 2022-06-16 | not yet calculated | CVE-2022-30329 MISC MISC |
trendnet — tew-831dr |
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The username and password setup for the web interface does not require entering the existing password. A malicious user can change the username and password of the interface. | 2022-06-16 | not yet calculated | CVE-2022-30328 MISC MISC |
trendnet — tew-831dr |
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The network pre-shared key field on the web interface is vulnerable to XSS. An attacker can use a simple XSS payload to crash the basic.config page of the web interface. | 2022-06-16 | not yet calculated | CVE-2022-30326 MISC MISC |
trendnet — ip-110wn | Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnerability via the proname parameter in /admin/scheprofile.cgi | 2022-06-17 | not yet calculated | CVE-2022-31875 MISC |
trendnet — ip-110wn | Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an XSS vulnerability via the prefix parameter in /admin/general.cgi. | 2022-06-17 | not yet calculated | CVE-2022-31873 MISC |
typo3 — typo3 | TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem. | 2022-06-14 | not yet calculated | CVE-2022-31047 MISC CONFIRM MISC |
typo3 — typo3 | TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolonged without any limit. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem. | 2022-06-14 | not yet calculated | CVE-2022-31050 MISC CONFIRM MISC |
typo3 — typo3 |
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details of database tables they already have access to. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users. | 2022-06-14 | not yet calculated | CVE-2022-31046 MISC CONFIRM MISC |
typo3 — typo3 |
TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. TYPO3 versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem. | 2022-06-14 | not yet calculated | CVE-2022-31048 MISC CONFIRM MISC |
typo3 — typo3 |
TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem. | 2022-06-14 | not yet calculated | CVE-2022-31049 MISC MISC CONFIRM |
u5cms — u5cms | u5cms version 8.3.5 is vulnerable to Cross Site Scripting (XSS). When a user accesses the default home page if the parameter passed in is http://127.0.0.1/? “Onmouseover=%27tzgl (96502)%27bad=”, it can cause html injection. | 2022-06-17 | not yet calculated | CVE-2022-32442 MISC |
u5cms — u5cms |
An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user’s browser to be redirected to another site via /loginsave.php. | 2022-06-17 | not yet calculated | CVE-2022-32444 MISC |
utorrent — utorrent | A vulnerability was found in uTorrent. It has been rated as critical. Affected by this issue is some unknown functionality of the component JSON RPC Server. The manipulation leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | 2022-06-17 | not yet calculated | CVE-2018-25041 MISC MISC MISC MISC |
utorrent — utorrent |
A vulnerability classified as critical has been found in uTorrent. This affects an unknown part. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. | 2022-06-17 | not yet calculated | CVE-2018-25042 MISC MISC MISC |
utorrent — utorrent |
A vulnerability classified as critical was found in uTorrent. This vulnerability affects unknown code of the component PRNG. The manipulation leads to weak authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | 2022-06-17 | not yet calculated | CVE-2018-25043 MISC MISC MISC |
utorrent — utorrent |
A vulnerability, which was classified as critical, has been found in uTorrent. This issue affects some unknown processing of the component Guest Account. The manipulation leads to privilege escalation. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | 2022-06-17 | not yet calculated | CVE-2018-25044 MISC MISC MISC |
utorrent — web |
A vulnerability was found in uTorrent Web. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component HTTP RPC Server. The manipulation leads to privilege escalation. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | 2022-06-17 | not yet calculated | CVE-2018-25040 MISC MISC MISC |
victor_cms — victor_cms |
Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php. | 2022-06-16 | not yet calculated | CVE-2020-35597 MISC MISC MISC |
vmware — hcx |
VMware HCX update addresses an information disclosure vulnerability. A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information. | 2022-06-16 | not yet calculated | CVE-2022-22953 MISC |
vmware — .net_and_visual_studio | .NET and Visual Studio Information Disclosure Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-30184 MISC |
voipmonitor — web_gui |
VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the “api.php” file and “user” parameter. | 2022-06-17 | not yet calculated | CVE-2021-41408 MISC MISC |
wavlink — wn579 | A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request. | 2022-06-14 | not yet calculated | CVE-2022-31847 MISC |
wavlink — wn579 | A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. | 2022-06-14 | not yet calculated | CVE-2022-31845 MISC MISC |
wavlink — wn579 | A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. | 2022-06-14 | not yet calculated | CVE-2022-31846 MISC MISC |
wavlink — aerial |
A vulnerability in live_mfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function. | 2022-06-14 | not yet calculated | CVE-2022-31308 MISC |
wavlink — aerial |
An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request. | 2022-06-14 | not yet calculated | CVE-2022-31311 MISC |
wavlink — aerial |
A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function. | 2022-06-14 | not yet calculated | CVE-2022-31309 MISC |
web_based_quiz_systems — web_based_quiz_systems | Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the eid parameter at welcome.php. | 2022-06-15 | not yet calculated | CVE-2022-32991 MISC |
weblizar — user_login_log_plugin |
A vulnerability was found in weblizar User Login Log Plugin 2.2.1. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Stored). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2022-06-16 | not yet calculated | CVE-2017-20056 MISC MISC MISC |
webtareas — webtareas | Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php. | 2022-06-16 | not yet calculated | CVE-2021-36609 MISC |
webtareas — webtareas |
Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /projects/editproject.php. | 2022-06-16 | not yet calculated | CVE-2021-36608 MISC |
windows — autopilot_device_management_and_enrollment_client | Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability. | 2022-06-15 | not yet calculated | CVE-2022-30189 MISC |
wiris — mathtype |
Wiris Mathtype v7.28.0 was discovered to contain a path traversal vulnerability in the resourceFile parameter. This vulnerability is exploited via a crafted request to the resource handler. | 2022-06-16 | not yet calculated | CVE-2022-31372 MISC |
wordpre4ss — phil_bakers_gate_plugin |
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Phil Baker’s Age Gate plugin <= 2.17.0 at WordPress. | 2022-06-15 | not yet calculated | CVE-2021-36901 CONFIRM CONFIRM |
wordpress — admin_management_xtended |
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress. | 2022-06-15 | not yet calculated | CVE-2022-29450 CONFIRM CONFIRM |
wordpress — api_key_for_google_maps |
Cross-Site Request Forgery (CSRF) vulnerability in API KEY for Google Maps plugin <= 1.2.1 at WordPress leading to Google Maps API key update. | 2022-06-15 | not yet calculated | CVE-2022-29453 CONFIRM CONFIRM |
wordpress — auto_delete_posts |
The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and delete specific posts, categories and attachments at once. | 2022-06-13 | not yet calculated | CVE-2022-1779 MISC |
wordpress — change_uploaded_file_permissions |
Due to missing checks the Change Uploaded File Permissions WordPress plugin through 4.0.0 is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made readable for everyone due to this. | 2022-06-13 | not yet calculated | CVE-2022-1788 MISC |
wordpress — export_all_urls | Authenticated (editor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Export All URLs plugin <= 4.1 at WordPress. | 2022-06-15 | not yet calculated | CVE-2022-29452 CONFIRM CONFIRM |
wordpress — filr |
The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload arbitrary HTML files as well as delete all files or arbitrary ones. | 2022-06-13 | not yet calculated | CVE-2022-1777 MISC |
wordpress — google_places_reviews_plugin |
The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site’s administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing the booby-trapped payload and taking over their account. | 2022-06-13 | not yet calculated | CVE-2022-1772 MISC |
wordpress — google_tag_manager |
The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the `gtm4wp-options[scroller-contentid]` parameter found in the `~/public/frontend.php` file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | 2022-06-13 | not yet calculated | CVE-2022-1961 MISC MISC MISC |
wordpress — hc_custom_wp-admin |
The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL | 2022-06-13 | not yet calculated | CVE-2022-1594 MISC |
wordpress — image_slider | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Image Slider by NextCode plugin <= 1.1.2 at WordPress. | 2022-06-15 | not yet calculated | CVE-2022-29437 CONFIRM CONFIRM |
wordpress — image_slider |
Cross-Site Request Forgery (CSRF) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress allows deleting slides. | 2022-06-15 | not yet calculated | CVE-2022-29439 CONFIRM CONFIRM |
wordpress — image_slider |
Authenticated (author or higher user role) Persistent Cross-Site Scripting (XSS) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress. | 2022-06-15 | not yet calculated | CVE-2022-29438 CONFIRM CONFIRM |
wordpress — jupiterxcore_plugin | Vulnerable versions of the Jupiter (<= 6.10.1) and JupiterX (<= 2.0.6) Themes allow logged-in users, including subscriber-level users, to perform Path Traversal and Local File inclusion. In the JupiterX theme, the jupiterx_cp_load_pane_action AJAX action present in the lib/admin/control-panel/control-panel.php file calls the load_control_panel_pane function. It is possible to use this action to include any local PHP file via the slug parameter. The Jupiter theme has a nearly identical vulnerability which can be exploited via the mka_cp_load_pane_action AJAX action present in the framework/admin/control-panel/logic/functions.php file, which calls the mka_cp_load_pane_action function. | 2022-06-13 | not yet calculated | CVE-2022-1657 MISC |
wordpress — jupiterxcore_plugin |
Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the “abb_uninstall_template” (both) and “jupiterx_core_cp_uninstall_template” (JupiterX Core Only) AJAX actions | 2022-06-13 | not yet calculated | CVE-2022-1654 MISC |
wordpress — jupiterxcore_plugin |
Vulnerable versions of the JupiterX Core (<= 2.0.6) plugin register an AJAX action jupiterx_conditional_manager which can be used to call any function in the includes/condition/class-condition-manager.php file by sending the desired function to call in the sub_action parameter. This can be used to view site configuration and logged-in users, modify post conditions, or perform a denial of service attack. | 2022-06-13 | not yet calculated | CVE-2022-1659 MISC |
wordpress — jupiterxcore_plugin |
Vulnerable versions of the Jupiter Theme (<= 6.10.1) allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abb_remove_plugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, any logged-in user can delete any installed plugin on the site. | 2022-06-13 | not yet calculated | CVE-2022-1658 MISC |
wordpress — latex |
The LaTeX for WordPress plugin through 3.4.10 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack which could also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping | 2022-06-13 | not yet calculated | CVE-2022-1780 MISC |
wordpress — messages_for_wordpress |
Authenticated (subscriber or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Messages For WordPress <= 2.1.10 at WordPress. | 2022-06-15 | not yet calculated | CVE-2022-29442 CONFIRM CONFIRM |
wordpress — mobile_browser_color_select |
The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the admin_update_data() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2022-06-13 | not yet calculated | CVE-2022-1969 MISC MISC |
wordpress — muneebs_custom_popup_builder |
Improper Access Control vulnerability leading to multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Muneeb’s Custom Popup Builder plugin <= 1.3.1 at WordPress. | 2022-06-15 | not yet calculated | CVE-2022-28612 CONFIRM CONFIRM |
wordpress — new_user_email_set_up |
The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2022-06-13 | not yet calculated | CVE-2022-1790 MISC |
wordpress — newsletter_plugin |
The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER[‘REQUEST_URI’] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below. | 2022-06-13 | not yet calculated | CVE-2022-1756 MISC |
wordpress — nicdark_doo_travel_management |
Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark d.o.o. Travel Management plugin <= 2.0 at WordPress. | 2022-06-15 | not yet calculated | CVE-2022-27859 CONFIRM CONFIRM |
wordpress — one_click_plugin_updater |
The One Click Plugin Updater WordPress plugin through 2.4.14 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available updates and the related check. | 2022-06-13 | not yet calculated | CVE-2022-1791 MISC |
wordpress — peteraes_collaboration_e-mails_plugin |
The Peter’s Collaboration E-mails WordPress plugin through 2.2.0 is vulnerable to CSRF due to missing nonce checks. This allows the change of its settings, which can be used to lower the required user level, change texts, the used email address and more. | 2022-06-13 | not yet calculated | CVE-2022-1761 MISC |
wordpress — photo_gallery_by_supsystic_plugin | Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery by Supsystic plugin <= 1.15.5 at WordPress allows changing the plugin settings. | 2022-06-15 | not yet calculated | CVE-2021-36891 CONFIRM CONFIRM |
wordpress — posttabs |
The postTabs WordPress plugin through 2.10.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping | 2022-06-13 | not yet calculated | CVE-2022-1781 MISC |
wordpress — private_messages_for_wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Private Messages For WordPress plugin <= 2.1.10 at WordPress allows attackers to send messages. | 2022-06-15 | not yet calculated | CVE-2022-29441 CONFIRM CONFIRM |
wordpress — promotion_slider |
Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Promotion Slider plugin <= 3.3.4 at WordPress. | 2022-06-15 | not yet calculated | CVE-2022-29440 CONFIRM CONFIRM |
wordpress — quick_subscribe |
The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and leading to Stored XSS due to the lack of sanitisation and escaping in some of them | 2022-06-13 | not yet calculated | CVE-2022-1792 MISC |
wordpress — sticky_popup_plugin |
The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ popup_title’ parameter in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with admin level capabilities and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This issue mostly affects sites where unfiltered_html has been disabled for administrators and on multi-site installations where unfiltered_html is disabled for administrators. | 2022-06-13 | not yet calculated | CVE-2022-1750 MISC |
wordpress — team_manager |
Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in DynamicWebLab’s WordPress Team Manager plugin <= 1.6.9 at WordPress. | 2022-06-15 | not yet calculated | CVE-2022-29406 CONFIRM CONFIRM |
wordpress — wp-chgfontsize_plugin |
The WP-chgFontSize WordPress plugin through 1.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping | 2022-06-13 | not yet calculated | CVE-2022-1764 MISC |
wordpress –nicdarks_hotel_booking |
Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark’s Hotel Booking plugin <= 3.0 at WordPress. | 2022-06-15 | not yet calculated | CVE-2022-29443 CONFIRM CONFIRM |
wordpress– sideblog |
The Sideblog WordPress plugin through 6.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping | 2022-06-13 | not yet calculated | CVE-2022-1787 MISC |
wordpress — copify |
The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2022-06-13 | not yet calculated | CVE-2022-1900 MISC |
wordpress — download_manager |
The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on the ‘frameid’ parameter found in the ~/src/Package/views/shortcode-iframe.php file. | 2022-06-13 | not yet calculated | CVE-2022-1985 MISC MISC MISC |
wordpress — export_any_wordpress_data_to_xml/csv |
The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability. | 2022-06-13 | not yet calculated | CVE-2022-1800 MISC |
wordpress — genki_pre-publish_reminder |
The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS as well as RCE when custom code is added via the plugin settings. | 2022-06-13 | not yet calculated | CVE-2022-1758 MISC |
wordpress — hot_linked_image_cacher_plugin |
The Hot Linked Image Cacher WordPress plugin through 1.16 is vulnerable to CSRF. This can be used to store / cache images from external domains on the server, which could lead to legal risks (due to copyright violations or licensing rules). | 2022-06-13 | not yet calculated | CVE-2022-1765 MISC |
wordpress — iq_block_country_plugin |
The iQ Block Country WordPress plugin through 1.2.13 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it’s block feature by spoofing the headers. | 2022-06-13 | not yet calculated | CVE-2022-1762 MISC |
wordpress — keep_backup_daily |
The Keep Backup Daily plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘t’ parameter in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2022-06-13 | not yet calculated | CVE-2022-1820 MISC MISC |
wordpress — mitsol_social_post_feed_plugin |
The Mitsol Social Post Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.10 due to insufficient input sanitization and output escaping on the application id parameters. This makes it possible for authenticated (admin+) attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html is disabled. | 2022-06-13 | not yet calculated | CVE-2022-0209 MISC MISC |
wordpress — ninja_forms_contact_form_plugin |
Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Saturday Drive’s Ninja Forms Contact Form plugin <= 3.6.9 at WordPress via “label”. | 2022-06-16 | not yet calculated | CVE-2021-36827 CONFIRM CONFIRM |
wordpress — private_files |
The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public | 2022-06-13 | not yet calculated | CVE-2022-1793 MISC |
wordpress — rb_internal_links_plugin |
The RB Internal Links WordPress plugin through 2.0.16 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, as well as perform Stored Cross-Site Scripting attacks due to the lack of sanitisation and escaping | 2022-06-13 | not yet calculated | CVE-2022-1759 MISC |
wordpress — rsvpmaker_plugin |
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to, and including, 9.3.2. Please note that this is separate from CVE-2022-1453 & CVE-2022-1505. | 2022-06-13 | not yet calculated | CVE-2022-1768 MISC MISC MISC |
wordpress — static_page_extended_plugin |
Due to missing checks the Static Page eXtended WordPress plugin through 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the lack of escaping in some of the settings | 2022-06-13 | not yet calculated | CVE-2022-1763 MISC |
wordpress — toolbar_to_share |
The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing nonce validation on the plugin_toolbar_comparte page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2022-06-13 | not yet calculated | CVE-2022-1918 MISC MISC |
wordpress — wp_admin_style |
The WP Admin Style WordPress plugin through 0.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed | 2022-06-13 | not yet calculated | CVE-2022-1814 MISC |
wordpress — wp_athletics |
The WP Athletics WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting | 2022-06-13 | not yet calculated | CVE-2022-1773 MISC |
wordpress — wpmk_ajax_finder_plugin |
The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1. | 2022-06-13 | not yet calculated | CVE-2022-1749 MISC MISC |
wordpress — zephyr_project_manager |
The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2022-06-13 | not yet calculated | CVE-2022-1822 MISC MISC |
wuzhicms — wuzhicms |
SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php | 2022-06-16 | not yet calculated | CVE-2021-41654 MISC |
xakuros — xo_slider_plugin |
Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Xakuro’s XO Slider plugin <= 3.3.2 at WordPress. | 2022-06-15 | not yet calculated | CVE-2022-32280 CONFIRM CONFIRM |
xfce — xfce | XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. | 2022-06-13 | not yet calculated | CVE-2022-32278 MISC DEBIAN |
xiaomi — lamp |
Xiaomi Lamp 1 v2.0.4_0066 was discovered to be vulnerable to replay attacks. This allows attackers to to bypass the expected access restrictions and gain control of the switch and other functions via a crafted POST request. | 2022-06-16 | not yet calculated | CVE-2022-31277 MISC |
xos-shop — xos-shop_system |
Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/categories.php | 2022-06-16 | not yet calculated | CVE-2021-46820 MISC |
xos-shop — xos-shop_system |
Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/manufacturers.php. | 2022-06-16 | not yet calculated | CVE-2021-37764 MISC |
xpedition — designer |
A vulnerability has been identified in Xpedition Designer (All versions < VX.2.11). The affected application assigns improper access rights to the service executable. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. | 2022-06-14 | not yet calculated | CVE-2022-31465 MISC |
xyzscripts — contact_form_manager_plugin |
A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2022-06-16 | not yet calculated | CVE-2017-20054 MISC MISC MISC |
xyzscripts — contact_form_manager_plugin |
A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2022-06-16 | not yet calculated | CVE-2017-20053 MISC MISC MISC |
yandex — browser_for_windows |
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process. | 2022-06-15 | not yet calculated | CVE-2022-28225 MISC |
yandex — browser_for_windows |
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process. | 2022-06-15 | not yet calculated | CVE-2022-28226 MISC |
yandex — browser |
Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process. | 2022-06-15 | not yet calculated | CVE-2021-25261 MISC |
yugue — kkcms | kkcms v1.3.7 was discovered to contain a SQL injection vulnerability via the cid parameter at /template/wapian/vlist.php. | 2022-06-15 | not yet calculated | CVE-2022-32101 MISC |
yuque — youdiancms | YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the id parameter at /App/Lib/Action/Admin/SiteAction.class.php. | 2022-06-15 | not yet calculated | CVE-2022-32299 MISC |
yuque — youdiancms | YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the MailSendID parameter at /App/Lib/Action/Admin/MailAction.class.php. | 2022-06-15 | not yet calculated | CVE-2022-32300 MISC |
yuque — youdiancms | YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php. | 2022-06-15 | not yet calculated | CVE-2022-32301 MISC |
zoom — on-premise_meeting_connector |
Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee. As a result, a threat actor in the Zooms waiting room can join the meeting without the consent of the host. | 2022-06-15 | not yet calculated | CVE-2022-28749 MISC |
zoom — opener |
The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack. This vulnerability could be used to run arbitrary code on the victims host. | 2022-06-15 | not yet calculated | CVE-2022-22788 MISC |
zzcms — zzcms | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/deluser.php (when the attacker has admin authority) via the id parameter. | 2022-06-17 | not yet calculated | CVE-2019-12357 MISC |
zzcms — zzcms | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendsms.php (when the attacker has dls_print authority) via a dlid cookie. | 2022-06-17 | not yet calculated | CVE-2019-12358 MISC |
zzcms — zzcms | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/ztliuyan_sendmail.php (when the attacker has admin authority) via the id parameter. | 2022-06-17 | not yet calculated | CVE-2019-12359 MISC |
zzcms — zzcms | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_print.php (when the attacker has dls_print authority) via the id parameter. | 2022-06-17 | not yet calculated | CVE-2019-12355 MISC |
zzcms — zzcms | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_download.php (when the attacker has dls_download authority) via the id parameter. | 2022-06-17 | not yet calculated | CVE-2019-12356 MISC |
zzcms — zzcms |
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendmail.php (when the attacker has dls_print authority) via a dlid cookie. | 2022-06-17 | not yet calculated | CVE-2019-12352 MISC |
zzcms — zzcms |
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/showbad.php (when the attacker has admin authority) via the id parameter. | 2022-06-17 | not yet calculated | CVE-2019-12354 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.