US-CERT Bulletin (SB22-185):Vulnerability Summary for the Week of June 27, 2022
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
codesys — gateway | In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password. | 2022-06-24 | 7.5 | CVE-2022-31802 CONFIRM |
ibm — cognos_analytics | IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238. | 2022-06-24 | 7.5 | CVE-2021-38945 CONFIRM XF |
illumina — local_run_manager | LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network. | 2022-06-24 | 10 | CVE-2022-1517 MISC |
illumina — local_run_manager | LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit. | 2022-06-24 | 10 | CVE-2022-1519 MISC |
illumina — local_run_manager | LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure. | 2022-06-24 | 7.5 | CVE-2022-1518 MISC |
melag — ftp_server | When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system. | 2022-06-24 | 9 | CVE-2021-41635 MISC |
online_student_rate_system_project — online_student_rate_system | A vulnerability exists in Online Student Rate System v1.0 that allows any user to register as an administrator without needing to be authenticated. | 2022-06-24 | 7.5 | CVE-2021-39409 MISC |
simple_ads_manager_project — simple_ads_manager | A vulnerability classified as critical was found in Simple Ads Manager Plugin. This vulnerability affects unknown code. The manipulation leads to code injection. The attack can be initiated remotely. | 2022-06-24 | 7.5 | CVE-2017-20095 MISC MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
1234n — minicms | A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link. | 2022-06-24 | 5.8 | CVE-2022-33121 MISC |
codesys — gateway | In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact. | 2022-06-24 | 5 | CVE-2022-31803 CONFIRM |
codesys — gateway | The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition. | 2022-06-24 | 5 | CVE-2022-31804 CONFIRM |
codesys — runtime_toolkit | Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which can cause an out-of-bounds read or write access, resulting in denial-of-service condition or local memory overwrite, which can lead to a change of local files. User interaction is not required. | 2022-06-24 | 5.5 | CVE-2022-32142 CONFIRM |
codesys — runtime_toolkit | Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a denial-of-service condition. User interaction is not required. | 2022-06-24 | 4 | CVE-2022-32141 CONFIRM |
codesys — runtime_toolkit | Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User interaction is not required. | 2022-06-24 | 5.5 | CVE-2022-1965 CONFIRM |
codesys — runtime_toolkit | In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously successfully authenticated himself to the controller. A successful Attack may lead to a denial of service, change of local files, or drain of confidential Information. User interaction is not required | 2022-06-24 | 6.5 | CVE-2022-32143 CONFIRM |
codesys — runtime_toolkit | In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or memory overwrite. | 2022-06-24 | 6.5 | CVE-2022-32138 CONFIRM |
codesys — runtime_toolkit | In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service. User interaction is not required. | 2022-06-24 | 4 | CVE-2022-32136 CONFIRM |
codesys — runtime_toolkit | In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. User Interaction is not required. | 2022-06-24 | 4 | CVE-2022-32139 CONFIRM |
codesys — runtime_toolkit | Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition. User Interaction is not required. | 2022-06-24 | 4 | CVE-2022-32140 CONFIRM |
codesys — runtime_toolkit | In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. User interaction is not required. | 2022-06-24 | 6.5 | CVE-2022-32137 CONFIRM |
dradisframework — dradis | Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token. | 2022-06-24 | 4.3 | CVE-2022-30028 MISC |
gimp — gimp | An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS). | 2022-06-24 | 4.3 | CVE-2022-32990 MISC |
ibm — cognos_analytics | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the ‘Cloud Storage’ page for which they should not have access. IBM X-Force ID: 202682. | 2022-06-24 | 4 | CVE-2021-29768 CONFIRM XF |
ibm — jazz_team_server | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 194891. | 2022-06-24 | 5 | CVE-2021-20355 XF CONFIRM |
ibm — jazz_team_server | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 206091. | 2022-06-24 | 4.9 | CVE-2021-29865 XF CONFIRM |
ibm — jazz_team_server | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198931. | 2022-06-24 | 4 | CVE-2021-20544 XF CONFIRM |
ibm — jazz_team_server | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | 2022-06-24 | 4 | CVE-2021-20421 CONFIRM XF |
ibm — jazz_team_server | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 209057. | 2022-06-24 | 5 | CVE-2021-38879 CONFIRM XF |
illumina — local_run_manager | LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data. | 2022-06-24 | 6.4 | CVE-2022-1521 MISC |
illumina — local_run_manager | LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials. | 2022-06-24 | 4.3 | CVE-2022-1524 MISC |
melag — ftp_server | A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid FTP usernames. | 2022-06-24 | 5 | CVE-2021-41634 MISC |
melag — ftp_server | The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username. | 2022-06-24 | 5 | CVE-2021-41638 MISC |
online_student_rate_system_project — online_student_rate_system | Cross Site Scripting (XSS) vulnerability exists in Online Student Rate System 1.0 via the page parameter on the index.php file | 2022-06-24 | 4.3 | CVE-2021-39408 MISC |
prison_management_system_project — prison_management_system | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/inmates/manage_inmate.php:3 | 2022-06-24 | 6.5 | CVE-2022-32404 MISC MISC |
prison_management_system_project — prison_management_system | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/cells/view_cell.php:4 | 2022-06-24 | 6.5 | CVE-2022-32393 MISC MISC |
prison_management_system_project — prison_management_system | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/crimes/manage_crime.php:4 | 2022-06-24 | 6.5 | CVE-2022-32395 MISC MISC |
prison_management_system_project — prison_management_system | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/inmates/view_inmate.php:3 | 2022-06-24 | 6.5 | CVE-2022-32394 MISC MISC |
prison_management_system_project — prison_management_system | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/visits/manage_visit.php:4 | 2022-06-24 | 6.5 | CVE-2022-32396 MISC MISC |
prison_management_system_project — prison_management_system | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/cells/manage_cell.php:4 | 2022-06-24 | 6.5 | CVE-2022-32398 MISC MISC |
prison_management_system_project — prison_management_system | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/prisons/view_prison.php:4 | 2022-06-24 | 6.5 | CVE-2022-32405 MISC MISC |
prison_management_system_project — prison_management_system | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/inmates/manage_record.php:4 | 2022-06-24 | 6.5 | CVE-2022-32403 MISC MISC |
prison_management_system_project — prison_management_system | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/prisons/manage_prison.php:4 | 2022-06-24 | 6.5 | CVE-2022-32402 MISC MISC |
prison_management_system_project — prison_management_system | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/inmates/manage_privilege.php:4 | 2022-06-24 | 6.5 | CVE-2022-32401 MISC MISC |
prison_management_system_project — prison_management_system | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/visits/view_visit.php:4 | 2022-06-24 | 6.5 | CVE-2022-32397 MISC MISC |
prison_management_system_project — prison_management_system | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/user/manage_user.php:4. | 2022-06-24 | 6.5 | CVE-2022-32400 MISC MISC |
prison_management_system_project — prison_management_system | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/crimes/view_crime.php:4 | 2022-06-24 | 6.5 | CVE-2022-32399 MISC MISC |
prison_management_system_project — prison_management_system | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/actions/manage_action.php:4 | 2022-06-24 | 6.5 | CVE-2022-32392 MISC MISC |
prison_management_system_project — prison_management_system | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/actions/view_action.php:4 | 2022-06-24 | 6.5 | CVE-2022-32391 MISC MISC |
validate_color_project — validate_color | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-color v2.1.0 when handling crafted invalid rgb(a) strings. | 2022-06-24 | 5 | CVE-2021-40892 MISC |
wp-filebase_download_manager_project — wp-filebase_download_manager | A vulnerability was found in WP-Filebase Download Manager Plugin 3.4.4. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. | 2022-06-24 | 4.3 | CVE-2017-20097 MISC MISC |
wp-spamfree_anti-spam_project — wp-spamfree_anti-spam | A vulnerability classified as problematic has been found in WP-SpamFree Anti-Spam Plugin 2.1.1.4. This affects an unknown part. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely. | 2022-06-24 | 4.3 | CVE-2017-20096 MISC MISC |
wpdownloadmanager — wordpress_download_manager | A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. | 2022-06-24 | 4.3 | CVE-2017-20093 MISC MISC |
yoast — google_analytics_dashboard | A vulnerability classified as problematic was found in Google Analytics Dashboard Plugin 2.1.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched remotely. | 2022-06-24 | 4.3 | CVE-2017-20092 MISC MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
eyoucms — eyoucms | A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page. | 2022-06-24 | 3.5 | CVE-2022-33122 MISC |
galaxkey — galaxkey | Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the ‘subject’ field. The payload executes when the recipient logs into their mailbox. | 2022-06-26 | 3.5 | CVE-2020-27509 MISC MISC |
ibm — jazz_team_server | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site. IBM X-Force ID: 198929. | 2022-06-24 | 3.5 | CVE-2021-20543 XF CONFIRM |
ibm — jazz_team_server | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208345. | 2022-06-24 | 3.5 | CVE-2021-38871 XF CONFIRM |
ibm — jazz_team_server | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149. | 2022-06-24 | 2.1 | CVE-2021-20551 CONFIRM XF |
melag — ftp_server | Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the “Everyone” group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all FTP users. | 2022-06-24 | 3.6 | CVE-2021-41637 MISC |
melag — ftp_server | MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file. | 2022-06-24 | 2.1 | CVE-2021-41639 MISC |
newstatpress_project — newstatpress | A vulnerability, which was classified as problematic, has been found in NewStatPress Plugin 1.2.4. This issue affects some unknown processing. The manipulation leads to basic cross site scripting (Persistent). The attack may be initiated remotely. Upgrading to version 1.2.5 is able to address this issue. It is recommended to upgrade the affected component. | 2022-06-24 | 3.5 | CVE-2017-20094 MISC MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
admidio — admidio | Admidio 4.1.2 version is affected by stored cross-site scripting (XSS). | 2022-06-28 | not yet calculated | CVE-2022-23896 MISC |
aerogear — aerogear |
The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can’t be reached or can slow the server down by purposefully wasting it’s time with slow endpoints. Similarly, one can provide whatever HTTP end point they want. This turns the server into a DDOS vector or an anonymizer for the posting of malware and so on. | 2022-07-01 | not yet calculated | CVE-2014-3648 MISC |
aerogear — aerogear |
Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input. | 2022-07-01 | not yet calculated | CVE-2014-3650 MISC MISC |
ampere — alta_and_altramax |
On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component. | 2022-07-01 | not yet calculated | CVE-2022-32295 MISC MISC |
android — ebook_app |
SQL Injection vulnerability in viaviwebtech Android EBook App (Books App, PDF, ePub, Online Book Reading, Download Books) 10 via the author_id parameter to api.php. | 2022-07-01 | not yet calculated | CVE-2021-32428 MISC MISC MISC MISC |
apache — shiro |
Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass. | 2022-06-29 | not yet calculated | CVE-2022-32532 MISC |
apache — systemds | The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a “low-priority but useful improvement”. SystemDS is a distributed system and needs to serialize/deserialize data but in many code paths (e.g., on Spark broadcast/shuffle or writing to sequence files) the byte stream is anyway protected by additional CRC fingerprints. In this particular case though, the number of decoders is upper-bounded by twice the number of columns, which means an attacker would need to modify two entries in the byte stream in a consistent manner. By adding these checks robustness was strictly improved with almost zero overhead. These code changes are available in versions higher than 2.2.1. | 2022-06-27 | not yet calculated | CVE-2022-26477 MISC |
apache — apache |
The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1. | 2022-06-27 | not yet calculated | CVE-2022-33879 MISC MLIST |
apifest — oauth |
ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization code to the redirect URI submitted with the authorization request, without checking whether the redirect URI is registered by the client who initiated the request. This allows an attacker to craft a request with a manipulated redirect URI (redirect_uri parameter), which is under the attacker’s control, and consequently obtain the leaked authorization code when the server redirects the client to the manipulated redirect URI with an authorization code. NOTE: this is similar to CVE-2019-3778. | 2022-06-29 | not yet calculated | CVE-2020-26877 MISC MISC MISC |
apple — air_transfer |
A vulnerability was found in Air Transfer 1.0.14/1.2.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2022-06-27 | not yet calculated | CVE-2017-20100 MISC MISC |
apple — album_lock |
A vulnerability was found in Album Lock 4.0 and classified as critical. Affected by this issue is some unknown functionality of the file /getImage. The manipulation of the argument filePaht leads to path traversal. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | 2022-06-27 | not yet calculated | CVE-2017-20102 MISC MISC |
apple — iphone |
A vulnerability was found in Apple iPhone up to 12.4.1. It has been declared as critical. Affected by this vulnerability is Siri. Playing an audio or video file might be able to initiate Siri on the same device which makes it possible to execute commands remotely. Exploit details have been disclosed to the public. The existence and implications of this vulnerability are doubted by Apple even though multiple public videos demonstrating the attack exist. Upgrading to version 13.0 migt be able to address this issue. It is recommended to upgrade affected devices. NOTE: Apple claims, that after examining the report they do not see any actual security implications. | 2022-06-25 | not yet calculated | CVE-2019-25071 N/A N/A N/A |
argo — cd | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a `javascript:` link in the UI. When clicked by a victim user, the script will execute with the victim’s permissions (up to and including admin). The script would be capable of doing anything which is possible in the UI or via the API, such as creating, modifying, and deleting Kubernetes resources. A patch for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no completely-safe workarounds besides upgrading. | 2022-06-27 | not yet calculated | CVE-2022-31035 MISC MISC CONFIRM |
argo — cd |
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must be an authenticated Argo CD user authorized to deploy Applications from a repository which contains (or can be made to contain) a large file. The fix for this vulnerability is available in versions 2.3.5, 2.2.10, 2.1.16, and later. There are no known workarounds. Users are recommended to upgrade. | 2022-06-25 | not yet calculated | CVE-2022-31016 CONFIRM |
argo — cd |
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD’s repo-server. A malicious Argo CD user with write access for a repository which is (or may be) used in a Helm-type Application may commit a symlink which points to an out-of-bounds file. If the target file is a valid YAML file, the attacker can read the contents of that file. Sensitive files which could be leaked include manifest files from other Applications’ source repositories (potentially decrypted files, if you are using a decryption plugin) or any YAML-formatted secrets which have been mounted as files on the repo-server. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. If you are using a version >=v2.3.0 and do not have any Helm-type Applications you may disable the Helm config management tool as a workaround. | 2022-06-27 | not yet calculated | CVE-2022-31036 MISC CONFIRM |
argo — cd |
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a relatively-predictable (time-based) seed in a non-cryptographically-secure pseudo-random number generator made the parameter less random than required by the relevant spec or by general best practices. In some cases, using too short a value made the entropy even less sufficient. The attacks on login flows which are meant to be mitigated by these parameters are difficult to accomplish but can have a high impact potentially granting an attacker admin access to Argo CD. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no known workarounds for this vulnerability. | 2022-06-27 | not yet calculated | CVE-2022-31034 MISC CONFIRM |
ast — parser | An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input. | 2022-06-30 | not yet calculated | CVE-2022-33082 MISC |
asus — dsl-n14u-b1 |
Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the “*list” parameters (e.g. filter_lwlist, keyword_rulelist, etc) in every “.asp” page containing a list of stored strings. The following asp files are affected: (1) cgi-bin/APP_Installation.asp, (2) cgi-bin/Advanced_ACL_Content.asp, (3) cgi-bin/Advanced_ADSL_Content.asp, (4) cgi-bin/Advanced_ASUSDDNS_Content.asp, (5) cgi-bin/Advanced_AiDisk_ftp.asp, (6) cgi-bin/Advanced_AiDisk_samba.asp, (7) cgi-bin/Advanced_DSL_Content.asp, (8) cgi-bin/Advanced_Firewall_Content.asp, (9) cgi-bin/Advanced_FirmwareUpgrade_Content.asp, (10) cgi-bin/Advanced_GWStaticRoute_Content.asp, (11) cgi-bin/Advanced_IPTV_Content.asp, (12) cgi-bin/Advanced_IPv6_Content.asp, (13) cgi-bin/Advanced_KeywordFilter_Content.asp, (14) cgi-bin/Advanced_LAN_Content.asp, (15) cgi-bin/Advanced_Modem_Content.asp, (16) cgi-bin/Advanced_PortTrigger_Content.asp, (17) cgi-bin/Advanced_QOSUserPrio_Content.asp, (18) cgi-bin/Advanced_QOSUserRules_Content.asp, (19) cgi-bin/Advanced_SettingBackup_Content.asp, (20) cgi-bin/Advanced_System_Content.asp, (21) cgi-bin/Advanced_URLFilter_Content.asp, (22) cgi-bin/Advanced_VPN_PPTP.asp, (23) cgi-bin/Advanced_VirtualServer_Content.asp, (24) cgi-bin/Advanced_WANPort_Content.asp, (25) cgi-bin/Advanced_WAdvanced_Content.asp, (26) cgi-bin/Advanced_WMode_Content.asp, (27) cgi-bin/Advanced_WWPS_Content.asp, (28) cgi-bin/Advanced_Wireless_Content.asp, (29) cgi-bin/Bandwidth_Limiter.asp, (30) cgi-bin/Guest_network.asp, (31) cgi-bin/Main_AccessLog_Content.asp, (32) cgi-bin/Main_AdslStatus_Content.asp, (33) cgi-bin/Main_Spectrum_Content.asp, (34) cgi-bin/Main_WebHistory_Content.asp, (35) cgi-bin/ParentalControl.asp, (36) cgi-bin/QIS_wizard.asp, (37) cgi-bin/QoS_EZQoS.asp, (38) cgi-bin/aidisk.asp, (39) cgi-bin/aidisk/Aidisk-1.asp, (40) cgi-bin/aidisk/Aidisk-2.asp, (41) cgi-bin/aidisk/Aidisk-3.asp, (42) cgi-bin/aidisk/Aidisk-4.asp, (43) cgi-bin/blocking.asp, (44) cgi-bin/cloud_main.asp, (45) cgi-bin/cloud_router_sync.asp, (46) cgi-bin/cloud_settings.asp, (47) cgi-bin/cloud_sync.asp, (48) cgi-bin/device-map/DSL_dashboard.asp, (49) cgi-bin/device-map/clients.asp, (50) cgi-bin/device-map/disk.asp, (51) cgi-bin/device-map/internet.asp, (52) cgi-bin/error_page.asp, (53) cgi-bin/index.asp, (54) cgi-bin/index2.asp, (55) cgi-bin/qis/QIS_PTM_manual_setting.asp, (56) cgi-bin/qis/QIS_admin_pass.asp, (57) cgi-bin/qis/QIS_annex_setting.asp, (58) cgi-bin/qis/QIS_bridge_cfg_tmp.asp, (59) cgi-bin/qis/QIS_detect.asp, (60) cgi-bin/qis/QIS_finish.asp, (61) cgi-bin/qis/QIS_ipoa_cfg_tmp.asp, (62) cgi-bin/qis/QIS_manual_setting.asp, (63) cgi-bin/qis/QIS_mer_cfg.asp, (64) cgi-bin/qis/QIS_mer_cfg_tmp.asp, (65) cgi-bin/qis/QIS_ppp_cfg.asp, (66) cgi-bin/qis/QIS_ppp_cfg_tmp.asp, (67) cgi-bin/qis/QIS_wireless.asp, (68) cgi-bin/query_wan_status.asp, (69) cgi-bin/query_wan_status2.asp, and (70) cgi-bin/start_apply.asp. | 2022-07-01 | not yet calculated | CVE-2022-32988 MISC MISC |
automox — agent_for_osx | The Automox Agent installation package before 37 on macOS allows an unprivileged user to obtain root access because of incorrect access control on a file used within the PostInstall script. | 2022-07-01 | not yet calculated | CVE-2022-27904 MISC MISC |
bento4 — bento4 |
In Bento4 1.6.0-638, there is an allocator is out of memory in the function AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity in Ap4Array.h:172, as demonstrated by GPAC. This can cause a denial of service (DOS). | 2022-06-27 | not yet calculated | CVE-2021-40941 MISC |
bento4 — bento4 |
In Bento4 1.6.0-638, there is a null pointer reference in the function AP4_DescriptorListInspector::Action function in Ap4Descriptor.h:124 , as demonstrated by GPAC. This can cause a denial of service (DOS). | 2022-06-28 | not yet calculated | CVE-2021-40943 MISC |
bestofinc — online_hotel_booking_system_pro | A vulnerability classified as critical has been found in Online Hotel Booking System Pro Plugin 1.0. Affected is an unknown function of the file /front/roomtype-details.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2022-06-30 | not yet calculated | CVE-2017-20124 N/A N/A |
bestofinc — online_hotel_booking_system_pro |
A vulnerability classified as critical was found in Online Hotel Booking System Pro 1.2. Affected by this vulnerability is an unknown functionality of the file /roomtype-details.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2022-06-30 | not yet calculated | CVE-2017-20125 N/A N/A |
bfabiszewski — libmobi |
NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11. | 2022-07-01 | not yet calculated | CVE-2022-2279 CONFIRM MISC |
bigbluebutton — bigbluebutton |
BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim’s client. When a user receives a private chat from the attacker (whose username contains malicious JavaScript), the script gets executed. Additionally when the victim receives a notification that the attacker has left the session. This issue has been patched in version 2.4.8 and 2.5.0. There are no known workarounds for this issue. | 2022-06-27 | not yet calculated | CVE-2022-31065 CONFIRM MISC MISC |
bigbluebutton — bigbluebutton |
BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker (with xss in the name) starts a chat. in the victim’s client the JavaScript will be executed. This issue has been addressed in version 2.4.8 and 2.5.0. There are no known workarounds for this issue. | 2022-06-27 | not yet calculated | CVE-2022-31064 MISC CONFIRM MISC MISC FULLDISC MISC |
bigbluebutton — greenlight |
Greenlight is a simple front-end interface for your BigBlueButton server. In affected versions an attacker can view any room’s settings even though they are not authorized to do so. Only the room owner and administrator should be able to view a room’s settings. This issue has been patched in release version 2.12.6. | 2022-06-27 | not yet calculated | CVE-2022-31039 CONFIRM MISC |
bitrix — site_manager |
A vulnerability classified as problematic was found in Bitrix Site Manager 12.06.2015. Affected by this vulnerability is an unknown functionality of the component Contact Form. The manipulation of the argument text with the input <img src=”http://1″; on onerror=”$(’p’).text(’Hacked’)” /> leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2022-06-30 | not yet calculated | CVE-2017-20122 N/A N/A |
brocade — sannav |
Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log | 2022-06-27 | not yet calculated | CVE-2022-28167 MISC CONFIRM |
brocade — sannav |
In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082. | 2022-06-27 | not yet calculated | CVE-2022-28166 MISC CONFIRM |
brocade — sannav |
In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords. | 2022-06-27 | not yet calculated | CVE-2022-28168 MISC CONFIRM |
centum — multiple_versions |
Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 ‘For CENTUM VP Support CAMS for HIS’ is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration. | 2022-06-28 | not yet calculated | CVE-2022-30707 MISC MISC MISC MISC |
cilan2 — iot | A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | 2022-06-30 | not yet calculated | CVE-2022-33087 MISC |
clever — underscore.deep |
Underscore.deep is a collection of Underscore mixins that operate on nested objects. Versions of `underscore.deep` prior to version 0.5.3 are vulnerable to a prototype pollution vulnerability. An attacker can craft a malicious payload and pass it to `deepFromFlat`, which would pollute any future Objects created. Any users that have `deepFromFlat` or `deepPick` (due to its dependency on `deepFromFlat`) in their code should upgrade to version 0.5.3 as soon as possible. Users unable to upgrade may mitigate this issue by modifying `deepFromFlat` to prevent specific keywords which will prevent this from happening. | 2022-06-28 | not yet calculated | CVE-2022-31106 MISC CONFIRM |
cloudflare — warp_client_for_windows | Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files. | 2022-06-28 | not yet calculated | CVE-2022-2145 MISC |
college_management_sytem — college_management_system |
College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file. | 2022-07-01 | not yet calculated | CVE-2022-32420 MISC |
d-link — dir-645 |
D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi. | 2022-06-27 | not yet calculated | CVE-2022-32092 MISC MISC |
dahuasecurity — dahuasecurity | When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user’s login packet. | 2022-06-28 | not yet calculated | CVE-2022-30563 MISC |
dahuasecurity –dahuasecurity | When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash. | 2022-06-28 | not yet calculated | CVE-2022-30560 MISC |
dahuasecurity –dahuasecurity | When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user’s login packet. | 2022-06-28 | not yet calculated | CVE-2022-30561 MISC |
dahuasecurity –dahuasecurity |
If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. | 2022-06-28 | not yet calculated | CVE-2022-30562 MISC |
das — u-boot |
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the “i2c md” command enables the corruption of the return address pointer of the do_i2c_md function. | 2022-06-30 | not yet calculated | CVE-2022-34835 MISC MISC MISC |
das — u-boot |
Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir(). | 2022-07-01 | not yet calculated | CVE-2022-33103 MISC MISC |
dcmtk — dcmtk | DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack. | 2022-06-28 | not yet calculated | CVE-2021-41689 MISC MISC |
dcmtk — dcmtk | DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can use it to launch a DoS attack. | 2022-06-28 | not yet calculated | CVE-2021-41690 MISC MISC |
dcmtk — dcmtk |
DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack. | 2022-06-28 | not yet calculated | CVE-2021-41688 MISC MISC |
dcmtk — dcmtk |
DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack. | 2022-06-28 | not yet calculated | CVE-2021-41687 MISC MISC |
deep.assign — deep.assign | deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’). | 2022-06-30 | not yet calculated | CVE-2021-40663 MISC MISC |
dell — powerscale_onefs | Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources. | 2022-06-28 | not yet calculated | CVE-2022-31229 MISC |
dell — powerscale_onefs |
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access. | 2022-06-28 | not yet calculated | CVE-2022-31230 MISC |
delta_electronics — diaenergie | A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field. | 2022-06-27 | not yet calculated | CVE-2022-33005 MISC |
devolutions — remote_desktop_manager |
Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8. | 2022-06-27 | not yet calculated | CVE-2022-2221 MISC |
discourse — discourse |
Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn’t match the invite’s email or does not adhere to the email domain restriction of an invite link. The impact of this flaw is aggravated when the invite has been configured to add the user that accepts the invite into restricted groups. Once a user has been incorrectly added to a restricted group, the user may then be able to view content which that are restricted to the respective group. Users are advised to upgrade to the current stable releases. There are no known workarounds to this issue. | 2022-06-27 | not yet calculated | CVE-2022-31096 CONFIRM |
distributed_data_systems — webhmi |
A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 can store a script that could impact other logged in users. | 2022-07-01 | not yet calculated | CVE-2022-2254 CONFIRM |
distributed_data_systems — webhmi |
A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the host server. | 2022-07-01 | not yet calculated | CVE-2022-2253 CONFIRM |
dompdf — dompdf | Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0. | 2022-06-28 | not yet calculated | CVE-2022-0085 MISC CONFIRM |
easy_table_plugin — easy_table_plugin |
A vulnerability classified as problematic has been found in Easy Table Plugin 1.6. This affects an unknown part of the file /wordpress/wp-admin/options-general.php. The manipulation with the input “><script>alert(1)</script> leads to basic cross site scripting. It is possible to initiate the attack remotely. | 2022-06-29 | not yet calculated | CVE-2017-20108 MISC MISC |
ecshop — eschop |
ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information. | 2022-06-28 | not yet calculated | CVE-2021-41460 MISC |
edimax — ic-3140w |
The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password. | 2022-06-29 | not yet calculated | CVE-2021-40597 MISC MISC MISC |
elcomplus — smartics |
An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0. | 2022-06-27 | not yet calculated | CVE-2022-2088 CONFIRM |
elcomplus — smartics |
Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files. | 2022-06-27 | not yet calculated | CVE-2022-2106 CONFIRM |
elcomplus — smartics |
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters. | 2022-06-27 | not yet calculated | CVE-2022-2140 CONFIRM |
embarcadero — dev-cpp | A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execute arbitrary code via a crafted .exe file. | 2022-06-29 | not yet calculated | CVE-2022-33036 MISC |
ember.js — ember.js |
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view’s `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain (“XSS”). This vulnerability only affects applications that assign or bind user-provided content to `tagName`. | 2022-06-30 | not yet calculated | CVE-2013-4170 MISC MISC MISC |
espcms — espcms |
ESPCMS P8 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the fetch_filename function at \espcms_public\espcms_templates\ESPCMS_Templates. | 2022-06-30 | not yet calculated | CVE-2022-33085 MISC |
espressif — bluetootj_mesh_sdk |
ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (`ESP-BLE-MESH`), a memory corruption vulnerability can be triggered during provisioning, because there is no check for the `SegN` field of the Transaction Start PDU. This can result in memory corruption related attacks and potentially attacker gaining control of the entire system. Patch commits are available on the 4.1, 4.2, 4.3 and 4.4 branches and users are recommended to upgrade. The upgrade is applicable for all applications and users of `ESP-BLE-MESH` component from `ESP-IDF`. As it is implemented in the Bluetooth Mesh stack, there is no workaround for the user to fix the application layer without upgrading the underlying firmware. | 2022-06-25 | not yet calculated | CVE-2022-24893 CONFIRM |
exemys — rme1 |
By using a specific credential string, an attacker with network access to the device’s web interface could circumvent the authentication scheme and perform administrative operations. | 2022-06-30 | not yet calculated | CVE-2022-2197 MISC |
eyeofnetwork — eyeofnetwork |
EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the “sendmail” application in the “cacti” configuration page (by default/usr/sbin/sendmail) it is possible to execute any command, which will be executed when we make a test of the configuration (“send test mail”). | 2022-06-30 | not yet calculated | CVE-2021-40643 MISC MISC |
form –contact_form_wordpress_plugin | The Form – Contact Form WordPress plugin through 1.2.0 does not sanitize and escape Custom text fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 2022-06-27 | not yet calculated | CVE-2022-1326 MISC |
fusionpbx — fusionpbx |
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized “path” parameter in resources/login.php. | 2022-07-01 | not yet calculated | CVE-2021-37524 MISC MISC |
getgrav — grav | Code Injection in GitHub repository getgrav/grav prior to 1.7.34. | 2022-06-29 | not yet calculated | CVE-2022-2073 MISC CONFIRM |
gitee — gitee |
When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception. | 2022-06-27 | not yet calculated | CVE-2021-33654 MISC |
gitee — gitee |
When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception. | 2022-06-27 | not yet calculated | CVE-2021-33653 MISC |
gitee — gitee |
When the Reduce operator run operation is executed, if there is a value of 0 in the parameter axis_sizes element, it will cause a division by 0 exception. | 2022-06-27 | not yet calculated | CVE-2021-33652 MISC |
gitee — gitee |
When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers. | 2022-06-27 | not yet calculated | CVE-2021-33648 MISC |
gitee — gitee |
When performing the inference shape operation of the Tile operator, if the input data type is not int or int32, it will access data outside of bounds of heap allocated buffers. | 2022-06-27 | not yet calculated | CVE-2021-33647 MISC |
gitee — gitee |
When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers. | 2022-06-27 | not yet calculated | CVE-2021-33650 MISC |
gitee — gitee |
When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_multiplier is 0, it will cause a division by 0 exception. | 2022-06-27 | not yet calculated | CVE-2021-33651 MISC |
gitee — gitee |
When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will access data outside of bounds of input_shape which allocated from heap buffers. | 2022-06-27 | not yet calculated | CVE-2021-33649 MISC |
gitlab — ce/ee | Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions | 2022-07-01 | not yet calculated | CVE-2022-2227 MISC MISC CONFIRM |
gitlab — ce/ee |
An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they’re a member of. | 2022-07-01 | not yet calculated | CVE-2022-2229 CONFIRM MISC MISC |
gitlab — ce/ee |
An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description. | 2022-07-01 | not yet calculated | CVE-2022-1999 MISC CONFIRM |
gitlab — ce/ee |
A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim’s behalf. | 2022-07-01 | not yet calculated | CVE-2022-2230 MISC CONFIRM MISC |
gitlab — ee |
An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group milestones are associated with any project releases. | 2022-07-01 | not yet calculated | CVE-2022-2281 MISC MISC CONFIRM |
gitlab — ee |
Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP address restrictions were configured. | 2022-07-01 | not yet calculated | CVE-2022-1983 MISC CONFIRM |
gitlab — ee |
Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling from outside the allowed IP range | 2022-07-01 | not yet calculated | CVE-2022-2228 CONFIRM MISC |
gitlab — ee |
Insufficient sanitization in GitLab EE’s external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link | 2022-07-01 | not yet calculated | CVE-2022-2235 MISC MISC CONFIRM |
gitlab — ee |
An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains, that allow-list may be bypassed if a Maintainer uses the ‘Invite a group’ feature to invite a group that has members that don’t comply with domain allow-list. | 2022-07-01 | not yet calculated | CVE-2022-1981 MISC MISC CONFIRM |
gitlab — ee/ce |
An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL. | 2022-07-01 | not yet calculated | CVE-2022-2250 CONFIRM MISC MISC |
gitlab — ee/ce |
An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project’s error tracking feature. | 2022-07-01 | not yet calculated | CVE-2022-2244 CONFIRM MISC MISC |
gitlab — ee/ce |
An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in non-linked sentry projects. | 2022-07-01 | not yet calculated | CVE-2022-2243 MISC MISC CONFIRM |
gitlab — gitlab |
An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making it possible to be retrieved under certain conditions. | 2022-07-01 | not yet calculated | CVE-2022-0167 MISC CONFIRM |
gitlab — gitlab |
An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification. | 2022-07-01 | not yet calculated | CVE-2022-2270 CONFIRM MISC MISC |
gitlab — ce/ee | A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers | 2022-07-01 | not yet calculated | CVE-2022-1954 MISC CONFIRM MISC |
gitlab — ce/ee |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab reveals if a user has enabled two-factor authentication on their account in the HTML source, to unauthenticated users. | 2022-07-01 | not yet calculated | CVE-2022-1963 MISC MISC CONFIRM |
gitlab — gitlab |
A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where it was possible for an unauthorised user to execute arbitrary code on the server using the project import feature. | 2022-07-01 | not yet calculated | CVE-2022-2185 CONFIRM MISC MISC |
glpi — glpi |
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is not authenticated. This issue has been addressed in version 10.0.2 and all affected users are advised to upgrade. | 2022-06-28 | not yet calculated | CVE-2022-31068 MISC CONFIRM |
glpi — glpi |
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a SQL injection can be made using package deployment tasks. This issue has been resolved in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should delete the `front/deploypackage.public.php` file if they are not using the `deploy tasks` feature. | 2022-06-27 | not yet calculated | CVE-2022-31082 MISC CONFIRM |
glpi — glpi |
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms (Ticket/Change/Problem) permit sql injection on the actor fields. This issue has been resolved in version 10.0.2 and all affected users are advised to upgrade. | 2022-06-28 | not yet calculated | CVE-2022-31056 CONFIRM |
glpi — glpi |
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. | 2022-06-28 | not yet calculated | CVE-2022-31061 CONFIRM MISC |
gnupg — gnupg |
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim’s keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. | 2022-07-01 | not yet calculated | CVE-2022-34903 MISC MISC MISC MLIST |
gpac — gpac |
The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | 2022-06-28 | not yet calculated | CVE-2021-40608 MISC |
gpac — gpac |
The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | 2022-06-28 | not yet calculated | CVE-2021-40606 MISC |
gpac — gpac |
The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | 2022-06-28 | not yet calculated | CVE-2021-40607 MISC |
gpac — gpac |
The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | 2022-06-28 | not yet calculated | CVE-2021-40609 MISC |
gpac — mp4box | In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS). | 2022-06-28 | not yet calculated | CVE-2021-40944 MISC |
gpac — mp4box |
In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c:1454, as demonstrated by GPAC. This can cause a denial of service (DOS). | 2022-06-27 | not yet calculated | CVE-2021-40942 MISC |
gps-sdr-sim — gps-sdr-sim |
There is a buffer overflow in gps-sdr-sim v1.0 when parsing long command line parameters, which can lead to DoS or code execution. | 2022-06-30 | not yet calculated | CVE-2021-37778 MISC |
gunet — open_eclass_platform | An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal. | 2022-06-27 | not yet calculated | CVE-2022-33116 MISC MISC MISC MISC |
guzzle — guzzle |
Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify an `Authorization` header. On making a request which responds with a redirect to a URI with a different origin (change in host, scheme or port), if we choose to follow it, we should remove the `CURLOPT_HTTPAUTH` option before continuing, stopping curl from appending the `Authorization` header to the new request. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. If you do not require or expect redirects to be followed, one should simply disable redirects all together. Alternatively, one can specify to use the Guzzle steam handler backend, rather than curl. | 2022-06-27 | not yet calculated | CVE-2022-31090 MISC CONFIRM |
guzzle — guzzle |
Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the `Authorization` and `Cookie` headers from the request, before containing. Previously, we would only consider a change in host or scheme. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. An alternative approach would be to use your own redirect middleware, rather than ours, if you are unable to upgrade. If you do not require or expect redirects to be followed, one should simply disable redirects all together. | 2022-06-27 | not yet calculated | CVE-2022-31091 MISC CONFIRM |
halo_cms — halo_cms | Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function. | 2022-06-27 | not yet calculated | CVE-2022-32995 MISC |
halo_cms — halo_cms | Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload. | 2022-06-27 | not yet calculated | CVE-2022-32994 MISC |
hikvision — hybrid_san/cluster_storage |
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device. | 2022-06-27 | not yet calculated | CVE-2022-28171 MISC |
hikvision — hybrid_san_cluster_storage |
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending messages with malicious commands to the affected device. | 2022-06-27 | not yet calculated | CVE-2022-28172 MISC |
hongcms — hongcms | An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell. | 2022-07-01 | not yet calculated | CVE-2022-32412 MISC |
hongcms — hongcms | An issue in the languages config file of HongCMS v3.0 allows attackers to getshell. | 2022-07-01 | not yet calculated | CVE-2022-32411 MISC |
hospital_management_system — hospital_management_system | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php. | 2022-07-01 | not yet calculated | CVE-2022-32094 MISC |
hospital_management_system — hospital_management_system | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php. | 2022-07-01 | not yet calculated | CVE-2022-32093 MISC |
hospital_management_system — hospital_management_system | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php. | 2022-07-01 | not yet calculated | CVE-2022-32095 MISC |
hpe — nonstop_dsm/scm |
A remote disclosure of sensitive information vulnerability was discovered in HPE NonStop DSM/SCM version: T6031H03^ADP. HPE has provided a software update to resolve this vulnerability in HPE NonStop DSM/SCM. | 2022-06-28 | not yet calculated | CVE-2022-28621 MISC |
hpe — storeonce | A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2. | 2022-06-27 | not yet calculated | CVE-2022-28622 MISC |
ibm — cloudpak |
IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these containers could execute arbitrary commands. IBM X-Force ID: 211048. | 2022-06-30 | not yet calculated | CVE-2021-38941 XF CONFIRM |
ibm — infosphere_information_server |
An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system that may contain non-sensitive debugging information like stack traces. IBM X-Force ID: 221323. | 2022-07-01 | not yet calculated | CVE-2022-22373 XF CONFIRM |
ibm — security_guardium |
IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2022-06-29 | not yet calculated | CVE-2021-39074 CONFIRM XF |
ibm — spectrum_protect | IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets. This can result in a denial of service for IBM Spectrum Protect client operations. IBM X-Force ID: 225348. | 2022-06-30 | not yet calculated | CVE-2022-22474 XF CONFIRM |
ibm — spectrum_protect |
While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942. | 2022-06-30 | not yet calculated | CVE-2022-22496 XF CONFIRM |
ibm — spectrum_protect |
An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326. | 2022-06-30 | not yet calculated | CVE-2022-22487 XF CONFIRM |
ibm — spectrum_protect |
IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886. | 2022-06-30 | not yet calculated | CVE-2022-22478 CONFIRM XF |
ibm — spectrum_protect |
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID: 226940. | 2022-06-30 | not yet calculated | CVE-2022-22494 CONFIRM XF |
ibm — spectrum_protect_plus_container_backup_and_restore | IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper disclosure of session information. By retrieving the logs of a container an attacker could exploit this vulnerability to bypass login security of the IBM Spectrum Protect Plus server and gain unauthorized access based on the permissions of the IBM Spectrum Protect Plus user to the vulnerable Spectrum Protect Plus server software. IBM X-Force ID: 225340. | 2022-06-30 | not yet calculated | CVE-2022-22472 CONFIRM XF |
ibm — sterling_b2b_integrator |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could disclose sensitive version information that could aid in future attacks against the system. IBM X-Force ID: 211414. | 2022-06-30 | not yet calculated | CVE-2021-38954 CONFIRM XF |
ibm — urban_code_deploy |
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008. | 2022-07-01 | not yet calculated | CVE-2022-22367 CONFIRM XF |
ibm — urban_code_deploy |
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106. | 2022-07-01 | not yet calculated | CVE-2022-22366 CONFIRM XF |
ilias — ilias |
In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts. | 2022-06-29 | not yet calculated | CVE-2022-31266 MISC MISC |
image_galery — grid_gallery_ wordpress_ plugin | The Image Gallery – Grid Gallery WordPress plugin through 1.1.1 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 2022-06-27 | not yet calculated | CVE-2022-1327 MISC |
ionicabizau — parse-path | Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0. | 2022-06-27 | not yet calculated | CVE-2022-0722 MISC CONFIRM |
ionicabizau — parse-path | Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0. | 2022-06-28 | not yet calculated | CVE-2022-0624 CONFIRM MISC |
ionicabizau — parse-url |
Cross-site Scripting (XSS) – Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0. | 2022-06-27 | not yet calculated | CVE-2022-2218 MISC CONFIRM |
ionicabizau — parse-url |
Cross-site Scripting (XSS) – Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0. | 2022-06-27 | not yet calculated | CVE-2022-2217 MISC CONFIRM |
ionicabizau — parse-url |
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0. | 2022-06-27 | not yet calculated | CVE-2022-2216 MISC CONFIRM |
ivpn — client |
A vulnerability has been found in IVPN Client 2.6.6120.33863 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument –up cmd leads to improper privilege management. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.6.2 is able to address this issue. It is recommended to upgrade the affected component. | 2022-06-29 | not yet calculated | CVE-2017-20112 MISC MISC MISC |
jaredhanson — passport |
This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed. | 2022-07-01 | not yet calculated | CVE-2022-25896 CONFIRM CONFIRM CONFIRM |
jenkins — build-metrics_plugin | Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them. | 2022-06-30 | not yet calculated | CVE-2022-34785 CONFIRM |
jenkins — build-metrics_plugin | Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission. | 2022-06-30 | not yet calculated | CVE-2022-34784 CONFIRM |
jenkins — build_notifications_plugin | Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 2022-06-30 | not yet calculated | CVE-2022-34801 CONFIRM |
jenkins — build_notifications_plugin | Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 2022-06-30 | not yet calculated | CVE-2022-34800 CONFIRM |
jenkins — cisco_spark_plugin | Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 2022-06-30 | not yet calculated | CVE-2022-34808 CONFIRM |
jenkins — deployment_dashboard_plugin | Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 2022-06-30 | not yet calculated | CVE-2022-34799 CONFIRM |
jenkins — deployment_dashboard_plugin | A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials. | 2022-06-30 | not yet calculated | CVE-2022-34797 CONFIRM |
jenkins — deployment_dashboard_plugin | Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. | 2022-06-30 | not yet calculated | CVE-2022-34795 CONFIRM |
jenkins — deployment_dashboard_plugin | A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 2022-06-30 | not yet calculated | CVE-2022-34796 CONFIRM |
jenkins — deployment_dashboard_plugin | Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. | 2022-06-30 | not yet calculated | CVE-2022-34798 CONFIRM |
jenkins — elasticsearch_query_plugin | Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 2022-06-30 | not yet calculated | CVE-2022-34807 CONFIRM |
jenkins — extreme_feedback_panel_plugin | Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 2022-06-30 | not yet calculated | CVE-2022-34790 CONFIRM |
jenkins — failed_job_deactivator_plugin | Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints, allowing attackers with Overall/Read permission to disable jobs. | 2022-06-30 | not yet calculated | CVE-2022-34818 CONFIRM |
jenkins — failed_job_deactivator_plugin | A cross-site request forgery (CSRF) vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs. | 2022-06-30 | not yet calculated | CVE-2022-34817 CONFIRM |
jenkins — gitlab_plugin |
Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 2022-06-30 | not yet calculated | CVE-2022-34777 CONFIRM |
jenkins — hpe_network_virtualization_plugin | Jenkins HPE Network Virtualization Plugin 1.0 stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 2022-06-30 | not yet calculated | CVE-2022-34816 CONFIRM |
jenkins — jigomerge_plugin |
Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 2022-06-30 | not yet calculated | CVE-2022-34806 CONFIRM |
jenkins — plot_plugin | Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 2022-06-30 | not yet calculated | CVE-2022-34783 CONFIRM |
jenkins — project_inheritance_plugin |
Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked. | 2022-06-30 | not yet calculated | CVE-2022-34787 CONFIRM |
jenkins — recipe_plugin | Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. | 2022-06-30 | not yet calculated | CVE-2022-34794 CONFIRM |
jenkins — recipe_plugin | Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2022-06-30 | not yet calculated | CVE-2022-34793 CONFIRM |
jenkins — recipe_plugin | A cross-site request forgery (CSRF) vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML. | 2022-06-30 | not yet calculated | CVE-2022-34792 CONFIRM |
jenkins — request_rename_or_delete_plugin | A cross-site request forgery (CSRF) vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs. | 2022-06-30 | not yet calculated | CVE-2022-34815 CONFIRM |
jenkins — request_rename_or_delete_plugin | Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration page listing pending requests. | 2022-06-30 | not yet calculated | CVE-2022-34814 CONFIRM |
jenkins — requests-plugin_plugin | An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. | 2022-06-30 | not yet calculated | CVE-2022-34782 CONFIRM |
jenkins — rocketchat_notifier_plugin | Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 2022-06-30 | not yet calculated | CVE-2022-34802 CONFIRM |
jenkins — rqm_plugin | A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 2022-06-30 | not yet calculated | CVE-2022-34810 CONFIRM |
jenkins — rqm_plugin | Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 2022-06-30 | not yet calculated | CVE-2022-34809 CONFIRM |
jenkins — skype_notifier_plugin |
Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 2022-06-30 | not yet calculated | CVE-2022-34805 CONFIRM |
jenkins — testng_results_plugin | Jenkins TestNG Results Plugin 554.va4a552116332 and earlier renders the unescaped test descriptions and exception messages provided in test results if certain job-level options are set, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or control test results. | 2022-06-30 | not yet calculated | CVE-2022-34778 CONFIRM |
jenkins — validating_email_parameter_plugin | Jenkins Validating Email Parameter Plugin 1.10 and earlier does not escape the name and description of its parameter type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 2022-06-30 | not yet calculated | CVE-2022-34791 CONFIRM |
jenkins — xebialabs_xl_release_plugin | A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 2022-06-30 | not yet calculated | CVE-2022-34780 CONFIRM |
jenkins — xebialabs_xl_release_plugin | A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 2022-06-30 | not yet calculated | CVE-2022-34779 CONFIRM |
jenkins — xebialabs_xl_release_plugin | Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 2022-06-30 | not yet calculated | CVE-2022-34781 CONFIRM |
jenkins — xpath_configuration_viewer_plugin | A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions. | 2022-06-30 | not yet calculated | CVE-2022-34812 CONFIRM |
jenkins — xpath_configuration_viewer_plugin | A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. | 2022-06-30 | not yet calculated | CVE-2022-34811 CONFIRM |
jenkins — xpath_configuration_viewer_plugin | A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions. | 2022-06-30 | not yet calculated | CVE-2022-34813 CONFIRM |
jenkins — matrix_reloaded_plugin | A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds. | 2022-06-30 | not yet calculated | CVE-2022-34789 CONFIRM |
jenkins — matrix_reloaded_plugin | Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. | 2022-06-30 | not yet calculated | CVE-2022-34788 CONFIRM |
jenkins — opsgenie_plugin | Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission (config.xml), or access to the Jenkins controller file system. | 2022-06-30 | not yet calculated | CVE-2022-34803 CONFIRM |
jenkins — opsgenie_plugin | Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain text as part of the global Jenkins configuration form and job configuration forms, potentially resulting in their exposure. | 2022-06-30 | not yet calculated | CVE-2022-34804 CONFIRM |
jenkins — rich_text_publisher_plugin |
Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs. | 2022-06-30 | not yet calculated | CVE-2022-34786 CONFIRM |
jetbrains — hub |
In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services | 2022-07-01 | not yet calculated | CVE-2022-34894 MISC |
jira — data_center_and_server_mobile_plugin |
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4. | 2022-06-30 | not yet calculated | CVE-2022-26135 MISC MISC MISC |
jorani — jorani | Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php. | 2022-06-28 | not yet calculated | CVE-2022-34133 MISC MISC |
jorani — jorani | Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php. | 2022-06-28 | not yet calculated | CVE-2022-34134 MISC MISC |
jorani — jorani | Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php. | 2022-06-28 | not yet calculated | CVE-2022-34132 MISC MISC |
joy_ebike — wolf |
Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote attackers to jam the key fob request via RF. | 2022-06-29 | not yet calculated | CVE-2022-30467 MISC MISC |
jpegoptim — jpegoptim | JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. | 2022-07-01 | not yet calculated | CVE-2022-32325 MISC |
kjur — jsrsasign |
The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT signature if it has Base64URL and dot safe string before executing JWS.verify() or JWS.verifyJWT() method. | 2022-07-01 | not yet calculated | CVE-2022-25898 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
kubeedge — kubeedge |
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates with the CSI Driver on the cloud side, the attack is limited to the local host network. As such, an attacker would already need to be an authenticated user of the Cloud. Additionally it will be affected only when users turn on the unixsocket switch in the config file cloudcore.yaml. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. Users unable to upgrade should sisable the unixsocket switch of CloudHub in the config file cloudcore.yaml. | 2022-06-27 | not yet calculated | CVE-2022-31076 MISC CONFIRM |
kubeedge — kubeedge |
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a consequence, the CSI Driver controller will be in denial of service. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. At the time of writing, no workaround exists. | 2022-06-27 | not yet calculated | CVE-2022-31077 MISC CONFIRM MISC |
l2blocker — l2blocker |
Authentication bypass vulnerability in the setup screen of L2Blocker(on-premise) Ver4.8.5 and earlier and L2Blocker(Cloud) Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative paths or channels for Sensor. | 2022-06-27 | not yet calculated | CVE-2022-33202 MISC MISC |
ldap — account_manager | LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor argument. This can lead to code execution if non-LAM classes are instantiated that execute code during object creation. This issue has been fixed in version 8.0. | 2022-06-27 | not yet calculated | CVE-2022-31084 MISC CONFIRM |
ldap — account_manager |
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Code Execution if the /config/templates/pdf/ directory is accessible for remote users. This is not a default configuration of LAM. This issue has been fixed in version 8.0. There are no known workarounds for this issue. | 2022-06-27 | not yet calculated | CVE-2022-31086 CONFIRM MISC |
ldap — account_manager |
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by configuration. This issue has been fixed in version 8.0. Users unable to upgrade should install the PHP OpenSSL extension and make sure session encryption is enabled in LAM main configuration. | 2022-06-27 | not yet calculated | CVE-2022-31085 CONFIRM MISC |
ldap — account_manager |
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LDAP search configuration. This issue has been fixed in version 8.0. | 2022-06-27 | not yet calculated | CVE-2022-31088 MISC CONFIRM |
ldap — account_manager |
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php (and .php5/.php4/.phpt/etc) files. An attacker capable of writing files under www-data privileges can write a web-shell into this directory, and gain a Code Execution on the host. This issue has been fixed in version 8.0. Users unable to upgrade should disallow executing PHP scripts in (/var/lib/ldap-account-manager/)tmp directory. | 2022-06-27 | not yet calculated | CVE-2022-31087 MISC CONFIRM |
lettersanitizer — lettersantizer |
lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule `@keyframes`. This package is depended on by [react-letter](https://github.com/mat-sz/react-letter), therefore everyone using react-letter is also at risk. The problem has been patched in version 1.0.2. | 2022-06-27 | not yet calculated | CVE-2022-31103 MISC CONFIRM MISC |
libtiff — libtiff | Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. | 2022-06-30 | not yet calculated | CVE-2022-2056 MISC CONFIRM MISC |
libtiff — libtiff |
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. | 2022-06-30 | not yet calculated | CVE-2022-2057 MISC CONFIRM MISC |
libtiff — libtiff |
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. | 2022-06-30 | not yet calculated | CVE-2022-2058 CONFIRM MISC MISC |
lightcms — lightcms |
A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file. | 2022-06-27 | not yet calculated | CVE-2022-33009 MISC MISC MISC |
linux — linux_kernel | rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. | 2022-06-26 | not yet calculated | CVE-2022-34495 MISC MISC |
linux — linux_kernel | rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. | 2022-06-26 | not yet calculated | CVE-2022-34494 MISC MISC |
linux — linux_kernel |
A vulnerability was found in the Linux kernel’s nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. | 2022-06-30 | not yet calculated | CVE-2022-2078 MISC |
linux — linux_kernel |
A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. | 2022-06-30 | not yet calculated | CVE-2022-1852 MISC |
lirantal — git-clone | All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the –upload-pack feature of git. | 2022-07-01 | not yet calculated | CVE-2022-25900 CONFIRM CONFIRM |
lithium_technologies — lithium_forum |
A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the argument upload_url leads to server-side request forgery. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | 2022-06-28 | not yet calculated | CVE-2017-20106 N/A N/A |
lua — lua |
An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. | 2022-07-01 | not yet calculated | CVE-2022-33099 MISC MISC MISC MISC MISC |
manageiq — awesome_spawn |
Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command. | 2022-06-30 | not yet calculated | CVE-2014-0156 MISC MISC |
mariadb — mariadb | MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field. | 2022-07-01 | not yet calculated | CVE-2022-32086 MISC |
mariadb — mariadb | MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. | 2022-07-01 | not yet calculated | CVE-2022-32082 MISC |
mariadb — mariadb | MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. | 2022-07-01 | not yet calculated | CVE-2022-32088 MISC |
mariadb — mariadb | MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. | 2022-07-01 | not yet calculated | CVE-2022-32089 MISC |
mariadb — mariadb | MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. | 2022-07-01 | not yet calculated | CVE-2022-32083 MISC |
mariadb — mariadb | MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. | 2022-07-01 | not yet calculated | CVE-2022-32085 MISC |
mariadb — mariadb | MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. | 2022-07-01 | not yet calculated | CVE-2022-32081 MISC |
mariadb — mariadb | MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. | 2022-07-01 | not yet calculated | CVE-2022-32087 MISC |
mariadb — mariadb |
MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. | 2022-07-01 | not yet calculated | CVE-2022-32091 MISC |
mariadb — mariadb |
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. | 2022-07-01 | not yet calculated | CVE-2022-32084 MISC |
marval_global — marval_msm | Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys. | 2022-06-28 | not yet calculated | CVE-2022-31883 MISC MISC MISC |
marval_global — marval_msm | Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form. | 2022-06-28 | not yet calculated | CVE-2022-31886 MISC MISC MISC MISC |
marval_global — marval_msm | Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys. | 2022-06-28 | not yet calculated | CVE-2022-31884 MISC MISC MISC |
marval_global — marval_msm |
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user’s password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password. | 2022-06-28 | not yet calculated | CVE-2022-31887 MISC MISC MISC |
marval_global — marval_msm |
Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts. | 2022-06-28 | not yet calculated | CVE-2022-31885 MISC MISC MISC |
mcms — mcms |
MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability. | 2022-07-01 | not yet calculated | CVE-2022-31943 MISC |
md2roff — md2roff |
** DISPUTED ** md2roff 1.7 has a stack-based buffer overflow via a Markdown file containing a large number of consecutive characters to be processed. NOTE: the vendor’s position is that the product is not intended for untrusted input. | 2022-07-02 | not yet calculated | CVE-2022-34913 MISC |
mediawiki — mediawiki |
An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack vectors within the Wikibase and WikibaseLexeme extensions. This is related to Special:NewLexeme and Special:NewProperty. | 2022-06-28 | not yet calculated | CVE-2022-34750 MISC MISC MISC |
mediawiki — mediawiki |
An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won’t be escaped. | 2022-07-02 | not yet calculated | CVE-2022-34912 MISC |
mediawiki — mediawiki |
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to “Welcome” followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text(). | 2022-07-02 | not yet calculated | CVE-2022-34911 MISC |
mermaid — mermaid |
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary `CSS` into the generated graph allowing them to change the styling of elements outside of the generated graph, and potentially exfiltrate sensitive information by using specially crafted `CSS` selectors. The following example shows how an attacker can exfiltrate the contents of an input field by bruteforcing the `value` attribute one character at a time. Whenever there is an actual match, an `http` request will be made by the browser in order to “load” a background image that will let an attacker know what’s the value of the character. This issue may lead to `Information Disclosure` via CSS selectors and functions able to generate HTTP requests. This also allows an attacker to change the document in ways which may lead a user to perform unintended actions, such as clicking on a link, etc. This issue has been resolved in version 9.1.3. Users are advised to upgrade. Users unable to upgrade should ensure that user input is adequately escaped before embedding it in CSS blocks. | 2022-06-28 | not yet calculated | CVE-2022-31108 MISC CONFIRM |
metamask — metamask_extension |
MetaMask before 10.11.3 might allow an attacker to access a user’s secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue. | 2022-06-29 | not yet calculated | CVE-2022-32969 MISC MISC MISC |
microsoft — edge | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638. | 2022-06-29 | not yet calculated | CVE-2022-33639 N/A |
microsoft — edge | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33639. | 2022-06-29 | not yet calculated | CVE-2022-33638 N/A |
microsoft — edge |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33638, CVE-2022-33639. | 2022-06-29 | not yet calculated | CVE-2022-30192 N/A |
microweber — microweber |
Cross-site Scripting (XSS) – Stored in GitHub repository microweber/microweber prior to 1.2.19. | 2022-07-01 | not yet calculated | CVE-2022-2280 MISC CONFIRM |
microweber — microweber |
Open Redirect in GitHub repository microweber/microweber prior to 1.2.19. | 2022-06-29 | not yet calculated | CVE-2022-2252 MISC CONFIRM |
minicms — minicms |
File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php. | 2022-06-28 | not yet calculated | CVE-2020-19896 MISC |
minioranges_google_authenticator — minioranges_google_authenticator_wordpress_plugin | The miniOrange’s Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) | 2022-06-27 | not yet calculated | CVE-2022-1321 MISC |
myadmin — myadmin |
MyAdmin v1.0 is affected by an incorrect access control vulnerability in viewing personal center in /api/user/userData?userCode=admin. | 2022-06-30 | not yet calculated | CVE-2021-37791 MISC |
nagios — nagios_xi | In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address. | 2022-06-29 | not yet calculated | CVE-2022-29269 MISC MISC MISC MISC |
nagios — nagios_xi |
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing. | 2022-06-29 | not yet calculated | CVE-2022-29272 MISC MISC MISC MISC |
nagios — nagios_xi |
In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable all monitoring checks. | 2022-06-29 | not yet calculated | CVE-2022-29271 MISC MISC MISC MISC |
nagios — nagios_xi |
In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address. | 2022-06-29 | not yet calculated | CVE-2022-29270 MISC MISC MISC MISC |
naver — whale_browser_mobile_app |
NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode. | 2022-06-27 | not yet calculated | CVE-2020-9754 CONFIRM |
neors — activex |
Origin validation error vulnerability in NeoRS’s ActiveX module allows attackers to download and execute arbitrary files. Remote attackers can use this vulerability to encourage users to access crafted web pages, causing damage such as malicious code infections. | 2022-06-28 | not yet calculated | CVE-2022-23763 MISC |
nextauth.js — nextauth |
NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally is converted to a `URL` object. The URL instantiation would fail due to a malformed URL being passed into the constructor, causing it to throw an unhandled error which led to the **API route handler timing out and logging in to fail**. This has been remedied in versions 3.29.5 and 4.5.0. If for some reason you cannot upgrade, the workaround requires you to rely on Advanced Initialization. Please see the documentation for more. | 2022-06-27 | not yet calculated | CVE-2022-31093 MISC MISC MISC CONFIRM |
nomachine — nomachine |
Incorrect permissions for the folder C:\ProgramData\NoMachine\var\uninstall of Nomachine v7.9.2 allows attackers to perform a DLL hijacking attack and execute arbitrary code. | 2022-06-29 | not yet calculated | CVE-2022-34043 MISC |
nucleus_cms — nucleus_cms |
Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload an Htaccess file and write it to AddType application / x-httpd-php.jpg. In this way, an attacker can upload a picture with shell, treat it as PHP, execute commands, so as to take down website resources. | 2022-06-30 | not yet calculated | CVE-2021-37770 MISC MISC |
nvflare — nvflare | NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity. | 2022-07-01 | not yet calculated | CVE-2022-31604 MISC |
nvflare — nvflare |
NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() instead of yaml.safe_load(). The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity. | 2022-07-01 | not yet calculated | CVE-2022-31605 MISC |
nvidia — dgx_a100 |
NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. | 2022-07-02 | not yet calculated | CVE-2022-28200 MISC |
online_railway_reservation_system — online_railway_reservation_system | Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/inquiries/view_details.php. | 2022-06-29 | not yet calculated | CVE-2022-33042 MISC |
online_railway_reservation_system — online_railway_reservation_system | Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_message. | 2022-06-29 | not yet calculated | CVE-2022-33058 MISC |
online_railway_reservation_system — online_railway_reservation_system | Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_train. | 2022-06-29 | not yet calculated | CVE-2022-33059 MISC |
online_railway_reservation_system — online_railway_reservation_system | Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_service. | 2022-06-29 | not yet calculated | CVE-2022-33061 MISC |
online_railway_reservation_system — online_railway_reservation_system | Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule. | 2022-06-29 | not yet calculated | CVE-2022-33060 MISC |
online_railway_reservation_system — online_railway_reservation_system | Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation. | 2022-06-29 | not yet calculated | CVE-2022-33057 MISC |
openhwgroup — cva6 | CVA6 commit 909d85a accesses invalid memory when reading the value of MHPMCOUNTER30. | 2022-06-29 | not yet calculated | CVE-2022-33021 MISC |
openhwgroup — cva6 | CVA6 commit 909d85a gives incorrect permission to use special multiplication units when the format of instructions is wrong. | 2022-06-29 | not yet calculated | CVE-2022-33023 MISC |
opensearch-project — opensearch-ruby |
opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. An attacker must be in control of an opensearch server and convince the victim to connect to it in order to exploit this vulnerability. The problem has been patched in opensearch-ruby gem version 2.0.1. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-06-30 | not yet calculated | CVE-2022-31115 CONFIRM MISC MISC |
openshift — openshift |
In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity. | 2022-06-30 | not yet calculated | CVE-2013-4561 MISC MISC |
openshift — openshift |
It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission. | 2022-06-30 | not yet calculated | CVE-2014-0068 MISC |
openssl –openssl |
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue. | 2022-07-01 | not yet calculated | CVE-2022-2274 CONFIRM CONFIRM |
orwell-dev-cpp — orwell-dev-cpp | A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file. | 2022-06-29 | not yet calculated | CVE-2022-33037 MISC |
ospfranco — link-preview-js |
The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection. | 2022-07-01 | not yet calculated | CVE-2022-25876 CONFIRM CONFIRM CONFIRM |
oxen_i/o — session_android | Session 1.13.0 allows an attacker with physical access to the victim’s device to bypass the application’s password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation. | 2022-06-30 | not yet calculated | CVE-2022-1955 MISC MISC MISC |
packagekit — packagekit | A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists. | 2022-06-28 | not yet calculated | CVE-2022-0987 MISC |
parse_community — parse_server | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability impact may be low; if you are running Parse Server as single instance without redundancy, the availability impact may be high. This issue has been addressed in versions 4.10.12 and 5.2.3. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-06-27 | not yet calculated | CVE-2022-31089 CONFIRM MISC |
parse_server — parse_server |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client response. Users are advised to upgrade. Users unable t upgrade should use `Parse.Cloud.afterLiveQueryEvent` to manually remove protected fields. | 2022-06-30 | not yet calculated | CVE-2022-31112 MISC MISC CONFIRM MISC MISC MISC |
pdfalto — pdfalto | PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc. | 2022-07-01 | not yet calculated | CVE-2022-32324 MISC |
perl — perl |
HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served on top of Nginx or Apache, not on the `HTTP::Daemon`. This library is commonly used for local development and tests. Users are advised to update to resolve this issue. Users unable to upgrade may add additional request handling logic as a mitigation. After calling `my $rqst = $conn->get_request()` one could inspect the returned `HTTP::Request` object. Querying the ‘Content-Length’ (`my $cl = $rqst->header(‘Content-Length’)`) will show any abnormalities that should be dealt with by a `400` response. Expected strings of ‘Content-Length’ SHOULD consist of either a single non-negative integer, or, a comma separated repetition of that number. (that is `42` or `42, 42, 42`). Anything else MUST be rejected. | 2022-06-27 | not yet calculated | CVE-2022-31081 MISC MISC MISC MISC CONFIRM MISC MISC |
pimcore — pimcore |
Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting is not done properly in both cases, so there’s the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the listing classes. This issue has been resolved in version 10.4.4. Users are advised to upgrade or to apple the patch manually. There are no known workarounds for this issue. | 2022-06-27 | not yet calculated | CVE-2022-31092 MISC MISC CONFIRM |
pingid — windows_login | PingID Windows Login prior to 2.8 is vulnerable to a denial of service condition on local machines when combined with using offline security keys as part of authentication. | 2022-06-30 | not yet calculated | CVE-2022-23717 MISC MISC |
pingid — windows_login |
PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances. | 2022-06-30 | not yet calculated | CVE-2022-23725 MISC MISC |
pingid — windows_login |
PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. An IT administrator could mistakenly deploy administrator privileged PingID API credentials, such as those typically used by PingFederate, into PingID Windows Login user endpoints. Using sensitive full permissions properties file outside of a privileged trust boundary leads to an increased risk of exposure or discovery, and an attacker could leverage these credentials to perform administrative actions against PingID APIs or endpoints. | 2022-06-30 | not yet calculated | CVE-2022-23720 MISC MISC |
pingid — windows_login |
PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromise Ping Identity web servers, could deliver malicious code that would be executed as SYSTEM by the PingID Windows Login application. | 2022-06-30 | not yet calculated | CVE-2022-23718 MISC MISC |
pingid — windows_login |
PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A successful attack can lead to code executed as SYSTEM by the PingID Windows Login application, or even a denial of service for offline security key authentication. | 2022-06-30 | not yet calculated | CVE-2022-23719 MISC MISC |
pingidentity — pingid_mac_login |
A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. | 2022-06-30 | not yet calculated | CVE-2021-41995 MISC MISC |
piwigo –piwigo |
piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor. | 2022-06-28 | not yet calculated | CVE-2021-40553 MISC |
prestashop — blockwishlist |
prestashop/blockwishlist is a prestashop extension which adds a block containing the customer’s wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-06-27 | not yet calculated | CVE-2022-31101 CONFIRM MISC |
projectsend — r754 |
A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely. | 2022-06-27 | not yet calculated | CVE-2017-20101 MISC MISC MISC |
raytion — custom_security_manager |
Raytion 7.2.0 allows reflected Cross-site Scripting (XSS). | 2022-06-25 | not yet calculated | CVE-2022-29931 MISC |
regexfn — regexfn | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in regexfn v1.0.5 when validating crafted invalid emails. | 2022-06-27 | not yet calculated | CVE-2021-40900 MISC |
repo-git-downloader — repo-git-downloader | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in repo-git-downloader v0.1.1 when downloading crafted invalid git repositories. | 2022-06-27 | not yet calculated | CVE-2021-40899 MISC |
rg-eg — rg-eg |
RG-EG series gateway EG350 EG_RGOS 11.1(6) was discovered to contain a SQL injection vulnerability via the function get_alarmAction at /alarm_pi/alarmService.php. | 2022-06-25 | not yet calculated | CVE-2022-33128 MISC |
robustel — r1510 |
A data removal vulnerability exists in the web_server /action/remove/ API functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability. | 2022-06-30 | not yet calculated | CVE-2022-28127 MISC |
robustel — robustel_r1510 | Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_sdk_file/` API is affected by command injection vulnerability. | 2022-06-30 | not yet calculated | CVE-2022-33314 MISC |
robustel — robustel_r1510 | Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_https_cert_file/` API is affected by command injection vulnerability. | 2022-06-30 | not yet calculated | CVE-2022-33313 MISC |
robustel — robustel_r1510 | Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_cert_file/` API is affected by command injection vulnerability. | 2022-06-30 | not yet calculated | CVE-2022-33312 MISC |
robustel — robustel_r1510 | Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/config_rollback/` API is affected by a command injection vulnerability. | 2022-06-30 | not yet calculated | CVE-2022-33326 MISC |
robustel — robustel_r1510 | Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/remove/` API is affected by a command injection vulnerability. | 2022-06-30 | not yet calculated | CVE-2022-33328 MISC |
robustel — robustel_r1510 |
A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | 2022-06-30 | not yet calculated | CVE-2022-32585 MISC |
robustel — robustel_r1510 |
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/clear_tools_log/` API is affected by command injection vulnerability. | 2022-06-30 | not yet calculated | CVE-2022-33325 MISC |
robustel — robustel_r1510 |
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/set_sys_time/` API is affected by a command injection vulnerability. | 2022-06-30 | not yet calculated | CVE-2022-33329 MISC |
robustel — robustel_r1510 |
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/remove_sniffer_raw_log/` API is affected by a command injection vulnerability. | 2022-06-30 | not yet calculated | CVE-2022-33327 MISC |
rsshub — rsshub |
RSSHub is an open source, extensible RSS feed generator. In commits prior to 5c4177441417 passing some special values to the `filter` and `filterout` parameters can cause an abnormally high CPU. This results in an impact on the performance of the servers and RSSHub services which may lead to a denial of service. This issue has been fixed in commit 5c4177441417 and all users are advised to upgrade. There are no known workarounds for this issue. | 2022-06-29 | not yet calculated | CVE-2022-31110 CONFIRM MISC MISC |
ruby-mysql — ruby-mysql |
A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later. | 2022-06-28 | not yet calculated | CVE-2021-3779 MISC |
ruckus — wireless_zonedirector |
Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirector 9.8.3.0. | 2022-06-27 | not yet calculated | CVE-2020-21161 MISC MISC MISC |
rulex — rulex | rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately. This is a security concern for you, if your service parses untrusted rulex expressions (expressions provided by an untrusted user), and your service becomes unavailable when the process running rulex aborts due to a stack overflow. The crash is fixed in version **0.4.3**. Affected users are advised to update to this version. There are no known workarounds for this issue. | 2022-06-27 | not yet calculated | CVE-2022-31099 CONFIRM MISC |
rulex — rulex |
rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, rulex may crash, possibly enabling a Denial of Service attack. This happens when the expression contains a multi-byte UTF-8 code point in a string literal or after a backslash, because rulex tries to slice into the code point and panics as a result. This is a security concern for you, if your service parses untrusted rulex expressions (expressions provided by an untrusted user), and your service becomes unavailable when the thread running rulex panics. The crashes are fixed in version **0.4.3**. Affected users are advised to update to this version. The only known workaround for this issue is to assume that regular expression parsing will panic and to add logic to catch panics. | 2022-06-27 | not yet calculated | CVE-2022-31100 MISC CONFIRM |
sasstools — scss-tokenizer |
All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex. | 2022-07-01 | not yet calculated | CVE-2022-25758 CONFIRM CONFIRM CONFIRM |
scaffold-helper — scaffold-helper | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scaffold-helper v1.2.0 when copying crafted invalid files. | 2022-06-27 | not yet calculated | CVE-2021-40898 MISC |
scatchtools — scratchtools |
ScratchTools is a web extension designed to make interacting with the Scratch programming language community (Scratching) easier. In affected versions anybody who uses the Recently Viewed Projects feature is vulnerable to having their account taken over if they view a project that tries to. The issue is that if a user visits a project that includes Javascript in the title, then when the Recently Viewed Projects feature displays it, it could run the Javascript. This issue has been addressed in the 2.5.2 release. Users having issues scratching should open an issue in the project issue tracker https://github.com/STForScratch/ScratchTools/ | 2022-06-27 | not yet calculated | CVE-2022-31094 CONFIRM MISC MISC |
shadeyouvpn — client |
A vulnerability, which was classified as problematic, was found in ShadeYouVPN.com Client 2.0.1.11. Affected is an unknown function. The manipulation leads to improper privilege management. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.1.12 is able to address this issue. It is recommended to upgrade the affected component. | 2022-06-28 | not yet calculated | CVE-2017-20107 N/A N/A |
shopware — shopware |
Shopware is an open source e-commerce software made in Germany. Versions of Shopware 5 prior to version 5.7.12 are subject to an authenticated Stored XSS in Administration. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-06-27 | not yet calculated | CVE-2022-31057 MISC CONFIRM MISC MISC |
silverstripe — framework |
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document. | 2022-06-28 | not yet calculated | CVE-2021-41559 MISC MISC MISC |
silverstripe — silverstripe/frameowrk |
In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR). | 2022-06-29 | not yet calculated | CVE-2022-28803 MISC MISC |
silverstripe — silverstripe/framework |
Silverstripe silverstripe/framework through 4.10 allows Session Fixation. | 2022-06-28 | not yet calculated | CVE-2022-24444 MISC MISC MISC MISC MISC |
silverstripe — silverstripe/framework |
Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code. | 2022-06-28 | not yet calculated | CVE-2022-25238 MISC MISC MISC MISC |
silverstripe — silverstripe/assets |
Silverstripe silverstripe/assets through 1.10 allows XSS. | 2022-06-28 | not yet calculated | CVE-2022-29858 MISC MISC MISC MISC |
simplessus — simplessus |
A vulnerability was found in Simplessus 3.7.7. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument path with the input ..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.8.3 is able to address this issue. It is recommended to upgrade the affected component. | 2022-06-28 | not yet calculated | CVE-2017-20105 N/A N/A |
simplessus — simplessus |
A vulnerability was found in Simplessus 3.7.7. It has been declared as critical. This vulnerability affects unknown code of the component Cookie Handler. The manipulation of the argument UWA_SID leads to sql injection (Time). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.8.3 is able to address this issue. It is recommended to upgrade the affected component. | 2022-06-28 | not yet calculated | CVE-2017-20104 N/A N/A |
sniro-validator — sniro-validator | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails. | 2022-06-27 | not yet calculated | CVE-2021-40901 MISC |
sourcecodester — library_management_system | A vulnerability was found in SourceCodester Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the component /card/index.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2022-06-27 | not yet calculated | CVE-2022-2212 MISC MISC |
sourcecodester — library_management_system |
A vulnerability was found in SourceCodester Library Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /librarian/bookdetails.php. The manipulation of the argument id with the input ‘ AND (SELECT 9198 FROM (SELECT(SLEEP(5)))iqZA)– PbtB leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2022-06-27 | not yet calculated | CVE-2022-2214 MISC MISC |
sourcecodester — library_management_system |
A vulnerability was found in SourceCodester Library Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_admin_details.php?id=admin. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2022-06-27 | not yet calculated | CVE-2022-2213 MISC MISC |
sourcecodester — zoo_management_system |
SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=. | 2022-06-29 | not yet calculated | CVE-2022-31897 MISC MISC |
split-html-to-chars — split-html-to-chars | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in split-html-to-chars v1.0.5 when splitting crafted invalid htmls. | 2022-06-27 | not yet calculated | CVE-2021-40897 MISC |
synapse — synapse |
Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the request causing the problem, but in other cases the Synapse process may crash altogether. It is possible to exploit this maliciously, either by malicious users on the homeserver, or by remote users sending URLs that a local user’s client may automatically request a URL preview for. Remote users are not able to exploit this directly, because the URL preview endpoint is authenticated. Deployments with `url_preview_enabled: false` set in configuration are not affected. Deployments with `url_preview_enabled: true` set in configuration **are** affected. Deployments with no configuration value set for `url_preview_enabled` are not affected, because the default is `false`. Administrators of homeservers with URL previews enabled are advised to upgrade to v1.61.1 or higher. Users unable to upgrade should set `url_preview_enabled` to false. | 2022-06-28 | not yet calculated | CVE-2022-31052 CONFIRM MISC MISC |
teleopti — wfm |
A vulnerability classified as problematic was found in Teleopti WFM up to 7.1.0. Affected by this vulnerability is an unknown functionality of the file /TeleoptiWFM/Administration/GetOneTenant of the component Administration. The manipulation leads to information disclosure (Credentials). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. | 2022-06-29 | not yet calculated | CVE-2017-20109 MISC MISC |
teleopti — wfm |
A vulnerability, which was classified as problematic, has been found in Teleopti WFM up to 7.1.0. Affected by this issue is some unknown functionality of the component Administration. The manipulation as part of JSON leads to information disclosure (Credentials). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. | 2022-06-29 | not yet calculated | CVE-2017-20110 MISC MISC |
teleopti — wfm |
A vulnerability, which was classified as critical, was found in Teleopti WFM 7.1.0. This affects an unknown part of the component Administration. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. | 2022-06-29 | not yet calculated | CVE-2017-20111 MISC MISC |
tenda — ac23 |
Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the security_5g parameter in the function formWifiBasicSet. | 2022-07-01 | not yet calculated | CVE-2022-32384 MISC MISC MISC |
tenda — ax1806 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule. | 2022-07-01 | not yet calculated | CVE-2022-32032 MISC |
tenda — ax1806 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand. | 2022-07-01 | not yet calculated | CVE-2022-32030 MISC |
tenda — ax1806 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the function formSetVirtualSer. | 2022-07-01 | not yet calculated | CVE-2022-32033 MISC |
tenda — ax1806 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetRouteStatic. | 2022-07-01 | not yet calculated | CVE-2022-32031 MISC |
tenda — tenda_m3 | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm. | 2022-07-01 | not yet calculated | CVE-2022-32040 MISC |
tenda — tenda_m3 | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg. | 2022-07-01 | not yet calculated | CVE-2022-32037 MISC |
tenda — tenda_m3 | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist. | 2022-07-01 | not yet calculated | CVE-2022-32034 MISC |
tenda — tenda_m3 | Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters in the function formSetStoreWeb. | 2022-07-01 | not yet calculated | CVE-2022-32036 MISC |
tenda — tenda_m3 | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng. | 2022-07-01 | not yet calculated | CVE-2022-32035 MISC |
tenda — tenda_m3 | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient. | 2022-07-01 | not yet calculated | CVE-2022-32039 MISC |
tenda — tenda_m3 | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo. | 2022-07-01 | not yet calculated | CVE-2022-32043 MISC |
tenda — tenda_m3 | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData. | 2022-07-01 | not yet calculated | CVE-2022-32041 MISC |
teradici — management_console |
A vulnerability was found in Teradici Management Console 2.2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Database Management. The manipulation leads to improper privilege management. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | 2022-06-30 | not yet calculated | CVE-2017-20121 N/A N/A |
textpattern — textpattern |
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie’s scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. | 2022-06-29 | not yet calculated | CVE-2021-40642 MISC MISC |
that-value — that-value | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in that-value v0.1.3 when validating crafted invalid emails. | 2022-06-27 | not yet calculated | CVE-2021-40896 MISC |
thinkphp — thinkphp |
ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php. This vulnerability allows attackers to execute arbitrary code via a crafted payload. | 2022-06-29 | not yet calculated | CVE-2022-33107 MISC |
thinkst — canarytokens |
Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens. This permits an attacker who recognised an HTTP-based Canarytoken (a URL) to execute Javascript in the Canarytoken’s history page (domain: canarytokens.org) when the history page is later visited by the Canarytoken’s creator. This vulnerability could be used to disable or delete the affected Canarytoken, or view its activation history. It might also be used as a stepping stone towards revealing more information about the Canarytoken’s creator to the attacker. For example, an attacker could recover the email address tied to the Canarytoken, or place Javascript on the history page that redirect the creator towards an attacker-controlled Canarytoken to show the creator’s network location. An attacker could only act on the discovered Canarytoken. This issue did not expose other Canarytokens or other Canarytoken creators. The issue has been patched on Canarytokens.org and in the latest release. No signs of successful exploitation of this vulnerability have been found. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-07-01 | not yet calculated | CVE-2022-31113 CONFIRM MISC |
todo-regrex — todo-regrex | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in todo-regex v0.1.1 when matching crafted invalid TODO statements. | 2022-06-27 | not yet calculated | CVE-2021-40895 MISC |
totolink — totolink_t6 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004137a4. | 2022-07-01 | not yet calculated | CVE-2022-32052 MISC |
totolink — totolink_t6 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00412ef4. | 2022-07-01 | not yet calculated | CVE-2022-32047 MISC |
totolink — totolink_t6 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00413be4. | 2022-07-01 | not yet calculated | CVE-2022-32045 MISC |
totolink — totolink_t6 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password parameter in the function FUN_00413f80. | 2022-07-01 | not yet calculated | CVE-2022-32044 MISC |
totolink — totolink_t6 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN_0041cc88. | 2022-07-01 | not yet calculated | CVE-2022-32048 MISC |
totolink — totolink_t6 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN_00418540. | 2022-07-01 | not yet calculated | CVE-2022-32049 MISC |
totolink — totolink_t6 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041af40. | 2022-07-01 | not yet calculated | CVE-2022-32050 MISC |
totolink — totolink_t6 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN_004133c4. | 2022-07-01 | not yet calculated | CVE-2022-32051 MISC |
totolink — totolink_t6 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_0041880c. | 2022-07-01 | not yet calculated | CVE-2022-32046 MISC |
totolink — totolink_t6 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041621c. | 2022-07-01 | not yet calculated | CVE-2022-32053 MISC |
trendnet — wi-fi_routers | TRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discovered to contain a stack overflow via the function genacgi_main. | 2022-06-27 | not yet calculated | CVE-2022-33007 MISC |
trueconf — server |
A vulnerability was found in TrueConf Server 4.3.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/group. The manipulation leads to basic cross site scripting (DOM). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2022-06-29 | not yet calculated | CVE-2017-20117 MISC MISC |
trueconf — server |
A vulnerability was found in TrueConf Server 4.3.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/conferences/list/. The manipulation of the argument domxss leads to basic cross site scripting (DOM). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2022-06-29 | not yet calculated | CVE-2017-20118 MISC MISC |
trueconf — server |
A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2022-06-29 | not yet calculated | CVE-2017-20120 MISC MISC |
trueconf — server |
A vulnerability has been found in TrueConf Server 4.3.7 and classified as problematic. This vulnerability affects unknown code of the file /admin/conferences/get-all-status/. The manipulation of the argument keys[] leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2022-06-29 | not yet calculated | CVE-2017-20114 MISC MISC |
trueconf — server |
A vulnerability, which was classified as problematic, was found in TrueConf Server 4.3.7. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2022-06-29 | not yet calculated | CVE-2017-20113 MISC MISC |
trueconf — server |
A vulnerability was found in TrueConf Server 4.3.7 and classified as problematic. This issue affects some unknown processing of the file /admin/conferences/list/. The manipulation of the argument sort leads to basic cross site scripting (Reflected). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2022-06-29 | not yet calculated | CVE-2017-20115 MISC MISC |
trueconf — server |
A vulnerability classified as problematic has been found in TrueConf Server 4.3.7. This affects an unknown part of the file /admin/general/change-lang. The manipulation of the argument redirect_url leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2022-06-29 | not yet calculated | CVE-2017-20119 MISC MISC |
trurconf — server |
A vulnerability was found in TrueConf Server 4.3.7. It has been classified as problematic. Affected is an unknown function of the file /admin/group/list/. The manipulation of the argument checked_group_id leads to basic cross site scripting (Reflected). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2022-06-29 | not yet calculated | CVE-2017-20116 MISC MISC |
tuleap — tuleap |
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the tracker reports. An attacker with the capability to create a new tracker can execute arbitrary SQL queries. Users are advised to upgrade. There is no known workaround for this issue. | 2022-06-29 | not yet calculated | CVE-2022-31058 MISC CONFIRM MISC MISC |
tuleap — tuleap |
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.111 the title of a document is not properly escaped in the search result of MyDocmanSearch widget and in the administration page of the locked documents. A malicious user with the capability to create a document could force victim to execute uncontrolled code. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-06-29 | not yet calculated | CVE-2022-31063 CONFIRM MISC MISC MISC |
tuleap — tuleap |
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can get access to information in those template projects because the permissions model is not properly enforced. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-06-29 | not yet calculated | CVE-2022-31032 MISC CONFIRM MISC MISC MISC MISC |
vim — vim |
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | 2022-06-30 | not yet calculated | CVE-2022-2257 MISC CONFIRM |
vim — vim |
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. | 2022-06-27 | not yet calculated | CVE-2022-2208 MISC CONFIRM FEDORA FEDORA |
vim — vim |
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | 2022-06-26 | not yet calculated | CVE-2022-2206 CONFIRM MISC FEDORA FEDORA |
vim — vim |
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | 2022-06-27 | not yet calculated | CVE-2022-2210 CONFIRM MISC FEDORA FEDORA |
vim — vim |
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. | 2022-06-28 | not yet calculated | CVE-2022-2231 CONFIRM MISC FEDORA FEDORA |
vim — vim |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | 2022-07-01 | not yet calculated | CVE-2022-2264 MISC CONFIRM |
vim — vim |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | 2022-06-27 | not yet calculated | CVE-2022-2207 CONFIRM MISC FEDORA FEDORA |
vim — vim |
A cross-site scripting (XSS) vulnerability in the batch add function of Urtracker Premium v4.0.1.1477 allows attackers to execute arbitrary web scripts or HTML via a crafted excel file. | 2022-06-30 | not yet calculated | CVE-2022-33043 MISC |
vim — vim |
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. | 2022-07-02 | not yet calculated | CVE-2022-2285 MISC CONFIRM |
vim — vim |
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | 2022-07-02 | not yet calculated | CVE-2022-2286 CONFIRM MISC |
vim — vim |
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | 2022-07-02 | not yet calculated | CVE-2022-2287 MISC CONFIRM |
vim — vim |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | 2022-07-02 | not yet calculated | CVE-2022-2284 CONFIRM MISC |
viscosity — viscosity |
A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component. | 2022-06-30 | not yet calculated | CVE-2017-20123 N/A N/A N/A N/A |
wasmtime — wasmtime |
Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime’s implementation of the SIMD proposal for WebAssembly on x86_64 contained two distinct bugs in the instruction lowerings implemented in Cranelift. The aarch64 implementation of the simd proposal is not affected. The bugs were presented in the `i8x16.swizzle` and `select` WebAssembly instructions. The `select` instruction is only affected when the inputs are of `v128` type. The correspondingly affected Cranelift instructions were `swizzle` and `select`. The `swizzle` instruction lowering in Cranelift erroneously overwrote the mask input register which could corrupt a constant value, for example. This means that future uses of the same constant may see a different value than the constant itself. The `select` instruction lowering in Cranelift wasn’t correctly implemented for vector types that are 128-bits wide. When the condition was 0 the wrong instruction was used to move the correct input to the output of the instruction meaning that only the low 32 bits were moved and the upper 96 bits of the result were left as whatever the register previously contained (instead of the input being moved from). The `select` instruction worked correctly if the condition was nonzero, however. This bug in Wasmtime’s implementation of these instructions on x86_64 represents an incorrect implementation of the specified semantics of these instructions according to the WebAssembly specification. The impact of this is benign for hosts running WebAssembly but represents possible vulnerabilities within the execution of a guest program. For example a WebAssembly program could take unintended branches or materialize incorrect values internally which runs the risk of exposing the program itself to other related vulnerabilities which can occur from miscompilations. We have released Wasmtime 0.38.1 and cranelift-codegen (and other associated cranelift crates) 0.85.1 which contain the corrected implementations of these two instructions in Cranelift. If upgrading is not an option for you at this time, you can avoid the vulnerability by disabling the Wasm simd proposal. Additionally the bug is only present on x86_64 hosts. Other aarch64 hosts are not affected. Note that s390x hosts don’t yet implement the simd proposal and are not affected. | 2022-06-28 | not yet calculated | CVE-2022-31104 MISC MISC CONFIRM MISC MISC MISC |
weaveworks — weave_gitops |
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of registered Kubernetes clusters, including the service account tokens in plain text from Weave GitOps’s pod logs on the management cluster. An unauthorized remote attacker can also view these sensitive configurations from external log storage if enabled by the management cluster. This vulnerability is due to the client factory dumping cluster configurations and their service account tokens when the cluster manager tries to connect to an API server of a registered cluster, and a connection error occurs. An attacker could exploit this vulnerability by either accessing logs of a pod of Weave GitOps, or from external log storage and obtaining all cluster configurations of registered clusters. A successful exploit could allow the attacker to use those cluster configurations to manage the registered Kubernetes clusters. This vulnerability has been fixed by commit 567356f471353fb5c676c77f5abc2a04631d50ca. Users should upgrade to Weave GitOps core version v0.8.1-rc.6 or newer. There is no known workaround for this vulnerability. | 2022-06-27 | not yet calculated | CVE-2022-31098 CONFIRM MISC |
web2py — web2py |
Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | 2022-06-27 | not yet calculated | CVE-2022-33146 MISC MISC MISC MISC |
wireapp — wire |
Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering `@mentions` in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim allowing the attacker to fully control the user account. Wire-desktop clients that are connected to a vulnerable wire-webapp version are also vulnerable to this attack. The issue has been fixed in wire-webapp 2022-05-04-production.0 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-05-04-production.0-v0.29.7-0-a6f2ded or wire-server 2022-05-04 (chart/4.11.0) or later. No known workarounds exist. | 2022-06-25 | not yet calculated | CVE-2022-29168 CONFIRM |
wordpress — add_post_url |
The Add Post URL WordPress plugin through 2.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping | 2022-06-27 | not yet calculated | CVE-2022-1913 MISC |
wordpress — analytics_stats_counter_statistics_plugin |
A vulnerability was found in Analytics Stats Counter Statistics Plugin 1.2.2.5 and classified as critical. This issue affects some unknown processing. The manipulation leads to code injection. The attack may be initiated remotely. | 2022-06-27 | not yet calculated | CVE-2017-20099 MISC MISC |
wordpress — armember_plugin |
The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username | 2022-06-27 | not yet calculated | CVE-2022-1903 MISC |
wordpress — cimry_header_image_rotator_plugin | The Cimy Header Image Rotator WordPress plugin through 6.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2022-06-27 | not yet calculated | CVE-2022-1885 MISC |
wordpress — clean_contact_plugin | The Clean-Contact WordPress plugin through 1.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS due to the lack of sanitisation and escaping as well | 2022-06-27 | not yet calculated | CVE-2022-1914 MISC |
wordpress — easy_svg_support_plugin | The Easy SVG Support WordPress plugin before 3.3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads | 2022-06-27 | not yet calculated | CVE-2022-1964 MISC |
wordpress — html2wp_plugin | The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file | 2022-06-27 | not yet calculated | CVE-2022-1572 MISC |
wordpress — html2wp_plugin |
The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on the remote server | 2022-06-27 | not yet calculated | CVE-2022-1574 MISC |
wordpress — html2wp_plugin |
The HTML2WP WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them | 2022-06-27 | not yet calculated | CVE-2022-1573 MISC |
wordpress — import_export_all_plugin | The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks | 2022-06-27 | not yet calculated | CVE-2022-1977 MISC |
wordpress — limit_login_attempts_wordpress_plugin | The Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) | 2022-06-27 | not yet calculated | CVE-2022-1029 MISC |
wordpress — login_with_otp_over_sms_email_whatsapp_and_google_authenticator_plugin |
The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | 2022-06-27 | not yet calculated | CVE-2022-1994 MISC |
wordpress — mailpress |
The MailPress WordPress plugin through 7.2.1 does not have CSRF checks in various places, which could allow attackers to make a logged in admin change the settings, purge log files and more via CSRF attacks | 2022-06-27 | not yet calculated | CVE-2022-1843 MISC |
wordpress — malware_scanner | The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) | 2022-06-27 | not yet calculated | CVE-2022-1995 MISC |
wordpress — my_private_site_plugin | The My Private Site WordPress plugin before 3.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2022-06-27 | not yet calculated | CVE-2022-1627 MISC |
wordpress — mycss_plugin |
The MyCSS WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2022-06-27 | not yet calculated | CVE-2022-1960 MISC |
wordpress — nested_pages_plugin | The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltered_html is disallowed | 2022-06-27 | not yet calculated | CVE-2022-1990 MISC |
wordpress — new_user_approve_plugin | The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for bypassing the provided restrictions) and to change plugin settings by tricking admin users into visiting specially crafted websites. | 2022-06-27 | not yet calculated | CVE-2022-1625 MISC |
wordpress — nextcellent_gallery_plugin |
The NextCellent Gallery WordPress plugin through 1.9.35 does not sanitise and escape some of its image settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-06-27 | not yet calculated | CVE-2022-1971 MISC |
wordpress — no_external_links_wordpress_plugin | The Mihdan: No External Links WordPress plugin through 4.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-06-27 | not yet calculated | CVE-2022-1095 MISC |
wordpress — openbook_book_data_plugin | The OpenBook Book Data WordPress plugin through 3.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well | 2022-06-27 | not yet calculated | CVE-2022-1842 MISC |
wordpress — popups_welcome_bar_optins_and_lead_generation_plugin | The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.1.8 does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | 2022-06-27 | not yet calculated | CVE-2022-1776 MISC |
wordpress — pricing_tables_plugin |
The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Reflected Cross-Site Scripting | 2022-06-27 | not yet calculated | CVE-2022-1904 MISC |
wordpress — rotating_posts_plugin | The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2022-06-27 | not yet calculated | CVE-2022-1847 MISC |
wordpress — site_offine_or_coming_soon_plugin | The Site Offline or Coming Soon WordPress plugin through 1.6.6 does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads in them via a CSRF attack | 2022-06-27 | not yet calculated | CVE-2022-1593 MISC |
wordpress — social_share_buttons_by_supsystic_plugin |
The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it’s ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks. | 2022-06-27 | not yet calculated | CVE-2022-1653 MISC |
wordpress — tiny_contact_form_plugin |
The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2022-06-27 | not yet calculated | CVE-2022-1846 MISC |
wordpress — ultimate_woocommerce_csv_importer_plugin |
The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting | 2022-06-27 | not yet calculated | CVE-2022-1470 MISC |
wordpress — woocommerce_plugin | The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected cross-Site Scripting | 2022-06-27 | not yet calculated | CVE-2022-1916 MISC |
wordpress — woocommerce_plugin |
The Product Configurator for WooCommerce WordPress plugin before 1.2.32 suffers from an arbitrary file deletion vulnerability via an AJAX action, accessible to unauthenticated users, which accepts user input that is being used in a path and passed to unlink() without validation first | 2022-06-27 | not yet calculated | CVE-2022-1953 MISC |
wordpress — wp_post_styling_plugin | The WP Post Styling WordPress plugin before 1.3.1 does not have CSRF checks in various actions, which could allow attackers to make a logged in admin delete plugin’s data, update the settings, add new entries and more via CSRF attacks | 2022-06-27 | not yet calculated | CVE-2022-1845 MISC |
wordpress — wp_security_pro |
The WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before 4.2.1 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) | 2022-06-27 | not yet calculated | CVE-2022-1028 MISC |
wordpress — wpsentry | The WP Sentry WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well | 2022-06-27 | not yet calculated | CVE-2022-1844 MISC |
wordpress — admin_custom_login_plugin |
A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely. | 2022-06-27 | not yet calculated | CVE-2017-20098 MISC MISC |
wordpress — brizy_plugin |
The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks | 2022-06-27 | not yet calculated | CVE-2022-2040 MISC MISC |
wordpress — brizy_plugin |
The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element content, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks | 2022-06-27 | not yet calculated | CVE-2022-2041 MISC MISC |
wordpress — flower_delivery_by_florist_ one_wordpress_plugin |
The Flower Delivery by Florist One WordPress plugin through 3.5.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setups) | 2022-06-27 | not yet calculated | CVE-2022-1113 MISC |
wordpress — google_authenticator_word_presse |
The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks | 2022-06-27 | not yet calculated | CVE-2022-0875 MISC |
wordpress — kama_click_counter_plugin |
A vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part of the file wp-admin/admin.php. The manipulation of the argument order_by/order with the input ASC%2c(select*from(select(sleep(2)))a) leads to sql injection (Blind). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.4.9 is able to address this issue. It is recommended to upgrade the affected component. | 2022-06-27 | not yet calculated | CVE-2017-20103 MISC MISC |
wordpress — wp_as_saml_idp_wordpress_plugin | The Login using WordPress Users ( WP as SAML IDP ) WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-06-27 | not yet calculated | CVE-2022-1010 MISC |
wordpress — xcloner_plugin_wordpress_plugin |
The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key. | 2022-06-27 | not yet calculated | CVE-2022-0444 MISC |
wordpress — secure_swfupload |
There is an object injection vulnerability in swfupload plugin for wordpress. | 2022-06-30 | not yet calculated | CVE-2013-4144 MISC MISC |
wuzhicms — wuzhicms |
A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter. | 2022-06-28 | not yet calculated | CVE-2020-19897 MISC |
xiaongmai — multiple_versions |
Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20170327, V4.02.R11.Nat.Onvif.20161205, V4.02.R11.Nat.20170301, V4.02.R12.Nat.OnvifS.20170727 is affected by a backdoor in the macGuarder and dvrHelper binaries of DVR/NVR/IP camera firmware due to static root account credentials in the system. | 2022-06-30 | not yet calculated | CVE-2021-41506 MISC MISC MISC MISC |
xlpd — N/A |
XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | 2022-06-29 | not yet calculated | CVE-2022-33035 MISC MISC |
xpdf — xpdf |
XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files. | 2022-06-28 | not yet calculated | CVE-2022-33108 MISC MISC MISC |
yokogawa — stradom |
Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware. | 2022-06-28 | not yet calculated | CVE-2022-29519 MISC MISC MISC MISC |
yokogawa — stardom.fcn |
Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware. | 2022-06-28 | not yet calculated | CVE-2022-30997 MISC MISC MISC MISC |
zeypher_project — zepyher | Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp | 2022-06-28 | not yet calculated | CVE-2021-3433 MISC |
zeypher_project — zepyher |
Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr | 2022-06-28 | not yet calculated | CVE-2021-3430 MISC |
zeypher_project — zepyher |
Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9 | 2022-06-28 | not yet calculated | CVE-2021-3431 MISC |
zeypher_project — zepyher |
Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4 | 2022-06-28 | not yet calculated | CVE-2021-3432 MISC |
zeypher_project — zepyher |
Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm | 2022-06-28 | not yet calculated | CVE-2021-3434 MISC |
zeypher_project — zepyher |
Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh | 2022-06-28 | not yet calculated | CVE-2021-3435 MISC |
zoho — manageengine_servicedesk_plus_msp | Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml). | 2022-07-02 | not yet calculated | CVE-2022-32551 MISC |
zulip — zulip |
Zulip is an open-source team collaboration tool. Versions 2.1.0 through and including 5.2 are vulnerable to a logic error. A stream configured as private with protected history, where new subscribers should not be allowed to see messages sent before they were subscribed, when edited causes the server to incorrectly send an API event that includes the edited message to all of the stream’s current subscribers. This API event is ignored by official clients, but can be observed by using a modified client or the browser’s developer tools. This bug will be fixed in Zulip Server 5.3. There are no known workarounds. | 2022-06-25 | not yet calculated | CVE-2022-31017 CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.