US-CERT Bulletin (SB22-087):Vulnerability Summary for the Week of March 21, 2022
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe — acrobat_dc | Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file. | 2022-03-18 | 9.3 | CVE-2022-24091 MISC |
adobe — acrobat_dc | Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file. | 2022-03-18 | 9.3 | CVE-2022-24092 MISC |
apple — ipados | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privileges. | 2022-03-18 | 9.3 | CVE-2022-22593 MISC MISC MISC MISC MISC MISC |
apple — ipados | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. | 2022-03-18 | 9.3 | CVE-2022-22613 MISC MISC MISC MISC MISC MISC |
apple — ipados | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. | 2022-03-18 | 9.3 | CVE-2022-22614 MISC MISC MISC MISC MISC MISC |
apple — ipados | This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt. | 2022-03-18 | 7.5 | CVE-2022-22642 MISC |
apple — ipados | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges. | 2022-03-18 | 7.5 | CVE-2022-22641 MISC MISC MISC |
apple — ipados | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to gain elevated privileges. | 2022-03-18 | 7.5 | CVE-2022-22635 MISC MISC |
apple — ipados | A logic issue was addressed with improved state management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, watchOS 8.5, macOS Monterey 12.3. A malicious application may be able to elevate privileges. | 2022-03-18 | 7.5 | CVE-2022-22632 MISC MISC MISC MISC MISC |
apple — ipados | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. | 2022-03-18 | 9.3 | CVE-2022-22615 MISC MISC MISC MISC MISC MISC |
apple — ipados | A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. | 2022-03-18 | 9.3 | CVE-2022-22633 MISC MISC MISC MISC |
apple — ipados | A buffer overflow was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. A malicious application may be able to execute arbitrary code with kernel privileges. | 2022-03-18 | 9.3 | CVE-2022-22634 MISC MISC |
apple — ipados | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges. | 2022-03-18 | 9.3 | CVE-2022-22636 MISC MISC |
apple — ipados | A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. An application may be able to execute arbitrary code with kernel privileges. | 2022-03-18 | 9.3 | CVE-2022-22640 MISC MISC MISC MISC |
apple — ipados | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges. | 2022-03-18 | 9.3 | CVE-2022-22667 MISC |
apple — macos | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. | 2022-03-18 | 7.2 | CVE-2022-22669 MISC |
apple — macos | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.3. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. | 2022-03-18 | 7.8 | CVE-2022-22651 MISC |
apple — macos | A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges. | 2022-03-18 | 9.3 | CVE-2022-22665 MISC |
apple — macos | A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to execute arbitrary code with kernel privileges. | 2022-03-18 | 9.3 | CVE-2022-22661 MISC MISC MISC |
apple — macos | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. | 2022-03-18 | 9.3 | CVE-2022-22591 MISC |
automotivelinux — kooky_koi | Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP (or WebSocket) request to the socket listened by the afb-daemon process. No credentials nor user interactions are required. | 2022-03-18 | 7.5 | CVE-2022-24595 MISC |
dcnglobal — dcme-520_firmware | DCN Firewall DCME-520 was discovered to contain a remote command execution (RCE) vulnerability via the host parameter in the file /system/tool/ping.php. | 2022-03-18 | 10 | CVE-2022-25390 MISC |
glewlwyd_sso_server_project — glewlwyd_sso_server | scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion. | 2022-03-18 | 7.5 | CVE-2022-27240 MISC MISC |
linux — linux_kernel | Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc. | 2022-03-18 | 7.8 | CVE-2022-0742 MISC MISC |
netgear — ex6100_firmware | A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication. | 2022-03-18 | 7.2 | CVE-2022-24655 MISC MISC MISC |
online_admission_system_project — online_admissions_system | The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of dangerous types to the application through documents.php, which may be used to execute malicious code or lead to code execution. | 2022-03-18 | 7.5 | CVE-2021-45835 MISC MISC MISC |
opendocman — opendocman | An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product’s environment or lead to arbitrary code execution. | 2022-03-18 | 7.5 | CVE-2021-45834 MISC MISC MISC MISC |
pascom — cloud_phone_system | An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters. | 2022-03-18 | 10 | CVE-2021-45966 MISC MISC MISC |
pascom_cloud_phone_system — * | An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints. | 2022-03-18 | 7.5 | CVE-2021-45967 MISC MISC MISC MISC |
tenda — ac6_firmware | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function. | 2022-03-18 | 10 | CVE-2022-25457 MISC |
tenda — ac6_firmware | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the saveParentControlInfo function. | 2022-03-18 | 10 | CVE-2022-25453 MISC |
tenda — ac6_firmware | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the loginpwd parameter in the SetFirewallCfg function. | 2022-03-18 | 10 | CVE-2022-25454 MISC |
tenda — ac6_firmware | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function. | 2022-03-18 | 10 | CVE-2022-25455 MISC |
tenda — ac6_firmware | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the security_5g parameter in the WifiBasicSet function. | 2022-03-18 | 10 | CVE-2022-25456 MISC |
tenda — ac6_firmware | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the endip parameter in the SetPptpServerCfg function. | 2022-03-18 | 10 | CVE-2022-25460 MISC |
tenda — ac6_firmware | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the URLs parameter in the saveParentControlInfo function. | 2022-03-18 | 10 | CVE-2022-25452 MISC |
tenda — ac6_firmware | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the startip parameter in the SetPptpServerCfg function. | 2022-03-18 | 10 | CVE-2022-25461 MISC |
tenda — ac6_firmware | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the S1 parameter in the SetSysTimeCfg function. | 2022-03-18 | 10 | CVE-2022-25459 MISC |
tenda — ac6_firmware | Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the setstaticroutecfg function. | 2022-03-18 | 10 | CVE-2022-25451 MISC |
tenda — ac6_firmware | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function. | 2022-03-18 | 10 | CVE-2022-25449 MISC |
tenda — ac6_firmware | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the day parameter in the openSchedWifi function. | 2022-03-18 | 10 | CVE-2022-25448 MISC |
tenda — ac6_firmware | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function. | 2022-03-18 | 10 | CVE-2022-25447 MISC |
tenda — ac6_firmware | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedstarttime parameter in the openSchedWifi function. | 2022-03-18 | 10 | CVE-2022-25446 MISC |
tenda — ac6_firmware | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the cmdinput parameter in the exeCommand function. | 2022-03-18 | 10 | CVE-2022-25458 MISC |
tenda — ac6_firmware | Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function. | 2022-03-18 | 10 | CVE-2022-25450 MISC |
tenda — ac6_firmware | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function. | 2022-03-18 | 10 | CVE-2022-25445 MISC |
tenda — ac9_firmware | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the urls parameter in the saveparentcontrolinfo function. | 2022-03-18 | 10 | CVE-2022-25433 MISC |
tenda — ac9_firmware | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function. | 2022-03-18 | 10 | CVE-2022-25427 MISC |
tenda — ac9_firmware | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in the saveparentcontrolinfo function. | 2022-03-18 | 10 | CVE-2022-25428 MISC |
tenda — ac9_firmware | Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function. | 2022-03-18 | 10 | CVE-2022-25429 MISC |
tenda — ac9_firmware | Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and V11 parameter in the Formsetqosband function. | 2022-03-18 | 10 | CVE-2022-25431 MISC |
tenda — ac9_firmware | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function. | 2022-03-18 | 10 | CVE-2022-25439 MISC |
tenda — ac9_firmware | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the firewallen parameter in the SetFirewallCfg function. | 2022-03-18 | 10 | CVE-2022-25434 MISC |
tenda — ac9_firmware | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function. | 2022-03-18 | 10 | CVE-2022-25435 MISC |
tenda — ac9_firmware | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function. | 2022-03-18 | 10 | CVE-2022-25437 MISC |
tenda — ac9_firmware | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function. | 2022-03-18 | 10 | CVE-2022-25440 MISC |
tenda — ac9_firmware | Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function. | 2022-03-18 | 10 | CVE-2022-25441 MISC |
tenda — ac9_firmware | Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the SetIPTVCfg function. | 2022-03-18 | 10 | CVE-2022-25438 MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apple — garageband | A memory initialization issue was addressed with improved memory handling. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | 2022-03-18 | 6.8 | CVE-2022-22657 MISC MISC MISC |
apple — garageband | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | 2022-03-18 | 6.8 | CVE-2022-22664 MISC MISC MISC |
apple — ipados | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4. A malicious website may be able to access information about the user and their devices. | 2022-03-18 | 5 | CVE-2022-22653 MISC |
apple — ipados | A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corruption. | 2022-03-18 | 6.8 | CVE-2022-22666 MISC MISC MISC |
apple — ipados | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution. | 2022-03-18 | 6.8 | CVE-2022-22590 MISC MISC MISC MISC MISC |
apple — ipados | The issue was addressed with additional permissions checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to read other applications’ settings. | 2022-03-18 | 5 | CVE-2022-22609 MISC MISC MISC MISC |
apple — ipados | This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime call without knowing that they have done so. | 2022-03-18 | 5 | CVE-2022-22643 MISC MISC |
apple — ipados | A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An attacker in a privileged network position may be able to leak sensitive user information. | 2022-03-18 | 4 | CVE-2022-22659 MISC |
apple — ipados | A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 15.2.1 and iPadOS 15.2.1. Processing a maliciously crafted HomeKit accessory name may cause a denial of service. | 2022-03-18 | 4.3 | CVE-2022-22588 MISC |
apple — ipados | The issue was addressed with improved permissions logic. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to bypass certain Privacy preferences. | 2022-03-18 | 4.3 | CVE-2022-22600 MISC MISC MISC MISC |
apple — ipados | An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. A malicious application may be able to identify what other applications a user has installed. | 2022-03-18 | 4.3 | CVE-2022-22670 MISC MISC MISC |
apple — ipados | A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service attack. | 2022-03-18 | 4 | CVE-2022-22638 MISC MISC MISC MISC MISC MISC |
apple — ipados | A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges. | 2022-03-18 | 6.8 | CVE-2022-22639 MISC MISC |
apple — ipados | An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6, watchOS 7.5, tvOS 14.6. Processing a maliciously crafted font file may lead to arbitrary code execution. | 2022-03-18 | 6.8 | CVE-2021-30771 MISC MISC MISC MISC |
apple — itunes | A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to heap corruption. | 2022-03-18 | 6.8 | CVE-2022-22612 MISC MISC MISC MISC MISC |
apple — itunes | An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to arbitrary code execution. | 2022-03-18 | 6.8 | CVE-2022-22611 MISC MISC MISC MISC MISC |
apple — mac_os_x | A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code execution. | 2022-03-18 | 6.8 | CVE-2022-22597 MISC MISC MISC |
apple — mac_os_x | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. | 2022-03-18 | 5.8 | CVE-2022-22627 MISC MISC MISC |
apple — macos | This issue was addressed with a new entitlement. This issue is fixed in macOS Monterey 12.3. An app may be able to spoof system notifications and UI. | 2022-03-18 | 4.3 | CVE-2022-22660 MISC |
apple — macos | A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to access information about a user’s contacts. | 2022-03-18 | 4.3 | CVE-2022-22644 MISC |
apple — safari | A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing. | 2022-03-18 | 4.3 | CVE-2022-22654 MISC MISC |
apple — safari | A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. | 2022-03-18 | 4.3 | CVE-2022-22592 MISC MISC MISC MISC MISC |
apple — safari | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | 2022-03-18 | 6.8 | CVE-2022-22620 MISC MISC MISC |
apple — xcode | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | 2022-03-18 | 6.8 | CVE-2022-22602 MISC |
apple — xcode | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | 2022-03-18 | 6.8 | CVE-2022-22604 MISC |
apple — xcode | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | 2022-03-18 | 6.8 | CVE-2022-22605 MISC |
apple — xcode | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | 2022-03-18 | 6.8 | CVE-2022-22601 MISC |
apple — xcode | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | 2022-03-18 | 6.8 | CVE-2022-22606 MISC |
apple — xcode | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | 2022-03-18 | 6.8 | CVE-2022-22607 MISC |
apple — xcode | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | 2022-03-18 | 6.8 | CVE-2022-22608 MISC |
apple — xcode | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | 2022-03-18 | 6.8 | CVE-2022-22603 MISC |
bigantsoft — bigant_server | BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes. | 2022-03-21 | 5 | CVE-2022-23348 MISC MISC |
bigantsoft — bigant_server | BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control. | 2022-03-21 | 5 | CVE-2022-23345 MISC MISC |
bigantsoft — bigant_server | BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks. | 2022-03-21 | 5 | CVE-2022-23347 MISC MISC |
bigantsoft — bigant_server | BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. | 2022-03-21 | 6.5 | CVE-2022-23346 MISC MISC |
bigantsoft — bigant_server | An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS). | 2022-03-21 | 5 | CVE-2022-23352 MISC MISC |
bigantsoft — bigant_server | BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF). | 2022-03-21 | 6.8 | CVE-2022-23349 MISC MISC |
dcnglobal — dcme-520_firmware | DCN Firewall DCME-520 was discovered to contain an arbitrary file download vulnerability via the path parameter in the file /audit/log/log_management.php. | 2022-03-18 | 5 | CVE-2022-25389 MISC |
digitalbazaar — forge | Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds. | 2022-03-18 | 5 | CVE-2022-24771 CONFIRM MISC |
expresstech — responsive_menu | Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7). | 2022-03-18 | 6.5 | CVE-2022-25602 CONFIRM CONFIRM |
foliovision — fv_flowplayer_video_player | Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727). | 2022-03-18 | 6.5 | CVE-2022-25607 CONFIRM CONFIRM |
gogs — gogs | Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6. | 2022-03-21 | 6.5 | CVE-2022-0415 MISC CONFIRM |
golang — go | golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b in Go through 1.16.15 and 1.17.x through 1.17.8 allows an attacker to crash a server in certain circumstances involving AddHostKey. | 2022-03-18 | 4.3 | CVE-2022-27191 CONFIRM MISC |
hexoeditor_project — hexoeditor | HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By putting a common XSS payload in a markdown file, if opened with the app, will execute several times. | 2022-03-21 | 4.3 | CVE-2022-24656 MISC |
ibm — business_automation_workflow | IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346. | 2022-03-18 | 4 | CVE-2021-39046 XF CONFIRM |
ibm — engineering_requirements_quality_assistant_on-premises | IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413. | 2022-03-18 | 4 | CVE-2021-29899 CONFIRM XF |
jivesoftware — jive | An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394. | 2022-03-18 | 5 | CVE-2021-45968 MISC MISC MISC MISC MISC |
linux — linux_kernel | A flaw use after free in the Linux kernel FUSE filesystem was found in the way user triggers write(). A local user could use this flaw to get some unauthorized access to some data from the FUSE filesystem and as result potentially privilege escalation too. | 2022-03-18 | 4.6 | CVE-2022-1011 MISC FEDORA FEDORA |
linux — linux_kernel | In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. | 2022-03-18 | 4.3 | CVE-2021-45868 MISC MISC MISC MISC MISC |
misp — misp | An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF. | 2022-03-18 | 6.8 | CVE-2022-27245 MISC |
misp — misp | An issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting. | 2022-03-18 | 6.8 | CVE-2022-27243 MISC |
misp — misp | An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default. | 2022-03-18 | 4.3 | CVE-2022-27246 MISC |
pluck-cms — pluck | In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution. | 2022-03-18 | 6.5 | CVE-2022-26965 MISC MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
ampforwp — accelerated_mobile_pages | Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.31). | 2022-03-18 | 3.5 | CVE-2021-23150 CONFIRM CONFIRM |
ampforwp — accelerated_mobile_pages | Multiple Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.32). | 2022-03-18 | 3.5 | CVE-2021-23209 CONFIRM CONFIRM |
apple — ipados | The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access may be able to view and modify the carrier account information and settings from the lock screen. | 2022-03-18 | 3.6 | CVE-2022-22652 MISC |
apple — ipados | This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions. | 2022-03-18 | 2.1 | CVE-2022-22621 MISC MISC MISC MISC |
apple — ipados | An authentication issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to access photos from the lock screen. | 2022-03-18 | 2.1 | CVE-2022-22671 MISC |
apple — macos | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A person with access to a Mac may be able to bypass Login Window. | 2022-03-18 | 2.1 | CVE-2022-22647 MISC MISC MISC |
apple — macos | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to read restricted memory. | 2022-03-18 | 2.1 | CVE-2022-22648 MISC MISC MISC |
apple — macos | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application’s permissions and access user data. | 2022-03-18 | 2.1 | CVE-2022-22650 MISC MISC MISC |
apple — macos | An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen. | 2022-03-18 | 2.1 | CVE-2022-22656 MISC MISC MISC |
bigantsoft — bigant_server | BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability. | 2022-03-21 | 3.5 | CVE-2022-23350 MISC MISC |
google — sa360_webquery_to_bigquery_exporter | A local attacker could read files from some other users’ SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above. | 2022-03-18 | 2.1 | CVE-2021-22571 CONFIRM CONFIRM |
maxfoundry — maxgalleria | Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5). | 2022-03-18 | 3.5 | CVE-2022-25603 CONFIRM CONFIRM |
misp — misp | An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user. | 2022-03-18 | 3.5 | CVE-2022-27244 MISC |
pricetable_project — price_table | Authenticated (contributor of higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Price Table plugin (versions <= 0.2.2). | 2022-03-18 | 3.5 | CVE-2022-25604 CONFIRM CONFIRM |
wp-downloadmanager_project — wp-downloadmanager | Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url. | 2022-03-18 | 3.5 | CVE-2022-25605 CONFIRM CONFIRM |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
/admin — show.php |
A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file. | 2022-03-25 | not yet calculated | CVE-2022-25574 MISC MISC |
389_directory_server — 389_directory_server |
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. | 2022-03-23 | not yet calculated | CVE-2022-0996 MISC MISC |
3d_flipbook — 3d_flipbook |
The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing any authenticated users, such as subscriber to put Cross-Site Scripting payloads in all pages with a 3d flipbook. | 2022-03-21 | not yet calculated | CVE-2022-0423 MISC |
3scale — apidocs |
It was found that 3scale’s APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure. | 2022-03-25 | not yet calculated | CVE-2021-3814 MISC |
admidio — admidio |
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9. | 2022-03-19 | not yet calculated | CVE-2022-0991 MISC CONFIRM |
advanced_booking_calendar — advanced_booking_calendar |
The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abc_booking_getSingleCalendar AJAX action (available to both unauthenticated and authenticated users), leading to an unauthenticated SQL injection | 2022-03-21 | not yet calculated | CVE-2022-0694 CONFIRM MISC |
advanced_contact_form_7_db — advanced_contact_form_7_db |
The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPress setup again, gain administrator privileges and execute arbitrary code or display arbitrary content to the users. | 2022-03-21 | not yet calculated | CVE-2021-24905 MISC |
alf-banco — alf-banco |
ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user’s data. Attackers who are able to gain remote or local access to the system are able to read and modify the data. | 2022-03-25 | not yet calculated | CVE-2022-25577 MISC |
alpaca — alpaca |
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim’s traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. | 2022-03-23 | not yet calculated | CVE-2021-3618 MISC MISC MISC MISC MISC MISC |
amelia — amelia | The Amelia WordPress plugin before 1.0.47 does not sanitize and escape the code parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | 2022-03-21 | not yet calculated | CVE-2022-0627 MISC |
amelia — amelia |
The Amelia WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the lastName parameter found in the ~/src/Application/Controller/User/Customer/AddCustomerController.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user accesses the booking calendar with the date the attacker has injected the malicious payload into. This affects versions up to and including 1.0.46. | 2022-03-23 | not yet calculated | CVE-2022-0834 MISC |
amelia — amelia |
The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting customers, which could allow attackers to make a logged in admin delete arbitrary customers via a CSRF attack | 2022-03-21 | not yet calculated | CVE-2022-0616 MISC |
amelia — amelia |
The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom “Amelia Manager” role. | 2022-03-21 | not yet calculated | CVE-2022-0687 MISC |
anchor — cms |
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts. | 2022-03-24 | not yet calculated | CVE-2022-25576 MISC MISC |
apache — traffic_server |
Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1. | 2022-03-23 | not yet calculated | CVE-2021-44040 CONFIRM |
apache — traffic_server |
Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack. This issue affects Apache Traffic Server 8.0.0 to 8.1.0. | 2022-03-23 | not yet calculated | CVE-2021-44759 CONFIRM |
apimanager — apimanager |
An issue was discovered in ApiManager 1.1. there is sql injection vulnerability that can use in /index.php?act=api&tag=8. | 2022-03-24 | not yet calculated | CVE-2021-43700 MISC |
apple — imessage_ios |
iMessage (Messages app) iOS 12.4 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. | 2022-03-23 | not yet calculated | CVE-2020-20095 MISC MISC |
argo — cd | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerability, allowing a malicious user with read/write access to leak sensitive files from Argo CD’s repo-server. A malicious Argo CD user who has been granted `create` or `update` access to Applications can leak the contents of any text file on the repo-server. By crafting a malicious Helm chart and using it in an Application, the attacker can retrieve the sensitive file’s contents either as part of the generated manifests or in an error message. The attacker would have to know or guess the location of the target file. Sensitive files which could be leaked include files from another Application’s source repositories or any secrets which have been mounted as files on the repo-server. This vulnerability is patched in Argo CD versions 2.1.11, 2.2.6, and 2.3.0. The problem can be mitigated by avoiding storing secrets in git, avoiding mounting secrets as files on the repo-server, avoiding decrypting secrets into files on the repo-server, and carefully limiting who can `create` or `update` Applications. | 2022-03-23 | not yet calculated | CVE-2022-24731 CONFIRM |
argo — cd |
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All unpatched versions of Argo CD starting with 1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. Versions starting with 0.8.0 and 0.5.0 contain limited versions of this issue. To perform exploits, an authorized Argo CD user must have push access to an Application’s source git or Helm repository or `sync` and `override` access to an Application. Once a user has that access, different exploitation levels are possible depending on their other RBAC privileges. A patch for this vulnerability has been released in Argo CD versions 2.3.2, 2.2.8, and 2.1.14. Some mitigation measures are available but do not serve as a substitute for upgrading. To avoid privilege escalation, limit who has push access to Application source repositories or `sync` + `override` access to Applications; and limit which repositories are available in projects where users have `update` access to Applications. To avoid unauthorized resource inspection/tampering, limit who has `delete`, `get`, or `action` access to Applications. | 2022-03-23 | not yet calculated | CVE-2022-24768 MISC MISC CONFIRM MISC MISC |
argo — cd |
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.3.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal bug, compounded by an improper access control bug, allowing a malicious user with read-only repository access to leak sensitive files from Argo CD’s repo-server. A malicious Argo CD user who has been granted `get` access for a repository containing a Helm chart can craft an API request to the `/api/v1/repositories/{repo_url}/appdetails` endpoint to leak the contents of out-of-bounds files from the repo-server. The malicious payload would reference an out-of-bounds file, and the contents of that file would be returned as part of the response. Contents from a non-YAML file may be returned as part of an error message. The attacker would have to know or guess the location of the target file. Sensitive files which could be leaked include files from other Applications’ source repositories or any secrets which have been mounted as files on the repo-server. This vulnerability is patched in Argo CD versions 2.1.11, 2.2.6, and 2.3.0. The patches prevent path traversal and limit access to users who either A) have been granted Application `create` privileges or B) have been granted Application `get` privileges and are requesting details for a `repo_url` that has already been used for the given Application. There are currently no known workarounds. | 2022-03-23 | not yet calculated | CVE-2022-24730 CONFIRM |
aseco_lietuva — dvs_avilys |
The Reporting module in Aseco Lietuva document management system DVS Avilys before 2022-03-10 allows unauthorized file download. An unauthenticated attacker can impersonate an administrator by reading administrative files. | 2022-03-23 | not yet calculated | CVE-2022-27192 MISC MISC |
asus — routers | ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in blocking.cgi, which may cause a denial of service (DoS). | 2022-03-23 | not yet calculated | CVE-2021-45757 MISC MISC MISC |
asus — routers |
Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are affected by a buffer overflow in blocking_request.cgi. | 2022-03-23 | not yet calculated | CVE-2021-45756 MISC MISC MISC |
bandai_namco — fromsoftware_dark_souls |
A buffer overflow in the NRSessionSearchResult parser in Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allows remote attackers to execute arbitrary code via matchmaking servers, a different vulnerability than CVE-2021-34170. | 2022-03-20 | not yet calculated | CVE-2022-24126 MISC MISC |
bandai_namco — fromsoftware_dark_souls |
The matchmaking servers of Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allow remote attackers to send arbitrary push requests to clients via a RequestSendMessageToPlayers request. For example, ability to send a push message to hundreds of thousands of machines is only restricted on the client side, and can thus be bypassed with a modified client. | 2022-03-20 | not yet calculated | CVE-2022-24125 MISC MISC |
beekeeper_studio — beekeeper_studio |
A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to execute arbitrary code via a crafted payload injected into the display fields. | 2022-03-21 | not yet calculated | CVE-2022-26174 MISC |
beijing_wisdom_vision_technology — one_card_integrated_management_system |
Beijing Wisdom Vision Technology Industry Co., Ltd One Card Integrated Management System 3.0 is vulnerable to SQL Injection. | 2022-03-20 | not yet calculated | CVE-2021-44345 MISC |
beto4 — bento4 |
Bento4 1.6.0-639 has a heap-based buffer over-read in the AP4_HvccAtom class, a different issue than CVE-2018-14531. | 2022-03-21 | not yet calculated | CVE-2022-27607 MISC |
bitrix — site_manager |
In the vote (aka “Polls, Votes”) module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code. | 2022-03-22 | not yet calculated | CVE-2022-27228 CONFIRM |
bluedon_information_security_technologies — internet_access_detector |
Bluedon Information Security Technologies Co.,Ltd Internet Access Detector v1.0 was discovered to contain an information leak which allows attackers to access the contents of the password file via unspecified vectors. | 2022-03-24 | not yet calculated | CVE-2022-25571 MISC |
bookingpress– bookingpress |
The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection | 2022-03-21 | not yet calculated | CVE-2022-0739 MISC CONFIRM |
bulletproof_security — bulletproof_security |
The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2022-03-21 | not yet calculated | CVE-2022-0590 MISC |
caribou — caribou |
A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this flaw to bypass screen-locking applications that leverage Caribou as an input mechanism. The highest threat from this vulnerability is to system availability. | 2022-03-25 | not yet calculated | CVE-2021-3567 MISC |
chamilo — lms |
Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker’s profile page. | 2022-03-21 | not yet calculated | CVE-2021-38745 MISC |
chamilo — lms |
A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL. | 2022-03-21 | not yet calculated | CVE-2021-40662 MISC MISC MISC |
checkmk — checkmk_enterprise_edition |
The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of “.mkp” files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session of a user with administrator role. | 2022-03-25 | not yet calculated | CVE-2021-40905 MISC MISC |
checkmk — checkmk_raw_edition | CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts) or to steal the session cookies of a user who has previously authenticated via a man in the middle. Successful exploitation requires access to the web service resource without authentication. | 2022-03-25 | not yet calculated | CVE-2021-40906 MISC MISC |
checkmk — checkmk_raw_edition |
The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session by a user with the role of administrator. | 2022-03-25 | not yet calculated | CVE-2021-40904 MISC MISC |
classcms — classcms | Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file. | 2022-03-18 | not yet calculated | CVE-2022-25581 MISC |
classcms — classcms |
A stored cross-site scripting (XSS) vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field. | 2022-03-25 | not yet calculated | CVE-2022-25582 MISC |
click_studios — click_studios |
In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder (with the default permission model) can extend his permissions to all other password lists in the same folder. | 2022-03-21 | not yet calculated | CVE-2022-25570 MISC MISC |
cloud_foundry_foundation — capi |
In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that (accidentally or maliciously) causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to cause an inability for anyone to push or manage apps. | 2022-03-25 | not yet calculated | CVE-2021-22100 MISC |
clusterlabs — pacemaker_configuration_tool |
A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login. | 2022-03-25 | not yet calculated | CVE-2022-1049 MISC |
cmdbuild — cmdbuild |
In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table. | 2022-03-22 | not yet calculated | CVE-2022-25518 MISC |
cmwswing — cmswing | CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule | 2022-03-23 | not yet calculated | CVE-2021-43736 MISC |
cmwswing — cmswing |
CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule. | 2022-03-23 | not yet calculated | CVE-2021-43735 MISC |
contao — managed_edition |
Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter. | 2022-03-18 | not yet calculated | CVE-2022-26265 MISC |
crater-invoice — crater | Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4. | 2022-03-21 | not yet calculated | CVE-2022-0515 CONFIRM MISC |
crater-invoice — crater |
Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5. | 2022-03-21 | not yet calculated | CVE-2022-0514 CONFIRM MISC |
crater-invoice — crater |
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6. | 2022-03-23 | not yet calculated | CVE-2022-1033 MISC CONFIRM |
cscms — music_portal_system |
Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter. | 2022-03-21 | not yet calculated | CVE-2022-27090 MISC |
cycolnedx — bom_repository_server |
CycloneDX BOM Repository Server is a bill of materials (BOM) repository server for distributing CycloneDX BOMs. CycloneDX BOM Repository Server before version 2.0.1 has an improper input validation vulnerability leading to path traversal. A malicious user may potentially exploit this vulnerability to create arbitrary directories or a denial of service by deleting arbitrary directories. The vulnerability is resolved in version 2.0.1. The vulnerability is not exploitable with the default configuration with the post and delete methods disabled. This can be configured by modifying the `appsettings.json` file, or alternatively, setting the environment variables `ALLOWEDMETHODS__POST` and `ALLOWEDMETHODS__DELETE` to `false`. | 2022-03-22 | not yet calculated | CVE-2022-24774 CONFIRM MISC MISC |
d-link — router |
D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi. | 2022-03-24 | not yet calculated | CVE-2021-31326 MISC MISC |
delta_electronics — cncsoft |
Delta Electronics CNCSoft (Version 1.01.30) and prior) is vulnerable to an out-of-bounds read while processing a specific project file, which may allow an attacker to disclose information. | 2022-03-25 | not yet calculated | CVE-2021-44768 CONFIRM |
delta_electronics — diaenergie |
Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product. | 2022-03-25 | not yet calculated | CVE-2022-0988 CONFIRM |
deno — deno |
Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This vulnerability does not affect users of Deno Deploy. The vulnerability has been patched in Deno 1.20.3. There is no workaround. All users are recommended to upgrade to 1.20.3 immediately. | 2022-03-25 | not yet calculated | CVE-2022-24783 CONFIRM |
discourse — discourse |
Discourse is an open source discussion platform. Versions 2.8.2 and prior in the `stable` branch, 2.9.0.beta3 and prior in the `beta` branch, and 2.9.0.beta3 and prior in the `tests-passed` branch are vulnerable to a data leak. Users can request an export of their own activity. Sometimes, due to category settings, they may have category membership for a secure category. The name of this secure category is shown to the user in the export. The same thing occurs when the user’s post has been moved to a secure category. A patch for this issue is available in the `main` branch of Discourse’s GitHub repository and is anticipated to be part of future releases. | 2022-03-24 | not yet calculated | CVE-2022-24782 MISC MISC CONFIRM |
docker — desktop |
Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users. | 2022-03-25 | not yet calculated | CVE-2022-26659 MISC MISC |
docker — moby |
Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container’s bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container’s bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. | 2022-03-24 | not yet calculated | CVE-2022-24769 MISC CONFIRM MISC |
doracms — doracms |
A stored cross-site scripting (XSS) vulnerability in the component /admin/contenttemp of DoraCMS v2.1.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2022-03-20 | not yet calculated | CVE-2022-25464 MISC |
dreamacro — clash |
In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. Windows will perform NTLM authentication when opening the SMB share and that request can be relayed (using a tool like responder) for code execution (or captured for hash cracking). | 2022-03-21 | not yet calculated | CVE-2020-24772 MISC |
dreamer — cms |
An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tableName parameter. | 2022-03-24 | not yet calculated | CVE-2021-43084 MISC |
duckduckgo — duckduckgo_browser |
The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window). This could be exploited by tricking users into supplying sensitive information such as credentials, because the address bar would display a legitimate URL, but content would be hosted on the attacker’s web site. | 2022-03-25 | not yet calculated | CVE-2021-44683 MISC |
dwsurvey — dwsurvey | DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java. | 2022-03-20 | not yet calculated | CVE-2021-39384 MISC |
dwsurvey — dwsurvey |
DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java. | 2022-03-20 | not yet calculated | CVE-2021-39383 MISC |
electron — electron |
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue. | 2022-03-22 | not yet calculated | CVE-2022-21718 MISC CONFIRM MISC |
elfinder — elfinder |
connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths. | 2022-03-21 | not yet calculated | CVE-2022-26960 MISC MISC |
enhanced-github — enhanced-github |
A Cross Site Scripting (XSS) vulnerabililty exists in enhanced-github v5.0.11 via the file name parameter. | 2022-03-22 | not yet calculated | CVE-2021-33961 MISC |
eova — eova |
A stored cross-site scripting (XSS) vulnerability in the Add a Button function of Eova v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the button name text box. | 2022-03-20 | not yet calculated | CVE-2022-26555 MISC |
eyoucms — eyoucms |
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user’s input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability. | 2022-03-20 | not yet calculated | CVE-2021-42194 MISC |
eyoucms — eyoucms |
EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata. | 2022-03-24 | not yet calculated | CVE-2022-26279 MISC MISC |
f-secure — safe_browser |
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most modern Android OS, dialer application will require user interaction, however, some older Android OS may not need user interaction. | 2022-03-25 | not yet calculated | CVE-2021-44751 MISC |
facebook — facebook_messenger |
The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0.10.116 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. | 2022-03-23 | not yet calculated | CVE-2020-20093 MISC MISC |
facebook — instagram |
Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages | 2022-03-23 | not yet calculated | CVE-2020-20094 MISC MISC |
facebook — whatsapp |
Whatsapp iOS 2.19.80 and prior and Android 2.19.222 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. | 2022-03-23 | not yet calculated | CVE-2020-20096 MISC MISC |
faust — faust |
Faust v2.35.0 was discovered to contain a heap-buffer overflow in the function realPropagate() at propagate.cpp. | 2022-03-22 | not yet calculated | CVE-2021-41736 MISC |
fedora — moodle |
An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default. | 2022-03-25 | not yet calculated | CVE-2022-0983 MISC FEDORA |
flask-appbuilder — flask-appbuilder |
Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known workarounds. | 2022-03-24 | not yet calculated | CVE-2022-24776 CONFIRM MISC MISC |
foreman — ansible |
An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2022-03-23 | not yet calculated | CVE-2021-3589 MISC MISC |
foreman — server |
An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability. | 2022-03-25 | not yet calculated | CVE-2021-20290 MISC |
forkcms — forkcms |
SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1. | 2022-03-24 | not yet calculated | CVE-2022-0153 MISC CONFIRM |
forkcms — forkcms |
SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1. | 2022-03-25 | not yet calculated | CVE-2022-1064 MISC CONFIRM |
forkcms — forkcms |
Cross-site Scripting (XSS) – Stored in GitHub repository forkcms/forkcms prior to 5.11.1. | 2022-03-24 | not yet calculated | CVE-2022-0145 MISC CONFIRM |
formcraft — formcraft |
The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users | 2022-03-21 | not yet calculated | CVE-2022-0591 MISC |
fortessa — ftbtld_smart_lock |
Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD Smart Lock as of 12-13-2022 allows a remote attacker to disable the lock via an unauthenticated edit to the lock name. | 2022-03-25 | not yet calculated | CVE-2021-44905 MISC MISC |
garo — wallbox | Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded credential exist in /etc/tomcat8/tomcat-user.xml, which allows attackers to gain authorized access and control the tomcat completely on port 8000 in the tomcat manger page. | 2022-03-21 | not yet calculated | CVE-2021-45877 MISC |
garo — wallbox | Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by incorrect access control. Lack of access control on the web manger pages allows any user to view and modify information. | 2022-03-21 | not yet calculated | CVE-2021-45878 MISC |
garo — wallbox |
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection. The url parameter of the function module downloadAndUpdate is vulnerable to an command Injection. Unfiltered user input is used to generate code which then gets executed when downloading new firmware. | 2022-03-21 | not yet calculated | CVE-2021-45876 MISC |
ge — gas_power_toolboxst |
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project/template file. | 2022-03-25 | not yet calculated | CVE-2021-44477 CONFIRM |
ge — ur_bootloader_binary |
GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR. | 2022-03-23 | not yet calculated | CVE-2021-27430 CONFIRM CONFIRM |
ge — ur_firmware | GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication. | 2022-03-23 | not yet calculated | CVE-2021-27422 CONFIRM CONFIRM |
ge — ur_firmware | GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels. | 2022-03-23 | not yet calculated | CVE-2021-27420 CONFIRM CONFIRM |
ge — ur_firmware | GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information. | 2022-03-23 | not yet calculated | CVE-2021-27424 CONFIRM CONFIRM |
ge — ur_firmware |
GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTML encoding of user-supplied strings. | 2022-03-23 | not yet calculated | CVE-2021-27418 CONFIRM CONFIRM |
ge — ur_ied_firmware | GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user. | 2022-03-23 | not yet calculated | CVE-2021-27426 CONFIRM CONFIRM |
ge — ur_ied_firmware |
GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without appropriate privileges. The weakness is assessed, and mitigation is implemented in firmware Version 8.10. | 2022-03-23 | not yet calculated | CVE-2021-27428 CONFIRM CONFIRM |
genian — nac |
An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability. | 2022-03-25 | not yet calculated | CVE-2021-26622 MISC |
geon — geon |
Geon is a board game based on solving questions about the Pythagorean Theorem. Malicious users can obtain the uuid from other users, spoof that uuid through the browser console and become co-owners of the target session. This issue is patched in version 1.1.0. No known workaround exists. | 2022-03-24 | not yet calculated | CVE-2022-24781 CONFIRM MISC MISC |
globalprotect-openconnect — globalprotect-openconnect | Multiple versions of GlobalProtect-openconnect are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the attack can redirect the entire host’s traffic via their own server. | 2022-03-22 | not yet calculated | CVE-2021-45810 MISC |
globalprotect-openconnect — globalprotect-openconnect |
Multiple versions of GlobalProtect-openconnect are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the `–script=<script>` parameter. | 2022-03-22 | not yet calculated | CVE-2021-45809 MISC |
gnome — ocrfeeder |
GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename. | 2022-03-24 | not yet calculated | CVE-2022-27811 MISC |
gnu — gcc |
libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. | 2022-03-26 | not yet calculated | CVE-2022-27943 MISC MISC |
go-gitea — gitea |
Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5. | 2022-03-24 | not yet calculated | CVE-2022-1058 MISC CONFIRM |
gpac — gpac |
Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV. | 2022-03-21 | not yet calculated | CVE-2022-1035 CONFIRM MISC |
gradle_enterprise — grade_enterprise |
Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API. | 2022-03-25 | not yet calculated | CVE-2022-27919 MISC |
grafana — grafana |
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address. | 2022-03-21 | not yet calculated | CVE-2022-26148 MISC |
grpc — grpc |
grpc-swift is the Swift language implementation of gRPC, a remote procedure call (RPC) framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This is due to incorrect logic when handling GOAWAY frames. The attack is low-effort: it takes very little resources to construct and send the required sequence of frames. The impact on availability is high as the server will crash, dropping all in flight connections and requests. This issue is fixed in version 1.7.2. There are currently no known workarounds. | 2022-03-25 | not yet calculated | CVE-2022-24777 CONFIRM MISC |
guzzlehttp/psr7 — guzzlehttp/psr7 |
guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds. | 2022-03-21 | not yet calculated | CVE-2022-24775 CONFIRM MISC MISC CONFIRM |
halo — halo |
In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability. | 2022-03-24 | not yet calculated | CVE-2021-43659 MISC |
honda — civic_2018 |
The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626. | 2022-03-23 | not yet calculated | CVE-2022-27254 MISC MISC MISC MISC MISC MISC |
horner_automation — cscape_envisionrv |
This vulnerability can be exploited by parsing maliciously crafted project files with Horner Automation Cscape EnvisionRV v4.50.3.1 and prior. The issues result from the lack of proper validation of user-supplied data, which can result in reads and writes past the end of allocated data structures. User interaction is required to exploit this vulnerability as an attacker must trick a valid user to open a malicious HMI project file. | 2022-03-25 | not yet calculated | CVE-2021-44462 CONFIRM |
horovod — horovod |
Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0. | 2022-03-24 | not yet calculated | CVE-2022-0315 CONFIRM MISC |
hp — print_devices | Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. | 2022-03-23 | not yet calculated | CVE-2022-24293 MISC |
hp — print_devices | Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. | 2022-03-23 | not yet calculated | CVE-2022-24292 MISC |
hp — print_devices |
Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. | 2022-03-23 | not yet calculated | CVE-2022-24291 MISC |
ibm — bmc |
The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may be subject to downgrade attack which may affect its ability to operate its host. IBM X-Force ID: 221442. | 2022-03-24 | not yet calculated | CVE-2022-22374 CONFIRM XF |
ibm — mq_appliance |
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276. | 2022-03-23 | not yet calculated | CVE-2022-22316 XF CONFIRM |
ibm — spectrum_protect |
The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node access to the vulnerable server. | 2022-03-21 | not yet calculated | CVE-2022-22394 XF CONFIRM |
ics — bind |
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection. | 2022-03-23 | not yet calculated | CVE-2022-0396 CONFIRM FEDORA |
idccms — idccms |
idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data. | 2022-03-21 | not yet calculated | CVE-2022-27333 MISC |
image_slider_and_video_slider — image_slider_and_video_slider | Cross-Site Request Forgery (CSRF) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers to trick authenticated users into unwanted slider duplicate or delete action. | 2022-03-23 | not yet calculated | CVE-2022-25608 CONFIRM CONFIRM |
image_slider_and_video_slider — image_slider_and_video_slider |
Stored Cross-Site Scripting (XSS) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers with contributor or higher user role to inject the malicious code. | 2022-03-23 | not yet calculated | CVE-2022-25609 CONFIRM CONFIRM |
imagemagick — imagemagick |
A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system. | 2022-03-23 | not yet calculated | CVE-2021-4219 MISC |
imgcrypt — imgcrypt |
The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. The imgcrypt function `CheckAuthorization` is supposed to check whether the current used is authorized to access an encrypted image and prevent the user from running an image that another user previously decrypted on the same system. In versions prior to 1.1.4, a failure occurs when an image with a ManifestList is used and the architecture of the local host is not the first one in the ManifestList. Only the first architecture in the list was tested, which may not have its layers available locally since it could not be run on the host architecture. Therefore, the verdict on unavailable layers was that the image could be run anticipating that image run failure would occur later due to the layers not being available. However, this verdict to allow the image to run enabled other architectures in the ManifestList to run an image without providing keys if that image had previously been decrypted. A patch has been applied to imgcrypt 1.1.4. Workarounds may include usage of different namespaces for each remote user. | 2022-03-25 | not yet calculated | CVE-2022-24778 MISC CONFIRM MISC MISC |
infographic_maker — infographic_maker |
The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection | 2022-03-21 | not yet calculated | CVE-2022-0747 MISC CONFIRM |
iptime — nas2dual |
An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s passwords. | 2022-03-25 | not yet calculated | CVE-2021-26620 MISC |
irfanview — irfanview |
IrfanView 4.59 is vulnerable to buffer overflow via the function at address 0x413c70 (in 32bit version of the binary). The vulnerability triggers when the user opens malicious .tiff image. | 2022-03-23 | not yet calculated | CVE-2021-46064 MISC MISC MISC |
irz — mobile_routers |
A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor’s defined interval, leading to remote code execution, allowing the threat actor to gain filesystem access. In addition, if the router’s default credentials aren’t rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction. | 2022-03-19 | not yet calculated | CVE-2022-27226 MISC MISC MISC MISC |
isc — bind |
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown – back to 9.1.0, including Supported Preview Editions – are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients. | 2022-03-23 | not yet calculated | CVE-2021-25220 CONFIRM FEDORA FEDORA |
isc — bind |
Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check. | 2022-03-23 | not yet calculated | CVE-2022-0635 CONFIRM |
isc — bind |
When the vulnerability is triggered the BIND process will exit. BIND 9.18.0 | 2022-03-22 | not yet calculated | CVE-2022-0667 CONFIRM |
jhead — jhead | A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c. | 2022-03-23 | not yet calculated | CVE-2021-28276 MISC |
jhead — jhead | A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c. | 2022-03-23 | not yet calculated | CVE-2021-28278 MISC |
jhead — jhead | A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c. | 2022-03-23 | not yet calculated | CVE-2021-28277 MISC |
jhead — jhead |
A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file. | 2022-03-23 | not yet calculated | CVE-2021-28275 MISC |
joget_dx_7 — joget_dx_7 |
Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Datalist table. | 2022-03-25 | not yet calculated | CVE-2022-26197 MISC MISC |
jupyter — server |
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter Server version 1.15.4 contains a patch for this issue. There are currently no known workarounds. | 2022-03-23 | not yet calculated | CVE-2022-24757 CONFIRM MISC |
keycloak — keycloak |
A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak. | 2022-03-25 | not yet calculated | CVE-2021-20323 MISC |
kingsoft — wps_office |
wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry. | 2022-03-23 | not yet calculated | CVE-2022-24934 MISC MISC |
kubclient — kubclient |
A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubeclient ends up accepting any certificate (it wrongly returns VERIFY_NONE). Ruby applications that leverage kubeclient to parse kubeconfig files are susceptible to Man-in-the-middle attacks (MITM). | 2022-03-25 | not yet calculated | CVE-2022-0759 MISC MISC |
lexar_f35 — lexar_f35 |
An access control issue in the authentication module of Lexar_F35 v1.0.34 allows attackers to access sensitive data and cause a Denial of Service (DoS). An attacker without access to securely protected data on a secure USB flash drive can bypass user authentication without having any information related to the password of the registered user. The secure USB flash drive transmits the password entered by the user to the authentication module in the drive after the user registers a password, and then the input password is compared with the registered password stored in the authentication module. Subsequently, the module returns the comparison result for the authentication decision. Therefore, an attacker can bypass password authentication by analyzing the functions that return the password verification or comparison results and manipulate the authentication result values. Accordingly, even if attackers enter an incorrect password, they can be authenticated as a legitimate user and can therefore exploit functions of the secure USB flash drive by manipulating the authentication result values. | 2022-03-21 | not yet calculated | CVE-2021-46390 MISC MISC MISC MISC |
libkiwix — libkiwix |
libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0. | 2022-03-25 | not yet calculated | CVE-2022-27920 MISC MISC |
libsndfile — libsndfile |
An out-of-bounds read flaw was found in libsndfile’s FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws. | 2022-03-23 | not yet calculated | CVE-2021-4156 MISC |
libvirt — libxl_driver |
A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition. | 2022-03-25 | not yet calculated | CVE-2021-4147 MISC |
libvirt — nwfilter_driver |
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the `driver->nwfilters` mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the `driver->nwfilters` object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt’s API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd). | 2022-03-25 | not yet calculated | CVE-2022-0897 MISC |
linux — linux_kernel | A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. | 2022-03-23 | not yet calculated | CVE-2022-0854 MISC |
linux — linux_kernel | A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. | 2022-03-25 | not yet calculated | CVE-2021-4203 MISC MISC MISC MISC |
linux — linux_kernel | A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. | 2022-03-25 | not yet calculated | CVE-2022-0494 MISC MISC |
linux — linux_kernel | A stack overflow flaw was found in the Linux kernel’s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. | 2022-03-25 | not yet calculated | CVE-2022-0435 MISC MISC |
linux — linux_kernel | An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. | 2022-03-25 | not yet calculated | CVE-2021-4157 MISC MISC |
linux — linux_kernel | A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem. | 2022-03-25 | not yet calculated | CVE-2021-4202 MISC MISC MISC MISC |
linux — linux_kernel | A use-after-free flaw was found in the add_partition in block/partitions/core.c in the Linux kernel. A local attacker with user privileges could cause a denial of service on the system. The issue results from the lack of code cleanup when device_add call fails when adding a partition to the disk. | 2022-03-23 | not yet calculated | CVE-2021-4150 MISC MISC MISC |
linux — linux_kernel | A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. | 2022-03-23 | not yet calculated | CVE-2021-4149 MISC MISC MISC |
linux — linux_kernel | An unprivileged write to the file handler flaw in the Linux kernel’s control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. | 2022-03-23 | not yet calculated | CVE-2021-4197 MISC MISC |
linux — linux_kernel | A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system. | 2022-03-25 | not yet calculated | CVE-2022-0500 MISC MISC MISC MISC MISC MISC MISC MISC |
linux — linux_kernel |
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system. | 2022-03-25 | not yet calculated | CVE-2022-0995 MISC MISC |
linux — linux_kernel |
A vulnerability was found in the Linux kernel’s block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service (DOS) problem. | 2022-03-23 | not yet calculated | CVE-2021-4148 MISC MISC MISC |
linux — linux_kernel |
A random memory access flaw was found in the Linux kernel’s GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. | 2022-03-25 | not yet calculated | CVE-2022-0330 MISC MISC |
linux — linux_kernel |
A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). | 2022-03-25 | not yet calculated | CVE-2022-0322 MISC MISC |
lionize — lionize |
A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php. | 2022-03-24 | not yet calculated | CVE-2022-26272 MISC |
maccms — maccms | Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter. | 2022-03-25 | not yet calculated | CVE-2022-27884 MISC |
maccms — maccms | Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters. | 2022-03-25 | not yet calculated | CVE-2022-27885 MISC |
maccms — maccms | Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter. | 2022-03-25 | not yet calculated | CVE-2022-27886 MISC |
maccms — maccms |
Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters. | 2022-03-25 | not yet calculated | CVE-2022-26573 MISC |
maccms — maccms |
Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter. | 2022-03-25 | not yet calculated | CVE-2022-27887 MISC |
mbed_tls — mbed_tls |
A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password’s length is 0. | 2022-03-24 | not yet calculated | CVE-2021-43666 MISC |
mcafee_enterprise — epolicy_orchestrator | A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator’s session by convincing the attacker to click on a carefully crafted link. This would lead to limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in. | 2022-03-23 | not yet calculated | CVE-2022-0858 CONFIRM |
mcafee_enterprise — epolicy_orchestrator | A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a compromised session without knowing the existing user’s password. This functionality was removed from the User Interface in ePO 10 and the API has now been disabled. Other protection is in place to reduce the likelihood of this being successful through sending a link to a logged in user. | 2022-03-23 | not yet calculated | CVE-2022-0862 CONFIRM |
mcafee_enterprise — epolicy_orchestrator | McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server (restricted to administrators) and to know the SQL server password. | 2022-03-23 | not yet calculated | CVE-2022-0859 CONFIRM |
mcafee_enterprise — epolicy_orchestrator | A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator’s session by convincing the attacker to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in. | 2022-03-23 | not yet calculated | CVE-2022-0857 CONFIRM |
mcafee_enterprise — epolicy_orchestrator | A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. The impact is limited to some access to confidential information and some ability to alter data. | 2022-03-23 | not yet calculated | CVE-2022-0861 CONFIRM |
mcafee_enterprise — epolicy_orchestrator |
A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data the attacker would require administrator privileges. | 2022-03-23 | not yet calculated | CVE-2022-0842 CONFIRM |
mega_menu — mega_menu |
The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the _wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | 2022-03-21 | not yet calculated | CVE-2022-0628 CONFIRM MISC |
mendelson_oftp2 — mendelson_oftp2 | Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To access the vulnerable code path, the attacker has to know one of the configured Odette IDs of the OFTP2 server. An attacker can upload files to the server outside of the intended upload directory. | 2022-03-25 | not yet calculated | CVE-2022-27906 MISC MISC |
microweber — microweber |
Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12. | 2022-03-22 | not yet calculated | CVE-2022-1036 CONFIRM MISC |
miniorange — google_authenticator |
The miniOrange’s Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable. | 2022-03-21 | not yet calculated | CVE-2022-0229 MISC |
mitmproxy — mitmproxy |
mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response’s HTTP message body. While mitmproxy would only see one request, the target server would see multiple requests. A smuggled request is still captured as part of another request’s body, but it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless mitmproxy is used to protect an HTTP/1 service, no action is required. The vulnerability has been fixed in mitmproxy 8.0.0 and above. There are currently no known workarounds. | 2022-03-21 | not yet calculated | CVE-2022-24766 MISC CONFIRM MISC |
modern_events_calendar_lite — modern_events_calendar_lite |
The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | 2022-03-21 | not yet calculated | CVE-2022-0364 MISC |
money_transfer_management_system — money_transfer_management_system |
Money Transfer Management System Version 1.0 allows an attacker to inject JavaScript code in the URL and then trick a user into visit the link in order to execute JavaScript code. | 2022-03-23 | not yet calculated | CVE-2022-25221 MISC |
money_transfer_management_system — money_transfer_management_system |
Money Transfer Management System Version 1.0 allows an unauthenticated user to inject SQL queries in ‘admin/maintenance/manage_branch.php’ and ‘admin/maintenance/manage_fee.php’ via the ‘id’ parameter. | 2022-03-23 | not yet calculated | CVE-2022-25222 MISC |
money_transfer_management_system — money_transfer_management_system |
Money Transfer Management System Version 1.0 allows an authenticated user to inject SQL queries in ‘mtms/admin/?page=transaction/view_details’ via the ‘id’ parameter. | 2022-03-23 | not yet calculated | CVE-2022-25223 MISC |
motion_eye — motion_eye |
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured. | 2022-03-24 | not yet calculated | CVE-2022-25568 MISC MISC |
mruby — ruby |
User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2. | 2022-03-26 | not yet calculated | CVE-2022-1071 CONFIRM MISC |
mybatis_plus — mybatis_plus |
MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column parameter in /core/conditions/AbstractWrapper.java. | 2022-03-22 | not yet calculated | CVE-2022-25517 MISC |
net/ipv4/esp4.c — net/ipv4/esp4.c |
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. | 2022-03-23 | not yet calculated | CVE-2022-27666 MISC MISC |
netgear — r8500 | NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi. | 2022-03-26 | not yet calculated | CVE-2022-27946 MISC |
netgear — r8500 | NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi. | 2022-03-26 | not yet calculated | CVE-2022-27945 MISC |
netgear — r8500 |
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter. | 2022-03-26 | not yet calculated | CVE-2022-27947 MISC |
netu — mex01 |
An Buffer Overflow vulnerability leading to remote code execution was discovered in MEX01. Remote attackers can use this vulnerability by using the property that the target program copies parameter values to memory through the strcpy() function. | 2022-03-25 | not yet calculated | CVE-2021-26621 MISC |
ninja_forms-file_uploads_extension — ninja_forms-file_uploads_extension | The Ninja Forms – File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the ~/includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web scripts to vulnerable WordPress sites, in versions up to and including 3.3.12. | 2022-03-23 | not yet calculated | CVE-2022-0889 MISC MISC |
ninja_forms-file_uploads_extension — ninja_forms-file_uploads_extension |
The Ninja Forms – File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code execution, in versions up to and including 3.3.0 | 2022-03-23 | not yet calculated | CVE-2022-0888 MISC MISC |
nozomi_networks — guardian_and_cmc_versions | Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0. | 2022-03-24 | not yet calculated | CVE-2022-0551 CONFIRM |
nozomi_networks — guardian_and_cmc_versions |
Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0. | 2022-03-24 | not yet calculated | CVE-2022-0550 CONFIRM |
nvidia — dcgm |
NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and limited impacts to both data confidentiality and integrity. | 2022-03-24 | not yet calculated | CVE-2022-21820 CONFIRM |
nxp — microcontrollers |
NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers (ROM version 1B) have a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker to achieve non-persistent code execution via a crafted unsigned update. | 2022-03-23 | not yet calculated | CVE-2022-22819 MISC MISC |
okta — advanced_server_access_client |
Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has access, can execute commands on the local system. | 2022-03-23 | not yet calculated | CVE-2022-1030 MISC |
opcfoundation — ansi_c_stack_stubs |
The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference. | 2022-03-21 | not yet calculated | CVE-2021-45117 MISC MISC |
openbsd — openbsd |
engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge can prevent exploitation. | 2022-03-25 | not yet calculated | CVE-2022-27881 MISC MISC MISC |
openbsd — openbsd |
slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation. | 2022-03-25 | not yet calculated | CVE-2022-27882 MISC MISC MISC |
openemr — hospital_information_management_system |
A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0. | 2022-03-25 | not yet calculated | CVE-2022-24643 MISC MISC MISC |
openemr — openemr |
OpenEMR v6.0.0 was discovered to contain an incorrect access control issue. | 2022-03-23 | not yet calculated | CVE-2022-25041 MISC MISC MISC |
openexr — openexr |
An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths. | 2022-03-25 | not yet calculated | CVE-2021-3933 MISC FEDORA |
openexr — openexr |
In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 – chroma.white.x – chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR. | 2022-03-25 | not yet calculated | CVE-2021-3941 MISC FEDORA |
openssl_project — openssl_project |
An Insecure Permissions vulnerability exists in the OpenSSL Project 3.0 due to an error in the implementation of the CMAC_Final() function. | 2022-03-24 | not yet calculated | CVE-2021-43085 MISC |
openstack-tripleo-heat-templates — openstack-tripleo-heat-templates |
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1. | 2022-03-23 | not yet calculated | CVE-2021-4180 MISC |
openvpn — openvpn |
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials. | 2022-03-18 | not yet calculated | CVE-2022-0547 MISC MISC MISC FEDORA FEDORA |
otrs — ag_otrs |
Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions. | 2022-03-21 | not yet calculated | CVE-2022-0475 CONFIRM |
otrs — otrs | Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled. | 2022-03-21 | not yet calculated | CVE-2022-1004 CONFIRM |
otrs — otrs |
Specially crafted string in OTRS system configuration can allow the execution of any system command. | 2022-03-21 | not yet calculated | CVE-2021-36100 CONFIRM |
owasp — zed_attack_proxy |
OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server. | 2022-03-24 | not yet calculated | CVE-2022-27820 MISC MISC MLIST |
parking_management_system — parking_management_system |
Multiple cross-site scripting (XSS) vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, password, and verification code text boxes. | 2022-03-24 | not yet calculated | CVE-2022-25575 MISC |
passwork — on-premise_edition | Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems. | 2022-03-23 | not yet calculated | CVE-2022-25268 MISC MISC |
passwork — on-premise_edition | Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files). | 2022-03-23 | not yet calculated | CVE-2022-25266 MISC MISC |
passwork — on-premise_edition | Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files). | 2022-03-23 | not yet calculated | CVE-2022-25267 MISC MISC |
passwork — on-premise_edition |
Passwork On-Premise Edition before 4.6.13 has multiple XSS issues. | 2022-03-23 | not yet calculated | CVE-2022-25269 MISC MISC |
philips — gemini_pet/ct_family_software |
Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control. | 2022-03-23 | not yet calculated | CVE-2021-27456 CONFIRM CONFIRM |
photoswipe_masonry_gallery — photoswipe_masonry_gallery |
The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnail_width, thumbnail_height, max_image_width, and max_image_height parameters found in the ~/photoswipe-masonry.php file which allows authenticated attackers to inject arbitrary web scripts into galleries created by the plugin and on the PhotoSwipe Options page. This affects versions up to and including 1.2.14. | 2022-03-23 | not yet calculated | CVE-2022-0750 MISC |
phplpam — phplpam |
phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality. | 2022-03-25 | not yet calculated | CVE-2021-46426 MISC MISC MISC |
pimcore — data-hub |
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/data-hub prior to 1.2.4. | 2022-03-24 | not yet calculated | CVE-2022-0955 MISC CONFIRM |
piwigo — piwigo | Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php. | 2022-03-18 | not yet calculated | CVE-2022-26266 MISC |
piwigo — piwigo |
Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php. | 2022-03-18 | not yet calculated | CVE-2022-26267 MISC |
pjsip — pjsip |
PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly call `pjmedia_sdp_print()` or `pjmedia_sdp_media_print()` should not be affected. A patch is available on the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds. | 2022-03-22 | not yet calculated | CVE-2022-24764 MISC CONFIRM |
pnpm — pnpm |
PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute PNPM commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS. | 2022-03-21 | not yet calculated | CVE-2022-26183 MISC MISC |
poetry — poetry |
Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS. | 2022-03-21 | not yet calculated | CVE-2022-26184 MISC MISC |
powerdns — authoritative_server_and_recursor |
In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers. | 2022-03-25 | not yet calculated | CVE-2022-27227 CONFIRM CONFIRM MISC MISC MLIST |
pricing_table_builder — pricing_table_builder |
The Pricing Table Builder WordPress plugin before 1.1.5 does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | 2022-03-21 | not yet calculated | CVE-2022-0640 MISC CONFIRM |
primekey — signserver |
An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a worker name. | 2022-03-21 | not yet calculated | CVE-2022-26494 MISC MISC |
qemu — qemu |
A flaw was found in the QEMU implementation of VMWare’s paravirtual RDMA device. The issue occurs while handling a “PVRDMA_CMD_CREATE_MR” command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability. | 2022-03-25 | not yet calculated | CVE-2021-3582 MISC |
qemu — qemu |
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor’s address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process. | 2022-03-23 | not yet calculated | CVE-2021-3748 MISC MISC MISC MISC |
quarkus — quarkus |
A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended. | 2022-03-23 | not yet calculated | CVE-2022-0981 MISC MISC |
radareorg — radare2 | Heap Buffer Overflow in iterate_chained_fixups in GitHub repository radareorg/radare2 prior to 5.6.6. | 2022-03-24 | not yet calculated | CVE-2022-1052 CONFIRM MISC |
radareorg — radare2 | Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8. | 2022-03-24 | not yet calculated | CVE-2022-1061 MISC CONFIRM |
radareorg — radare2 |
Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 prior to 5.6.6. | 2022-03-22 | not yet calculated | CVE-2022-1031 CONFIRM MISC |
razer_synapse — razer_synapse |
Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there. | 2022-03-23 | not yet calculated | CVE-2021-44226 MISC MISC FULLDISC |
rockwell_automation — connected_components_workbench | Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited. | 2022-03-23 | not yet calculated | CVE-2021-27475 CONFIRM CONFIRM |
rockwell_automation — connected_components_workbench | Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly referred to as a Zip Slip. A local, authenticated attacker can create a malicious .ccwarc archive file that, when opened by Connected Components Workbench, will allow the attacker to gain the privileges of the software. If the software is running at SYSTEM level, the attacker will gain admin level privileges. User interaction is required for this exploit to be successful. | 2022-03-23 | not yet calculated | CVE-2021-27473 CONFIRM CONFIRM |
rockwell_automation — connected_components_workbench |
The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the Connected Components Workbench software. User interaction is required for this exploit to be successful. | 2022-03-23 | not yet calculated | CVE-2021-27471 CONFIRM CONFIRM |
rockwell_automation — factorytalk_assetcentre | The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements. | 2022-03-23 | not yet calculated | CVE-2021-27468 CONFIRM CONFIRM |
rockwell_automation — factorytalk_assetcentre | The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements. | 2022-03-23 | not yet calculated | CVE-2021-27464 CONFIRM CONFIRM |
rockwell_automation — factorytalk_assetcentre | A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre. | 2022-03-23 | not yet calculated | CVE-2021-27466 CONFIRM CONFIRM |
rockwell_automation — factorytalk_assetcentre | A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre. | 2022-03-23 | not yet calculated | CVE-2021-27470 CONFIRM CONFIRM |
rockwell_automation — factorytalk_assetcentre | A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier. | 2022-03-23 | not yet calculated | CVE-2021-27476 CONFIRM CONFIRM |
rockwell_automation — factorytalk_assetcentre | Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attacker to modify sensitive data in FactoryTalk AssetCentre. | 2022-03-23 | not yet calculated | CVE-2021-27474 CONFIRM CONFIRM |
rockwell_automation — factorytalk_assetcentre | A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre. | 2022-03-23 | not yet calculated | CVE-2021-27462 CONFIRM CONFIRM |
rockwell_automation — factorytalk_assetcentre |
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. This vulnerability may allow a remote, unauthenticated attacker to gain full access to the FactoryTalk AssetCentre main server and all agent machines. | 2022-03-23 | not yet calculated | CVE-2021-27460 CONFIRM CONFIRM |
rockwell_automation — factorytalk_assetcentre |
A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements. | 2022-03-23 | not yet calculated | CVE-2021-27472 CONFIRM CONFIRM |
sentinel — sentinel |
Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF). | 2022-03-23 | not yet calculated | CVE-2021-44139 MISC |
seo_plugin_by_squirrly_seo — seo_plugin_by_squirrly_seo |
The SEO Plugin by Squirrly SEO WordPress plugin before 11.1.12 does not escape the type parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | 2022-03-21 | not yet calculated | CVE-2021-25019 MISC |
shopxo — shopxo | The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file. | 2022-03-20 | not yet calculated | CVE-2020-26008 MISC |
shopxo — shopxo |
An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | 2022-03-20 | not yet calculated | CVE-2020-26007 MISC |
simple — client_management_system |
Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the application’s database via crafted HTTP requests. | 2022-03-21 | not yet calculated | CVE-2022-26284 MISC |
simple — simple_subscription_website |
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application’s database via crafted HTTP requests. | 2022-03-21 | not yet calculated | CVE-2022-26285 MISC |
simple — subscription_website |
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint. This vulnerability allows attackers to dump the application’s database via crafted HTTP requests. | 2022-03-21 | not yet calculated | CVE-2022-26283 MISC |
simple-plist — simple-plist |
Simple-Plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse(). | 2022-03-22 | not yet calculated | CVE-2022-26260 MISC |
simple_ajax_chat — simple_ajax_chat |
Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit. | 2022-03-25 | not yet calculated | CVE-2022-25610 CONFIRM CONFIRM |
simple_event_planner — simple_event_planner | Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][]. | 2022-03-25 | not yet calculated | CVE-2022-25611 CONFIRM CONFIRM |
simple_event_planner — simple_event_planner |
Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact]. | 2022-03-25 | not yet calculated | CVE-2022-25612 CONFIRM CONFIRM |
simple_link_directory — simple_link_directory |
The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection | 2022-03-21 | not yet calculated | CVE-2022-0760 MISC CONFIRM |
simple_membership — simple_membership |
The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions via a CSRF attack | 2022-03-21 | not yet calculated | CVE-2022-0681 MISC |
snapt_aria — snapt-aria | The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands. | 2022-03-21 | not yet calculated | CVE-2022-24237 MISC MISC |
snapt_aria — snapt-aria | An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users’ accounts. | 2022-03-21 | not yet calculated | CVE-2022-24236 MISC MISC |
snapt_aria — snapt-aria | A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. | 2022-03-21 | not yet calculated | CVE-2022-24235 MISC MISC |
soa-model — soa-model |
An XML External Entity (XXE) vulnerability exists in all versions of soa-model (as of 11.01/2021) in the WSDLParser function. | 2022-03-25 | not yet calculated | CVE-2021-43090 MISC |
solarwinds — solarwinds |
SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future. | 2022-03-25 | not yet calculated | CVE-2021-35254 MISC MISC |
sonicos — sonicos |
A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall. | 2022-03-25 | not yet calculated | CVE-2022-22274 CONFIRM |
sophos — firewall |
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. | 2022-03-25 | not yet calculated | CVE-2022-1040 CONFIRM |
sophos — utm |
Confd log files contain local users’, including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710. | 2022-03-22 | not yet calculated | CVE-2022-0652 CONFIRM |
sophos — utm |
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. | 2022-03-22 | not yet calculated | CVE-2022-0386 CONFIRM |
soroushplus+ — messenger |
An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen Security Feature function due to insufficient permissions and privileges, which allows a malicious attacker bypass the lock screen function. | 2022-03-24 | not yet calculated | CVE-2022-26629 MISC |
splunk — splunk-to-splunk |
The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. See https://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Enableareceiver for more information on configuring an indexer to listen for UF traffic. It does not impact Universal Forwarders. When Splunk forwarding is secured using TLS or a Token, the attack requires compromising the certificate or token, or both. As a partial mitigation and a security best practice, see https://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureSplunkforwardingtousesignedcertificates and https://docs.splunk.com/Documentation/Forwarder/latest/Forwarder/Controlforwarderaccess. Implementation of either or both reduces the severity to Medium. | 2022-03-25 | not yet calculated | CVE-2021-3422 MISC MISC |
star7th — showdoc |
There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4. | 2022-03-22 | not yet calculated | CVE-2022-1034 MISC CONFIRM |
statamic — statamic |
Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user’s password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncover the entire hash. The hash is not present in the response, however the presence or absence of a result confirms if the character is in the right position. The API has throttling enabled by default, making this a time intensive task. Both the REST API and the users endpoint need to be enabled, as they are disabled by default. The issue has been fixed in versions 3.2.39 and above, and 3.3.2 and above. | 2022-03-25 | not yet calculated | CVE-2022-24784 MISC MISC CONFIRM |
stb_image_loader — stb_image_loader |
stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw. | 2022-03-26 | not yet calculated | CVE-2022-27938 MISC |
survey_king — survey_king |
Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack. | 2022-03-24 | not yet calculated | CVE-2022-26249 MISC |
surveyking — surveyking |
SurveyKing v0.2.0 was discovered to retain users’ session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application. | 2022-03-25 | not yet calculated | CVE-2022-25590 MISC MISC MISC |
synology — diskstation_manager | Improper neutralization of special elements used in a command (‘Command Injection’) vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | 2022-03-25 | not yet calculated | CVE-2022-22688 CONFIRM |
synology — diskstation_manager |
Buffer copy without checking size of input (‘Classic Buffer Overflow’) vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. | 2022-03-25 | not yet calculated | CVE-2022-22687 CONFIRM |
t10_v3_firmware — t10_v3_firmware |
Two Buffer Overflow vulnerabilities exists in T10 V2_Firmware V4.1.8cu.5207_B20210320 in the http_request_parse function when processing host data in the HTTP request process. | 2022-03-25 | not yet calculated | CVE-2021-43636 MISC |
taocms — taocms |
taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file. | 2022-03-18 | not yet calculated | CVE-2022-25578 MISC MISC |
taocms — taocms |
An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. | 2022-03-23 | not yet calculated | CVE-2022-23880 MISC |
taocms — taocms |
Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php. | 2022-03-21 | not yet calculated | CVE-2022-25505 MISC |
tcpprep — tcpprep |
tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1. | 2022-03-22 | not yet calculated | CVE-2022-25484 MISC |
tcpreplay — tcpreplay | tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c. | 2022-03-26 | not yet calculated | CVE-2022-27939 MISC |
tcpreplay — tcpreplay | tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c. | 2022-03-26 | not yet calculated | CVE-2022-27940 MISC |
tcpreplay — tcpreplay | tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c. | 2022-03-26 | not yet calculated | CVE-2022-27941 MISC |
tcpreplay — tcpreplay |
tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c. | 2022-03-26 | not yet calculated | CVE-2022-27942 MISC |
teamviewer — linux_versions |
TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash. Knowledge of the crash event and the TeamViewer ID as well as either possession of the pre-crash connection password or local authenticated access to the machine would have allowed to establish a remote connection by reusing the not properly deleted connection password. | 2022-03-23 | not yet calculated | CVE-2022-23242 MISC |
tenda — m3 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setPicListItem. | 2022-03-24 | not yet calculated | CVE-2022-27079 MISC |
tenda — m3 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/exeCommand. | 2022-03-24 | not yet calculated | CVE-2022-26289 MISC |
tenda — m3 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo. | 2022-03-24 | not yet calculated | CVE-2022-27081 MISC |
tenda — m3 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setWorkmode. | 2022-03-24 | not yet calculated | CVE-2022-27080 MISC |
tenda — m3 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetInternetLanInfo. | 2022-03-24 | not yet calculated | CVE-2022-27082 MISC |
tenda — m3 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail. | 2022-03-24 | not yet calculated | CVE-2022-27078 MISC |
tenda — m3 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadWeiXinPic. | 2022-03-24 | not yet calculated | CVE-2022-27077 MISC |
tenda — m3 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/delAd. | 2022-03-24 | not yet calculated | CVE-2022-27076 MISC |
tenda — m3 |
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/WriteFacMac. | 2022-03-24 | not yet calculated | CVE-2022-26290 MISC |
tenda — m3 |
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setFixTools. | 2022-03-24 | not yet calculated | CVE-2022-26536 MISC |
tenda — m3 |
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic. | 2022-03-24 | not yet calculated | CVE-2022-27083 MISC |
tenda — routers |
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the urls parameter in the saveParentControlInfo function. | 2022-03-23 | not yet calculated | CVE-2021-38278 MISC |
tenda — routers |
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow in the setSmartPowerManagement function. | 2022-03-23 | not yet calculated | CVE-2022-26243 MISC |
tenda — routers |
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function. | 2022-03-23 | not yet calculated | CVE-2021-38772 MISC |
thinkphp_framework — thinkphp_framework |
ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. | 2022-03-21 | not yet calculated | CVE-2022-25481 MISC |
tinyshop — tinyshop |
A File Deletion vulnerability exists in TinyShop 3.1.1 in the back_list parameter in controllers\admin.php, which could let a malicious user delete any file such as install.lock to reinstall cms. | 2022-03-25 | not yet calculated | CVE-2020-21554 MISC MISC MISC MISC |
tms — tms | TMS v2.28.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /TMS/admin/setting/mail/createorupdate. | 2022-03-20 | not yet calculated | CVE-2022-26246 MISC |
tms — tms |
TMS v2.28.0 contains an insecure permissions vulnerability via the component /TMS/admin/user/Update2. This vulnerability allows attackers to modify the administrator account and password. | 2022-03-20 | not yet calculated | CVE-2022-26247 MISC |
totolink — routers | TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via /setting/NTPSyncWithHost. | 2022-03-22 | not yet calculated | CVE-2022-26188 MISC |
totolink — routers | TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function. | 2022-03-22 | not yet calculated | CVE-2022-26187 MISC |
totolink — routers | TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi. | 2022-03-22 | not yet calculated | CVE-2022-26186 MISC |
totolink — routers |
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the langType parameter in the login interface. | 2022-03-22 | not yet calculated | CVE-2022-26189 MISC |
tuzicms — tuzicms |
TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php. | 2022-03-24 | not yet calculated | CVE-2022-26301 MISC |
typesettercms — typesettercms |
TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request. | 2022-03-25 | not yet calculated | CVE-2022-25523 MISC MISC MISC |
ungit — ungit |
The package ungit before 1.5.20 are vulnerable to Remote Code Execution (RCE) via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values (remote and ref) are passed to the git fetch command. By injecting some git options it was possible to get arbitrary command execution. | 2022-03-21 | not yet calculated | CVE-2022-25766 MISC MISC MISC |
unisoc — chipset |
The UNISOC chipset through 2022-03-15 allows attackers to obtain remote control of a mobile phone, e.g., to obtain sensitive information from text messages or the device’s screen, record video of the device’s physical environment, or modify data. | 2022-03-18 | not yet calculated | CVE-2022-27250 MISC |
veeam — backup_an_replication |
**REJECT** Veeam Backup & Replication 10.x and 11.x has an Untrusted Search Path. | 2022-03-18 | not yet calculated | CVE-2022-26502 |
vmware — carbon_black_app_control | VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. A malicious actor with administrative access to the VMware App Control administration interface may be able to execute code on the Windows instance where AppC Server is installed by uploading a specially crafted file. | 2022-03-23 | not yet calculated | CVE-2022-22952 MISC |
vmware — carbon_black_app_control |
VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains an OS command injection vulnerability. An authenticated, high privileged malicious actor with network access to the VMware App Control administration interface may be able to execute commands on the server due to improper input validation leading to remote code execution. | 2022-03-23 | not yet calculated | CVE-2022-22951 MISC |
webrun — webrun |
WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username during the login process. | 2022-03-22 | not yet calculated | CVE-2021-43650 MISC |
westerndigital — westerndigital |
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code. | 2022-03-25 | not yet calculated | CVE-2022-22995 MISC |
wp-downloadmanager — wp-downloadmanager |
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories. | 2022-03-25 | not yet calculated | CVE-2022-25606 CONFIRM CONFIRM |
xiaohuanxiong_cms — xiaohuanxiong_cms | An issue was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can that can add the administrator account. | 2022-03-23 | not yet calculated | CVE-2021-43738 MISC |
xiaohuanxiong_cms — xiaohuanxiong_cms |
An issus was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can modify administrator account’s password. | 2022-03-23 | not yet calculated | CVE-2021-43737 MISC |
yafu — yafu |
Yafu v2.0 contains a segmentation fault via the component /factor/avx-ecm/vecarith52.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | 2022-03-20 | not yet calculated | CVE-2022-25462 MISC |
yeswiki_doryphore — yeswiki_doryphore |
An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form. | 2022-03-25 | not yet calculated | CVE-2021-43091 MISC MISC |
yogesh_ojha_rengine — yogesh_ojha_rengine |
A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . . | 2022-03-24 | not yet calculated | CVE-2021-39491 MISC |
yonyou — u8 |
Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp. | 2022-03-25 | not yet calculated | CVE-2022-26263 MISC MISC MISC |
zlib — zlib |
zlib 1.2.11 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | 2022-03-25 | not yet calculated | CVE-2018-25032 MISC MISC MLIST MLIST |
zzzcms — zzzphp |
ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via danger_key() at zzz_template.php. | 2022-03-23 | not yet calculated | CVE-2022-23881 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.