US-CERT Bulletin (SB22-129):Vulnerability Summary for the Week of May 2, 2022
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
N/A — N/A |
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | 7.5 | CVE-2022-1388 MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
livehelperchat — live_helper_chat | Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Attacker can execute malicious JS on Application 🙂 | 2022-04-29 | 4.3 | CVE-2022-1530 MISC CONFIRM |
mediawiki — mediawiki | The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages. | 2022-04-29 | 4.3 | CVE-2022-29907 MISC MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no low vulnerabilities recorded this week. |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
tecson_and_gok — multiple_products |
In multiple Tecson Tankspion and GOKs SmartBox 4 products the affected application doesn’t properly restrict access to an endpoint that is responsible for saving settings, to a unauthenticated user with limited access rights. Based on the lack of adequately implemented access-control rules, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to change the application settings without authenticating at all, which violates originally laid ACL rules. | 2022-05-06 | not yet calculated | CVE-2019-12254 CONFIRM |
piwigo — piwigo |
SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to delete. | 2022-05-06 | not yet calculated | CVE-2020-19212 MISC |
piwigo — piwigo |
SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories. | 2022-05-06 | not yet calculated | CVE-2020-19213 MISC |
piwigo — piwigo |
SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=user_perm. | 2022-05-06 | not yet calculated | CVE-2020-19215 MISC |
piwigo — piwigo |
SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=group_perm. | 2022-05-06 | not yet calculated | CVE-2020-19216 MISC |
piwigo — piwigo |
SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category parameter to admin.php?page=batch_manager. | 2022-05-06 | not yet calculated | CVE-2020-19217 MISC |
totolink — n200re_andn100re_routers |
A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element. | 2022-05-02 | not yet calculated | CVE-2020-23617 MISC MISC |
xtend — voice_logger |
A reflected cross site scripting (XSS) vulnerability in Xtend Voice Logger 1.0 allows attackers to execute arbitrary web scripts or HTML, via the path of the error page. | 2022-05-02 | not yet calculated | CVE-2020-23618 MISC MISC |
orlansoft — erp |
The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object. | 2022-05-02 | not yet calculated | CVE-2020-23620 MISC MISC MISC |
squire-technologies — ms_management_system |
The Java Remote Management Interface of all versions of SVI MS Management System was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object. | 2022-05-02 | not yet calculated | CVE-2020-23621 MISC MISC MISC |
sonicwall — global_vpn_client |
SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system. | 2022-05-04 | not yet calculated | CVE-2021-20051 CONFIRM |
fuchsia — multiple_products |
The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond. | 2022-05-03 | not yet calculated | CVE-2021-22556 MISC MISC |
google — idtoken |
The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token’s payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above | 2022-05-03 | not yet calculated | CVE-2021-22573 MISC |
multiple_vendors — multiple_products |
NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc, _lwmem_alloc and _partition functions. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | 2022-05-03 | not yet calculated | CVE-2021-22680 CONFIRM |
topthink — framework |
The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class. | 2022-05-06 | not yet calculated | CVE-2021-23592 CONFIRM CONFIRM CONFIRM |
twelvemonkeys — twelvemonkeys |
The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity (XXE) Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file (e.g. when an online profile picture is processed) with a malicious XMP segment. If the XMP metadata of the uploaded image is parsed, then the XXE vulnerability is triggered. | 2022-05-06 | not yet calculated | CVE-2021-23792 CONFIRM CONFIRM |
wordpress — tipsacarrier_wordpress_plugin |
The Tipsacarrier WordPress plugin through 1.4.4.2 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL | 2022-05-02 | not yet calculated | CVE-2021-25002 MISC |
wordpress — advanced_page_visit_counter_wordpress_plugin |
The Advanced Page Visit Counter WordPress plugin through 5.0.8 does not sanitise and escape some input before outputting it in an admin dashboard page, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admins viewing it | 2022-05-02 | not yet calculated | CVE-2021-25086 MISC |
wordpress — all_in_one_wp_security_&_firewall_wordpress_plugin |
The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redirect as well as Cross-Site Scripting issue. Exploitation of this issue requires the Login Page URL value to be known, which should be hard to guess, reducing the risk | 2022-05-02 | not yet calculated | CVE-2021-25102 MISC |
sophos — firewall |
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA. | 2022-05-05 | not yet calculated | CVE-2021-25267 CONFIRM |
sophos — firewall |
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA. | 2022-05-05 | not yet calculated | CVE-2021-25268 CONFIRM |
kubernetes — ingress-nginx |
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. | 2022-05-06 | not yet calculated | CVE-2021-25745 MISC MISC |
kubernetes — ingress-nginx |
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. | 2022-05-06 | not yet calculated | CVE-2021-25746 MISC MISC |
splunk — enterprise |
A potential vulnerability in Splunk Enterprise’s implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service. | 2022-05-06 | not yet calculated | CVE-2021-26253 MISC |
micriumos — multiple_products |
Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as very small blocks of memory being allocated instead of very large ones. | 2022-05-03 | not yet calculated | CVE-2021-27411 CONFIRM CONFIRM |
ecoscentric — ecospro_rtos |
eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow. | 2022-05-03 | not yet calculated | CVE-2021-27417 CONFIRM CONFIRM |
uclibc-ng — uclibc-ng |
uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | 2022-05-03 | not yet calculated | CVE-2021-27419 CONFIRM CONFIRM |
nxp — mcuxpresso |
NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow in SDK_Malloc function, which could allow to access memory locations outside the bounds of a specified array, leading to unexpected behavior such segmentation fault when assigning a particular block of memory from the heap via malloc. | 2022-05-03 | not yet calculated | CVE-2021-27421 CONFIRM CONFIRM |
cesanta_software — mongoose-os |
Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | 2022-05-03 | not yet calculated | CVE-2021-27425 CONFIRM CONFIRM |
riot — os |
RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | 2022-05-03 | not yet calculated | CVE-2021-27427 CONFIRM CONFIRM |
arm — cmsis_rtos2 |
ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution. | 2022-05-03 | not yet calculated | CVE-2021-27431 CONFIRM |
arm — mbed-ualloc |
ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | 2022-05-03 | not yet calculated | CVE-2021-27433 CONFIRM CONFIRM |
arm — mbed-ualloc |
ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | 2022-05-03 | not yet calculated | CVE-2021-27435 CONFIRM CONFIRM |
tencentos-tiny — tencentos-tiny |
TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function ‘tos_mmheap_alloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | 2022-05-03 | not yet calculated | CVE-2021-27439 CONFIRM |
hcl_software — commerce |
HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible. | 2022-05-06 | not yet calculated | CVE-2021-27751 CONFIRM |
hcl_software — bigfix_inventory |
There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim’s account. | 2022-05-06 | not yet calculated | CVE-2021-27758 CONFIRM |
hcl_software — bigfix_inventory |
This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim’s browser to emit an HTTP request to an arbitrary URL in the application. | 2022-05-06 | not yet calculated | CVE-2021-27759 CONFIRM |
hcl_software — notes |
An issue was discovered in the Sametime chat feature in the Notes 11.0 – 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code. | 2022-05-06 | not yet calculated | CVE-2021-27760 CONFIRM |
hcl_software — weak_tls |
Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks | 2022-05-06 | not yet calculated | CVE-2021-27761 CONFIRM |
hcl_software — bigfix_platform |
Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses | 2022-05-06 | not yet calculated | CVE-2021-27762 CONFIRM |
hcl_software — hcl_software |
Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI) | 2022-05-06 | not yet calculated | CVE-2021-27764 CONFIRM |
hcl_software — installshield |
The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. | 2022-05-06 | not yet calculated | CVE-2021-27765 CONFIRM |
hcl_software — bigfix_client_installer |
The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. | 2022-05-06 | not yet calculated | CVE-2021-27766 CONFIRM |
hcl_software — bigfix_console_installer |
The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. | 2022-05-06 | not yet calculated | CVE-2021-27767 CONFIRM |
ibm — maximo_asset_management |
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 205680. | 2022-05-03 | not yet calculated | CVE-2021-29854 CONFIRM XF |
ibm — user_management_system_component |
IBM ICP4A – User Management System Component (IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007) could allow a user with physical access to the system to perform unauthorized actions or obtain sensitive information due to insufficient validation and recvocation another user logouting out. IBM X-Force ID: 206081. | 2022-05-02 | not yet calculated | CVE-2021-29859 CONFIRM XF |
splunk — enterprise_indexer |
A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders. | 2022-05-06 | not yet calculated | CVE-2021-31559 MISC |
cyclos — cyclos_4_pro |
A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter. | 2022-05-02 | not yet calculated | CVE-2021-31673 MISC MISC |
cyclos — cyclos_4_pro |
Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant. | 2022-05-02 | not yet calculated | CVE-2021-31674 MISC MISC |
secomea — multiple_products |
Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7. | 2022-05-04 | not yet calculated | CVE-2021-32010 MISC |
splunk — enterprise |
The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors. | 2022-05-06 | not yet calculated | CVE-2021-33845 MISC MISC |
red_hat — sox |
A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information. | 2022-05-02 | not yet calculated | CVE-2021-3643 MISC |
suse — rancher |
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3. | 2022-05-02 | not yet calculated | CVE-2021-36778 CONFIRM |
suse — rancher |
A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4. | 2022-05-02 | not yet calculated | CVE-2021-36784 CONFIRM |
wordpress — mythemeshop_wp_subscribe_plugin |
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop WP Subscribe plugin <= 1.2.12 on WordPress. | 2022-05-02 | not yet calculated | CVE-2021-36844 CONFIRM CONFIRM |
wordpress — andrea_pernici_news_sitemap_for_google_plugin |
Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role. | 2022-05-06 | not yet calculated | CVE-2021-36912 CONFIRM CONFIRM |
qemu — qemu |
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller’s registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0. | 2022-05-02 | not yet calculated | CVE-2021-3750 MISC MISC MISC |
gurum_networks — gurumdds |
All versions of GurumDDS improperly calculate the size to be used when allocating the buffer, which may result in a buffer overflow. | 2022-05-05 | not yet calculated | CVE-2021-38423 CONFIRM |
eprosima — fast_dds |
eProsima Fast DDS versions prior to 2.4.0 (#2269) are susceptible to exploitation when an attacker sends a specially crafted packet to flood a target device with unwanted traffic, which may result in a denial-of-service condition and information exposure. | 2022-05-05 | not yet calculated | CVE-2021-38425 CONFIRM CONFIRM |
rti — connext_dds_professional_and_connext_dds_secure |
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2.x to 6.1.0 are vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code. | 2022-05-05 | not yet calculated | CVE-2021-38427 CONFIRM CONFIRM |
oci — opendds |
OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition and information exposure. | 2022-05-05 | not yet calculated | CVE-2021-38429 CONFIRM CONFIRM |
rti — connext_dds_professional_and_connext_dds_secure |
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code. | 2022-05-05 | not yet calculated | CVE-2021-38433 CONFIRM CONFIRM |
rti — connext_dds_professional_and_connext_dds_secure |
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 not correctly calculate the size when allocating the buffer, which may result in a buffer overflow. | 2022-05-05 | not yet calculated | CVE-2021-38435 CONFIRM CONFIRM |
gurumd — gurumdds |
All versions of GurumDDS are vulnerable to heap-based buffer overflow, which may cause a denial-of-service condition or remotely execute arbitrary code. | 2022-05-05 | not yet calculated | CVE-2021-38439 CONFIRM |
eclipse — cyclonedds |
Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser. | 2022-05-05 | not yet calculated | CVE-2021-38441 CONFIRM CONFIRM |
eclipse — cyclonedds |
Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser. | 2022-05-05 | not yet calculated | CVE-2021-38443 CONFIRM CONFIRM |
oci — opendds |
OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter consistent with the actual length of the associated data, which may allow an attacker to remotely execute arbitrary code. | 2022-05-05 | not yet calculated | CVE-2021-38445 CONFIRM CONFIRM |
oci — opendds |
OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition. | 2022-05-05 | not yet calculated | CVE-2021-38447 CONFIRM CONFIRM |
rti — connext_versions |
RTI Connext DDS Professional, Connext DDS Secure versions 4.2x to 6.1.0, and Connext DDS Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure. | 2022-05-05 | not yet calculated | CVE-2021-38487 CONFIRM CONFIRM |
qnap — multiple_products | A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance. If exploited, this vulnerability allows attackers to read the contents of unexpected files and expose sensitive data. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, QTS, QVR Pro Appliance: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later | 2022-05-05 | not yet calculated | CVE-2021-38693 MISC |
ibm — guardium_data_encryption |
IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 213855. | 2022-05-05 | not yet calculated | CVE-2021-39020 XF CONFIRM |
ibm — guardium_data_encryption |
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213860. | 2022-05-06 | not yet calculated | CVE-2021-39023 CONFIRM XF |
ibm — guardium_data_encryption |
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. IBM X-Force ID: 213865. | 2022-05-06 | not yet calculated | CVE-2021-39027 XF CONFIRM |
partkeeper — partkeepr |
Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter. | 2022-05-03 | not yet calculated | CVE-2021-39390 MISC MISC MISC |
geoserver — geoserver |
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host. | 2022-05-02 | not yet calculated | CVE-2021-40822 MISC CONFIRM MISC MISC |
fortiguard — fortilsolator_versions |
An improper access control vulnerability [CWE-284] in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL. | 2022-05-04 | not yet calculated | CVE-2021-41020 CONFIRM |
fortiguard — fortios |
An improper access control vulnerability [CWE-284] in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands. | 2022-05-04 | not yet calculated | CVE-2021-41032 CONFIRM |
mozilla — geckodriver |
Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname. | 2022-05-02 | not yet calculated | CVE-2021-4138 MISC MISC |
artica — artica_proxy |
A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with GET param logs and POST param rp. | 2022-05-05 | not yet calculated | CVE-2021-41739 MISC |
m-files — m-files |
Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable | 2022-05-02 | not yet calculated | CVE-2021-41810 MISC |
jerryscript — jerryscript_project |
JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak. | 2022-05-03 | not yet calculated | CVE-2021-41959 MISC MISC |
pingidentity — pingid |
A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. | 2022-04-30 | not yet calculated | CVE-2021-41992 MISC MISC |
pingidentity — pingid |
A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. | 2022-04-30 | not yet calculated | CVE-2021-41993 MISC MISC |
pingidentity — pingid |
A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. | 2022-04-30 | not yet calculated | CVE-2021-41994 MISC MISC |
suse — rancher |
A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4. | 2022-05-02 | not yet calculated | CVE-2021-4200 CONFIRM |
pingidentity — pingid_desktop |
PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP. | 2022-04-30 | not yet calculated | CVE-2021-42001 MISC MISC |
mitrastar — gpt-2541ngnac-n1 |
MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command “deviceinfo show file &&/bin/bash” because of incorrect sanitization of parameter “path”. | 2022-05-03 | not yet calculated | CVE-2021-42165 MISC MISC MISC |
masacms — masacms |
MasaCMS 7.2.1 is affected by a path traversal vulnerability in /index.cfm/_api/asset/image/. | 2022-05-05 | not yet calculated | CVE-2021-42183 MISC MISC |
wdja — wdja |
wdja v2.1 is affected by a SQL injection vulnerability in the foreground search function. | 2022-05-04 | not yet calculated | CVE-2021-42185 MISC MISC |
konga — konga |
Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation. | 2022-05-04 | not yet calculated | CVE-2021-42192 MISC MISC MISC |
ompl — ompl |
OMPL v1.5.2 contains a memory leak in VFRRT.cpp | 2022-05-03 | not yet calculated | CVE-2021-42218 MISC |
osticket — osticket |
SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality. | 2022-05-04 | not yet calculated | CVE-2021-42235 MISC |
jfinal — jfinal_cms |
A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor. | 2022-05-05 | not yet calculated | CVE-2021-42242 MISC |
adobe — xmp_toolkit |
XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-05-02 | not yet calculated | CVE-2021-42528 MISC |
adobe — xmp_toolkit_sdk |
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | 2022-05-02 | not yet calculated | CVE-2021-42529 MISC |
adobe — xmp_toolkit_sdk |
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | 2022-05-02 | not yet calculated | CVE-2021-42530 MISC |
adobe — xmp_toolkit_sdk |
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | 2022-05-02 | not yet calculated | CVE-2021-42531 MISC |
adobe — xmp_toolkit_sdk |
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | 2022-05-02 | not yet calculated | CVE-2021-42532 MISC |
splunk — enterprise |
A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows. | 2022-05-06 | not yet calculated | CVE-2021-42743 MISC |
ruijie_networks — ruijie_rg-ew |
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the setSessionTime function in /cgi-bin/luci/api/common.. | 2022-05-04 | not yet calculated | CVE-2021-43159 MISC MISC |
ruijie_networks — ruijie_rg-ew | A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the switchFastDhcp function in /cgi-bin/luci/api/diagnose. | 2022-05-04 | not yet calculated | CVE-2021-43160 MISC MISC |
ruijie_networks — ruijie_rg-ew |
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the doSwitchApi function in /cgi-bin/luci/api/switch. | 2022-05-04 | not yet calculated | CVE-2021-43161 MISC MISC |
ruijie_networks — ruijie_rg-ew |
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the runPackDiagnose function in /cgi-bin/luci/api/diagnose. | 2022-05-04 | not yet calculated | CVE-2021-43162 MISC MISC |
ruijie_networks — ruijie_rg-ew |
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the checkNet function in /cgi-bin/luci/api/auth. | 2022-05-04 | not yet calculated | CVE-2021-43163 MISC MISC |
ruijie_networks — ruijie_rg-ew |
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the updateVersion function in /cgi-bin/luci/api/wireless. | 2022-05-04 | not yet calculated | CVE-2021-43164 MISC MISC |
fortinet — fortios |
A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy’s client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages. | 2022-05-04 | not yet calculated | CVE-2021-43206 CONFIRM |
twinoaks — coredx_dds |
TwinOaks Computing CoreDX DDS versions prior to 5.9.1 are susceptible to exploitation when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure. | 2022-05-05 | not yet calculated | CVE-2021-43547 CONFIRM CONFIRM |
qnap — nas |
A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later | 2022-05-05 | not yet calculated | CVE-2021-44051 MISC |
qnap — multiple_products |
An improper link resolution before file access (‘Link Following’) vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, and QTS: QuTScloud c5.0.1.1998 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 4.3.4.1976 build 20220303 and later QTS 4.3.3.1945 build 20220303 and later QTS 4.2.6 build 20220304 and later QTS 4.3.6.1965 build 20220302 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later | 2022-05-05 | not yet calculated | CVE-2021-44052 MISC |
qnap — multiple_products |
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QTS 4.5.4.1991 build 20220329 and later QTS 5.0.0.1986 build 20220324 and later QuTS hero h5.0.0.1986 build 20220324 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTScloud c5.0.1.1949 and later | 2022-05-05 | not yet calculated | CVE-2021-44053 MISC |
qnap — multiple_products |
An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later | 2022-05-05 | not yet calculated | CVE-2021-44054 MISC |
qnap — multiple_products |
An missing authorization vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows remote attackers to access data or perform actions that they should not be allowed to perform. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 ( 2022/02/16 ) and later | 2022-05-05 | not yet calculated | CVE-2021-44055 MISC |
qnap — multiple_products |
An improper authentication vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 and later Video Station 5.3.13 and later Video Station 5.1.8 and later | 2022-05-05 | not yet calculated | CVE-2021-44056 MISC |
qnap — multiple_products | An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.20 ( 2022/02/15 ) and later Photo Station 5.7.16 ( 2022/02/11 ) and later Photo Station 5.4.13 ( 2022/02/11 ) and later | 2022-05-05 | not yet calculated | CVE-2021-44057 MISC |
bookeen — notea_firmware |
Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory traversal vulnerability that allows an attacker to obtain sensitive information. | 2022-05-05 | not yet calculated | CVE-2021-45783 MISC MISC |
strapi — strapi |
Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim’s HTTP request, get the victim’s cookie, perform a base64 decode on the victim’s cookie, and obtain a cleartext password, leading to getting API documentation for further API attacks. | 2022-05-03 | not yet calculated | CVE-2021-46440 MISC MISC MISC MISC |
ntfsk — ntfsck |
ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions. | 2022-05-02 | not yet calculated | CVE-2021-46790 MISC |
wordpress — ad_invalid_click_protector_plugin |
The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans | 2022-05-02 | not yet calculated | CVE-2022-0191 CONFIRM MISC |
wordpress — event_list_wordpress_plugin |
The Event List WordPress plugin before 0.8.8 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks against other admin even when the unfiltered_html is disallowed | 2022-05-02 | not yet calculated | CVE-2022-0418 MISC |
wordpress — content_egg_wordpress_plugin |
The Content Egg WordPress plugin before 5.3.0 does not sanitise and escape the page parameter before outputting back in an attribute in the Autoblogging admin dashboard, leading to a Reflected Cross-Site Scripting | 2022-05-02 | not yet calculated | CVE-2022-0428 MISC |
wordpress — adrotate_plugin |
The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2022-05-02 | not yet calculated | CVE-2022-0649 MISC |
wordpress — adrotate_plugin |
The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2022-05-02 | not yet calculated | CVE-2022-0662 MISC |
wordpress — sitesupercharger_plugin |
The SiteSuperCharger WordPress plugin before 5.2.0 does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions (available to both unauthenticated and authenticated users), leading to Unauthenticated SQL Injections | 2022-05-02 | not yet calculated | CVE-2022-0771 MISC |
wordpress — documentor_plugin |
The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users. | 2022-05-02 | not yet calculated | CVE-2022-0773 MISC |
wordpress — multiple_shipping_address_woocommerce_plugin |
The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections | 2022-05-02 | not yet calculated | CVE-2022-0783 MISC |
fuschia — fuchsia |
A bug exists where an attacker can read the kernel log through exposed Zircon kernel addresses without the required capability ZX_RSRC_KIND_ROOT. It is recommended to upgrade the Fuchsia kernel to 4.1.1 or greater. | 2022-05-03 | not yet calculated | CVE-2022-0882 MISC |
logitech — logitech_options |
An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations. | 2022-05-03 | not yet calculated | CVE-2022-0916 MISC |
wordpress — sitemap |
The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog. | 2022-05-02 | not yet calculated | CVE-2022-0952 MISC |
wordpress — visual_form_builder_plugin |
The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form’s ‘Email to’ field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2022-05-02 | not yet calculated | CVE-2022-1046 MISC |
linux — linux_kernel |
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. | 2022-04-29 | not yet calculated | CVE-2022-1048 MISC MISC DEBIAN |
keylime — keylime | Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an AK of a software TPM. A successful attack breaks the entire chain of trust because a not validated AK is used by the verifier. This issue is worse if the validation happens first and then the agent gets added to the verifier because the timing is easier and the verifier does not validate the regcount entry being equal to 1, | 2022-05-06 | not yet calculated | CVE-2022-1053 MISC MISC MISC |
linux — linux_kernel |
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. | 2022-04-29 | not yet calculated | CVE-2022-1195 MISC MISC MISC MISC MISC DEBIAN |
axios — axios | Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository axios/axios prior to 0.26. | 2022-05-03 | not yet calculated | CVE-2022-1214 CONFIRM MISC |
wordpress — hubspot_plugin |
The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks | 2022-05-02 | not yet calculated | CVE-2022-1239 MISC |
wordpress — lifterlms_paypal_plugin |
The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue | 2022-05-02 | not yet calculated | CVE-2022-1250 MISC MISC |
wordpress — import_and_export_users_and customers_plugin |
The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues | 2022-05-02 | not yet calculated | CVE-2022-1255 MISC |
wordpress — fast_flow_plugin |
The Fast Flow WordPress plugin before 1.2.11 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting | 2022-05-02 | not yet calculated | CVE-2022-1269 MISC |
wordpress — import_wp_plugin |
The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE | 2022-05-02 | not yet calculated | CVE-2022-1273 MISC |
wordpress — photo_gallery_wordpress_plugin |
The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST[‘filter_tag’] parameter, which is appended to an SQL query, making SQL Injection attacks possible. | 2022-05-02 | not yet calculated | CVE-2022-1281 CONFIRM MISC |
wordpress — photo_gallery_wordpress_plugin |
The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $_GET[‘image_url’] variable, which is reflected back to the users when executing the editimage_bwg AJAX action. | 2022-05-02 | not yet calculated | CVE-2022-1282 MISC CONFIRM |
openssl — openssl |
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). | 2022-05-03 | not yet calculated | CVE-2022-1292 CONFIRM CONFIRM CONFIRM CONFIRM |
trumpf — trutops | Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service. | 2022-05-02 | not yet calculated | CVE-2022-1300 CONFIRM |
dmars — dmars |
In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references of XML external entities while processing specific project files, which may allow unauthorized information disclosure. | 2022-05-03 | not yet calculated | CVE-2022-1331 MISC |
openssl — openssl |
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL “ocsp” application. When verifying an ocsp response with the “-no_cert_checks” option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). | 2022-05-03 | not yet calculated | CVE-2022-1343 CONFIRM CONFIRM |
linux — pfkey_register |
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. | 2022-04-29 | not yet calculated | CVE-2022-1353 MISC MISC DEBIAN |
delta_electronics — diaenergie |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerChart.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | 2022-05-02 | not yet calculated | CVE-2022-1366 CONFIRM |
delta_electronics — diaenergie | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in Handler_TCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | 2022-05-02 | not yet calculated | CVE-2022-1367 CONFIRM |
delta_electronics — diaenergie | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | 2022-05-02 | not yet calculated | CVE-2022-1369 CONFIRM |
delta_electronics — diaenergie |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadREGbyID. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | 2022-05-02 | not yet calculated | CVE-2022-1370 CONFIRM |
delta_electronics — diaenergie | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegf. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | 2022-05-02 | not yet calculated | CVE-2022-1371 CONFIRM |
delta_electronics — diaenergie | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | 2022-05-02 | not yet calculated | CVE-2022-1372 CONFIRM |
delta_electronics — diaenergie | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_unHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | 2022-05-02 | not yet calculated | CVE-2022-1374 CONFIRM |
delta_electronics — diaenergie | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_slogHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | 2022-05-02 | not yet calculated | CVE-2022-1375 CONFIRM |
delta_electronics — diaenergie | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_privgrpHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | 2022-05-02 | not yet calculated | CVE-2022-1376 CONFIRM |
delta_electronics — diaenergie | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_rltHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | 2022-05-02 | not yet calculated | CVE-2022-1377 CONFIRM |
delta_electronics — diaenergie | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | 2022-05-02 | not yet calculated | CVE-2022-1378 CONFIRM |
f5 — big-ip |
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP (fixed in 17.0.0), a cross-site request forgery (CSRF) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This vulnerability allows an attacker to run a limited set of commands: ping, traceroute, and WOM diagnostics. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-1389 MISC |
yetiforcecompany — yetiforcecrm |
Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim’s cookie leads to account takeover. | 2022-05-05 | not yet calculated | CVE-2022-1411 CONFIRM MISC |
openssl — openssl |
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection will fail at that point. Many application protocols require data to be sent from the client to the server first. Therefore, in such a case, only an OpenSSL 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. If both endpoints are OpenSSL 3.0 then the attacker could modify data being sent in both directions. In this case both clients and servers could be affected, regardless of the application protocol. Note that in the absence of an attacker this bug means that an OpenSSL 3.0 endpoint communicating with a non-OpenSSL 3.0 endpoint will fail to complete the handshake when using this ciphersuite. The confidentiality of data is not impacted by this issue, i.e. an attacker cannot decrypt data that has been encrypted using this ciphersuite – they can only modify it. In order for this attack to work both endpoints must legitimately negotiate the RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in OpenSSL 3.0, and is not available within the default provider or the default ciphersuite list. This ciphersuite will never be used if TLSv1.3 has been negotiated. In order for an OpenSSL 3.0 endpoint to use this ciphersuite the following must have occurred: 1) OpenSSL must have been compiled with the (non-default) compile time option enable-weak-ssl-ciphers 2) OpenSSL must have had the legacy provider explicitly loaded (either through application code or via configuration) 3) The ciphersuite must have been explicitly added to the ciphersuite list 4) The libssl security level must have been set to 0 (default is 1) 5) A version of SSL/TLS below TLSv1.3 must have been negotiated 6) Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any others that both endpoints have in common Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). | 2022-05-03 | not yet calculated | CVE-2022-1434 CONFIRM CONFIRM |
gogs — gogs |
Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account . | 2022-05-05 | not yet calculated | CVE-2022-1464 MISC CONFIRM |
f5 — big-ip |
On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x on F5 BIG-IP, an authenticated iControl REST user with at least guest role privileges can cause processing delays to iControl REST requests via undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-1468 MISC |
openssl — openssl |
The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). | 2022-05-03 | not yet calculated | CVE-2022-1473 CONFIRM CONFIRM |
ffmpeg — ffmpeg |
An integer overflow vulnerability was found in FFmpeg 5.0.1 and in previous versions in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file. | 2022-05-02 | not yet calculated | CVE-2022-1475 MISC MISC |
octopus — octopus_server |
Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions. | 2022-05-04 | not yet calculated | CVE-2022-1502 MISC |
matio — matio | A memory leak was discovered in matio 1.5.21 and earlier in Mat_VarReadNextInfo5() in mat5.c via a crafted file. This issue can potentially result in DoS. | 2022-05-02 | not yet calculated | CVE-2022-1515 MISC MISC |
linux — linux_kernel | A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. | 2022-05-05 | not yet calculated | CVE-2022-1516 MISC |
oracle — oracle |
Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained confidential data. | 2022-05-01 | not yet calculated | CVE-2022-1544 CONFIRM MISC |
mattemost — playbooks_plugin | Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins. | 2022-05-03 | not yet calculated | CVE-2022-1548 MISC |
clinical-genomics — scouts |
Path Traversal due to `send_file` call in GitHub repository clinical-genomics/scout prior to 4.52. | 2022-05-03 | not yet calculated | CVE-2022-1554 MISC CONFIRM |
microweber — microweber |
DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie… | 2022-05-04 | not yet calculated | CVE-2022-1555 CONFIRM MISC |
neorazorx –facturascripts |
Cross-site scripting – Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user’cookie, perform HTTP request, get content of `same origin` page, etc … | 2022-05-04 | not yet calculated | CVE-2022-1571 CONFIRM MISC |
jgraph — drawio | Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. – Arbitrary (remote) code execution in the desktop app. – Stored XSS in the web app. | 2022-05-05 | not yet calculated | CVE-2022-1575 MISC CONFIRM |
microweber — microweber |
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim | 2022-05-04 | not yet calculated | CVE-2022-1584 MISC CONFIRM |
contao — contao | Cross-site Scripting (XSS) in GitHub repository contao/contao prior to 4.13.3. Attacker can execute Malicious JS in Application 🙂 | 2022-05-05 | not yet calculated | CVE-2022-1588 MISC CONFIRM |
bludit — bludit |
A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit has been disclosed to the public and may be used. | 2022-05-05 | not yet calculated | CVE-2022-1590 MISC MISC |
clinical_genomics — scout |
Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss… | 2022-05-05 | not yet calculated | CVE-2022-1592 CONFIRM MISC |
vim — vim |
Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution | 2022-05-07 | not yet calculated | CVE-2022-1616 MISC CONFIRM |
mediatek — telephony |
In telephony, there is a possible way to disable receiving emergency broadcasts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498874; Issue ID: ALPS06498874. | 2022-05-03 | not yet calculated | CVE-2022-20084 MISC |
mediatek — netdiag |
In netdiag, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308877; Issue ID: ALPS06308877. | 2022-05-03 | not yet calculated | CVE-2022-20085 MISC |
mediatek — ccu |
In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06477970; Issue ID: ALPS06477970. | 2022-05-03 | not yet calculated | CVE-2022-20087 MISC |
mediatek — aee_driver |
In aee driver, there is a possible reference count mistake due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209201; Issue ID: ALPS06209201. | 2022-05-03 | not yet calculated | CVE-2022-20088 MISC |
mediatek — aee_driver |
In aee driver, there is a possible memory corruption due to active debug code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06240397; Issue ID: ALPS06240397. | 2022-05-03 | not yet calculated | CVE-2022-20089 MISC |
mediatek — aee_driver |
In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209197; Issue ID: ALPS06209197. | 2022-05-03 | not yet calculated | CVE-2022-20090 MISC |
mediatek — aee_driver |
In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209201; Issue ID: ALPS06226345. | 2022-05-03 | not yet calculated | CVE-2022-20091 MISC |
mediatek — alac |
In alac decoder, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06366061; Issue ID: ALPS06366061. | 2022-05-03 | not yet calculated | CVE-2022-20092 MISC |
mediatek — telephony |
In telephony, there is a possible way to disable receiving SMS messages due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498868; Issue ID: ALPS06498868. | 2022-05-03 | not yet calculated | CVE-2022-20093 MISC |
mediatek — imgsensor |
In imgsensor, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479763; Issue ID: ALPS06479734. | 2022-05-03 | not yet calculated | CVE-2022-20094 MISC |
mediatek — imgsensor |
In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479763; Issue ID: ALPS06479763. | 2022-05-03 | not yet calculated | CVE-2022-20095 MISC |
mediatek — camera |
In camera, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06419003; Issue ID: ALPS06419003. | 2022-05-03 | not yet calculated | CVE-2022-20096 MISC |
mediatek — aee_daemon |
In aee daemon, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06383944. | 2022-05-03 | not yet calculated | CVE-2022-20097 MISC |
mediatek — aee_daemon |
In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06419017. | 2022-05-03 | not yet calculated | CVE-2022-20098 MISC |
mediatek — aee_daemon |
In aee daemon, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06296442; Issue ID: ALPS06296442. | 2022-05-03 | not yet calculated | CVE-2022-20099 MISC |
mediatek — aee_daemon |
In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06270804. | 2022-05-03 | not yet calculated | CVE-2022-20100 MISC |
mediatek — aee_daemon |
In aee daemon, there is a possible information disclosure due to a path traversal. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06270870. | 2022-05-03 | not yet calculated | CVE-2022-20101 MISC |
mediatek — aee_daemon |
In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06296442; Issue ID: ALPS06296405. | 2022-05-03 | not yet calculated | CVE-2022-20102 MISC |
mediatek — aee_daemon |
In aee daemon, there is a possible information disclosure due to symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06282684. | 2022-05-03 | not yet calculated | CVE-2022-20103 MISC |
mediatek — aee_daemon |
In aee daemon, there is a possible information disclosure due to improper access control. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06284104. | 2022-05-03 | not yet calculated | CVE-2022-20104 MISC |
mediatek — mm_service |
In MM service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330460; Issue ID: DTV03330460. | 2022-05-03 | not yet calculated | CVE-2022-20105 MISC |
mediatek — mm_service |
In MM service, there is a possible out of bounds write due to a heap-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330460; Issue ID: DTV03330460. | 2022-05-03 | not yet calculated | CVE-2022-20106 MISC |
mediatek — subtitle_service |
In subtitle service, there is a possible application crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330673; Issue ID: DTV03330673. | 2022-05-03 | not yet calculated | CVE-2022-20107 MISC |
mediatek — voice_service |
In voice service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330702; Issue ID: DTV03330702. | 2022-05-03 | not yet calculated | CVE-2022-20108 MISC |
mediatek — ion |
In ion, there is a possible use after free due to improper update of reference count. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06399915; Issue ID: ALPS06399915. | 2022-05-03 | not yet calculated | CVE-2022-20109 MISC |
mediatek — ion |
In ion, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06399915; Issue ID: ALPS06399901. | 2022-05-03 | not yet calculated | CVE-2022-20110 MISC |
mediatek — ion |
In ion, there is a possible use after free due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06366069; Issue ID: ALPS06366069. | 2022-05-03 | not yet calculated | CVE-2022-20111 MISC |
cisco — firepower_management_center |
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2022-05-03 | not yet calculated | CVE-2022-20627 CISCO |
cisco — firepower_management_center |
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2022-05-03 | not yet calculated | CVE-2022-20628 CISCO |
cisco — firepower_management_center |
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2022-05-03 | not yet calculated | CVE-2022-20629 CISCO |
cisco — adaptive_security_and_firepower_threat_defense |
A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper validation of errors that are logged as a result of client connections that are made using remote access VPN. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to cause the affected device to restart, resulting in a DoS condition. | 2022-05-03 | not yet calculated | CVE-2022-20715 CISCO |
cisco — firepower_threat_defense |
A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject XML into the command parser. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted input in commands. A successful exploit could allow the attacker to inject XML into the command parser, which could result in unexpected processing of the command and unexpected command output. | 2022-05-03 | not yet calculated | CVE-2022-20729 CISCO |
cisco — firepower_threat_defense |
A vulnerability in the Security Intelligence feed feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the Security Intelligence DNS feed. This vulnerability is due to incorrect feed update processing. An attacker could exploit this vulnerability by sending traffic through an affected device that should be blocked by the affected device. A successful exploit could allow the attacker to bypass device controls and successfully send traffic to devices that are expected to be protected by the affected device. | 2022-05-03 | not yet calculated | CVE-2022-20730 CISCO |
cisco — sd-wan_vmanager |
A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system. | 2022-05-04 | not yet calculated | CVE-2022-20734 CISCO |
cisco — adaptive_security_appliance |
A vulnerability in the handler for HTTP authentication for resources accessed through the Clientless SSL VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device or to obtain portions of process memory from an affected device. This vulnerability is due to insufficient bounds checking when parsing specific HTTP authentication messages. An attacker could exploit this vulnerability by sending malicious traffic to an affected device acting as a VPN Gateway. To send this malicious traffic, an attacker would need to control a web server that can be accessed through the Clientless SSL VPN portal. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition, or to retrieve bytes from the device process memory that may contain sensitive information. | 2022-05-03 | not yet calculated | CVE-2022-20737 CISCO |
cisco — firepower_management_center |
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by convincing a user to click a link designed to pass malicious input to the interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks and gain access to sensitive browser-based information. | 2022-05-03 | not yet calculated | CVE-2022-20740 CISCO |
cisco — adaptive_security_appliance | A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to read or modify data within an IPsec IKEv2 VPN tunnel. This vulnerability is due to an improper implementation of Galois/Counter Mode (GCM) ciphers. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting a sufficient number of encrypted messages across an affected IPsec IKEv2 VPN tunnel and then using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to decrypt, read, modify, and re-encrypt data that is transmitted across an affected IPsec IKEv2 VPN tunnel. | 2022-05-03 | not yet calculated | CVE-2022-20742 CISCO |
cisco — firepower_management_center |
A vulnerability in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to bypass security protections and upload malicious files to the affected system. This vulnerability is due to improper validation of files uploaded to the web management interface of Cisco FMC Software. An attacker could exploit this vulnerability by uploading a maliciously crafted file to a device running affected software. A successful exploit could allow the attacker to store malicious files on the device, which they could access later to conduct additional attacks, including executing arbitrary code on the affected device with root privileges. | 2022-05-03 | not yet calculated | CVE-2022-20743 CISCO |
cisco — firepower_management_center |
A vulnerability in the input protection mechanisms of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view data without proper authorization. This vulnerability exists because of a protection mechanism that relies on the existence or values of a specific input. An attacker could exploit this vulnerability by modifying this input to bypass the protection mechanism and sending a crafted request to an affected device. A successful exploit could allow the attacker to view data beyond the scope of their authorization. | 2022-05-03 | not yet calculated | CVE-2022-20744 CISCO |
cisco — adaptive_security_and_firepower_threat_defense | A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | 2022-05-03 | not yet calculated | CVE-2022-20745 CISCO |
cisco — firepower_threat_defense_software |
A vulnerability in the TCP proxy functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper handling of TCP flows. An attacker could exploit this vulnerability by sending a crafted stream of TCP traffic through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | 2022-05-03 | not yet calculated | CVE-2022-20746 CISCO |
cisco — firepower_threat_defense_software |
A vulnerability in the local malware analysis process of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to insufficient error handling in the local malware analysis process of an affected device. An attacker could exploit this vulnerability by sending a crafted file through the device. A successful exploit could allow the attacker to cause the local malware analysis process to crash, which could result in a DoS condition. Notes: Manual intervention may be required to recover from this situation. Malware cloud lookup and dynamic analysis will not be impacted. | 2022-05-03 | not yet calculated | CVE-2022-20748 CISCO |
cisco — firepower_threat_defense_software |
A vulnerability in the Snort detection engine integration for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause unlimited memory consumption, which could lead to a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient memory management for certain Snort events. An attacker could exploit this vulnerability by sending a series of crafted IP packets that would generate specific Snort events on an affected device. A sustained attack could cause an out of memory condition on the affected device. A successful exploit could allow the attacker to interrupt all traffic flowing through the affected device. In some circumstances, the attacker may be able to cause the device to reload, resulting in a DoS condition. | 2022-05-03 | not yet calculated | CVE-2022-20751 CISCO |
cisco — small_business_rv340_and_rv345_routers |
A vulnerability in web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to an affected device. A successful exploit could allow the attacker to execute remote code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. | 2022-05-04 | not yet calculated | CVE-2022-20753 CISCO |
cisco — firepower_threat_defense_software |
A vulnerability in the connection handling function in Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper traffic handling when platform limits are reached. An attacker could exploit this vulnerability by sending a high rate of UDP traffic through an affected device. A successful exploit could allow the attacker to cause all new, incoming connections to be dropped, resulting in a DoS condition. | 2022-05-03 | not yet calculated | CVE-2022-20757 CISCO |
cisco — adaptive_security_and_firepower_threat_defense |
A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, but unprivileged, remote attacker to elevate privileges to level 15. This vulnerability is due to improper separation of authentication and authorization scopes. An attacker could exploit this vulnerability by sending crafted HTTPS messages to the web services interface of an affected device. A successful exploit could allow the attacker to gain privilege level 15 access to the web management interface of the device. This includes privilege level 15 access to the device using management tools like the Cisco Adaptive Security Device Manager (ASDM) or the Cisco Security Manager (CSM). Note: With Cisco FTD Software, the impact is lower than the CVSS score suggests because the affected web management interface allows for read access only. | 2022-05-03 | not yet calculated | CVE-2022-20759 CISCO |
cisco — adaptive_security_and_firepower_threat_defense |
A vulnerability in the DNS inspection handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to a lack of proper processing of incoming requests. An attacker could exploit this vulnerability by sending crafted DNS requests at a high rate to an affected device. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a DoS condition. | 2022-05-03 | not yet calculated | CVE-2022-20760 CISCO |
cisco — multiple_products |
Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-05-04 | not yet calculated | CVE-2022-20764 CISCO |
cisco — firepwer_threat_defense |
A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of the DNS reputation enforcement rule. An attacker could exploit this vulnerability by sending crafted UDP packets through an affected device to force a buildup of UDP connections. A successful exploit could allow the attacker to cause traffic that is going through the affected device to be dropped, resulting in a DoS condition. Note: This vulnerability only affects Cisco FTD devices that are running Snort 3. | 2022-05-03 | not yet calculated | CVE-2022-20767 CISCO |
cisco — clamav |
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. | 2022-05-04 | not yet calculated | CVE-2022-20770 CISCO |
cisco — clamav |
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. | 2022-05-04 | not yet calculated | CVE-2022-20771 CISCO |
cisco — enterprise_nfv_infrastructure |
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-05-04 | not yet calculated | CVE-2022-20777 CISCO |
cisco — enterprise_nfv_infrastructure |
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-05-04 | not yet calculated | CVE-2022-20779 CISCO |
cisco — enterprise_nfv_infrastructure |
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-05-04 | not yet calculated | CVE-2022-20780 CISCO |
cisco — clamav |
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. | 2022-05-04 | not yet calculated | CVE-2022-20785 CISCO |
cisco — multiple_products |
Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-05-04 | not yet calculated | CVE-2022-20794 CISCO |
cisco — clamav |
On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. | 2022-05-04 | not yet calculated | CVE-2022-20796 CISCO |
cisco — small_business_rv340_and_rv345_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. | 2022-05-04 | not yet calculated | CVE-2022-20799 CISCO |
cisco — small_business_rv340_and_rv345_routers |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. | 2022-05-04 | not yet calculated | CVE-2022-20801 CISCO |
snyk — synk | This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument’s toString value is not a Function object V8 will crash. | 2022-05-01 | not yet calculated | CVE-2022-21144 MISC MISC MISC |
snyk — synk |
The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user’s account through the stolen cookie. | 2022-05-01 | not yet calculated | CVE-2022-21149 MISC MISC |
snyk — synk |
All versions of package masuit.tools.core are vulnerable to Arbitrary Code Execution via the ReceiveVarData<T> function in the SocketClient.cs component. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter. | 2022-05-01 | not yet calculated | CVE-2022-21167 MISC MISC |
snyk — synk |
The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPath(obj, keyPath, value) function which does not properly check the keys being set (like __proto__ or constructor). This can allow an attacker to add/modify properties of the Object.prototype leading to prototype pollution vulnerability. **Note:** This vulnerability can occur in multiple ways, for example when modifying a collection with untrusted user input. | 2022-05-01 | not yet calculated | CVE-2022-21189 MISC MISC MISC MISC |
snyk — synk |
The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine. | 2022-05-01 | not yet calculated | CVE-2022-21227 MISC MISC MISC |
snyk — synk |
This affects all versions of package org.nanohttpd:nanohttpd. Whenever an HTTP Session is parsing the body of an HTTP request, the body of the request is written to a RandomAccessFile when the it is larger than 1024 bytes. This file is created with insecure permissions that allow its contents to be viewed by all users on the host machine. **Workaround:** Manually specifying the -Djava.io.tmpdir= argument when launching Java to set the temporary directory to a directory exclusively controlled by the current user can fix this issue. | 2022-05-01 | not yet calculated | CVE-2022-21230 MISC MISC MISC MISC |
mediatek — ion |
In ion, there is a possible use after free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06371108; Issue ID: ALPS06371108. | 2022-05-03 | not yet calculated | CVE-2022-21743 MISC |
johnsoncontrols — metasys |
Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS server 11 versions prior to 11.0.2. | 2022-05-06 | not yet calculated | CVE-2022-21934 CERT CONFIRM |
suse — open_build_service |
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privileges on OBS. This issue affects: SUSE Open Build Service Open Build Service versions prior to 2.10.13. | 2022-05-03 | not yet calculated | CVE-2022-21949 CONFIRM |
accusoft — imagegear |
A memory corruption vulnerability exists in the ioca_mys_rgb_allocate functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to an arbitrary free. An attacker can provide a malicious file to trigger this vulnerability. | 2022-05-03 | not yet calculated | CVE-2022-22137 MISC |
synk — synk |
The package convict before 6.2.2 are vulnerable to Prototype Pollution via the convict function due to missing validation of parentKey. **Note:** This vulnerability derives from an incomplete fix of another [vulnerability](https://security.snyk.io/vuln/SNYK-JS-CONVICT-1062508) | 2022-05-01 | not yet calculated | CVE-2022-22143 MISC MISC MISC |
ibm — spectrum_scale |
IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 221012. | 2022-05-03 | not yet calculated | CVE-2022-22368 XF CONFIRM |
ibm — robotic_process_automation |
A vulnerability exists where an IBM Robotic Process Automation 21.0.1 regular user is able to obtain view-only access to some admin pages in the Control Center IBM X-Force ID: 223029. | 2022-05-05 | not yet calculated | CVE-2022-22415 CONFIRM XF |
ibm — robotic_process_automation |
IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 224156. | 2022-05-05 | not yet calculated | CVE-2022-22433 XF CONFIRM |
ibm — robotic_process_automation |
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with physical access to create an API request modified to create additional objects. IBM X-Force ID: 224159. | 2022-05-05 | not yet calculated | CVE-2022-22434 XF CONFIRM |
shopizer — shopizer |
A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user (attacker) can inject malicious JavaScript in the filename under the “Manage files” tab | 2022-05-01 | not yet calculated | CVE-2022-23060 MISC MISC |
shopizer — shopizer |
In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR) vulnerability. | 2022-05-01 | not yet calculated | CVE-2022-23061 MISC MISC |
shopizer — shopizer |
In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed. | 2022-05-03 | not yet calculated | CVE-2022-23063 MISC MISC |
snipe — snipe-it |
In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over. | 2022-05-02 | not yet calculated | CVE-2022-23064 MISC MISC |
vendure — vendure |
In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS vulnerability, where an attacker having catalog permission can upload a SVG file that contains malicious JavaScript into the “Assets” tab. The uploaded file will affect administrators as well as regular users. | 2022-05-02 | not yet calculated | CVE-2022-23065 MISC MISC |
adobe — photoshop |
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-05-06 | not yet calculated | CVE-2022-23205 MISC |
accusoft — imagegear |
A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. A specially-crafted PSD file can overflow a stack buffer, which could either lead to denial of service or, depending on the application, to an information leak. An attacker can provide a malicious file to trigger this vulnerability. | 2022-05-03 | not yet calculated | CVE-2022-23400 MISC |
fortinet — fortisoar |
An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests. | 2022-05-04 | not yet calculated | CVE-2022-23443 CONFIRM |
pingidentity — pingfederate |
When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password. | 2022-05-02 | not yet calculated | CVE-2022-23722 MISC MISC |
pingidentity — pingfederate_pingone_fa_integration_kit |
An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow. | 2022-05-02 | not yet calculated | CVE-2022-23723 MISC MISC |
pingidentity — pingid_integration_for_windows_login |
Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials. | 2022-05-04 | not yet calculated | CVE-2022-23724 CONFIRM MISC |
joomla — guru_exension |
Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The impact is: obtain sensitive information (remote). The component is: Access to private information and components, possibility to view other users’ information. Information disclosure Access to private information and components, possibility to view other users’ information. | 2022-05-06 | not yet calculated | CVE-2022-23802 MISC |
rainworx_softwares — autionworx |
Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition. | 2022-05-02 | not yet calculated | CVE-2022-23904 MISC MISC |
snyk — snyk |
All versions of package jailed are vulnerable to Sandbox Bypass via an exported alert() method which can access the main application. Exported methods are stored in the application.remote object. | 2022-05-01 | not yet calculated | CVE-2022-23923 MISC MISC |
adobe — photoshop |
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an improper input validation vulnerability when parsing a PCX file that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PCX file. | 2022-05-06 | not yet calculated | CVE-2022-24098 MISC |
adobe — photoshop |
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-05-06 | not yet calculated | CVE-2022-24099 MISC |
adobe — photoshop |
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious U3D file. | 2022-05-06 | not yet calculated | CVE-2022-24105 MISC |
snyk — snyk |
The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the –upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn(). However, the outpath parameter passed to it may be a command-line argument to the git clone command and result in arbitrary command injection. | 2022-05-01 | not yet calculated | CVE-2022-24437 MISC MISC MISC |
fluxcd — flux2 |
Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployments this can also lead to privilege escalation if the controller’s service account has elevated permissions. Workarounds include disabling functionality via Validating Admission webhooks by restricting users from setting the `spec.kubeConfig` field in Flux `Kustomization` and `HelmRelease` objects. Additional mitigations include applying restrictive AppArmor and SELinux profiles on the controller’s pod to limit what binaries can be executed. This vulnerability is fixed in kustomize-controller v0.23.0 and helm-controller v0.19.0, both included in flux2 v0.29.0 | 2022-05-06 | not yet calculated | CVE-2022-24817 CONFIRM |
netty — netty |
Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty’s multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one’s own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(…) to set the directory to something that is only readable by the current user. | 2022-05-06 | not yet calculated | CVE-2022-24823 MISC MISC CONFIRM |
fluxcd — flux |
Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious `kustomization.yaml` allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments. Workarounds include automated tooling in the user’s CI/CD pipeline to validate `kustomization.yaml` files conform with specific policies. This vulnerability is fixed in kustomize-controller v0.24.0 and included in flux2 v0.29.0. | 2022-05-06 | not yet calculated | CVE-2022-24877 CONFIRM |
fluxcd — flux |
Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious `kustomization.yaml` allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user’s CI/CD pipeline to validate `kustomization.yaml` files conform with specific policies. This vulnerability is fixed in kustomize-controller v0.24.0 and included in flux2 v0.29.0. Users are recommended to upgrade. | 2022-05-06 | not yet calculated | CVE-2022-24878 CONFIRM |
ecdsautils — ecdsautils |
ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does not mitigate the issue: `ecdsa_verify_list_legacy()` will accept an arbitrary number of such forged signatures. Both the `ecdsautil verify` CLI command and the libecdsautil library are affected. The issue has been fixed in ecdsautils 0.4.1. All older versions of ecdsautils (including versions before the split into a library and a CLI utility) are vulnerable. | 2022-05-06 | not yet calculated | CVE-2022-24884 MISC CONFIRM MISC MLIST |
velocity — velocity |
APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations on the filesystem. Writing an attacking script in Velocity requires the Script rights in XWiki so not all users can use it, and it also requires finding an XWiki API which returns a File. The problem has been patched in versions 12.6.7, 12.10.3, and 13.0. There is no easy workaround for fixing this vulnerability other than upgrading and being careful when giving Script rights. | 2022-05-02 | not yet calculated | CVE-2022-24897 MISC CONFIRM MISC MISC |
contao — contao |
Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings. | 2022-05-06 | not yet calculated | CVE-2022-24899 CONFIRM MISC MISC |
apple — apple_game_center |
Improper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows attackers to bypass authentication, making the server vulnerable to DoS attacks. The vulnerability has been fixed by improving the URL validation and adding additional checks of the resource the URL points to before downloading it. | 2022-05-04 | not yet calculated | CVE-2022-24901 CONFIRM |
tkvideoplayer — tkvideoplayer |
TkVideoplayer is a simple library to play video files in tkinter. Uncontrolled memory consumption in versions of TKVideoplayer prior to 2.0.0 can theoretically lead to performance degradation. There are no known workarounds. This issue has been patched and users are advised to upgrade to version 2.0.0 or later. | 2022-05-06 | not yet calculated | CVE-2022-24902 CONFIRM MISC |
rsyslog — rsyslog |
Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability. | 2022-05-06 | not yet calculated | CVE-2022-24903 CONFIRM MISC |
menlo_security — email_isolation_on_premise | Links may not be rewritten according to policy in some specially formatted emails. | 2022-05-02 | not yet calculated | CVE-2022-24974 MISC |
jsgui_lang_essentials — multiple_products |
All versions of package jsgui-lang-essentials are vulnerable to Prototype Pollution due to allowing all Object attributes to be altered, including their magical attributes such as proto, constructor and prototype. | 2022-05-01 | not yet calculated | CVE-2022-25301 MISC MISC |
bignum — multiple_products |
All versions of package bignum are vulnerable to Denial of Service (DoS) due to a type-check exception in V8, when verifying the type of the second argument to the .powm function, V8 will crash regardless of Node try/catch blocks. | 2022-05-06 | not yet calculated | CVE-2022-25324 CONFIRM CONFIRM |
webjars — multiple_products |
All versions of package materialize-css are vulnerable to Cross-site Scripting (XSS) due to improper escape of user input (such as <not-a-tag />) that is being parsed as HTML/JavaScript, and inserted into the Document Object Model (DOM). This vulnerability can be exploited when the user-input is provided to the autocomplete component. | 2022-05-01 | not yet calculated | CVE-2022-25349 MISC MISC MISC |
webjars — multiple_products |
All versions of package dset are vulnerable to Prototype Pollution via ‘dset/merge’ mode, as the dset function checks for prototype pollution by validating if the top-level path contains __proto__, constructor or protorype. By crafting a malicious object, it is possible to bypass this check and achieve prototype pollution. | 2022-05-01 | not yet calculated | CVE-2022-25645 MISC MISC MISC |
mvnrepository.com — multiple_products | The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. | 2022-05-01 | not yet calculated | CVE-2022-25647 MISC MISC MISC |
mvnrepository.com — multiple_products |
All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets. | 2022-05-01 | not yet calculated | CVE-2022-25767 MISC MISC |
secomea — secomea_gatemanager |
Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session. | 2022-05-04 | not yet calculated | CVE-2022-25778 MISC |
secomea — secomea_gatemanager |
Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. This issue affects: Secomea GateManager versions prior to 9.7. | 2022-05-04 | not yet calculated | CVE-2022-25779 MISC |
secomea — secomea_gatemanager |
Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope. | 2022-05-04 | not yet calculated | CVE-2022-25780 MISC |
secomea — secomea_gatemanager |
Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session. | 2022-05-04 | not yet calculated | CVE-2022-25781 MISC |
secomea — secomea_gatemanager |
Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7. | 2022-05-04 | not yet calculated | CVE-2022-25782 MISC |
secomea — secomea_gatemanager |
Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7. | 2022-05-04 | not yet calculated | CVE-2022-25783 MISC |
secomea — secomea_sitemanager |
Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. This issue affects: Secomea SiteManager all versions prior to 9.7. | 2022-05-04 | not yet calculated | CVE-2022-25784 MISC |
secomea — secomea_sitemanager |
Stack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary code execution. This issue affects: Secomea SiteManager all versions prior to 9.7. | 2022-05-04 | not yet calculated | CVE-2022-25785 MISC |
secomea — secomea_gatemanager |
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. This issue affects: GateManager all versions prior to 9.7. | 2022-05-04 | not yet calculated | CVE-2022-25786 MISC |
secomea — secomea_gatemanager |
Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7. | 2022-05-04 | not yet calculated | CVE-2022-25787 MISC |
com_alibaba_ — one_java_agent_plugin |
All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine. | 2022-05-01 | not yet calculated | CVE-2022-25842 MISC MISC MISC MISC |
org.webjars — angular_package |
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ‘ ‘.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher. | 2022-05-01 | not yet calculated | CVE-2022-25844 MISC MISC MISC MISC MISC |
hoppscotch — proxyscotch |
The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server. | 2022-05-01 | not yet calculated | CVE-2022-25850 MISC MISC |
f5 — big-ip |
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-25946 MISC |
anker_eufy_homebase — anker_eufy_homebase 2 2.1.8.5h |
An authentication bypass vulnerability exists in the libxm_av.so getpeermac() functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted DHCP packet can lead to authentication bypass. An attacker can DHCP poison to trigger this vulnerability. | 2022-05-05 | not yet calculated | CVE-2022-25989 MISC |
f5 — f5os-a_software |
On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-25990 MISC |
pistacheio_pistache — multiple_products |
This affects the package pistacheio/pistache before 0.0.3.20220425. It is possible to traverse directories to fetch arbitrary files from the server. | 2022-05-01 | not yet calculated | CVE-2022-26068 MISC MISC |
splunk — enterprise |
When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0. | 2022-05-06 | not yet calculated | CVE-2022-26070 MISC |
f5 — big-ip |
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a flaw in the way reply ICMP packets are limited in the Traffic Management Microkernel (TMM) allows an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-26071 MISC |
anker_eufy_homebase — anker_eufy_homebase |
A denial of service vulnerability exists in the libxm_av.so DemuxCmdInBuffer functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to a device reboot. An attacker can send packets to trigger this vulnerability. | 2022-05-05 | not yet calculated | CVE-2022-26073 MISC |
f5 — big-ip |
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an Active mode-enabled FTP profile is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing active FTP data channel connections. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-26130 MISC |
netiq — netiq_access_manager | Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2 | 2022-05-02 | not yet calculated | CVE-2022-26325 CONFIRM |
netiq — netiq_access_manager | Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2 | 2022-05-02 | not yet calculated | CVE-2022-26326 CONFIRM |
f5 — big-ip | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, an authenticated, high-privileged attacker with no bash access may be able to access Certificate and Key files using Secure Copy (SCP) protocol from a remote system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-26340 MISC |
f5 — big-ip |
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, and 14.1.x versions prior to 14.1.4.6, when a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-26370 MISC |
f5 — big-ip |
On F5 BIG-IP 15.1.x versions prior to 15.1.0.2, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when a DNS listener is configured on a virtual server with DNS queueing (default), undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-05-05 | not yet calculated | CVE-2022-26372 MISC |
f5 — big-ip |
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-26415 MISC |
f5 — big-ip |
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when the BIG-IP CGNAT Large Scale NAT (LSN) pool is configured on a virtual server and packet filtering is enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-26517 MISC |
f5 — big-ip |
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, directory traversal vulnerabilities exist in undisclosed iControl REST endpoints and TMOS Shell (tmsh) commands in F5 BIG-IP Guided Configuration, which may allow an authenticated attacker with at least resource administrator role privileges to read arbitrary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-26835 MISC |
splunk — enterprise | The lack of sanitization in a relative url path in a search parameter allows for arbitrary injection of external content in Splunk Enterprise versions before 8.1.2. | 2022-05-06 | not yet calculated | CVE-2022-26889 MISC MISC |
f5 — big-ip |
On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1.2.1, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when ASM or Advanced WAF, as well as APM, are configured on a virtual server, the ASM policy is configured with Session Awareness, and the “Use APM Username and Session ID” option is enabled, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-26890 MISC |
f5 — big-ip |
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when APM is configured on a virtual server and the associated access profile is configured with APM AAA NTLM Auth, undisclosed requests can cause an increase in internal resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-27181 MISC |
f5 — big-ip |
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, when BIG-IP packet filters are enabled and a virtual server is configured with the type set to Reject, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-27182 MISC |
splunk — enterprise | The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platform instances. Note that the Cloud Monitoring Console is not impacted. | 2022-05-06 | not yet calculated | CVE-2022-27183 MISC MISC |
f5 — big-ip |
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when an Internet Content Adaptation Protocol (ICAP) profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel (TMM) memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-27189 MISC |
f5 — big-ip |
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-27230 MISC |
gitea_io — gitea_io |
An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service (DoS) via deleting the configuration file. | 2022-05-03 | not yet calculated | CVE-2022-27313 MISC |
e_commerce_website — e_commerce_website |
A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field. | 2022-05-03 | not yet calculated | CVE-2022-27330 MISC |
poppler — poppler |
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | 2022-05-05 | not yet calculated | CVE-2022-27337 MISC |
foxit — pdf_reader |
Foxit PDF Reader v11.2.1.53537 was discovered to contain a NULL pointer dereference via the component FoxitPDFReader.exe. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PHP file. | 2022-05-05 | not yet calculated | CVE-2022-27359 MISC MISC |
springblade — springblade |
SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment. | 2022-05-05 | not yet calculated | CVE-2022-27360 MISC MISC MISC |
totolink — totolink_n600r |
TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter in the “Main” function. | 2022-05-05 | not yet calculated | CVE-2022-27411 MISC |
hospital_management_system — hospital_management_system | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php. | 2022-05-03 | not yet calculated | CVE-2022-27413 MISC |
hospital_management_system — hospital_management_system | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php. | 2022-05-04 | not yet calculated | CVE-2022-27420 MISC |
wuzhicms — wuzhicms |
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php. | 2022-05-04 | not yet calculated | CVE-2022-27431 MISC |
nopCommerce — nopCommerce | In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link. | 2022-05-04 | not yet calculated | CVE-2022-27461 MISC MISC |
mcms — mcms | MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do. | 2022-05-02 | not yet calculated | CVE-2022-27466 MISC |
sdl — sdl_ttf |
SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file. | 2022-05-04 | not yet calculated | CVE-2022-27470 MISC MISC |
nginx — multiple_products |
On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plane endpoints are exposed to the cluster overlay network. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-27495 MISC |
qnap — qnap | We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later | 2022-05-05 | not yet calculated | CVE-2022-27588 MISC |
f5 — big-ip |
On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, BIG-IP APM does not properly validate configurations, allowing an authenticated attacker with high privileges to manipulate the APM policy leading to privilege escalation/remote code execution. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-27634 MISC |
f5 — big-ip |
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-27636 MISC |
f5 — big-ip |
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, an authenticated attacker can modify or delete Dashboards created by other BIG-IP users in the Traffic Management User Interface (TMUI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-27659 MISC |
f5 — traffix_sdc |
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-27662 MISC |
adobe — after_effects |
Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in After Effects. | 2022-05-06 | not yet calculated | CVE-2022-27783 MISC |
adobe — after_effects |
Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in After Effects. | 2022-05-06 | not yet calculated | CVE-2022-27784 MISC |
f5 — big-ip |
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing command injection vulnerabilities in undisclosed URIs in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-27806 MISC |
f5 — access_for_android |
On F5 Access for Android 3.x versions prior to 3.0.8, a Task Hijacking vulnerability exists in the F5 Access for Android application, which may allow an attacker to steal sensitive user information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-27875 MISC |
f5 — big-ip |
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-27878 MISC |
f5 — traffix_sdc |
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-27880 MISC |
eve_ng — multiple_products |
An OS Command Injection vulnerability in the configuration parser of Eve-NG Professional through 4.0.1-65 and Eve-NG Community through 2.0.3-112 allows a remote authenticated attacker to execute commands as root by editing virtualization command parameters of imported UNL files. | 2022-05-04 | not yet calculated | CVE-2022-27903 MISC MISC |
joomla — jdownloads_3.9.8.2_stable |
In Joomla component ‘jDownloads 3.9.8.2 Stable’ the remote user can change some parameters in the address bar and see the names of other users’ files | 2022-05-06 | not yet calculated | CVE-2022-27909 MISC |
bluecms — bluecms | Bluecms 1.6 has a SQL injection vulnerability at cooike. | 2022-05-03 | not yet calculated | CVE-2022-27962 MISC |
rg_nbr_e_enterprise_ gateway — rg_nbr2100g_e | RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a remote code execution (RCE) vulnerability via the fileName parameter at /guest_auth/cfg/upLoadCfg.php. | 2022-05-02 | not yet calculated | CVE-2022-27982 MISC |
rg_nbr_e_enterprise_ gateway — rg_nbr2100g_e | RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain an arbitrary file read vulnerability via the url parameter in check.php. | 2022-05-02 | not yet calculated | CVE-2022-27983 MISC |
3cx — phone_system_management_console | An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server, leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. Versions prior to version 18, Hotfix 1 Build 18.0.3.461 March 2022, are prone to an additional unauthenticated file system access to C:\Windows\System32. | 2022-05-06 | not yet calculated | CVE-2022-28005 MISC MISC MISC |
vandyke — vandyke_software | Improper sanitization of trigger action scripts in VanDyke Software VShell for Windows v4.6.2 allows attackers to execute arbitrary code via a crafted value. | 2022-05-02 | not yet calculated | CVE-2022-28054 MISC |
fusionpbx — fusionpbx | Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function. | 2022-05-04 | not yet calculated | CVE-2022-28055 MISC |
shopxo — shopxo | ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php. | 2022-05-02 | not yet calculated | CVE-2022-28056 MISC |
libarchive — libarchivelv | Libarchive v3.6.0 was discovered to contain a read memory access vulnerability via the function lzma_decode. | 2022-05-04 | not yet calculated | CVE-2022-28066 MISC |
sandboxie_plus — sandboxie_classic | An incorrect access control issue in Sandboxie Classic v5.55.13 allows attackers to cause a Denial of Service (DoS) in the Sandbox via a crafted executable. | 2022-05-04 | not yet calculated | CVE-2022-28067 MISC |
seacms — seacms |
Seacms v11.6 was discovered to contain a remote command execution (RCE) vulnerability via the Mail Server Settings. | 2022-05-04 | not yet calculated | CVE-2022-28076 MISC |
college_management_system — college_management_system | College Management System v1.0 was discovered to contain a SQL injection vulnerability via the course_code parameter. | 2022-05-05 | not yet calculated | CVE-2022-28079 MISC MISC |
event_mobi — royal_event_management_system |
Royal Event Management System v1.0 was discovered to contain a SQL injection vulnerability via the todate parameter. | 2022-05-05 | not yet calculated | CVE-2022-28080 MISC MISC MISC |
query_php — arphp_v3.6.0 |
A reflected cross-site scripting (XSS) vulnerability in the component Query.php of arPHP v3.6.0 allows attackers to execute arbitrary web scripts. | 2022-05-04 | not yet calculated | CVE-2022-28081 MISC |
tenda — ax12 | Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the list parameter at /goform/SetNetControlList. | 2022-05-04 | not yet calculated | CVE-2022-28082 MISC |
jspxcms — jspxcms | Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=. | 2022-05-04 | not yet calculated | CVE-2022-28090 MISC |
skycaiji — skycaiji | Skycaiji v2.4 was discovered to contain a remote code execution (RCE) vulnerability via /SkycaijiApp/admin/controller/Develop.php. | 2022-05-04 | not yet calculated | CVE-2022-28096 MISC |
poultry_farm_management_system — poultry_farm_management_system | Poultry Farm Management System v1.0 was discovered to contain a SQL injection vulnerability via the Item parameter at /farm/store.php. | 2022-05-04 | not yet calculated | CVE-2022-28099 MISC MISC MISC |
mybatis — pagehelper |
MyBatis PageHelper v1.x.x-v5.x.x was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter. | 2022-05-04 | not yet calculated | CVE-2022-28111 MISC MISC MISC MISC |
siteserver_cms — siteserver_cms |
SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in. | 2022-05-03 | not yet calculated | CVE-2022-28118 MISC MISC MISC MISC |
beijing_runnier_network_technology_co.,_ltd — teaching management_platform_software | Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server. | 2022-05-05 | not yet calculated | CVE-2022-28120 MISC |
broadcom — brocade_sannav |
In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands. | 2022-05-06 | not yet calculated | CVE-2022-28163 MISC |
broadcom — brocade_sannav |
Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords. | 2022-05-06 | not yet calculated | CVE-2022-28164 MISC |
broadcom — brocade_sannav |
A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests. | 2022-05-06 | not yet calculated | CVE-2022-28165 MISC |
adobe — photoshop | Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious SVG file. | 2022-05-06 | not yet calculated | CVE-2022-28270 MISC |
adobe — photoshop |
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. | 2022-05-06 | not yet calculated | CVE-2022-28271 MISC |
adobe — photoshop |
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-05-06 | not yet calculated | CVE-2022-28272 MISC |
adobe — photoshop | Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-05-06 | not yet calculated | CVE-2022-28273 MISC |
adobe — photoshop |
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-05-06 | not yet calculated | CVE-2022-28274 MISC |
adobe — photoshop |
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-05-06 | not yet calculated | CVE-2022-28275 MISC |
adobe — photoshop |
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-05-06 | not yet calculated | CVE-2022-28276 MISC |
adobe — photoshop |
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. | 2022-05-06 | not yet calculated | CVE-2022-28277 MISC |
adobe — photoshop |
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-05-06 | not yet calculated | CVE-2022-28278 MISC |
adobe — photoshop |
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-05-06 | not yet calculated | CVE-2022-28279 MISC |
mediawiki — mediawiki |
An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported, | 2022-04-30 | not yet calculated | CVE-2022-28323 MISC MISC MISC |
nopcommerce — nopcommerce |
nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup file in the Maintenance feature. | 2022-05-02 | not yet calculated | CVE-2022-28451 MISC MISC |
mingyuefusu — multiple_products |
mingyuefusu Library Management System all versions as of 03-27-2022 is vulnerable to SQL Injection. | 2022-05-05 | not yet calculated | CVE-2022-28461 MISC |
novelplus — novel_plus | novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability. | 2022-05-05 | not yet calculated | CVE-2022-28462 MISC |
ffmeg — ffjpeg |
In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. This is due to the incomplete patch for issue 38 | 2022-05-05 | not yet calculated | CVE-2022-28471 MISC |
rubygems — multiple_products |
CSV-Safe gem < 3.0.0 doesn’t filter out special characters which could trigger CSV Injection. | 2022-05-01 | not yet calculated | CVE-2022-28481 MISC MISC MISC |
tcpreplay — tcpreplay |
Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality. | 2022-05-04 | not yet calculated | CVE-2022-28487 MISC MISC |
libwav — libwav | The function wav_format_write in libwav.c in libwav through 2017-04-20 has an Use of Uninitialized Variable vulnerability. | 2022-05-04 | not yet calculated | CVE-2022-28488 MISC MISC |
jflyfox — jflyfox | Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java. | 2022-05-03 | not yet calculated | CVE-2022-28505 MISC |
dragon_path_technologies — bharti_airtel_routers | Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 version 1.0 is vulnerable to Cross Site Scripting (XSS) via Dragon path router admin page. | 2022-05-06 | not yet calculated | CVE-2022-28507 MISC MISC |
mantisbt — browser_search_plugin.php |
An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field. | 2022-05-04 | not yet calculated | CVE-2022-28508 MISC MISC MISC |
sourcecodester — fantastic_blog_cms |
A SQL injection vulnerability exists in Sourcecodester Fantastic Blog CMS 1.0 . An attacker can inject query in “/fantasticblog/single.php” via the “id=5” parameters. | 2022-05-04 | not yet calculated | CVE-2022-28512 MISC MISC |
sourcecodester — covid-19_directory | Sourcecodester Covid-19 Directory on Vaccination System 1.0 is vulnerable to SQL Injection via cmdcategory. | 2022-05-05 | not yet calculated | CVE-2022-28530 MISC |
sourcecodester — medical_hub_directory_site |
Sourcecodester Medical Hub Directory Site 1.0 is vulnerable to SQL Injection via /mhds/clinic/view_details.php. | 2022-05-05 | not yet calculated | CVE-2022-28533 MISC |
fudforum — fudforum |
FUDforum 3.1.1 is vulnerable to Stored XSS. | 2022-05-06 | not yet calculated | CVE-2022-28545 MISC MISC |
chshcms — cscms |
Cscms 4.1 is vulnerable to SQL Injection. Log into the background, open the song module, create a new song, delete it to the recycle bin, and SQL injection security problems will occur when emptying the recycle bin. | 2022-05-04 | not yet calculated | CVE-2022-28552 MISC |
tenda — ac15 |
Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow. Similarly, this vulnerability can be used together with CVE-2021-44971 | 2022-05-04 | not yet calculated | CVE-2022-28556 MISC |
tenda — ac15 |
There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution | 2022-05-04 | not yet calculated | CVE-2022-28557 MISC |
tenda — ac9 |
There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload | 2022-05-03 | not yet calculated | CVE-2022-28560 MISC |
tenda — ax12 |
There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload | 2022-05-03 | not yet calculated | CVE-2022-28561 MISC |
sourcecodester — doctors_appointmemt_system |
Sourcecodester Doctor’s Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored. | 2022-05-04 | not yet calculated | CVE-2022-28568 MISC MISC MISC |
d-link — 882_dir882a1_fw130b06 | D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli. | 2022-05-02 | not yet calculated | CVE-2022-28571 MISC MISC |
tenda — ax1806 |
Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function | 2022-05-02 | not yet calculated | CVE-2022-28572 MISC |
d-link — dir-823_pro |
D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the system_time_timezone parameter. | 2022-05-02 | not yet calculated | CVE-2022-28573 MISC MISC |
totolink — a7100ru | It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload | 2022-05-05 | not yet calculated | CVE-2022-28575 MISC |
totolink — a7100ru |
It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | 2022-05-05 | not yet calculated | CVE-2022-28577 MISC |
totolink — a7100ru |
It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | 2022-05-05 | not yet calculated | CVE-2022-28578 MISC |
totolink — a7100ru |
It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | 2022-05-05 | not yet calculated | CVE-2022-28579 MISC |
totolink — setwifiadvancedcfg | It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | 2022-05-05 | not yet calculated | CVE-2022-28580 MISC |
totolink — setwifiadvancedcfg |
It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | 2022-05-05 | not yet calculated | CVE-2022-28581 MISC |
totolink — setwifisignalcfg |
It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | 2022-05-05 | not yet calculated | CVE-2022-28582 MISC |
totolink — setwifiwpscfg |
It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | 2022-05-05 | not yet calculated | CVE-2022-28583 MISC |
totolink — setwifiwpsstart |
It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | 2022-05-05 | not yet calculated | CVE-2022-28584 MISC |
empirecms — empirecms | EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php | 2022-05-03 | not yet calculated | CVE-2022-28585 MISC |
springbootmovie — springbootmovie |
In SpringBootMovie <=1.2 when adding movie names, malicious code can be stored because there are no filtering parameters, resulting in stored XSS. | 2022-05-03 | not yet calculated | CVE-2022-28588 MISC |
pixelimity — pixelimity | A stored cross-site scripting (XSS) vulnerability in Pixelimity 1.0 allows attackers to execute arbitrary web scripts or HTML via the Title field in admin/pages.php?action=add_new | 2022-05-03 | not yet calculated | CVE-2022-28589 MISC |
pixelimity — pixelimity | A Remote Code Execution (RCE) vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=install_theme. | 2022-05-03 | not yet calculated | CVE-2022-28590 MISC |
fuelcms — fuelcms | A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack. | 2022-05-03 | not yet calculated | CVE-2022-28599 MISC |
wenzhou_huoyin_infor,mation_technology_co — wenzhou_huoyin_infor,mation_technology_co | An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server. | 2022-05-05 | not yet calculated | CVE-2022-28606 MISC MISC MISC |
cisco — hci_modbus_tcp_component |
A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware that is caused by the validation error in the length information carried in MBAP header allows an ATTACKER to reboot the device by sending a special crafted message. This issue affects: Hitachi Energy RTU500 series CMU Firmware 12.0.*; 12.2.*; 12.4.*; 12.6.*; 12.7.*; 13.2.*. | 2022-05-02 | not yet calculated | CVE-2022-28613 CONFIRM |
f5 — big-ip |
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when a Real Time Streaming Protocol (RTSP) profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel (TMM) resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-28691 MISC |
f5 — big-ip_afm |
On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, an authenticated attacker with high privileges can upload a maliciously crafted file to the BIG-IP AFM Configuration utility, which allows an attacker to run arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-28695 MISC |
f5 — big-ip |
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, when the stream profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-28701 MISC |
f5 — big-ip |
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, on platforms with an ePVA and the pva.fwdaccel BigDB variable enabled, undisclosed requests to a virtual server with a FastL4 profile that has ePVA acceleration enabled can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-28705 MISC |
f5 — big-ip |
On F5 BIG-IP 16.1.x versions prior to 16.1.2 and 15.1.x versions prior to 15.1.5.1, when the DNS resolver configuration is used, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-28706 MISC |
f5 — big-ip |
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility (also referred to as the BIG-IP TMUI) that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-28707 MISC |
f5 — big-ip |
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, when a BIG-IP DNS resolver-enabled, HTTP-Explicit or SOCKS profile is configured on a virtual server, an undisclosed DNS response can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-28708 MISC |
f5 — big-ip_apm |
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-28714 MISC |
f5 — multiple_products |
On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x 11.6.x, a DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP AFM, CGNAT, and PEM Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-28716 MISC |
samsung — smr | Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information. | 2022-05-03 | not yet calculated | CVE-2022-28780 MISC |
samsung — smr | Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller. | 2022-05-03 | not yet calculated | CVE-2022-28781 MISC |
samsung — contents_to_windows | Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability. | 2022-05-03 | not yet calculated | CVE-2022-28782 MISC |
samsung — galaxy_themes |
Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logic for removing package name. | 2022-05-03 | not yet calculated | CVE-2022-28783 MISC |
samsung — galaxy_themes |
Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic. | 2022-05-03 | not yet calculated | CVE-2022-28784 MISC |
samsung — aviextractor_library |
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. | 2022-05-03 | not yet calculated | CVE-2022-28785 MISC |
samsung — aviextractor_library | Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. | 2022-05-03 | not yet calculated | CVE-2022-28786 MISC |
samsung — wmfextractor_library |
Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. | 2022-05-03 | not yet calculated | CVE-2022-28787 MISC |
samsung — aviextractor_library |
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. | 2022-05-03 | not yet calculated | CVE-2022-28788 MISC |
samsung — voice_note |
Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities. | 2022-05-03 | not yet calculated | CVE-2022-28789 MISC |
samsung — link |
Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic. | 2022-05-03 | not yet calculated | CVE-2022-28790 MISC |
samsung — installagent |
Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files. | 2022-05-03 | not yet calculated | CVE-2022-28791 MISC |
samsung — gear_iconx_pc_manager | DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking. | 2022-05-03 | not yet calculated | CVE-2022-28792 MISC |
samsung — strongbox |
Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time. | 2022-05-03 | not yet calculated | CVE-2022-28793 MISC |
fujitsu — insyde_firmware |
An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with BIOS versions before v1.09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410), v2.13 (U7310), and v1.09 (E459/E449). The FjGabiFlashCoreAbstractionSmm driver registers a Software System Management Interrupt (SWSMI) handler that is not sufficiently validated to ensure that the CommBuffer (or any other communication buffer’s nested contents) are not pointing to SMRAM contents. A potential attacker can therefore write fixed data to SMRAM, which could lead to data corruption inside this memory (e.g., change the SMI handler’s code or modify SMRAM map structures to break input pointer validation for other SMI handlers). Thus, the attacker could elevate privileges from ring 0 to ring -2 and execute arbitrary code in SMM. | 2022-05-04 | not yet calculated | CVE-2022-28806 MISC MISC MISC MISC |
f5 — big-ip |
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions prior to 14.1.4.6, when installing Net HSM, the scripts (nethsm-safenet-install.sh and nethsm-thales-install.sh) expose the Net HSM partition password. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-28859 MISC |
apache — jena |
A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities. | 2022-05-05 | not yet calculated | CVE-2022-28890 MISC |
h3c — magicr100 |
In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be accessed without authorization. It sends a large amount of data through ajaxmsg to carry out DOS attack. | 2022-05-04 | not yet calculated | CVE-2022-28940 MISC |
tenda — ax1806 |
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS). | 2022-05-06 | not yet calculated | CVE-2022-28969 MISC |
tenda — ax1806 |
Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow via the mac parameter in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS). | 2022-05-06 | not yet calculated | CVE-2022-28970 MISC |
tenda — ax1806 |
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS). | 2022-05-06 | not yet calculated | CVE-2022-28971 MISC |
tenda — ax1806 |
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS). | 2022-05-06 | not yet calculated | CVE-2022-28972 MISC |
tenda — ax1806 |
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS). | 2022-05-06 | not yet calculated | CVE-2022-28973 MISC |
springbootmovie — springbootmovie |
In SpringBootMovie <=1.2, the uploaded file suffix parameter is not filtered, resulting in arbitrary file upload vulnerability | 2022-05-03 | not yet calculated | CVE-2022-29001 MISC |
openldap — openldap |
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping. | 2022-05-04 | not yet calculated | CVE-2022-29155 MISC |
xwiki — xwiki_platform |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The XWiki Crypto API will generate X509 certificates signed by default using SHA1 with RSA, which is not considered safe anymore for use in certificate signatures, due to the risk of collisions with SHA1. The problem has been patched in XWiki version 13.10.6, 14.3.1 and 14.4-rc-1. Since then, the Crypto API will generate X509 certificates signed by default using SHA256 with RSA. Administrators are advised to upgrade their XWiki installation to one of the patched versions. If the upgrade is not possible, it is possible to patch the module xwiki-platform-crypto in a local installation by applying the change exposed in 26728f3 and re-compiling the module. | 2022-05-06 | not yet calculated | CVE-2022-29161 MISC CONFIRM MISC |
argoproj — argo_workflows |
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Server API. The attacker emails the deep-link to the artifact to their victim. The victim opens the link, the script starts running. As the script has access to the Argo Server API (as the victim), so may read information about the victim’s workflows, or create and delete workflows. Note the attacker must be an insider: they must have access to the same cluster as the victim and must already be able to run their own workflows. The attacker must have an understanding of the victim’s system. We have seen no evidence of this in the wild. We urge all users to upgrade to the fixed versions. | 2022-05-06 | not yet calculated | CVE-2022-29164 MISC MISC CONFIRM |
matrix — matrix-appservice-irc |
matrix-appservice-irc is a Node.js IRC bridge for Matrix. The vulnerability in node-irc allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. The vulnerability has been patched in matrix-appservice-irc 0.33.2. Refrain from replying to messages from untrusted participants in IRC-bridged Matrix rooms. There are no known workarounds for this issue. | 2022-05-05 | not yet calculated | CVE-2022-29166 MISC CONFIRM |
mozilla — hawk |
Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse `Host` HTTP header (`Hawk.utils.parseHost()`), which was subject to regular expression DoS attack – meaning each added character in the attacker’s input increases the computation time exponentially. `parseHost()` was patched in `9.0.1` to use built-in `URL` class to parse hostname instead. `Hawk.authenticate()` accepts `options` argument. If that contains `host` and `port`, those would be used instead of a call to `utils.parseHost()`. | 2022-05-05 | not yet calculated | CVE-2022-29167 MISC CONFIRM |
sourcegraph — sourcegraph |
Sourcegraph is a fast and featureful code search and navigation engine. Versions before 3.38.0 are vulnerable to Remote Code Execution in the gitserver service. The Gitolite code host integration with Phabricator allows Sourcegraph site admins to specify a `callsignCommand`, which is used to obtain the Phabricator metadata for a Gitolite repository. An administrator who is able to edit or add a Gitolite code host and has administrative access to Sourcegraph’s bundled Grafana instance can change this command arbitrarily and run it remotely. This grants direct access to the infrastructure underlying the Sourcegraph installation. The attack requires: site-admin privileges on the instance of Sourcegraph, Administrative privileges on the bundled Grafana monitoring instance, Knowledge of the gitserver IP address or DNS name (if running in Kubernetes). This can be found through Grafana. The issue is patched in version 3.38.0. You may disable Gitolite code hosts. We still highly encourage upgrading regardless of workarounds. | 2022-05-06 | not yet calculated | CVE-2022-29171 CONFIRM |
auth0 — auth0-lock |
Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before `11.33.0`, when the “additional signup fieldsâ€? feature [is configured](https://github.com/auth0/lock#additional-sign-up-fields), a malicious actor can inject invalidated HTML code into these additional fields, which is then stored in the service `user_metdata` payload (using the `name` property). Verification emails, when applicable, are generated using this metadata. It is therefor possible for an actor to craft a malicious link by injecting HTML, which is then rendered as the recipient’s name within the delivered email template. You are impacted by this vulnerability if you are using `auth0-lock` version `11.32.2` or lower and are using the “additional signup fieldsâ€? feature in your application. Upgrade to version `11.33.0`. | 2022-05-05 | not yet calculated | CVE-2022-29172 MISC CONFIRM |
the_update_framework — go-tuf |
go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to install software that is older than the software which the client previously knew to be available, and may include software with known vulnerabilities. In more detail, the client code of go-tuf has several issues in regards to preventing rollback attacks: 1. It does not take into account the content of any previously trusted metadata, if available, before proceeding with updating roles other than the root role (i.e., steps 5.4.3.1 and 5.5.5 of the detailed client workflow). This means that any form of version verification done on the newly-downloaded metadata is made using the default value of zero, which always passes. 2. For both timestamp and snapshot roles, go-tuf saves these metadata files as trusted before verifying if the version of the metafiles they refer to is correct (i.e., steps 5.5.4 and 5.6.4 of the detailed client workflow). A fix is available in version 0.3.0 or newer. No workarounds are known for this issue apart from upgrading. | 2022-05-05 | not yet calculated | CVE-2022-29173 MISC CONFIRM |
vyperlang — vyper |
Vyper is a pythonic smart contract language for the ethereum virtual machine. Since version 0.3.2, decimals use the full range of the underlying int168 type. multiplication of 168 bit integers can wrap in 256-bit arithmetic, but safemul does not check for that. This has been patched in v0.3.4. There are no known workarounds for this issue. | 2022-05-05 | not yet calculated | CVE-2022-29175 CONFIRM MISC |
rubygems — rubygems |
Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so. To be vulnerable, a gem needed: one or more dashes in its name creation within 30 days OR no updates for over 100 days At present, we believe this vulnerability has not been exploited. RubyGems.org sends an email to all gem owners when a gem version is published or yanked. We have not received any support emails from gem owners indicating that their gem has been yanked without authorization. An audit of gem changes for the last 18 months did not find any examples of this vulnerability being used in a malicious way. A deeper audit for any possible use of this exploit is ongoing, and we will update this advisory once it is complete. Using Bundler in –frozen or –deployment mode in CI and during deploys, as the Bundler team has always recommended, will guarantee that your application does not silently switch to versions created using this exploit. To audit your application history for possible past exploits, review your Gemfile.lock and look for gems whose platform changed when the version number did not change. For example, gemname-3.1.2 updating to gemname-3.1.2-java could indicate a possible abuse of this vulnerability. RubyGems.org has been patched and is no longer vulnerable to this issue as of the 5th of May 2022. | 2022-05-05 | not yet calculated | CVE-2022-29176 MISC CONFIRM |
charmbracelet — charm |
A vulnerability in which attackers could forge HTTP requests to manipulate the `charm` data directory to access or delete anything on the server. This has been patched and is available in release [v0.12.1](https://github.com/charmbracelet/charm/releases/tag/v0.12.1). We recommend that all users running self-hosted `charm` instances update immediately. This vulnerability was found in-house and we haven’t been notified of any potential exploiters. ### Additional notes * Encrypted user data uploaded to the Charm server is safe as Charm servers cannot decrypt user data. This includes filenames, paths, and all key-value data. * Users running the official Charm [Docker images](https://github.com/charmbracelet/charm/blob/main/docker.md) are at minimal risk because the exploit is limited to the containerized filesystem. | 2022-05-07 | not yet calculated | CVE-2022-29180 MISC CONFIRM |
f5 — big-ip |
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, the BIG-IP Edge Client Component Installer Service does not use best practice while saving temporary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-29263 MISC |
apache — nifi |
Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: – EvaluateXPath – EvaluateXQuery – ValidateXml Apache NiFi flow configurations that include these Processors are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services. | 2022-04-30 | not yet calculated | CVE-2022-29265 CONFIRM MISC |
gpac — gpac |
In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2. | 2022-05-05 | not yet calculated | CVE-2022-29339 MISC MISC |
gpac — gpac | GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad. | 2022-05-05 | not yet calculated | CVE-2022-29340 MISC MISC |
zeitprax — web@rchiv |
An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers to execute arbitrary commands via a crafted PHP file. | 2022-05-04 | not yet calculated | CVE-2022-29347 MISC MISC MISC |
wordpress — countdown-and-clock_plugin |
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Adam Skaat’s Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-circle-countdown-before-countdown and &ycd-circle-countdown-after-countdown vulnerable parameters. | 2022-05-06 | not yet calculated | CVE-2022-29420 CONFIRM CONFIRM |
wordpress — countdown-and-clock_plugin |
Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat’s Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter. | 2022-05-06 | not yet calculated | CVE-2022-29421 CONFIRM CONFIRM |
wordpress — countdown-and-clock_plugin |
Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat’s Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-button-margin-right, &ycd-button-margin-bottom, &ycd-button-margin-left, &ycd-circle-countdown-before-countdown, &ycd-circle-countdown-after-countdown vulnerable parameters. | 2022-05-06 | not yet calculated | CVE-2022-29422 CONFIRM CONFIRM |
wordpress — countdown-and-clock_plugin |
Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress. | 2022-05-06 | not yet calculated | CVE-2022-29423 CONFIRM CONFIRM |
wordpress — cloudway_breeze_plugin |
Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin’s settings including CDN setting which could be further used for XSS attack. | 2022-05-02 | not yet calculated | CVE-2022-29444 CONFIRM CONFIRM |
f5 — big-ip |
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an IPSec ALG profile is configured on a virtual server, undisclosed responses can cause Traffic Management Microkernel(TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-29473 MISC |
f5 — big-ip |
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at least guest role privileges to read wsdl files in the BIG-IP file system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-29474 MISC |
f5 — big-ip |
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, when an IPv6 self IP address is configured and the ipv6.strictcompliance database key is enabled (disabled by default) on a BIG-IP system, undisclosed packets may cause decreased performance. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-29479 MISC |
f5 — big-ip |
On F5 BIG-IP 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when multiple route domains are configured, undisclosed requests to big3d can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-29480 MISC |
f5 — multiple_products |
On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a virtual server is configured with HTTP, TCP on one side (client/server), and DTLS on the other (server/client), undisclosed requests can cause the TMM process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2022-05-05 | not yet calculated | CVE-2022-29491 MISC |
schedmd — slurm |
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. | 2022-05-05 | not yet calculated | CVE-2022-29500 MISC MISC MISC |
schedmd — slurm |
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. | 2022-05-05 | not yet calculated | CVE-2022-29501 MISC MISC MISC |
schedmd — slurm |
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges. | 2022-05-05 | not yet calculated | CVE-2022-29502 MISC MISC MISC |
zoho — manageengine_opmanager |
Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports. | 2022-05-05 | not yet calculated | CVE-2022-29535 MISC MISC |
tenda — tx9_pro |
Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_route (called by doSystemCmd_route). | 2022-05-05 | not yet calculated | CVE-2022-29592 MISC |
gnome — gnome |
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don’t check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2’s buffer functions, for example libxslt through 1.1.35, is affected as well. | 2022-05-03 | not yet calculated | CVE-2022-29824 MISC MISC MISC MISC FEDORA |
progress — openedge |
In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdge application were susceptible to privilege escalation. If exploited, a local attacker could elevate their privileges and compromise the affected system. | 2022-05-02 | not yet calculated | CVE-2022-29849 MISC MISC MISC MISC |
librehealth — ehr |
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection. | 2022-05-05 | not yet calculated | CVE-2022-29938 MISC MISC MISC |
librehealth — ehr |
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities. | 2022-05-05 | not yet calculated | CVE-2022-29939 MISC MISC MISC |
librehealth — ehr |
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities. | 2022-05-05 | not yet calculated | CVE-2022-29940 MISC MISC MISC |
talend — administration_center |
Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry ‘Add’ functionality to perform SSRF HTTP GET requests on URLs in the internal network. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version. | 2022-05-04 | not yet calculated | CVE-2022-29942 MISC MISC |
talend — administration_center |
Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity (XXE) processing to achieve read access as root on the remote filesystem. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version. | 2022-05-04 | not yet calculated | CVE-2022-29943 MISC MISC |
experian — hunter |
Experian Hunter 1.16 allows remote authenticated users to modify assumed-immutable elements via the (1) rule name parameter to the Rules page or the (2) subrule name or (3) categories name parameter to the Subrules page. | 2022-05-04 | not yet calculated | CVE-2022-29950 MISC MISC |
linux — linux_kernel | An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private. | 2022-05-02 | not yet calculated | CVE-2022-29968 MISC |
mediawiki — mediawiki |
The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rss element (if the feed is in $wgRSSUrlWhitelist and $wgRSSAllowLinkTag is true). | 2022-05-02 | not yet calculated | CVE-2022-29969 MISC MISC |
sinatra — sinatra |
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. | 2022-05-02 | not yet calculated | CVE-2022-29970 MISC |
exfat — exfat |
relan exFAT 1.3.0 allows local users to obtain sensitive information (data from deleted files in the filesystem) in certain situations involving offsets beyond ValidDataLength. | 2022-05-02 | not yet calculated | CVE-2022-29973 MISC |
jquery — jquery.json-viewer_library |
The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element. | 2022-05-04 | not yet calculated | CVE-2022-30241 MISC MISC |
python — python-libnmap |
In the python-libnmap package through 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments). | 2022-05-04 | not yet calculated | CVE-2022-30284 MISC MISC MISC |
agoo — agoo |
** DISPUTED ** Agoo through 2.14.2 does not reject GraphQL fragment spreads that form cycles, leading to an application crash. NOTE: this has been disputed on the grounds that it is not the server’s responsibility to “enforce all the various ways a developer could write code with logic errors.” | 2022-05-04 | not yet calculated | CVE-2022-30288 MISC MISC MISC |
squirrel — squirrel |
thread_call in sqbaselib.cpp in SQUIRREL 3.2 lacks a certain sq_reservestack call. | 2022-05-04 | not yet calculated | CVE-2022-30292 MISC |
webkit — webkitgtk |
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. | 2022-05-06 | not yet calculated | CVE-2022-30293 MISC MISC |
webkit — webkitgtk |
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a use-after-free in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. | 2022-05-06 | not yet calculated | CVE-2022-30294 MISC MISC |
uclibc-ng — uclibc-ng |
uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2. | 2022-05-06 | not yet calculated | CVE-2022-30295 MISC |
shapeshift — keepkey_firmware |
In the KeepKey firmware before 7.3.2, the bootloader can be exploited in unusual situations in which the attacker has physical access, convinces the victim to install malicious firmware, or has unspecified other capabilities. lib/board/supervise.c mishandles svhandler_flash_* address range checks. If exploited, any installed malware could persist even after wiping the device and resetting the firmware. | 2022-05-07 | not yet calculated | CVE-2022-30330 MISC MISC |
brave — brave_browser |
Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises “Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser.” | 2022-05-07 | not yet calculated | CVE-2022-30334 MISC MISC MISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.