US-CERT Bulletin (SB22-157):Vulnerability Summary for the Week of May 30, 2022
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
microsoft — windows_server_2012 | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. | 2022-06-01 | 9.3 | CVE-2022-30190 N/A |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
cisco — common_services_platform_collector | Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2022-05-27 | 4.3 | CVE-2022-20666 CISCO |
cisco — common_services_platform_collector | Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2022-05-27 | 4.3 | CVE-2022-20667 CISCO |
cisco — common_services_platform_collector | Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2022-05-27 | 4.3 | CVE-2022-20668 CISCO |
cisco — common_services_platform_collector | Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2022-05-27 | 4.3 | CVE-2022-20669 CISCO |
cisco — common_services_platform_collector | Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2022-05-27 | 4.3 | CVE-2022-20670 CISCO |
cisco — common_services_platform_collector | Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2022-05-27 | 4.3 | CVE-2022-20671 CISCO |
libmobi_project — libmobi | Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. | 2022-05-27 | 5.8 | CVE-2022-1907 CONFIRM MISC |
libmobi_project — libmobi | Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. | 2022-05-27 | 5.8 | CVE-2022-1908 CONFIRM MISC |
vim — vim | Use After Free in GitHub repository vim/vim prior to 8.2. | 2022-05-27 | 6.8 | CVE-2022-1898 MISC CONFIRM FEDORA FEDORA |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
organizr — organizr | Cross-site Scripting (XSS) – Stored in GitHub repository causefx/organizr prior to 2.1.2200. | 2022-05-27 | 3.5 | CVE-2022-1909 MISC CONFIRM |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
389-ds-base — 389-ds-base |
An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data. | 2022-06-02 | not yet calculated | CVE-2022-1949 MISC |
dell — powerscale_onefs |
Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise. | 2022-06-01 | not yet calculated | CVE-2022-29098 CONFIRM |
ncodeastro — wedding_management_system |
Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_manage_account_details.php?booking_id=31&user_id= | 2022-06-02 | not yet calculated | CVE-2022-30834 MISC |
abb — e-design |
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine. | 2022-06-02 | not yet calculated | CVE-2022-29483 MISC |
abb — e-design |
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine. | 2022-06-02 | not yet calculated | CVE-2022-28702 MISC |
aceware — aceweb_online_portal |
ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp. | 2022-06-02 | not yet calculated | CVE-2022-24238 MISC MISC MISC |
aceware — aceweb_online_portal |
ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp. | 2022-06-02 | not yet calculated | CVE-2022-24239 MISC MISC MISC |
aceware — aceweb_online_portal |
ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp. | 2022-06-02 | not yet calculated | CVE-2022-24240 MISC MISC MISC |
aceware — aceweb_online_portal |
ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp. | 2022-06-02 | not yet calculated | CVE-2022-24241 MISC MISC MISC |
aceware — aceweb_online_portal |
ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software. | 2022-06-02 | not yet calculated | CVE-2022-24581 MISC MISC MISC |
adbyby — adbyby |
adbyby v2.7 allows external users to make connections via port 8118. This can cause a program logic error and lead to a Denial of Service (DoS) via high CPU usage due to a large number of connections. | 2022-06-03 | not yet calculated | CVE-2022-29767 MISC |
afian_filerun — afian_filerun |
In Afian Filerun 20220202 Changing the “search_tika_path” variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user. | 2022-06-02 | not yet calculated | CVE-2022-30470 MISC |
aleksis — aleksis-core |
An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set. | 2022-06-03 | not yet calculated | CVE-2022-29773 MISC |
allenhwkim — proctree |
OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers to execute arbitrary commands via the fix function. | 2022-06-02 | not yet calculated | CVE-2021-34082 MISC MISC |
apache — tika |
We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3. | 2022-05-31 | not yet calculated | CVE-2022-30973 CONFIRM MLIST |
appcheck — dnn_cms_platform |
The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services. | 2022-06-02 | not yet calculated | CVE-2021-40186 MISC |
argie — simple_inventory_system |
Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/login.php. | 2022-06-02 | not yet calculated | CVE-2022-31339 MISC |
argie — simple_inventory_system |
Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/table_edit_ajax.php. | 2022-06-02 | not yet calculated | CVE-2022-31340 MISC |
attlassian — multiple_procuts |
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1. | 2022-06-03 | not yet calculated | CVE-2022-26134 MISC |
badminton — center_management_system |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/view_product.php?id=. | 2022-06-02 | not yet calculated | CVE-2022-32001 MISC |
badminton — center_management_system |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports/daily_sales_report&date=. | 2022-06-02 | not yet calculated | CVE-2022-31985 MISC |
badminton — center_management_system |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports/daily_court_rental_report&date=. | 2022-06-02 | not yet calculated | CVE-2022-31986 MISC |
badminton — center_management_system |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/manage_court.php?id=. | 2022-06-02 | not yet calculated | CVE-2022-32002 MISC |
badminton — center_management_system |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/view_court.php?id=. | 2022-06-02 | not yet calculated | CVE-2022-32003 MISC |
badminton — center_management_system |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/manage_product.php?id=. | 2022-06-02 | not yet calculated | CVE-2022-32004 MISC |
badminton — center_management_system |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/services/view_service.php?id=. | 2022-06-02 | not yet calculated | CVE-2022-32006 MISC |
badminton — center_management_system |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/services/manage_service.php?id=. | 2022-06-02 | not yet calculated | CVE-2022-32005 MISC |
badminton — center_management_system |
Badminton Center Management System V1.0 is vulnerable to SQL Injection via parameter ‘id’ in /bcms/admin/court_rentals/update_status.php. | 2022-06-02 | not yet calculated | CVE-2022-30490 MISC MISC |
badminton — center_management_system |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_product. | 2022-06-02 | not yet calculated | CVE-2022-31990 MISC |
badminton — center_management_system |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=reports/daily_services_report&date=. | 2022-06-02 | not yet calculated | CVE-2022-31988 MISC |
badminton — center_management_system |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=user/manage_user&id=. | 2022-06-02 | not yet calculated | CVE-2022-31989 MISC |
badminton — center_management_system |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_court. | 2022-06-02 | not yet calculated | CVE-2022-31991 MISC |
badminton — center_management_system |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/manage_service_transaction&id=. | 2022-06-02 | not yet calculated | CVE-2022-32000 MISC |
badminton — center_management_system |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/view_details&id=. | 2022-06-02 | not yet calculated | CVE-2022-31998 MISC |
badminton — center_management_system |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=court_rentals/view_court_rental&id=. | 2022-06-02 | not yet calculated | CVE-2022-31992 MISC |
badminton — center_management_system |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_service. | 2022-06-02 | not yet calculated | CVE-2022-31993 MISC |
badminton — center_management_system |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=sales/view_details&id. | 2022-06-02 | not yet calculated | CVE-2022-31994 MISC |
badminton — center_management_system |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=sales/manage_sale&id=. | 2022-06-02 | not yet calculated | CVE-2022-31996 MISC |
barco — control_room_mangement_suite | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS. | 2022-06-02 | not yet calculated | CVE-2022-26976 MISC MISC |
barco — control_room_mangement_suite |
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS. | 2022-06-02 | not yet calculated | CVE-2022-26972 MISC MISC |
barco — control_room_mangement_suite |
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. This upload can be executed without authentication. | 2022-06-02 | not yet calculated | CVE-2022-26971 MISC MISC |
barco — control_room_mangement_suite |
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Lack of input sanitization in the upload mechanism leads to reflected XSS. | 2022-06-02 | not yet calculated | CVE-2022-26974 MISC MISC |
barco — control_room_mangement_suite |
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details. | 2022-06-02 | not yet calculated | CVE-2022-26973 MISC MISC |
barco — control_room_mangement_suite |
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication. | 2022-06-02 | not yet calculated | CVE-2022-26975 MISC MISC |
barco — control_room_mangement_suite |
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS. | 2022-06-02 | not yet calculated | CVE-2022-26977 MISC MISC |
barco — control_room_mangement_suite |
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leading to reflected XSS. | 2022-06-02 | not yet calculated | CVE-2022-26978 MISC MISC |
bbs-go — bbs-go |
bbs-go <= 3.3.0 including Custom Edition is vulnerable to stored XSS. | 2022-06-02 | not yet calculated | CVE-2021-38221 MISC MISC |
bbultman — gitsome |
OS Command Injection vulnerability in bbultman gitsome through 0.2.3 allows attackers to execute arbitrary commands via a crafted tag name of the target git repository. | 2022-06-02 | not yet calculated | CVE-2021-34081 MISC MISC |
bd — pyxis |
Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information. | 2022-06-02 | not yet calculated | CVE-2022-22767 CONFIRM |
bd_synapsys |
BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). | 2022-06-02 | not yet calculated | CVE-2022-30277 CONFIRM |
bfabiszewski — libmobi |
Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. | 2022-06-03 | not yet calculated | CVE-2022-1987 CONFIRM MISC |
bigbluebutton — bigbluebutton |
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and up to versions 2.3.18 and 2.4.1, an attacker could send messages to a locked chat within a grace period of 5s after the lock setting was enacted. The attacker needs to be a participant in the meeting. Versions 2.3.18 and 2.4.1 contain a patch for this issue. There are currently no known workarounds. | 2022-06-02 | not yet calculated | CVE-2022-29234 MISC MISC MISC MISC CONFIRM |
bigbluebutton — bigbluebutton |
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and up to versions 2.3.18 and 2.4-rc-6, an attacker who is able to obtain the meeting identifier for a meeting on a server can find information related to an external video being shared, like the current timestamp and play/pause. The problem has been patched in versions 2.3.18 and 2.4-rc-6 by modifying the stream to send the data only for users in the meeting. There are currently no known workarounds. | 2022-06-02 | not yet calculated | CVE-2022-29235 MISC CONFIRM MISC MISC MISC |
bigbluebutton — bigbluebutton |
BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and prior to 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service (ReDoS) attacks. By using specific a RegularExpression, an attacker can cause denial of service for the bbb-html5 service. The useragent library performs checking of device by parsing the input of User-Agent header and lets it go through lookupUserAgent() (alias of useragent.lookup() ). This function handles input by regexing and attackers can abuse that by providing some ReDos payload using `SmartWatch`. The maintainers removed `htmlclient/useragent` from versions 2.3.19, 2.4.7, and 2.5.0-beta.2. As a workaround, disable NginX forwarding the requests to the handler according to the directions in the GitHub Security Advisory. | 2022-06-01 | not yet calculated | CVE-2022-29169 MISC CONFIRM MISC |
bigbluebutton — bigbluebutton |
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and up to versions 2.3.18 and 2.4-rc-6, an attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previously introduced grace period. The attacker must be a meeting participant. The problem has been patched in versions 2.3.18 and 2.4-rc-6. There are currently no known workarounds. | 2022-06-02 | not yet calculated | CVE-2022-29236 CONFIRM MISC MISC MISC MISC |
bigbluebutton — bigbluebutton |
BigBlueButton is an open source web conferencing system. Starting with version 2.2 and prior to versions 2.3.9 and 2.4-beta-1, an attacker can circumvent access controls to obtain the content of public chat messages from different meetings on the server. The attacker must be a participant in a meeting on the server. BigBlueButton versions 2.3.9 and 2.4-beta-1 contain a patch for this issue. There are currently no known workarounds. | 2022-06-01 | not yet calculated | CVE-2022-29232 CONFIRM MISC MISC MISC |
bigbluebutton — bigbluebutton |
BigBlueButton is an open source web conferencing system. In BigBlueButton starting with 2.2 but before 2.3.18 and 2.4-rc-1, an attacker can circumvent access controls to gain access to all breakout rooms of the meeting they are in. The permission checks rely on knowledge of internal ids rather than on verification of the role of the user. Versions 2.3.18 and 2.4-rc-1 contain a patch for this issue. There are currently no known workarounds. | 2022-06-02 | not yet calculated | CVE-2022-29233 MISC MISC CONFIRM MISC MISC |
bitdefender — eufy_indoor_2k_indoor_camera |
A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote code execution. This issue affects: Eufy Indoor 2K Indoor Camera 2.0.9.3 version and prior versions. | 2022-05-31 | not yet calculated | CVE-2021-3555 CONFIRM |
black_rainbow — nimbus |
Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting (XSS). | 2022-06-02 | not yet calculated | CVE-2022-24967 MISC MISC |
bleve — bleve |
Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP (bleve/http) handlers for exposing the access to the indexes. For instance, the CreateIndexHandler (`http/index_create.go`) and DeleteIndexHandler (`http/index_delete.go`) enable an attacker to create a bleve index (directory structure) anywhere where the user running the server has the write permissions and to delete recursively any directory owned by the same user account. Users who have used the bleve/http package for exposing access to bleve index without the explicit handling for the Role Based Access Controls(RBAC) of the index assets would be impacted by this issue. There is no patch for this issue because the http package is purely intended to be used for demonstration purposes. Bleve was never designed handle the RBACs, nor it was ever advertised to be used in that way. The collaborators of this project have decided to stay away from adding any authentication or authorization to bleve project at the moment. The bleve/http package is mainly for demonstration purposes and it lacks exhaustive validation of the user inputs as well as any authentication and authorization measures. It is recommended to not use bleve/http in production use cases. | 2022-06-01 | not yet calculated | CVE-2022-31022 CONFIRM MISC |
bonitasoft — bonita-web |
Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API endpoints. This can lead to remote code execution by abusing the privileged API actions. | 2022-06-02 | not yet calculated | CVE-2022-25237 MISC MISC |
bottlepy — bottle |
Bottle before 0.12.20 mishandles errors during early request binding. | 2022-06-02 | not yet calculated | CVE-2022-31799 MISC MISC MISC |
browsbox — cms |
BrowsBox CMS v4.0 was discovered to contain a SQL injection vulnerability. | 2022-06-02 | not yet calculated | CVE-2022-29704 MISC MISC |
caddy_server — caddy |
Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. | 2022-06-02 | not yet calculated | CVE-2022-29718 MISC |
car_rental_management_system — car_rental_management_system |
Car Rental Management System v1.0 is vulnerable to SQL Injection via /ip/car-rental-management-system/admin/ajax.php?action=login. | 2022-06-02 | not yet calculated | CVE-2022-32022 MISC |
car_rental_management_system — car_rental_management_system |
Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=save_car. | 2022-06-02 | not yet calculated | CVE-2022-32019 MISC |
car_rental_management_system — car_rental_management_system |
Car Rental Management System v1.0 is vulnerable to SQL Injection via car-rental-management-system/booking.php?car_id=. | 2022-06-02 | not yet calculated | CVE-2022-32024 MISC |
car_rental_management_system — car_rental_management_system |
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/view_car.php?id=. | 2022-06-02 | not yet calculated | CVE-2022-32025 MISC |
car_rental_management_system — car_rental_management_system |
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_booking.php?id=. | 2022-06-02 | not yet calculated | CVE-2022-32026 MISC |
car_rental_management_system — car_rental_management_system |
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/index.php?page=manage_car&id=. | 2022-06-02 | not yet calculated | CVE-2022-32027 MISC |
car_rental_management_system — car_rental_management_system |
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php?id=. | 2022-06-02 | not yet calculated | CVE-2022-32028 MISC |
car_rental_management_system — car_rental_management_system |
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_movement.php?id=. | 2022-06-02 | not yet calculated | CVE-2022-32021 MISC |
car_rental_management_system — car_rental_management_system | Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via ip/car-rental-management-system/admin/ajax.php?action=save_settings. | 2022-06-02 | not yet calculated | CVE-2022-32020 MISC |
chatbot — chatbot_app_with_suggestion | ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=user/manage_user&id=. | 2022-06-02 | not yet calculated | CVE-2022-31969 MISC |
chatbot — chatbot_app_with_suggestion | ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/manage_response&id=. | 2022-06-02 | not yet calculated | CVE-2022-31970 MISC |
chatbot — chatbot_app_with_suggestion | ChatBot App with Suggestion v1.0 is vulnerable to Delete any file via /simple_chat_bot/classes/Master.php?f=delete_img. | 2022-06-02 | not yet calculated | CVE-2022-31966 MISC |
chatbot — chatbot_app_with_suggestion | ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/view_response&id=. | 2022-06-02 | not yet calculated | CVE-2022-31971 MISC |
cisco — common_services_platform_collector_software |
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2022-05-27 | not yet calculated | CVE-2022-20674 CISCO |
cisco — common_services_platform_collector_software |
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2022-05-27 | not yet calculated | CVE-2022-20673 CISCO |
cisco — common_services_platform_collector_software |
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2022-05-27 | not yet calculated | CVE-2022-20672 CISCO |
cisco — enterprise_chat_and_email |
A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials. | 2022-05-27 | not yet calculated | CVE-2022-20802 CISCO |
cisco — multiple_products |
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-05-27 | not yet calculated | CVE-2022-20806 CISCO |
cisco — multiple_products |
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-05-27 | not yet calculated | CVE-2022-20807 CISCO |
cisco — secure_network_analytics |
A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system. This vulnerability is due to insufficient user input validation by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting arbitrary commands in the web-based management interface. A successful exploit could allow the attacker to make configuration changes on the affected device or cause certain services to restart unexpectedly. | 2022-05-27 | not yet calculated | CVE-2022-20797 CISCO |
cisco — ucs_director |
A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to affected web applications. A successful exploit could allow the attacker to rewrite web page content, access sensitive information stored in the applications, and alter data by submitting forms. | 2022-05-27 | not yet calculated | CVE-2022-20765 CISCO |
coalfire — winaprs |
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in WinAPRS 2.9.0. A buffer overflow in DIGI address processing for VHF KISS packets allows a remote attacker to cause a denial of service (daemon crash) via a malicious AX.25 packet over the air. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2022-06-02 | not yet calculated | CVE-2022-24700 MISC MISC |
coalfire — winaprs |
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in WinAPRS 2.9.0. A buffer overflow in the VHF KISS TNC component allows a remote attacker to achieve remote code execution via malicious AX.25 packets over the air. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2022-06-02 | not yet calculated | CVE-2022-24702 MISC MISC MISC MISC |
coalfire — winaprs |
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in WinAPRS 2.9.0. A buffer overflow in national.txt processing allows a local attacker to cause a denial of service or possibly achieve code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2022-06-02 | not yet calculated | CVE-2022-24701 MISC MISC |
codeastro — simple_bus_ticket_booking_system |
Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection via /SimpleBusTicket/index.php. | 2022-06-02 | not yet calculated | CVE-2022-30817 MISC |
codeastro — wedding_management_system | Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\blog_events_edit.php. | 2022-06-02 | not yet calculated | CVE-2022-30823 MISC |
codeastro — wedding_management_system | Wedding Management System v1.0 is vulnerable to SQL Injection via admin\client_assign.php. | 2022-06-02 | not yet calculated | CVE-2022-30826 MISC |
codeastro — wedding_management_system | Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_edit.php?booking=31&user_id=. | 2022-06-02 | not yet calculated | CVE-2022-30833 MISC |
codeastro — wedding_management_system | Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\client_edit.php. | 2022-06-02 | not yet calculated | CVE-2022-30825 MISC |
codeastro — wedding_management_system |
Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\package_edit.php. | 2022-06-02 | not yet calculated | CVE-2022-30827 MISC |
codeastro — wedding_management_system |
Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\photos_edit.php. | 2022-06-02 | not yet calculated | CVE-2022-30828 MISC |
codeastro — wedding_management_system |
In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of “users_profile.php” file. | 2022-06-02 | not yet calculated | CVE-2022-30822 MISC |
codeastro — wedding_management_system |
Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\feature_edit.php. | 2022-06-02 | not yet calculated | CVE-2022-30830 MISC |
codeastro — wedding_management_system |
In Wedding Management System v1.0, the editing function of the “Services” module in the background management system has an arbitrary file upload vulnerability in the picture upload point of “package_edit.php” file. | 2022-06-02 | not yet calculated | CVE-2022-30821 MISC |
codeastro — wedding_management_system |
Wedding Management System v1.0 is vulnerable to SQL Injection via Wedding-Management/wedding_details.php. | 2022-06-02 | not yet calculated | CVE-2022-30831 MISC |
codeastro — wedding_management_system |
Wedding Management System v1.0 is vulnerable to SQL injection via /Wedding-Management/admin/blog_events_edit.php?id=31. | 2022-06-02 | not yet calculated | CVE-2022-30818 MISC |
codeastro — wedding_management_system |
Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_assign.php?booking=31&user_id=. | 2022-06-02 | not yet calculated | CVE-2022-30832 MISC |
codeastro — wedding_management_system |
Wedding Management System v1.0 is vulnerable to SQL Injection. via /Wedding-Management/admin/budget.php?booking_id=. | 2022-06-02 | not yet calculated | CVE-2022-30835 MISC |
codeastro — wedding_management_system |
Wedding Management System v1.0 is vulnerable to SQL Injection. via Wedding-Management/admin/select.php. | 2022-06-02 | not yet calculated | CVE-2022-30836 MISC |
codeastro — wedding_management_system |
Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\users_edit.php. | 2022-06-02 | not yet calculated | CVE-2022-30829 MISC |
codeastro — wedding_management_system |
In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload point of “users_edit.php” file. | 2022-06-02 | not yet calculated | CVE-2022-30820 MISC |
codeastro — wedding_management_system |
In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of “photos_edit.php” file. | 2022-06-02 | not yet calculated | CVE-2022-30819 MISC |
complete_online_job_search_system — complete_online_job_search_system |
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/category/index.php?view=edit&id=. | 2022-06-02 | not yet calculated | CVE-2022-32013 MISC |
complete_online_job_search_system — complete_online_job_search_system |
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=category&search=. | 2022-06-02 | not yet calculated | CVE-2022-32015 MISC |
complete_online_job_search_system — complete_online_job_search_system |
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/employee/index.php?view=edit&id=. | 2022-06-02 | not yet calculated | CVE-2022-32012 MISC |
complete_online_job_search_system — complete_online_job_search_system |
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/applicants/index.php?view=view&id=. | 2022-06-02 | not yet calculated | CVE-2022-32011 MISC |
complete_online_job_search_system — complete_online_job_search_system |
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/user/index.php?view=edit&id=. | 2022-06-02 | not yet calculated | CVE-2022-32010 MISC |
complete_online_job_search_system — complete_online_job_search_system |
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/vacancy/index.php?view=edit&id=. | 2022-06-02 | not yet calculated | CVE-2022-32008 MISC |
complete_online_job_search_system — complete_online_job_search_system |
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/company/index.php?view=edit&id=. | 2022-06-02 | not yet calculated | CVE-2022-32007 MISC |
complete_online_job_search_system — complete_online_job_search_system |
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bycompany. | 2022-06-02 | not yet calculated | CVE-2022-32016 MISC |
complete_online_job_search_system — complete_online_job_search_system |
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=byfunction. | 2022-06-02 | not yet calculated | CVE-2022-32014 MISC |
complete_online_job_search_system — complete_online_job_search_system |
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bytitle. | 2022-06-02 | not yet calculated | CVE-2022-32017 MISC |
complete_online_job_search_system — complete_online_job_search_system |
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=hiring&search=. | 2022-06-02 | not yet calculated | CVE-2022-32018 MISC |
couchbase_server |
Couchbase Server before 7.1.0 has Incorrect Access Control. | 2022-06-02 | not yet calculated | CVE-2021-33504 MISC MISC |
creatiwity — witycms |
An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file. | 2022-06-02 | not yet calculated | CVE-2022-29725 MISC |
cveproject — cve-services |
CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in ‘data.js’ has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were called in production, it is possible that it would write the plaintext key to disk. A patch is not available as of time of publication but is anticipated as a “hot fix” for version 1.1.1 and for the 2.x branch. | 2022-06-02 | not yet calculated | CVE-2022-31004 MISC CONFIRM |
d-link — dir-890l |
** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter ‘descriptor’ at SetVirtualServerSettings.php. | 2022-06-03 | not yet calculated | CVE-2022-29778 MISC MISC |
d-link — dir-890l_dir890la1_fw107b09 |
The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users easily. The attackers can exploit the vulnerability to carry out arbitrary code by means of sending a specially constructed payload to port 49152. | 2022-06-02 | not yet calculated | CVE-2022-30521 MISC MISC |
dell — bsafe_micro_edition_suite |
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate Validation vulnerability. | 2022-06-01 | not yet calculated | CVE-2020-26184 CONFIRM |
dell — bsafe_micro_edition_suite |
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability. | 2022-06-01 | not yet calculated | CVE-2020-26185 CONFIRM |
dell — emc_powerstore |
Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker. | 2022-06-02 | not yet calculated | CVE-2022-26868 CONFIRM |
dell — multiple_products |
Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users. | 2022-06-02 | not yet calculated | CVE-2022-29084 CONFIRM |
dell — multiple_products |
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. | 2022-06-02 | not yet calculated | CVE-2022-29085 CONFIRM |
dell — powerstore |
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file. | 2022-06-02 | not yet calculated | CVE-2022-26867 CONFIRM |
dell — powerstore |
Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | 2022-06-02 | not yet calculated | CVE-2022-26866 CONFIRM |
dell — powerstore |
PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | 2022-06-02 | not yet calculated | CVE-2022-22557 CONFIRM |
dell — powerstore |
Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution. | 2022-06-02 | not yet calculated | CVE-2022-26869 CONFIRM |
delll — powerstore |
Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the Denial of Service. | 2022-06-02 | not yet calculated | CVE-2022-22556 CONFIRM |
delta_controls — entelitouch |
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request. | 2022-06-02 | not yet calculated | CVE-2022-29735 MISC MISC |
delta_controls — entelitouch |
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack. | 2022-06-02 | not yet calculated | CVE-2022-29733 MISC MISC |
delta_controls — entelitouch |
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2022-06-02 | not yet calculated | CVE-2022-29732 MISC MISC |
dhis2 — dhis2 |
DHIS2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability affects the `/api/programs/orgUnits?programs=` API endpoint in DHIS2 versions prior to 2.36.10.1 and 2.37.6.1. The system is vulnerable to attack only from users that are logged in to DHIS2, and there is no known way of exploiting the vulnerability without first being logged in as a DHIS2 user. The vulnerability is not exposed to a non-malicious user and requires a conscious attack to be exploited. A successful exploit of this vulnerability could allow the malicious user to read, edit and delete data in the DHIS2 instance’s database. Security patches are now available for DHIS2 versions 2.36.10.1 and 2.37.6.1. One may apply mitigations at the web proxy level as a workaround. More information about these mitigations is available in the GitHub Security Advisory. | 2022-06-01 | not yet calculated | CVE-2022-24848 MISC MISC MISC CONFIRM |
drupal — saml_sp |
Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Single Sign On (SSO) – SAML Service Provider in certain non-default configurations allow a malicious user to login as any chosen user. The vulnerability is mitigated by the module’s default settings which require the options “Either sign SAML assertions” and “x509 certificate”. This issue affects: Drupal SAML SP 2.0 Single Sign On (SSO) – SAML Service Provider 8.x version 8.x-2.24 and prior versions; 7.x version 7.x-2.57 and prior versions. | 2022-06-03 | not yet calculated | CVE-2022-26493 CONFIRM |
drytents — curekit |
In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal. | 2022-05-31 | not yet calculated | CVE-2022-23082 MISC CONFIRM |
ecommerce-project-with-php-and-mysqli-fruits-bazar — ecommerce-project-with-php-and-mysqli-fruits-bazar |
Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable to Cross Site Scripting (XSS) in \admin\add_cata.php via the ctg_name parameters. | 2022-06-02 | not yet calculated | CVE-2022-30482 MISC MISC MISC |
ecommerce-project-with-php-and-mysqli-fruits-bazar — ecommerce-project-with-php-and-mysqli-fruits-bazar |
Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable to SQL Injection in \search_product.php via the keyword parameters. | 2022-06-02 | not yet calculated | CVE-2022-30478 MISC MISC MISC |
eg_innovations — eg_agent |
eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM. | 2022-06-02 | not yet calculated | CVE-2022-29594 MISC |
egavilan_media — contact-form-with-messages-entry-management |
EGavilan Media Contact-Form-With-Messages-Entry-Management 1.0 is vulnerable to SQL Injection via Addmessage.php. This allows a remote attacker to compromise Application SQL database. | 2022-06-02 | not yet calculated | CVE-2021-44097 MISC MISC |
egavilan_media — expense-management-system |
EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Injection via /expense_action.php. This allows a remote attacker to compromise Application SQL database. | 2022-06-02 | not yet calculated | CVE-2021-44098 MISC MISC |
egavilan_media — user-registration-and-login-system-with-admin-panel |
EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profile_action – update_user. This allows a remote attacker to compromise Application SQL database. | 2022-06-02 | not yet calculated | CVE-2021-44096 MISC MISC |
elabftw — elabftw |
eLabFTW is an electronic lab notebook manager for research teams. Prior to version 4.3.0, a vulnerability allows an authenticated user with an administrator role in a team to assign itself system administrator privileges within the application, or create a new system administrator account. The issue has been corrected in eLabFTW version 4.3.0. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A system administrator account can manage all accounts, teams and edit system-wide settings within the application. The impact is not deemed as high, as it requires the attacker to have access to an administrator account. Regular user accounts cannot exploit this to gain admin rights. A workaround for one if the issues is removing the ability of administrators to create accounts. | 2022-05-31 | not yet calculated | CVE-2022-31007 CONFIRM MISC |
elitecms — elitecms |
elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php. | 2022-06-02 | not yet calculated | CVE-2022-30808 MISC |
elitecms — elitecms |
elitecms v1.01 is vulnerable to Delete any file via /admin/delete_image.php?file=. | 2022-06-02 | not yet calculated | CVE-2022-30804 MISC |
elitecms — elitecms |
elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php. | 2022-06-02 | not yet calculated | CVE-2022-30816 MISC |
elitecms — elitecms |
elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar= | 2022-06-02 | not yet calculated | CVE-2022-30815 MISC |
elitecms — elitecms |
elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php. | 2022-06-02 | not yet calculated | CVE-2022-30814 MISC |
elitecms — elitecms |
elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php. | 2022-06-02 | not yet calculated | CVE-2022-30813 MISC |
elitecms — elitecms |
elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php. | 2022-06-02 | not yet calculated | CVE-2022-30810 MISC |
elitecms — elitecms |
elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=. | 2022-06-02 | not yet calculated | CVE-2022-30809 MISC |
embedhis — appweb_community_edition |
An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function. | 2022-06-02 | not yet calculated | CVE-2021-33254 MISC |
fedora — fedora |
With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference. | 2022-06-02 | not yet calculated | CVE-2022-1789 MISC MISC MISC FEDORA FEDORA FEDORA |
flightradar24 — flightradar24 |
An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys. | 2022-06-02 | not yet calculated | CVE-2021-43512 MISC MISC MISC |
flower — flower |
Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes. | 2022-06-02 | not yet calculated | CVE-2022-30034 MISC MISC |
fluid_attacks — keep_my_notes |
An attacker with physical access to the victim’s device can bypass the application’s password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation. | 2022-06-02 | not yet calculated | CVE-2022-1716 MISC MISC |
food-order-and-table-reservation-system — food-order-and-table-reservation-system |
Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Injection in categorywise-menu.php via the catid parameters. | 2022-06-02 | not yet calculated | CVE-2022-30481 MISC MISC MISC |
form.io — form.io |
A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. | 2022-06-02 | not yet calculated | CVE-2020-28246 MISC MISC |
freeswitch — sofia-sip |
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) – 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this issue. | 2022-05-31 | not yet calculated | CVE-2022-31001 MISC CONFIRM |
freeswitch — sofia-sip |
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a patch for this issue. | 2022-05-31 | not yet calculated | CVE-2022-31002 MISC CONFIRM |
freeswitch — sofia-sip |
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\0` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution. Version 1.13.8 contains a patch for this issue. | 2022-05-31 | not yet calculated | CVE-2022-31003 MISC CONFIRM |
freetype_demo_programs — freetype_demo_programs |
ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow. | 2022-06-02 | not yet calculated | CVE-2022-31782 MISC |
friendsofflarum — upload |
FriendsofFlarum (FoF) Upload is an extension that handles file uploads intelligently for your forum. If FoF Upload prior to version 1.2.3 is configured to allow the uploading of SVG files (‘image/svg+xml’), navigating directly to an SVG file URI could execute arbitrary Javascript code decided by an attacker. This Javascript code could include the execution of HTTP web requests to Flarum, or any other web service. This could allow data to be leaked by an authenticated Flarum user, or, possibly, for data to be modified maliciously. This issue has been patched with v1.2.3, which now sanitizes uploaded SVG files. As a workaround, remove the ability for users to upload SVG files through FoF Upload. | 2022-06-02 | not yet calculated | CVE-2022-30999 MISC MISC MISC CONFIRM |
gitee — tpcms |
An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file. | 2022-06-02 | not yet calculated | CVE-2022-29624 MISC MISC |
gitee — ofcms |
OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json. | 2022-06-02 | not yet calculated | CVE-2022-29653 MISC |
github-action-merge-dependabot — github-action-merge-dependabot |
github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests (PRs). Prior to version 3.2.0, github-action-merge-dependabot does not check if a commit created by dependabot is verified with the proper GPG key. There is just a check if the actor is set to `dependabot[bot]` to determine if the PR is a legit PR. Theoretically, an owner of a seemingly valid and legit action in the pipeline can check if the PR is created by dependabot and if their own action has enough permissions to modify the PR in the pipeline. If so, they can modify the PR by adding a second seemingly valid and legit commit to the PR, as they can set arbitrarily the username and email in for commits in git. Because the bot only checks if the actor is valid, it would pass the malicious changes through and merge the PR automatically, without getting noticed by project maintainers. It would probably not be possible to determine where the malicious commit came from, as it would only say `dependabot[bot]` and the corresponding email-address. Version 3.2.0 contains a patch for this issue. | 2022-05-31 | not yet calculated | CVE-2022-29220 MISC CONFIRM MISC |
go-gitea — gitea |
Cross-site Scripting (XSS) – Stored in GitHub repository go-gitea/gitea prior to 1.16.9. | 2022-05-29 | not yet calculated | CVE-2022-1928 MISC CONFIRM |
gogs — gogs |
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8. | 2022-06-01 | not yet calculated | CVE-2022-1285 MISC CONFIRM |
gogs– gogs |
Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker (registered user) can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that configuration can contain an option such as sshCommand, which is executed when a master branch is a remote branch (using an ssh:// URI). The remote branch can also be configured by editing the Git configuration file. One can create a new file in a new repository, using the GUI, with “\” as its name, and then rename this file to .git/config with the custom configuration content (and then save it). | 2022-06-02 | not yet calculated | CVE-2021-32546 MISC MISC |
google — google-it |
Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the ‘Open in browser’ option in versions up to 1.6.2, google-it will unsafely concat the result’s link retrieved from google to a shell command, potentially exposing the server to RCE. | 2022-06-02 | not yet calculated | CVE-2021-34083 MISC MISC MISC |
hackerone — curl | A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. | 2022-06-02 | not yet calculated | CVE-2022-27776 MISC |
hackerone — curl |
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around – by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL. | 2022-06-02 | not yet calculated | CVE-2022-30115 MISC |
hackerone — curl |
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily. | 2022-06-02 | not yet calculated | CVE-2022-27782 MISC |
hackerone — curl |
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. | 2022-06-02 | not yet calculated | CVE-2022-27775 MISC |
hackerone — curl |
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server’s certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. | 2022-06-02 | not yet calculated | CVE-2022-27781 MISC |
hackerone — curl |
The curl URL parser wrongly accepts percent-encoded URL separators like ‘/’when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more. | 2022-06-02 | not yet calculated | CVE-2022-27780 MISC |
hackerone — curl |
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl’s “cookie engine” can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain. | 2022-06-02 | not yet calculated | CVE-2022-27779 MISC |
hackerone — curl |
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `–no-clobber` is used together with `–remove-on-error`. | 2022-06-02 | not yet calculated | CVE-2022-27778 MISC |
hackerone — curl |
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. | 2022-06-02 | not yet calculated | CVE-2022-27774 MISC |
hashicorp — multipule_products |
HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1. | 2022-06-02 | not yet calculated | CVE-2022-30324 MISC MISC |
hcl_software — traveler |
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment. | 2022-05-27 | not yet calculated | CVE-2021-27780 CONFIRM |
hcl_software — traveler |
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie. | 2022-05-27 | not yet calculated | CVE-2021-27781 CONFIRM |
hcl_software — traveler |
HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. An attacker could exploit this vulnerability to execute a malicious script to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. | 2022-06-01 | not yet calculated | CVE-2021-27778 CONFIRM |
horner_automation — ccscape_csfont |
The affected product is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. | 2022-06-02 | not yet calculated | CVE-2022-27184 MISC |
horner_automation — cscape – csfont |
The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code | 2022-06-02 | not yet calculated | CVE-2022-30540 MISC |
horner_automation — cscape_csfont |
The affected product is vulnerable to an out-of-bounds write via uninitialized pointer, which may allow an attacker to execute arbitrary code. | 2022-06-02 | not yet calculated | CVE-2022-28690 MISC |
horner_automation — cscape_csfont |
The affected product is vulnerable to an out-of-bounds read via uninitialized pointer, which may allow an attacker to execute arbitrary code. | 2022-06-02 | not yet calculated | CVE-2022-29488 MISC |
ibm — multiple_products |
IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 – V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 2022-05-31 | not yet calculated | CVE-2022-22361 XF CONFIRM |
ict — protege_gxwx |
An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users. | 2022-06-02 | not yet calculated | CVE-2022-29731 MISC MISC |
ict — protege_gxwx |
A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. | 2022-06-02 | not yet calculated | CVE-2022-29734 MISC MISC |
idce_mv’s_application — idce_mv’s_application |
SQL injection in Logon Page of IDCE MV’s application, version 1.0, allows an attacker to inject SQL payloads in the user field, connecting to a database to access enterprise’s private and sensitive information. | 2022-06-02 | not yet calculated | CVE-2022-30496 MISC MISC |
janobe — online_ordering_system |
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?view=edit&id=. | 2022-06-02 | not yet calculated | CVE-2022-31335 MISC |
janobe — online_ordering_system |
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/loaddata.php. | 2022-06-02 | not yet calculated | CVE-2022-31336 MISC |
janobe — online_ordering_system |
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/category/index.php?view=edit&id=. | 2022-06-02 | not yet calculated | CVE-2022-31337 MISC |
janobe — online_ordering_system |
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=. | 2022-06-02 | not yet calculated | CVE-2022-31338 MISC |
janobe — online_ordering_system_by_janobe |
Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection via /ordering/admin/orders/loaddata.php. | 2022-06-02 | not yet calculated | CVE-2022-31329 MISC |
janobe — online_ordering_system_by_janobe |
Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering/admin/products/index.php?view=edit&id=. | 2022-06-02 | not yet calculated | CVE-2022-31328 MISC |
janobe — online_ordering_system_by_janobe |
Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=products&id=. | 2022-06-02 | not yet calculated | CVE-2022-31327 MISC |
jfinal_cms — jfinal_cms |
A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request. | 2022-06-02 | not yet calculated | CVE-2022-29648 MISC |
jfrog — devcert_npm_package |
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method | 2022-06-02 | not yet calculated | CVE-2022-1929 MISC |
jfrog — jquery-validation_npm_package |
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method | 2022-06-02 | not yet calculated | CVE-2021-43306 MISC |
jfrog — markdown-link-extractor_npm_package |
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module’s exported function | 2022-06-02 | not yet calculated | CVE-2021-43308 MISC |
jfrog — semver-regex_npm_package |
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method | 2022-06-02 | not yet calculated | CVE-2021-43307 MISC |
keysight_technologies — multiple_products |
The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files. | 2022-06-02 | not yet calculated | CVE-2022-1661 MISC |
keysight_technologies — keysight_n6854a_and_n6841a_rf |
The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary code. | 2022-06-02 | not yet calculated | CVE-2022-1660 MISC |
knime — analytics_platform | In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. | 2022-06-02 | not yet calculated | CVE-2022-31500 MISC MISC |
krcert/cc — maxboard |
SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoard can cause information leakage and privilege escalation. This vulnerabilities can be exploited by manipulating a variable with a desired value and inserting and arbitrary file. | 2022-06-02 | not yet calculated | CVE-2021-26633 MISC |
krcert/cc — maxboard |
In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code execution. | 2022-06-02 | not yet calculated | CVE-2021-26635 MISC |
krcert/cc — maxboard |
SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. Attackers can use these vulnerabilities to perform attacks such as stealing server management rights using a web shell. | 2022-06-02 | not yet calculated | CVE-2021-26634 MISC |
libdwarf — libdwarf | libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c. | 2022-06-02 | not yet calculated | CVE-2022-32200 MISC MISC MISC |
libinput — libinput |
A format string vulnerability was found in libinput | 2022-06-02 | not yet calculated | CVE-2022-1215 MISC |
libjpeg — libjpeg |
libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use. | 2022-06-02 | not yet calculated | CVE-2022-31796 MISC MISC |
libjpeg — libjpeg |
In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp. | 2022-06-02 | not yet calculated | CVE-2022-32202 MISC MISC |
libjpeg — libjpeg |
In libjpeg 1.63, there is a NULL pointer dereference in Component::SubXOf in component.hpp. | 2022-06-02 | not yet calculated | CVE-2022-32201 MISC MISC |
liblouis — liblouis |
Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace. | 2022-06-02 | not yet calculated | CVE-2022-31783 MISC MISC |
libmobi — libmobi |
libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mobi file. | 2022-06-02 | not yet calculated | CVE-2022-29788 MISC |
librenms — librenms |
LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters. | 2022-06-02 | not yet calculated | CVE-2022-29712 MISC |
librenms — librenms |
LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php. | 2022-06-02 | not yet calculated | CVE-2022-29711 MISC MISC |
lifion — lifion-verify-dependencies |
lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project’s package.json file. | 2022-06-02 | not yet calculated | CVE-2021-34078 MISC MISC |
linkplay — sound_bar |
LinkPlay Sound Bar v1.0 allows attackers to escalate privileges via a hardcoded password for the SSL certificate. | 2022-06-02 | not yet calculated | CVE-2022-28605 MISC |
linux — kernal |
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. | 2022-06-02 | not yet calculated | CVE-2022-1652 MISC MISC MISC |
linux — kernel |
A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially | 2022-06-02 | not yet calculated | CVE-2022-1943 MISC |
linux — kernel |
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. | 2022-06-02 | not yet calculated | CVE-2022-32250 MISC MISC MLIST MLIST |
linux — kernel’s_io_uring |
A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system. | 2022-06-02 | not yet calculated | CVE-2022-1786 MISC |
linux — teletype |
An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. | 2022-06-02 | not yet calculated | CVE-2022-1462 MISC |
mattermost — mattermost | Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post. | 2022-06-02 | not yet calculated | CVE-2022-1982 MISC |
mautic — mautic |
A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript | 2022-06-01 | not yet calculated | CVE-2021-27914 CONFIRM |
mcms — mcms |
An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file. | 2022-06-02 | not yet calculated | CVE-2022-30506 MISC |
mcms — mcms |
An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do. | 2022-06-02 | not yet calculated | CVE-2022-29647 MISC |
mgm_security_partners — bigbluebutton |
BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the “Share room access” dialog if the victim has shared access to the particular room with the attacker previously. | 2022-06-02 | not yet calculated | CVE-2022-26497 MISC MISC |
microsoft — edge |
Microsoft Edge (Chromium-based) Spoofing Vulnerability. | 2022-06-01 | not yet calculated | CVE-2022-26905 N/A |
microsoft — edge |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30128. | 2022-06-01 | not yet calculated | CVE-2022-30127 N/A |
microsoft — edge |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30127. | 2022-06-01 | not yet calculated | CVE-2022-30128 N/A |
mintzo — docker-tester |
OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the ‘ports’ entry of a crafted docker-compose.yml file. | 2022-06-02 | not yet calculated | CVE-2021-34079 MISC MISC |
mitsubishi — multiple_products |
Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number “24061” or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number “24061” or prior and Mitsubishi Electric MELSEC iQ-R Series RD81MES96N firmware version “08” or prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on the target products by sending specially crafted packets. | 2022-06-02 | not yet calculated | CVE-2022-25163 MISC MISC |
mruby — mruby |
Use After Free in GitHub repository mruby/mruby prior to 3.2. | 2022-05-31 | not yet calculated | CVE-2022-1934 MISC CONFIRM |
neorazorx — facturascripts |
Cross-site Scripting (XSS) – Generic in GitHub repository neorazorx/facturascripts prior to 2022.09. | 2022-06-03 | not yet calculated | CVE-2022-1988 MISC CONFIRM |
neos_cms — neos_cms |
Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also be present in all intermediate versions. | 2022-06-02 | not yet calculated | CVE-2022-30429 MISC |
netapp — e-series_santricity_os_controller_software |
E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users. | 2022-06-02 | not yet calculated | CVE-2022-23236 MISC |
netapp — e-series_santricity_os_controller_software |
E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host header injection attacks that could allow an attacker to redirect users to malicious websites. | 2022-06-02 | not yet calculated | CVE-2022-23237 MISC |
netcloud — server |
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4, missing input-size validation of new session names allows users to create app passwords with long names. These long names are then loaded into memory on usage, resulting in impacted performance. Versions 22.2.7 and 23.0.4 contain a fix for this issue. There are currently no known workarounds available. | 2022-05-31 | not yet calculated | CVE-2022-29243 MISC MISC CONFIRM |
netscout — ngeniusone |
NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution. | 2022-06-02 | not yet calculated | CVE-2021-45983 MISC MISC |
netscout — ngeniusone |
NetScout nGeniusONE 6.3.2 allows Arbitrary File Upload by a privileged user. | 2022-06-02 | not yet calculated | CVE-2021-45982 MISC MISC |
netscout — ngeniusone |
NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack. | 2022-06-02 | not yet calculated | CVE-2021-45981 MISC MISC |
nextcloud — richdocuments |
richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fix for this issue. There are currently no known workarounds available. | 2022-06-02 | not yet calculated | CVE-2022-31024 MISC CONFIRM MISC |
nginx — njs |
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h. | 2022-06-02 | not yet calculated | CVE-2022-30503 MISC MISC |
nginx — njs |
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. | 2022-06-02 | not yet calculated | CVE-2022-29779 MISC MISC |
nginx — njs |
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. | 2022-06-02 | not yet calculated | CVE-2022-29780 MISC MISC |
npm — es128_ssl-utils |
OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions. | 2022-06-02 | not yet calculated | CVE-2021-34080 MISC |
online_car_wash_booking_system — online_car_wash_booking_system | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_booking. | 2022-06-02 | not yet calculated | CVE-2022-31344 MISC |
online_car_wash_booking_system — online_car_wash_booking_system | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle. | 2022-06-02 | not yet calculated | CVE-2022-31347 MISC |
online_car_wash_booking_system — online_car_wash_booking_system | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/bookings/update_status.php?id=. | 2022-06-02 | not yet calculated | CVE-2022-31348 MISC |
online_car_wash_booking_system — online_car_wash_booking_system | Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manage_price.php?id=. | 2022-06-02 | not yet calculated | CVE-2022-31351 MISC |
online_car_wash_booking_system — online_car_wash_booking_system | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_service.php?id=. | 2022-06-02 | not yet calculated | CVE-2022-31353 MISC |
online_car_wash_booking_system — online_car_wash_booking_system | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=get_vehicle_service. | 2022-06-02 | not yet calculated | CVE-2022-31354 MISC |
online_car_wash_booking_system — online_car_wash_booking_system |
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=. | 2022-06-02 | not yet calculated | CVE-2022-31350 MISC |
online_car_wash_booking_system — online_car_wash_booking_system |
Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manage_service.php?id=. | 2022-06-02 | not yet calculated | CVE-2022-31352 MISC |
online_car_wash_booking_system — online_car_wash_booking_system |
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_service. | 2022-06-02 | not yet calculated | CVE-2022-31346 MISC |
online_car_wash_booking_system — online_car_wash_booking_system |
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=user/manage_user&id=. | 2022-06-02 | not yet calculated | CVE-2022-31345 MISC |
online_car_wash_booking_system — online_car_wash_booking_system |
Online Car Wash Booking System v1.0 is vulnerable to Delete any file via /ocwbs/classes/Master.php?f=delete_img. | 2022-06-02 | not yet calculated | CVE-2022-31342 MISC |
online_car_wash_booking_system — online_car_wash_booking_system |
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/view_details&id=. | 2022-06-02 | not yet calculated | CVE-2022-31343 MISC |
online_fire_reporting_system — online_fire_reporting_system |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=. | 2022-06-02 | not yet calculated | CVE-2022-31974 MISC |
online_fire_reporting_system — online_fire_reporting_system |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manage_team&id=. | 2022-06-02 | not yet calculated | CVE-2022-31980 MISC |
online_fire_reporting_system — online_fire_reporting_system |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team. | 2022-06-02 | not yet calculated | CVE-2022-31977 MISC |
online_fire_reporting_system — online_fire_reporting_system |
Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=delete_img. | 2022-06-02 | not yet calculated | CVE-2022-31973 MISC |
online_fire_reporting_system — online_fire_reporting_system |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_inquiry. | 2022-06-02 | not yet calculated | CVE-2022-31978 MISC |
online_fire_reporting_system — online_fire_reporting_system |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_user&id=. | 2022-06-02 | not yet calculated | CVE-2022-31975 MISC |
online_fire_reporting_system — online_fire_reporting_system |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/view_team&id=. | 2022-06-02 | not yet calculated | CVE-2022-31981 MISC |
online_fire_reporting_system — online_fire_reporting_system |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request&id=. | 2022-06-02 | not yet calculated | CVE-2022-31982 MISC |
online_fire_reporting_system — online_fire_reporting_system |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request. | 2022-06-02 | not yet calculated | CVE-2022-31976 MISC |
online_fire_reporting_system — online_fire_reporting_system |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/manage_request&id=. | 2022-06-02 | not yet calculated | CVE-2022-31983 MISC |
online_fire_reporting_system — online_fire_reporting_system |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/take_action.php?id=. | 2022-06-02 | not yet calculated | CVE-2022-31984 MISC |
onlyoffice — document_server |
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp. | 2022-06-02 | not yet calculated | CVE-2022-29776 MISC MISC |
onlyoffice — document_server |
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h. | 2022-06-02 | not yet calculated | CVE-2022-29777 MISC MISC |
oretnom23 — merchandise_online_store |
Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information. | 2022-06-02 | not yet calculated | CVE-2022-30423 MISC |
oretnom23 — online_ordering_system |
Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductetails.php. | 2022-06-02 | not yet calculated | CVE-2022-30794 MISC |
oretnom23 — online_ordering_system |
Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductimage.php. | 2022-06-02 | not yet calculated | CVE-2022-30795 MISC |
oretnom23 — online_ordering_system |
Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/viewreport.php. | 2022-06-02 | not yet calculated | CVE-2022-30798 MISC |
oretnom23 — online_ordering_system |
Online Ordering System v1.0 by oretnom23 has SQL injection via store/orderpage.php. | 2022-06-02 | not yet calculated | CVE-2022-30799 MISC |
oretnom23 — online_ordering_system |
Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php. | 2022-06-02 | not yet calculated | CVE-2022-30797 MISC |
owl_labs — meeting_owl | Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used. | 2022-06-02 | not yet calculated | CVE-2022-31463 MISC MISC |
owl_labs — meeting_owl |
Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data. | 2022-06-02 | not yet calculated | CVE-2022-31462 MISC MISC |
owl_labs — meeting_owl |
Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value. | 2022-06-02 | not yet calculated | CVE-2022-31460 MISC MISC |
owl_labs — meeting_owl |
Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth. | 2022-06-02 | not yet calculated | CVE-2022-31459 MISC MISC |
owl_labs — meeting_owl |
Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message. | 2022-06-02 | not yet calculated | CVE-2022-31461 MISC MISC |
packet_storm — responsive_online_blog |
Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php. | 2022-06-02 | not yet calculated | CVE-2022-29659 MISC MISC MISC |
pbootcms — pbootcms |
Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index. | 2022-06-02 | not yet calculated | CVE-2020-20971 MISC |
percona — xtrabackup |
Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when –history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table. NOTE: this issue exists because of an incomplete fix for CVE-2020-10997. | 2022-06-02 | not yet calculated | CVE-2022-26944 MISC MISC |
phpabook — phpabook |
phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the “auth_user” parameter in index.php script. | 2022-06-02 | not yet calculated | CVE-2022-30352 MISC MISC |
pidgin — pidgin |
An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968. | 2022-06-02 | not yet calculated | CVE-2022-26491 MISC MISC MISC MISC MISC |
play_framework — play_framework |
Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by configuring its `DefaultHttpErrorHandler` to do so based on the application mode. In its Scala API Play also provides a static object `DefaultHttpErrorHandler` that is configured to always show verbose errors. This is used as a default value in some Play APIs, so it is possible to inadvertently use this version in production. It is also possible to improperly configure the `DefaultHttpErrorHandler` object instance as the injected error handler. Both of these situations could result in verbose errors displaying to users in a production application, which could expose sensitive information from the application. In particular, the constructor for `CORSFilter` and `apply` method for `CORSActionBuilder` use the static object `DefaultHttpErrorHandler` as a default value. This is patched in Play Framework 2.8.16. The `DefaultHttpErrorHandler` object has been changed to use the prod-mode behavior, and `DevHttpErrorHandler` has been introduced for the dev-mode behavior. A workaround is available. When constructing a `CORSFilter` or `CORSActionBuilder`, ensure that a properly-configured error handler is passed. Generally this should be done by using the `HttpErrorHandler` instance provided through dependency injection or through Play’s `BuiltInComponents`. Ensure that the application is not using the `DefaultHttpErrorHandler` static object in any code that may be run in production. | 2022-06-02 | not yet calculated | CVE-2022-31023 CONFIRM MISC MISC |
play_framework — play_framework |
Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play’s forms library, in both the Scala and Java APIs. This can occur when using either the `Form#bindFromRequest` method on a JSON request body or the `Form#bind` method directly on a JSON value. If the JSON data being bound to the form contains a deeply-nested JSON object or array, the form binding implementation may consume all available heap space and cause an `OutOfMemoryError`. If executing on the default dispatcher and `akka.jvm-exit-on-fatal-error` is enabled—as it is by default—then this can crash the application process. `Form.bindFromRequest` is vulnerable when using any body parser that produces a type of `AnyContent` or `JsValue` in Scala, or one that can produce a `JsonNode` in Java. This includes Play’s default body parser. This vulnerability been patched in version 2.8.16. There is now a global limit on the depth of a JSON object that can be parsed, which can be configured by the user if necessary. As a workaround, applications that do not need to parse a request body of type `application/json` can switch from the default body parser to another body parser that supports only the specific type of body they expect. | 2022-06-02 | not yet calculated | CVE-2022-31018 CONFIRM MISC MISC |
polonel — trudesk |
Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3. | 2022-05-31 | not yet calculated | CVE-2022-1947 MISC CONFIRM |
polonel — trudesk |
Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3. | 2022-05-31 | not yet calculated | CVE-2022-1926 CONFIRM MISC |
polonel — trudesk |
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository polonel/trudesk prior to 1.2.3. | 2022-05-31 | not yet calculated | CVE-2022-1893 MISC CONFIRM |
polonel — trudesk |
Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3. | 2022-05-31 | not yet calculated | CVE-2022-1931 CONFIRM MISC |
polonel — trudesk |
Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3. | 2022-05-31 | not yet calculated | CVE-2022-1808 MISC CONFIRM |
project_worlds_official — hospital_management_system_in_php |
Project Worlds Official Hospital Management System in php 1.0 is vulnerable to SQL Injection on login page organization. ¶¶ A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database. | 2022-06-02 | not yet calculated | CVE-2021-44095 MISC MISC MISC |
protobufjs — protobufjs |
The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions 2. by parsing/loading .proto files | 2022-05-27 | not yet calculated | CVE-2022-25878 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
publiccms — publiccms |
PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java. | 2022-06-03 | not yet calculated | CVE-2022-29784 MISC MISC |
python — waitress |
Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed. This issue has been fixed in Waitress 2.1.2 by no longer allowing the WSGI thread to close the socket. Instead, that is always delegated to the main thread. There is no work-around for this issue. However, users using waitress behind a reverse proxy server are less likely to have issues if the reverse proxy always reads the full response. | 2022-05-31 | not yet calculated | CVE-2022-31015 MISC MISC CONFIRM MISC |
qdecoder — qdecoder |
qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding. | 2022-06-03 | not yet calculated | CVE-2022-32265 MISC MISC MISC |
real_player — real_player |
In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder (DLL planting could also occur). | 2022-06-03 | not yet calculated | CVE-2022-32270 MISC MISC |
real_player — real_player |
In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary local files. | 2022-06-03 | not yet calculated | CVE-2022-32271 MISC MISC |
real_player — real_player |
In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). This leads to arbitrary code execution. | 2022-06-03 | not yet calculated | CVE-2022-32269 MISC MISC |
red_hat_inc — multiple_products |
The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. | 2022-06-02 | not yet calculated | CVE-2022-1419 MISC |
rescue_dispatch_management_system — rescue_dispatch_management_system | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/manage_report.php?id=. | 2022-06-02 | not yet calculated | CVE-2022-31956 MISC |
rescue_dispatch_management_system — rescue_dispatch_management_system | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/respondent_types/manage_respondent_type.php?id=. | 2022-06-02 | not yet calculated | CVE-2022-31965 MISC |
rescue_dispatch_management_system — rescue_dispatch_management_system | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/respondent_types/view_respondent_type.php?id=. | 2022-06-02 | not yet calculated | CVE-2022-31964 MISC |
rescue_dispatch_management_system — rescue_dispatch_management_system | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/view_incident.php?id=. | 2022-06-02 | not yet calculated | CVE-2022-31962 MISC |
rescue_dispatch_management_system — rescue_dispatch_management_system | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/manage_incident.php?id=. | 2022-06-02 | not yet calculated | CVE-2022-31961 MISC |
rescue_dispatch_management_system — rescue_dispatch_management_system | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/teams/manage_team.php?id=. | 2022-06-02 | not yet calculated | CVE-2022-31959 MISC |
rescue_dispatch_management_system — rescue_dispatch_management_system | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/teams/view_team.php?id=. | 2022-06-02 | not yet calculated | CVE-2022-31957 MISC |
rescue_dispatch_management_system — rescue_dispatch_management_system | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/view_report.php?id=. | 2022-06-02 | not yet calculated | CVE-2022-31953 MISC |
rescue_dispatch_management_system — rescue_dispatch_management_system |
Rescue Dispatch Management System v1.0 is vulnerable to Delete any file via /rdms/classes/Master.php?f=delete_img. | 2022-06-02 | not yet calculated | CVE-2022-31945 MISC |
rescue_dispatch_management_system — rescue_dispatch_management_system |
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_team. | 2022-06-02 | not yet calculated | CVE-2022-31946 MISC |
rescue_dispatch_management_system — rescue_dispatch_management_system |
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_report. | 2022-06-02 | not yet calculated | CVE-2022-31948 MISC |
rescue_dispatch_management_system — rescue_dispatch_management_system |
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_respondent_type. | 2022-06-02 | not yet calculated | CVE-2022-31951 MISC |
rescue_dispatch_management_system — rescue_dispatch_management_system |
Rescue Dispatch Management System v1.0 is vulnerable to SQL injection via /rdms/classes/Master.php?f=delete_incident. | 2022-06-02 | not yet calculated | CVE-2022-31952 MISC |
resi — gemini-net |
resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints, | 2022-06-02 | not yet calculated | CVE-2022-29540 MISC MISC |
riverbed — appresponse |
Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a (when configured to use local, RADIUS, or TACACS authentication) logs usernames and passwords if either is entered incorrectly. If a user enters an incorrect username and/or password when logging into the WebUI, these attempted credentials are included in an error message that is logged in the WebUI log file. A log entry does not appear if the username and password provided correctly match a valid set of credentials. This also does not happen if AppResponse is configured to use SAML authentication. The WebUI log file is included in subsequent diagnostic system dumps that are generated. (Only users with Full Control access to the System Configuration permission can generate system dumps. By default, only System Administrators have Full Control access to the System Configuration permission.) | 2022-06-03 | not yet calculated | CVE-2021-43271 MISC |
rockwell_automation — logix_controllers |
A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online. | 2022-06-02 | not yet calculated | CVE-2022-1797 CONFIRM CONFIRM |
rsa — archer |
RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type. | 2022-06-02 | not yet calculated | CVE-2021-33615 MISC MISC MISC |
ruby_gem — dragonfly |
An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL. | 2022-06-02 | not yet calculated | CVE-2021-33473 MISC MISC |
schneider_electric_se — multiple_products |
A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | 2022-06-02 | not yet calculated | CVE-2022-30238 MISC |
schneider_electric_se — multiple_products |
A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | 2022-06-02 | not yet calculated | CVE-2022-30232 MISC |
schneider_electric_se — multiple_products |
A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | 2022-06-02 | not yet calculated | CVE-2022-30233 MISC |
schneider_electric_se — multiple_products |
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | 2022-06-02 | not yet calculated | CVE-2022-30234 MISC |
schneider_electric_se — multiple_products |
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | 2022-06-02 | not yet calculated | CVE-2022-30235 MISC |
schneider_electric_se — multiple_products |
A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | 2022-06-02 | not yet calculated | CVE-2022-30236 MISC |
schneider_electric_se — multiple_products |
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | 2022-06-02 | not yet calculated | CVE-2022-30237 MISC |
sercomm — multiple_products |
A Command Injection vulnerability in httpd web server (setup.cgi) in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connection_type parameter of the statussupport_diagnostic_tracing.json endpoint. | 2022-06-02 | not yet calculated | CVE-2021-44080 MISC MISC |
siemens-healthineers — multiple_products |
A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable. | 2022-06-01 | not yet calculated | CVE-2022-29875 CONFIRM |
siteserver — sscms |
siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS). | 2022-06-02 | not yet calculated | CVE-2022-30349 MISC |
solidusio — solidus |
solidus_backend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery (CSRF) vulnerability. The vulnerability allows attackers to change the state of an order’s adjustments if they hold its number, and the execution happens on a store administrator’s computer. Users should upgrade to solidus_backend 3.1.6, 3.0.6, or 2.11.16 to receive a patch. | 2022-06-01 | not yet calculated | CVE-2022-31000 MISC CONFIRM |
solutions_atlantic — regulatory_reporting_system |
Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to an reflected Cross-Site Scripting (XSS) vulnerability via RRSWeb/maint/ShowDocument/ShowDocument.aspx . | 2022-06-02 | not yet calculated | CVE-2022-29598 MISC MISC |
solutions_atlantic — regulatory_reporting_system |
Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to Local File Inclusion (LFI). Any authenticated user has the ability to reference internal system files within requests made to the RRSWeb/maint/ShowDocument/ShowDocument.aspx page. The server will successfully respond with the file contents of the internal system file requested. This ability could allow for adversaries to extract sensitive data and/or files from the underlying file system, gain knowledge about the internal workings of the system, or access source code of the application. | 2022-06-02 | not yet calculated | CVE-2022-29597 MISC MISC |
sourcecodester — online_market_place_site |
An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers. | 2022-06-02 | not yet calculated | CVE-2022-29627 MISC |
sourcecodester — online_market_place_site |
A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page parameter. | 2022-06-02 | not yet calculated | CVE-2022-29628 MISC |
sourcecodester — product_show_room_site |
A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been declared as problematic. This vulnerability affects p=contact. The manipulation of the Message textbox with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely but requires authentication. Exploit details have been disclosed to the public. | 2022-06-02 | not yet calculated | CVE-2022-1979 MISC MISC |
sourcecodester — product_show_room_site |
A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been rated as problematic. This issue affects the file /admin/?page=system_info/contact_info. The manipulation of the textbox Telephone with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely but requires authentication. Expliot details have been disclosed to the public. | 2022-06-02 | not yet calculated | CVE-2022-1980 MISC MISC |
sourcecodester — school_dormitory_management_system |
School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126. | 2022-06-02 | not yet calculated | CVE-2022-30514 MISC MISC |
sourcecodester — school_dormitory_management_system |
School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/daily_collection_report.php:59. | 2022-06-02 | not yet calculated | CVE-2022-30510 MISC MISC |
sourcecodester — school_dormitory_management_system |
School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/view_details.php:4. | 2022-06-02 | not yet calculated | CVE-2022-30511 MISC MISC |
sourcecodester — school_dormitory_management_system |
School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125 | 2022-06-02 | not yet calculated | CVE-2022-30513 MISC MISC |
sourcecodester — school_dormitory_management_system |
School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/payment_history.php:31. | 2022-06-02 | not yet calculated | CVE-2022-30512 MISC MISC |
ssh.net — ssh.net |
SSH.NET is a Secure Shell (SSH) library for .NET. In versions 2020.0.0 and 2020.0.1, during an `X25519` key exchange, the client’s private key is generated with `System.Random`. `System.Random` is not a cryptographically secure random number generator, it must therefore not be used for cryptographic purposes. When establishing an SSH connection to a remote host, during the X25519 key exchange, the private key is generated with a weak random number generator whose seed can be brute forced. This allows an attacker who is able to eavesdrop on the communications to decrypt them. Version 2020.0.2 contains a patch for this issue. As a workaround, one may disable support for `curve25519-sha256` and `[email protected]` key exchange algorithms. | 2022-05-31 | not yet calculated | CVE-2022-29245 CONFIRM MISC MISC MISC |
starwindsoftware — multiple_products |
StarWind SAN and NAS v0.2 build 1914 allow remote code execution. | 2022-06-03 | not yet calculated | CVE-2022-32268 MISC |
swftools — swftools | An issue was discovered in swftools through 20201222. A heap buffer overflow exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execution. | 2022-06-02 | not yet calculated | CVE-2021-42199 MISC |
swftools — swftools | An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_DeleteFilter() located in swffilter.c. It allows an attacker to cause Denial of Service. | 2022-06-02 | not yet calculated | CVE-2021-42202 MISC |
swftools — swftools | An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function handleEditText() located in swfdump.c. It allows an attacker to cause code Execution. | 2022-06-02 | not yet calculated | CVE-2021-42195 MISC |
swftools — swftools |
An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function main() located in swfdump.c. It allows an attacker to cause Denial of Service. | 2022-06-02 | not yet calculated | CVE-2021-42200 MISC |
swftools — swftools |
An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause code execution. | 2022-06-02 | not yet calculated | CVE-2021-42204 MISC |
swftools — swftools |
An issue was discovered in swftools through 20201222. A heap-use-after-free exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execution. | 2022-06-02 | not yet calculated | CVE-2021-42203 MISC |
swftools — swftools |
An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function traits_parse() located in abc.c. It allows an attacker to cause Denial of Service. | 2022-06-02 | not yet calculated | CVE-2021-42196 MISC |
swftools — swftools |
An issue was discovered in swftools through 20201222 through a memory leak in the swftools when swfdump is used. It allows an attacker to cause code execution. | 2022-06-02 | not yet calculated | CVE-2021-42197 MISC |
swftools — swftools |
An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause Denial of Service. | 2022-06-02 | not yet calculated | CVE-2021-42198 MISC |
swftools — swftools |
An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetD64() located in rfxswf.c. It allows an attacker to cause code execution. | 2022-06-02 | not yet calculated | CVE-2021-42201 MISC |
tenda_technology — hg6 |
Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. This vulnerability is exploited via a crafted POST request. | 2022-06-02 | not yet calculated | CVE-2022-30425 MISC MISC MISC |
tidb — tidb |
TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access. Only users using TiDB 5.3.0 are affected by this vulnerability. TiDB version 5.3.1 contains a patch for this issue. Other mitigation strategies include turning off Security Enhanced Mode (SEM), disabling local login for non-root accounts, and ensuring that the same IP cannot be logged in as root and normal user at the same time. | 2022-05-31 | not yet calculated | CVE-2022-31011 MISC CONFIRM |
tiktok — tiktok |
The TikTok application before 23.8.4 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click. | 2022-06-02 | not yet calculated | CVE-2022-28799 MISC MISC MISC |
totolink — ex1200t | TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack. | 2022-06-03 | not yet calculated | CVE-2021-42888 MISC |
totolink — ex1200t |
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack. | 2022-06-03 | not yet calculated | CVE-2021-42890 MISC |
totolink — ex1200t |
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization. | 2022-06-03 | not yet calculated | CVE-2021-42889 MISC |
totolink — ex1200t |
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin. | 2022-06-02 | not yet calculated | CVE-2021-42875 MISC MISC MISC |
totolink — ex1200t |
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg. | 2022-06-03 | not yet calculated | CVE-2021-42893 MISC |
totolink — ex1200t |
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware. | 2022-06-03 | not yet calculated | CVE-2021-42892 MISC |
totolink — ex1200t |
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization. | 2022-06-03 | not yet calculated | CVE-2021-42891 MISC |
totolink — ex1200t |
TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file. | 2022-06-03 | not yet calculated | CVE-2021-42886 MISC |
totolink — ex1200t |
TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system. | 2022-06-02 | not yet calculated | CVE-2021-42877 MISC MISC MISC |
totolink — ex1200t |
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack. | 2022-06-03 | not yet calculated | CVE-2021-42884 MISC |
totolink — ex1200t |
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack. | 2022-06-03 | not yet calculated | CVE-2021-42885 MISC |
totolink — ex1200t |
TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code. | 2022-06-02 | not yet calculated | CVE-2021-42872 MISC MISC MISC |
totolink — ex1200t |
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. | 2022-06-03 | not yet calculated | CVE-2021-42887 MISC |
trend_micro_inc — maximum_security_2022 |
Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product’s secure erase feature to delete arbitrary files. | 2022-05-27 | not yet calculated | CVE-2022-30687 N/A N/A |
trend_micro_inc — multiple_products |
An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2022-05-27 | not yet calculated | CVE-2022-30700 N/A N/A |
trend_micro_inc — multiple_products |
An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2022-05-27 | not yet calculated | CVE-2022-30701 N/A N/A |
trend_micro — eol_product_cve_installer_of_trend_micro_password_manager_(consumer) |
EOL Product CVE – Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Please note that this was reported on an EOL version of the product, and users are advised to upgrade to the latest supported version (5.x). | 2022-05-27 | not yet calculated | CVE-2022-28394 N/A N/A N/A |
turistforeningen — node-s3-uploader |
OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function. | 2022-06-02 | not yet calculated | CVE-2021-34084 MISC |
unicorn-engine — unicorn_engine |
Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine initialization. | 2022-06-02 | not yet calculated | CVE-2022-29695 MISC MISC |
unicorn-engine — unicorn_engine |
Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ram_free. | 2022-06-02 | not yet calculated | CVE-2022-29694 MISC MISC MISC MISC MISC |
unicorn-engine — unicorn_engine |
Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c. | 2022-06-02 | not yet calculated | CVE-2022-29693 MISC MISC |
unicorn-engine — unicorn_engine |
Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulnerability via the hook function. | 2022-06-02 | not yet calculated | CVE-2022-29692 MISC |
vapor — vapor | Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a workaround, disable FileMiddleware and serve via a Content Delivery Network. | 2022-05-31 | not yet calculated | CVE-2022-31005 CONFIRM MISC MISC |
vartalap — chat_server |
Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function `this.authProvider.verifyAccessKey` is an async function, as the code is not using `await` to wait for the verification result. Every time the function responds back with success, along with an unhandled exception if the token is invalid. A patch is available in version 2.6.0. | 2022-05-31 | not yet calculated | CVE-2022-31013 MISC CONFIRM MISC |
verizon — 4g_lte_network_extender_ga4.38 |
Verizon 4G LTE Network Extender GA4.38 – V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page. | 2022-06-02 | not yet calculated | CVE-2022-29729 MISC MISC |
vim — vim |
Use After Free in GitHub repository vim/vim prior to 8.2. | 2022-06-02 | not yet calculated | CVE-2022-1968 CONFIRM MISC |
vim — vim |
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | 2022-05-27 | not yet calculated | CVE-2022-1897 CONFIRM MISC FEDORA FEDORA |
vim — vim |
Buffer Over-read in GitHub repository vim/vim prior to 8.2. | 2022-05-29 | not yet calculated | CVE-2022-1927 CONFIRM MISC FEDORA FEDORA |
vim — vim |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | 2022-05-31 | not yet calculated | CVE-2022-1942 CONFIRM MISC |
webankpartners — wecube |
An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted ZIP file. | 2022-06-02 | not yet calculated | CVE-2022-28945 MISC MISC MISC MISC |
wordpress — amazon_link_wordpress_plugin |
The Amazon Link WordPress plugin through 3.2.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | 2022-05-30 | not yet calculated | CVE-2022-1645 MISC |
wordpress — bannerman_wordpress_plugin |
The BannerMan WordPress plugin through 0.2.4 does not sanitize or escape its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed (such as in multisite) | 2022-05-30 | not yet calculated | CVE-2022-1275 MISC |
wordpress — birthdays_widget_wordpress_plugin |
The Birthdays Widget WordPress plugin through 1.7.18 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed | 2022-05-30 | not yet calculated | CVE-2022-1643 MISC |
wordpress — bluk_page_creator_wordpress_plugin |
The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF. | 2022-05-30 | not yet calculated | CVE-2022-1611 MISC |
wordpress — call&book_mobile_bar_wordpress_plugin |
The Call&Book Mobile Bar WordPress plugin through 1.2.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | 2022-05-30 | not yet calculated | CVE-2022-1644 MISC |
wordpress — change_wp_admin_login_wordpress_plugin |
The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector | 2022-05-30 | not yet calculated | CVE-2022-1589 MISC |
wordpress — content_mask_wordpress_plugin |
The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options | 2022-05-30 | not yet calculated | CVE-2022-1203 MISC |
wordpress — easy_faq_with_expanding_text_wordpress_plugin |
The Easy FAQ with Expanding Text WordPress plugin through 3.2.8.3.1 does not sanitise and escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks when unfiltered_html is disallowed | 2022-05-30 | not yet calculated | CVE-2022-1395 MISC |
wordpress — enable_svg_wordpress_plugin |
The Enable SVG WordPress plugin before 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads | 2022-05-30 | not yet calculated | CVE-2022-1562 MISC |
wordpress — external_links_in_new_window/new_tab_wordpress_plugin |
The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible. | 2022-05-30 | not yet calculated | CVE-2022-1582 MISC |
wordpress — external_links_in_new_window/new_tab_wordpress_plugin |
The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to “null” when links to external sites are clicked, which may enable tabnabbing attacks to occur. | 2022-05-30 | not yet calculated | CVE-2022-1583 MISC |
wordpress — fatcat_apps_easy_pricing_tables_plugin |
Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at WordPress. | 2022-06-02 | not yet calculated | CVE-2021-36866 CONFIRM CONFIRM |
wordpress — form_maker_by_10web_wordpress_plugin |
The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 2022-05-30 | not yet calculated | CVE-2022-1564 MISC |
wordpress — hpb_dashboard_wordpress_plugin |
The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | 2022-05-30 | not yet calculated | CVE-2022-1542 MISC |
wordpress — imbd_info_box_wordpress_plugin |
The IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2022-05-30 | not yet calculated | CVE-2022-1294 MISC |
wordpress — jivochat_live_chat_wordpress_plugin |
The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript. | 2022-05-30 | not yet calculated | CVE-2022-0642 MISC |
wordpress — no_future_posts_wordpress_plugin |
The No Future Posts WordPress plugin through 1.4 does not escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed | 2022-05-30 | not yet calculated | CVE-2022-1387 MISC |
wordpress — poll_maker_wordpress_plugin |
The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed | 2022-05-30 | not yet calculated | CVE-2022-1456 MISC |
wordpress — quotes_llama_wordpress_plugin |
The Quotes llama WordPress plugin through 0.7 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file | 2022-05-30 | not yet calculated | CVE-2022-1566 MISC |
wordpress — simple_real_estate_pack_wordpress_plugin |
The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed | 2022-05-30 | not yet calculated | CVE-2022-1646 MISC |
wordpress — slideshow_wordpress_plugin |
The Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2022-05-30 | not yet calculated | CVE-2022-1299 MISC |
wordpress — smush_wordpress_plugin |
The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin to upload a malicious configuration file | 2022-05-30 | not yet calculated | CVE-2022-1009 MISC |
wordpress — social_share_buttons_supsystic_plugin |
Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress. | 2022-06-02 | not yet calculated | CVE-2021-36890 CONFIRM CONFIRM |
wordpress — stafflist_wordpress_plugin |
The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection | 2022-05-30 | not yet calculated | CVE-2022-1556 MISC MISC |
wordpress — team_members_wordpress_plugin |
The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 2022-05-30 | not yet calculated | CVE-2022-1568 MISC |
wordpress — user_meta_wordpress_plugin | The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 2022-05-30 | not yet calculated | CVE-2022-0376 MISC |
wordpress — vikbooking_hotel_booking_engine_&_pms_wordpress_plugin |
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.9 does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting | 2022-05-30 | not yet calculated | CVE-2022-1528 MISC |
wordpress — wp_2fa_wordpress_plugin |
The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | 2022-05-30 | not yet calculated | CVE-2022-1527 MISC |
xwiki_platform — filter_ui |
XWiki Platform Filter UI provides a generic user interface to convert from a XWiki Filter input stream to an output stream with settings for each stream. Starting with versions 6.0-milestone-2 and 5.4.4 and prior to versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3, XWiki Platform Filter UI contains a possible cross-site scripting vector in the `Filter.FilterStreamDescriptorForm` wiki page related to pretty much all the form fields printed in the home page of the application. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest workaround is to edit the wiki page `Filter.FilterStreamDescriptorForm` (with wiki editor) according to the instructions in the GitHub Security Advisory. | 2022-05-31 | not yet calculated | CVE-2022-29258 MISC CONFIRM MISC |
xxl-job — xxl-job |
XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo. | 2022-06-03 | not yet calculated | CVE-2022-29770 MISC |
zero_science_lab — usr_iot_4g_lte_industrial_cellular_vpn_router |
USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the device. | 2022-06-02 | not yet calculated | CVE-2022-29730 MISC MISC |
zzcms — zzcms |
An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma. | 2022-06-02 | not yet calculated | CVE-2019-12350 MISC |
zzcms — zzcms |
An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing comma. | 2022-06-02 | not yet calculated | CVE-2019-12351 MISC |
zzcms — zzcms |
An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dl_sendsms.php via the id parameter. | 2022-06-02 | not yet calculated | CVE-2019-12349 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.