Security Bulletin 9 Mar 2022

Published on 09 Mar 2022

Updated on 09 Nov 2022

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Critical vulnerabilities with a base score of 9.0 to 10.0
High vulnerabilities with a base score of 7.0 to 8.9
Medium vulnerabilities with a base score of 4.0 to 6.9
Low vulnerabilities with a base score of 0.1 to 3.9
None vulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2021-42952 Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets including cloud metadata services. 9.9 https://nvd.nist.gov/vuln/detail/CVE-2021-42952
CVE-2017-15708 In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-15708
CVE-2019-18283 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The AdminService is available without authentication on the Application Server. An attacker can gain remote code execution by sending specifically crafted objects to one of its functions. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-18283
CVE-2019-18284 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The AdminService is available without authentication on the Application Server. An attacker can use methods exposed via this interface to receive password hashes of other users and to change user passwords. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-18284
CVE-2019-18289 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18293, CVE-2019-18295, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-18289
CVE-2019-18293 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18295, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-18293
CVE-2019-18295 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-18295
CVE-2019-18296 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18295. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-18296
CVE-2019-18313 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could gain remote code execution by sending specifically crafted objects to one of the RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-18313
CVE-2019-18314 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted objects via RMI. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-18314
CVE-2019-18315 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted packets to 8888/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-18315
CVE-2019-18316 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted packets to 1099/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-18316
CVE-2019-18323 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-18323
CVE-2019-18324 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-18324
CVE-2019-18325 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-18325
CVE-2019-18326 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-18326
CVE-2019-18327 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-18327
CVE-2019-18328 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-18328
CVE-2019-18329 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-18329
CVE-2019-18330 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18329. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-18330
CVE-2021-3177 Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3177
CVE-2021-22931 Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22931
CVE-2021-37419 Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-37419
CVE-2021-40358 A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). Legitimate file operations on the web server of the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read, write or delete unexpected critical files. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40358
CVE-2021-37706 PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-37706
CVE-2022-23305 By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23305
CVE-2021-44738 Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44738
CVE-2022-23993 /usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST['pkg_filter'] in a PHP echo call. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23993
CVE-2022-23614 Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23614
CVE-2021-41816 CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41816
CVE-2021-46461 njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode.c. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46461
CVE-2021-46463 njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then(). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46463
CVE-2022-25139 njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25139
CVE-2021-33945 RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, SP 320SFN, SP 325SNw, SP 325SFNw, SP 330SN, Aficio SP 3500SF, SP 221S, SP 220SNw, SP 221SNw, SP 221SF, SP 220SFNw, SP 221SFNw v1.06 were discovered to contain a stack buffer overflow in the file /etc/wpa_supplicant.conf. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33945
CVE-2022-25235 xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25235
CVE-2022-25236 xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25236
CVE-2022-25315 In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25315
CVE-2021-20325 Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red Hat Enterprise Linux 8.5.0, causes a security regression compared to the versions shipped in Red Hat Enterprise Linux 8.4. A user who installs or updates to Red Hat Enterprise Linux 8.5.0 would be vulnerable to the mentioned CVEs, even if they were properly fixed in Red Hat Enterprise Linux 8.4. CVE-2021-20325 was assigned to that Red Hat specific security regression and it does not affect the upstream versions of httpd. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-20325
CVE-2021-3657 A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3657
CVE-2022-25337 Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25337
CVE-2022-24049 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 (S2 systems) and 11.2.13 build 57923290 (S1 systems). Authentication is not required to exploit this vulnerability. The specific flaw exists within the ALAC audio codec. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15798. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24049
CVE-2021-29655 Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus, untrusted code may execute. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29655
CVE-2021-29656 Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. The allow list is not properly checked. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29656
CVE-2021-24867 Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24867
CVE-2022-23608 PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23608
CVE-2022-21654 Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that default tls settings are used. Users are advised to upgrade. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21654
CVE-2022-24409 Only customers with active BSAFE maintenance contracts can receive details about this vulnerability. Public disclosure of the vulnerability details will be shared at a later date. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24409
CVE-2021-35689 A potential vulnerability in the Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. This high severity potential vulnerability allows attackers to perform remote code execution on Taleo Enterprise Edition system. Successful attacks of this vulnerability can result in unauthorized remote code execution within Taleo Enterprise Edition and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. All affected customers were notified of CVE-2021-35689 by Oracle. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-35689
CVE-2022-25329 Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. An unauthenticated remote attacker with access to the Information Server could exploit this to register to the server and perform authenticated actions. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25329
CVE-2022-25330 Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the process or achieve remote code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25330
CVE-2021-44550 An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44550
CVE-2021-44567 An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44567
CVE-2021-44610 Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2) lang_id, (3) tmpl_id, (4) mod_rewrite (5) eta_doctype. (6) meta_charset, (7) default_group, and (8) page group parameters in the settings mode in admin/index.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44610
CVE-2022-21142 Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to Ver.2.11.41 allows a remote unauthenticated attacker to bypass authentication under the specific condition. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21142
CVE-2022-25072 TP-Link Archer A54 Archer A54(US)_V1_210111 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25072
CVE-2022-25073 TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fillObjByStr(). This vulnerability allows unauthenticated attackers to execute arbitrary code. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25073
CVE-2022-25074 TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25074
CVE-2022-25075 TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25075
CVE-2022-25076 TOTOLink A800R V4.1.2cu.5137_B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25076
CVE-2022-25077 TOTOLink A3100R V4.1.2cu.5050_B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25077
CVE-2022-25078 TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25078
CVE-2022-25079 TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25079
CVE-2022-25080 TOTOLink A830R V5.9c.4729_B20191112 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25080
CVE-2022-25081 TOTOLink T10 V5.9c.5061_B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25081
CVE-2022-25082 TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25082
CVE-2022-25083 TOTOLink A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25083
CVE-2022-25084 TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25084
CVE-2022-25403 HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25403
CVE-2022-25404 Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete.php via the DELETE_STR parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25404
CVE-2022-25405 Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in change_box.php via the DELETE_STR parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25405
CVE-2022-25406 Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete_query.php via the DELETE_STR parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25406
CVE-2022-25414 Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25414
CVE-2022-25417 Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25417
CVE-2022-25418 Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25418
CVE-2022-25643 seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25643
CVE-2022-22794 Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /manage/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 and by doing that, the attacker can run Remote Code Execution in one liner. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22794
CVE-2020-10640 Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10640
CVE-2021-44663 A Remote Code Execution (RCE) vulnerability exists in the Xerte Project Xerte through 3.8.4 via a crafted php file through elfinder in connetor.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44663
CVE-2022-25003 Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/view_doctor.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25003
CVE-2022-25004 Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/manage_doctor.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25004
CVE-2021-45977 JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45977
CVE-2022-24331 In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24331
CVE-2022-24340 In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24340
CVE-2021-22426 There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22426
CVE-2021-22429 There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22429
CVE-2021-22430 There is a logic bypass vulnerability in smartphones. Successful exploitation of this vulnerability may cause code injection. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22430
CVE-2021-22431 There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22431
CVE-2021-22432 There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22432
CVE-2021-22433 There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22433
CVE-2021-22434 There is a memory address out of bounds vulnerability in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22434
CVE-2021-22480 The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to heap memory overflow. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22480
CVE-2021-26617 This issues due to insufficient verification of the various input values from user’s input. The vulnerability allows remote attackers to execute malicious code in Firstmall via navercheckout_add function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26617
CVE-2021-40046 PCManager versions 11.1.1.95 has a privilege escalation vulnerability. Successful exploit could allow the attacker to access certain resource beyond its privilege. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40046
CVE-2022-21798 The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21798
CVE-2022-24442 JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24442
CVE-2022-25064 TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25064
CVE-2022-25262 In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25262
CVE-2022-25263 JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25263
CVE-2022-21706 Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where an invitation created in one organization (potentially as a role with elevated permissions) can be used to join any other organization. This bypasses any restrictions on required domains on users' email addresses, may be used to gain access to organizations which are only accessible by invitation, and may be used to gain access with elevated privileges. This issue has been patched in release 4.10. There are no known workarounds for this issue. ### Patches _Has the problem been patched? What versions should users upgrade to?_ ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ ### References _Are there any links users can visit to find out more?_ ### For more information If you have any questions or comments about this advisory, you can discuss them on the [developer community Zulip server](https://zulip.com/developer-community/), or email the [Zulip security team](mailto:security@zulip.com). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21706
CVE-2022-25095 Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25095
CVE-2022-25096 Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25096
CVE-2021-21708 In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21708
CVE-2022-0412 The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint, allowing unauthenticated attackers to perform SQL injection attacks 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0412
CVE-2022-24571 Car Driving School Management System v1.0 is affected by SQL injection in the login page. An attacker can use simple SQL login injection payload to get admin access. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24571
CVE-2021-43086 ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the compression function of the astc-encoder project with -cl option was used, a stack-buffer-overflow occurred in function encode_ise() in function compress_symbolic_block_for_partition_2planes() in "/Source/astcenc_compress_symbolic.cpp". 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43086
CVE-2022-24711 CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24711
CVE-2022-25029 Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter under /admin/?page=members/view_member&id=2. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25029
CVE-2022-25411 A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25411
CVE-2021-25010 The Post Snippets WordPress plugin before 3.1.4 does not have CSRF check when importing files, allowing attacker to make a logged In admin import arbitrary snippets. Furthermore, imported snippers are not sanitised and escaped, which could lead to Stored Cross-Site Scripting issues 9.6 https://nvd.nist.gov/vuln/detail/CVE-2021-25010
CVE-2019-18321 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18322. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2019-18321
CVE-2019-18322 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18321. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2019-18322
CVE-2021-31346 A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007) 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-31346
CVE-2021-31889 A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015) 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-31889
CVE-2021-31890 A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017) 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-31890
CVE-2022-23959 In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-23959
CVE-2022-21723 PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-21723
CVE-2022-0717 Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0717
CVE-2021-4070 Off-by-one Error in GitHub repository v2fly/v2ray-core prior to 4.44.0. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-4070
CVE-2022-25098 ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25098
CVE-2022-25402 An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25402
CVE-2021-22394 There is a buffer overflow vulnerability in smartphones. Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-22394
CVE-2021-22448 There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause unauthorized read and write of some files. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-22448
CVE-2022-25260 JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25260
CVE-2022-25359 On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25359
CVE-2022-0768 Server-Side Request Forgery (SSRF) in GitHub repository rudloff/alltube prior to 3.0.2. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0768

OTHER VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2020-15824 In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-15824
CVE-2021-42072 An issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side implementation of Barrier) does not sufficiently verify the identify of connecting clients. Clients can thus exploit weaknesses in the provided protocol to cause denial-of-service or stage further attacks that could lead to information leaks or integrity corruption. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42072
CVE-2021-21900 A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21900
CVE-2022-23302 JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23302
CVE-2021-46398 A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads to RCE. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46398
CVE-2022-22005 Microsoft SharePoint Server Remote Code Execution Vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22005
CVE-2021-39297 Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39297
CVE-2021-39298 Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39298
CVE-2021-39299 Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39299
CVE-2021-39300 Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39300
CVE-2021-39301 Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39301
CVE-2022-24046 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 (S2 systems) and 11.2.13 build 57923290 (S1 systems). Authentication is not required to exploit this vulnerability. The specific flaw exists within the anacapd daemon. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15828. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24046
CVE-2022-23650 Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Prior to versions 0.8.5, 0.9.4, and 010.0, there is a hard-coded cryptographic key in the code base which can be exploited to run admin commands on a remote server if the exploiter know the address and username of the admin. This effects the server (netmaker) component, and not clients. This has been patched in Netmaker v0.8.5, v0.9.4, and v0.10.0. There are currently no known workarounds. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23650
CVE-2022-23642 Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the `gitserver` service. The service acts as a git exec proxy, and fails to properly restrict calling `git config`. This allows an attacker to set the git `core.sshCommand` option, which sets git to use the specified command instead of ssh when they need to connect to a remote system. Exploitation of this vulnerability depends on how Sourcegraph is deployed. An attacker able to make HTTP requests to internal services like gitserver is able to exploit it. This issue is patched in Sourcegraph version 3.37. As a workaround, ensure that requests to gitserver are properly protected. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23642
CVE-2022-0729 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0729
CVE-2022-20650 A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the NX-API of an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. Note: The NX-API feature is disabled by default. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20650
CVE-2021-44967 A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44967
CVE-2021-4029 A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4029
CVE-2021-4030 A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary commands if they coerce or trick a local user to visit a compromised website with malicious scripts. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4030
CVE-2022-23176 WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. This vulnerability impacts Fireware OS before 11.7.2_U1, 12.x before 12.1.3_U3, and 12.2.x through 12.5.x before 12.5.7_U3. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23176
CVE-2022-24407 In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24407
CVE-2022-25291 An integer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to trigger a heap-based buffer overflow and potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25291
CVE-2022-25292 A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25292
CVE-2022-25293 A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25293
CVE-2022-25360 WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25360
CVE-2022-24707 Anuko Time Tracker is an open source, web-based time tracking application written in PHP. UNION SQL injection and time-based blind injection vulnerabilities existed in Time Tracker Puncher plugin in versions of anuko timetracker prior to 1.20.0.5642. This was happening because the Puncher plugin was reusing code from other places and was relying on an unsanitized date parameter in POST requests. Because the parameter was not checked, it was possible to craft POST requests with malicious SQL for Time Tracker database. This issue has been resolved in in version 1.20.0.5642. Users unable to upgrade are advised to add their own checks to input. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24707
CVE-2021-44664 An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. Attackers can manipulate the files destination by abusing path traversal in the 'mediapath' variable. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44664
CVE-2022-24288 In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24288
CVE-2022-24947 Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24947
CVE-2022-24342 In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24342
CVE-2022-25094 Home Owners Collection Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the parameter "cover" in SystemSettings.php. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25094
CVE-2021-3967 Improper Access Control in GitHub repository zulip/zulip prior to 4.10. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3967
CVE-2021-24704 In the Orange Form WordPress plugin through 1.0, the process_bulk_action() function in "admin/orange-form-email.php" performs an unprepared SQL query with an unsanitized parameter ($id). Only admin can access the page that invokes the function, but because of lack of CSRF protection, it is actually exploitable and could allow attackers to make a logged in admin delete arbitrary posts for example 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24704
CVE-2021-24803 The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-set many settings in WordPress, including the admin email, as well as creating a new admin account. There is no CSRF protection in place, allowing an attacker to arbitrary change the admin email or create another admin account and takeover the website via CSRF attacks 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24803
CVE-2021-24864 The WP Cloudy, weather plugin WordPress plugin before 4.4.9 does not escape the post_id parameter before using it in a SQL statement in the admin dashboard, leading to a SQL Injection issue 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24864
CVE-2022-0411 The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated user), leading to a SQL injection 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0411
CVE-2022-24712 CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Forgery (CSRF) protection mechanism. Users should upgrade to version 4.1.9. There are workarounds for this vulnerability, but users will still need to code as these after upgrading to v4.1.9. Otherwise, the CSRF protection may be bypassed. If auto-routing is enabled, check the request method in the controller method before processing. If auto-routing is disabled, either avoid using `$routes->add()` and instead use HTTP verbs in routes; or check the request method in the controller method before processing. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24712
CVE-2022-23380 There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23380
CVE-2022-24610 Settings/network settings/wireless settings on the Alecto DVC-215IP camera version 63.1.1.173 and below shows the Wi-Fi passphrase hidden, but by editing/removing the style of the password field the password becomes visible which grants access to an internal network connected to the camera. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2022-24610
CVE-2021-42554 An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerability in FvbServicesRuntimeDxe allows a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-42554
CVE-2022-21824 Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-21824
CVE-2020-35728 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-35728
CVE-2020-36181 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-36181
CVE-2021-22901 curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-22901
CVE-2022-21703 Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-21703
CVE-2022-25838 Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25838
CVE-2022-24335 JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24335
CVE-2021-24823 The Support Board WordPress plugin before 3.3.6 does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attackers to make logged in users do unwanted actions. For example, make an admin delete arbitrary files 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-24823
CVE-2022-25412 Maxsite CMS v180 was discovered to contain multiple arbitrary file deletion vulnerabilities in /admin_page/all-files-update-ajax.php via the dir and deletefile parameters. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25412
CVE-2019-18297 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and low privileges could gain root privileges by sending specifically crafted packets to a named pipe. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-18297
CVE-2019-18308 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from CVE-2019-18309. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-18308
CVE-2019-18309 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from CVE-2019-18308. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-18309
CVE-2021-30919 An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted PDF may lead to arbitrary code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30919
CVE-2021-4034 A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4034
CVE-2022-23946 A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23946
CVE-2022-23947 A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23947
CVE-2021-44000 A vulnerability has been identified in JT2Go (All versions), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions), Teamcenter Visualization V13.2 (All versions), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44000
CVE-2021-44016 A vulnerability has been identified in JT2Go (All versions), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions), Teamcenter Visualization V13.2 (All versions), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15110) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44016
CVE-2021-44018 A vulnerability has been identified in JT2Go (All versions), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions), Teamcenter Visualization V13.2 (All versions), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44018
CVE-2022-21844 HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21926, CVE-2022-21927. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21844
CVE-2022-21927 HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21844, CVE-2022-21926. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21927
CVE-2022-0554 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0554
CVE-2021-43940 Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center on Windows. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43940
CVE-2022-23803 A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23803
CVE-2022-23804 A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadIJCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23804
CVE-2021-45082 An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45082
CVE-2022-25365 Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25365
CVE-2022-25366 Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements. An attacker can exploit this by creating a malicious .dylib file that can be executed via the DYLD_INSERT_LIBRARIES environment variable. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25366
CVE-2021-46162 A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15048) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46162
CVE-2021-46699 A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains a stack based buffer overflow vulnerability while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15061) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46699
CVE-2022-24671 A link following privilege escalation vulnerability in Trend Micro Antivirus for Max 11.0.2150 and below could allow a local attacker to modify a file during the update process and escalate their privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24671
CVE-2022-24679 A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24679
CVE-2022-24680 A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24680
CVE-2019-25058 An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-25058
CVE-2022-25099 A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25099
CVE-2022-25101 A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25101
CVE-2022-25636 net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25636
CVE-2020-14481 The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-14481
CVE-2021-26252 A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26252
CVE-2022-0545 An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0545
CVE-2022-0546 A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0546
CVE-2022-23104 WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and executables. A low-privilege attacker could write a malicious DLL file to the Operator Workspace directory to achieve privilege escalation and the permissions of the user running the program. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23104
CVE-2022-23922 WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23922
CVE-2022-24232 A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24232
CVE-2022-24345 In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24345
CVE-2022-24346 In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24346
CVE-2021-40043 The laser command injection vulnerability exists on AIS-BW80H-00 versions earlier than AIS-BW80H-00 9.0.3.4(H100SP13C00). The devices cannot effectively defend against external malicious interference. Attackers need the device to be visually exploitable and successful triggering of this vulnerability could execute voice commands on the device. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40043
CVE-2022-21209 The affected product is vulnerable to an out-of-bounds read while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21209
CVE-2022-23921 Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is only possible if the attacker has login access to a machine actively running CIMPLICITY, the CIMPLICITY server is not already running a project, and the server is licensed for multiple projects. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23921
CVE-2022-23985 The affected product is vulnerable to an out-of-bounds write while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23985
CVE-2022-25170 The affected product is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25170
CVE-2021-44132 A command injection vulnerability in the function formImportOMCIShell of C-DATA ONU4FERW V2.1.13_X139 allows attackers to execute arbitrary commands via a crafted file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44132
CVE-2022-24986 KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24986
CVE-2021-44334 David Brackeen ok-file-formats 97f78ca is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurs in function ok_jpg_convert_YCbCr_to_RGB() in "/ok_jpg.c:513" . 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44334
CVE-2021-44339 David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_transform_scanline() in "/ok_png.c:712". 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44339
CVE-2021-44340 David Brackeen ok-file-formats dev version is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_jpg_generate_huffman_table() in "/ok_jpg.c:403". 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44340
CVE-2021-44331 ARM astcenc 3.2.0 is vulnerable to Buffer Overflow in function encode_ise(). 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44331
CVE-2021-44342 David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow via function ok_png_transform_scanline() in "/ok_png.c:494". 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44342
CVE-2022-22262 ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file path, to delete arbitrary system files and disrupt system service. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2022-22262
CVE-2019-18290 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-18290
CVE-2019-18291 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-18291
CVE-2019-18292 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-18292
CVE-2019-18294 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-18294
CVE-2019-18298 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-18298
CVE-2019-18299 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-18299
CVE-2019-18300 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-18300
CVE-2019-18301 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-18301
CVE-2019-18302 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-18302
CVE-2019-18303 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-18303
CVE-2019-18304 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-18304
CVE-2019-18305 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-18305
CVE-2019-18306 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-18306
CVE-2019-18307 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, and CVE-2019-18306. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-18307
CVE-2019-18310 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This vulnerability is independent from CVE-2019-18311. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-18310
CVE-2019-18311 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This vulnerability is independent from CVE-2019-18310. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-18311
CVE-2019-18317 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18318 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-18317
CVE-2019-18318 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server can cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-18318
CVE-2019-18319 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18318. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-18319
CVE-2019-18320 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to upload arbitrary files without authentication. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-18320
CVE-2020-35488 The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service (daemon crash) via a crafted Syslog payload to the Syslog service. This attack requires a specific configuration. Also, the name of the directory created must use a Syslog field. (For example, on Linux it is not possible to create a .. directory. On Windows, it is not possible to create a CON directory.) 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-35488
CVE-2021-22926 libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like `/tmp`), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22926
CVE-2021-22940 Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22940
CVE-2021-37714 jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37714
CVE-2021-37420 Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37420
CVE-2021-35053 Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-35053
CVE-2021-29632 In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before r370674, 13.0-RELEASE before p6, and 12.2-RELEASE before p12, certain conditions involving use of the highlight buffer while text is scrolling on the console, console data may overwrite data structures associated with the system console or other kernel memory. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29632
CVE-2021-39293 In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39293
CVE-2021-46669 MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46669
CVE-2021-43859 XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43859
CVE-2022-23913 In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23913
CVE-2021-24839 The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CSRF checks in its wpsc_tickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action. Other actions may be affected as well. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24839
CVE-2021-37185 A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V4.0 SP1), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37185
CVE-2021-37204 A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V4.0 SP1), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packet over port 102/tcp. A restart of the affected device is needed to restore normal operations. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37204
CVE-2021-37205 A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V4.0 SP1), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37205
CVE-2021-46462 njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46462
CVE-2021-35380 A Directory Traversal vulnerability exists in Solari di Udine TermTalk Server (TTServer) 3.24.0.2, which lets an unauthenticated malicious user gain access to the files on the remote system by gaining access to the relative path of the file they want to download (http://url:port/file?valore). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-35380
CVE-2022-25314 In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25314
CVE-2022-23228 Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote attacker can use excessive resources, temporarily causing denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23228
CVE-2022-24980 An issue was discovered in the Kitodo.Presentation (aka dif) extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs to this component. This results in SSRF, allowing attackers to view the content of any file or webpage the webserver has access to. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24980
CVE-2016-20013 sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2016-20013
CVE-2021-43825 Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered data is over the limit by sending 413 or 500 responses. However when the buffer overflows while response is processed by the filter chain the operation may not be aborted correctly and result in accessing a freed memory block. If this happens Envoy will crash resulting in a denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43825
CVE-2021-43826 Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling <envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config>` and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43826
CVE-2022-21655 Envoy is an open source edge and service proxy, designed for cloud-native applications. The envoy common router will segfault if an internal redirect selects a route configured with direct response or redirect actions. This will result in a denial of service. As a workaround turn off internal redirects if direct response entries are configured on the same listener. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21655
CVE-2022-23612 OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions are subject to arbitrary file exfiltration due to failure to sanitize request when satisfying GET requests for `/images` & `/initfilter/scripts`. This can allow an attacker to access any file on a system running OpenMRS that is accessible to the user id OpenMRS is running under. Affected implementations should update to the latest patch version of OpenMRS Core for the minor version they use. These are: 2.1.5, 2.2.1, 2.3.5, 2.4.5 and 2.5.3. As a general rule, this vulnerability is already mitigated by Tomcat's URL normalization in Tomcat 7.0.28+. Users on older versions of Tomcat should consider upgrading their Tomcat instance as well as their OpenMRS instance. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23612
CVE-2022-0654 Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository fgribreau/node-request-retry prior to 7.0.0. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0654
CVE-2022-0736 Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0736
CVE-2022-20623 A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause BFD traffic to be dropped on an affected device. This vulnerability is due to a logic error in the BFD rate limiter functionality. An attacker could exploit this vulnerability by sending a crafted stream of traffic through the device. A successful exploit could allow the attacker to cause BFD traffic to be dropped, resulting in BFD session flaps. BFD session flaps can cause route instability and dropped traffic, resulting in a denial of service (DoS) condition. This vulnerability applies to both IPv4 and IPv6 traffic. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-20623
CVE-2022-20624 A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of incoming CFSoIP packets. An attacker could exploit this vulnerability by sending crafted CFSoIP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-20624
CVE-2022-22336 IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM X-Force ID: 219395. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22336
CVE-2022-24678 An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24678
CVE-2022-25331 Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25331
CVE-2020-27467 A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27467
CVE-2021-25636 LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag, which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25636
CVE-2021-45746 A Directory Traversal vulnerability exists in WeBankPartners wecube-platform 3.2.1 via the file variable in PluginPackageController.java. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45746
CVE-2022-23986 SQL injection vulnerability in the phpUploader v1.2 and earlier allows a remote unauthenticated attacker to obtain the information in the database via unspecified vectors. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23986
CVE-2022-25104 HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via the component /admin/file-manager/. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25104
CVE-2022-25401 The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25401
CVE-2022-25640 In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25640
CVE-2022-0732 The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0732
CVE-2022-22793 Cybonet - PineApp Mail Relay Local File Inclusion. Attacker can send a request to : /manage/mailpolicymtm/log/eml_viewer/email.content.body.php?filesystem_path=ENCDODED PATH and by doing that, the attacker can read Local Files inside the server. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22793
CVE-2020-10636 Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-10636
CVE-2021-3610 A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3610
CVE-2021-4021 A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0, 5.5.4 and 5.5.2. Mapping a huge section filled with zeros of an ELF64 binary for MIPS architecture can lead to uncontrolled resource consumption and DoS. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-4021
CVE-2022-0651 The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0651
CVE-2022-25148 The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25148
CVE-2022-25149 The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25149
CVE-2022-25374 HashiCorp Terraform Enterprise before 202202-1 inserts Sensitive Information into a Log File. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25374
CVE-2022-24327 In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24327
CVE-2022-24341 In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24341
CVE-2021-22319 There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause integer overflows. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22319
CVE-2021-22395 There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerability may affect service confidentiality. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22395
CVE-2021-22489 There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service availability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22489
CVE-2021-37027 There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service integrity. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37027
CVE-2022-0615 Use-after-free in eset_rtp kernel module used in ESET products for Linux allows potential attacker to trigger denial-of-service condition on the system. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0615
CVE-2022-25062 TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25062
CVE-2022-25264 In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25264
CVE-2022-23308 valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23308
CVE-2022-24685 HashiCorp Nomad and Nomad Enterprise 1.x before 1.0.17, 1.1.x before 1.1.12, and 1.2.x before 1.2.6 has Uncontrolled Resource Consumption. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24685
CVE-2020-22844 A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-22844
CVE-2020-22845 A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-22845
CVE-2022-23377 Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacker to retrieve local files. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23377
CVE-2021-40366 A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.42), Climatix POL909 (AWM module) (All versions < V11.34). The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-40366
CVE-2021-20322 A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-20322
CVE-2021-44531 Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-44531
CVE-2022-25328 The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or above 7.3 https://nvd.nist.gov/vuln/detail/CVE-2022-25328
CVE-2021-39115 Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-39115
CVE-2022-21705 Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass `cms.safe_mode` / `cms.enableSafeMode` in order to execute arbitrary code. This issue only affects admin panels that rely on safe mode and restricted permissions. To exploit this vulnerability, an attacker must first have access to the backend area. The issue has been patched in Build 474 (v1.0.474) and v1.1.10. Users unable to upgrade should apply https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe to your installation manually. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-21705
CVE-2022-23043 Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-23043
CVE-2021-29220 Multiple buffer overflow security vulnerabilities have been identified in HPE iLO Amplifier Pack version(s): Prior to 2.12. These vulnerabilities could be exploited by a highly privileged user to remotely execute code that could lead to a loss of confidentiality, integrity, and availability. HPE has provided a software update to resolve this vulnerability in HPE iLO Amplifier Pack. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-29220
CVE-2022-26149 MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-26149
CVE-2022-0383 The WP Review Slider WordPress plugin before 11.0 does not sanitise and escape the pid parameter when copying a Twitter source, which could allow a high privilege users to perform SQL Injections attacks 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-0383
CVE-2022-23911 The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-23911
CVE-2022-23906 CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-23906
CVE-2021-44238 AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php, 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-44238
CVE-2021-45083 An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler local installation. In the case of an easy-to-guess password, it's trivial to obtain the plaintext string. The settings.yaml file contains secrets such as the hashed default password. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-45083
CVE-2020-14478 A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the attacker to arbitrarily read any local file via system-level services. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-14478
CVE-2020-36516 An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-36516
CVE-2022-23181 The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-23181
CVE-2021-22437 There is a software integer overflow leading to a TOCTOU condition in smartphones. Successful exploitation of this vulnerability may cause random address access. 7 https://nvd.nist.gov/vuln/detail/CVE-2021-22437
CVE-2022-0764 Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-0764
CVE-2020-27737 A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). The DNS response parsing functionality does not properly validate various length and counts of the records. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the memory past the allocated structure. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27737
CVE-2021-36740 Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-36740
CVE-2021-3634 A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3634
CVE-2021-24993 The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them and add arbitrary products, or change the plugin's settings for example 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24993
CVE-2021-45346 A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicous user obtain sensitive information.. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45346
CVE-2021-3557 A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and with the created ServiceAccount argocd-argocd-server, the unprivileged user is able to read all resources of the cluster including all secrets which might enable privilege escalations. The highest threat from this vulnerability is to data confidentiality. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3557
CVE-2022-25313 In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25313
CVE-2021-3930 An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3930
CVE-2021-44568 Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44568
CVE-2021-44571 A heap overflow vulnerability exisfts in openSUSE libsolv through 13 Dec 2020 in the prefer_suggested function at src/policy.c: line 442. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44571
CVE-2021-44573 Two heap overflow vulnerabilities exist in oenSUSE libsolv through 13 Dec 2020 in the resolve_installed function at src/solver.c: line 1728 & 1766. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44573
CVE-2021-44574 A heap-overflow vulnerability exists in openSUSE libsolv through 13 Dec 2020 in the resolve_jobrules function at src/solver.c at line 1599. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44574
CVE-2021-44575 Two heap-overflow vulnerabilities exists in openSUSE libsolv through 13 Dec 2020 in the makeruledecisions function at src/solver.c: line 147 and 307. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44575
CVE-2021-44576 Two memory vulnerabilities exists in openSUSE libsolv through 13 Dec 2020 in the resolve_weak function at src/solver.c: line 2222 and 2249. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44576
CVE-2021-44577 Two heap-overflow vulnerabilities exist in openSUSE libsolv through 13 Dec 2020 bugs in the propagate function at src/solver.c: line 490 and 524. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44577
CVE-2022-21657 Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that contain the necessary extendedKeyUsage (id-kp-serverAuth and id-kp-clientAuth, respectively). This means that a peer may present an e-mail certificate (e.g. id-kp-emailProtection), either as a leaf certificate or as a CA in the chain, and it will be accepted for TLS. This is particularly bad when combined with the issue described in pull request #630, in that it allows a Web PKI CA that is intended only for use with S/MIME, and thus exempted from audit or supervision, to issue TLS certificates that will be accepted by Envoy. As a result Envoy will trust upstream certificates that should not be trusted. There are no known workarounds to this issue. Users are advised to upgrade. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21657
CVE-2022-23606 Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS) all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle connections that can lead to stack exhaustion and abnormal process termination when a cluster has a large number of idle connections. This infinite recursion causes Envoy to crash. Users are advised to upgrade. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23606
CVE-2022-0721 Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0721
CVE-2022-0724 Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0724
CVE-2022-0731 Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0731
CVE-2022-22333 IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned inside the Secure Zone could submit a specially crafted HTTP request to disrupt service. IBM X-Force ID: 219133. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22333
CVE-2022-23810 Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to obtain an arbitrary file on the server via unspecified vectors. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23810
CVE-2022-24599 In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24599
CVE-2022-25290 WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to retrieve certificate private keys. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25290
CVE-2022-25363 WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management user credentials. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25363
CVE-2022-25638 In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25638
CVE-2022-24687 HashiCorp Consul and Consul Enterprise 1.8.0 through 1.9.14, 1.10.7, and 1.11.2 has Uncontrolled Resource Consumption. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24687
CVE-2021-3596 A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3596
CVE-2022-23135 There is a directory traversal vulnerability in some home gateway products of ZTE. Due to the lack of verification of user modified destination path, an attacker with specific permissions could modify the FTP access path to access and modify the system path contents without authorization, which will cause information leak and affect device operation. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23135
CVE-2021-44665 A Directory Traversal vulnerability exists in the Xerte Project Xerte through 3.10.3 when downloading a project file via download.php. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44665
CVE-2022-24328 In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24328
CVE-2022-24333 In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24333
CVE-2022-24337 In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24337
CVE-2021-24820 The Cost Calculator WordPress plugin through 1.6 allows authenticated users (Contributor+ in versions < 1.5, and Admin+ in versions <= 1.6) to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24820
CVE-2021-25081 The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin's settings via a CSRF attack 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25081
CVE-2021-3700 A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination. 6.4 https://nvd.nist.gov/vuln/detail/CVE-2021-3700
CVE-2021-35043 OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript\: URL with &#00058 as the replacement for the : character. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-35043
CVE-2021-25063 The Skins for Contact Form 7 WordPress plugin before 2.5.1 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25063
CVE-2021-43062 A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the FortiGuard URI protection service. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-43062
CVE-2022-25256 SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfs_request_backlabel_list and saspfs_request_backurl_list. The first one affects the content of the button placed in the top left. The second affects the page to which the user is directed after pressing the button, e.g., a malicious web page. In addition, the second parameter executes JavaScript, which means XSS is possible by adding a javascript\: URL. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25256
CVE-2022-24564 Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24564
CVE-2021-26092 Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting (XSS) attack by sending a request to the error page with malicious GET parameters. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-26092
CVE-2022-23916 Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-24374. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-23916
CVE-2022-24374 Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-23916. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24374
CVE-2022-24435 Cross-site scripting vulnerability in phpUploader v1.2 and earlier allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24435
CVE-2020-14502 The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-14502
CVE-2021-44662 A Site Scripting (XSS) vulnerability exists in the Xerte Project Xerte through 3.8.4 via the link parameter in print.php. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-44662
CVE-2022-0653 The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0653
CVE-2022-0683 The Essential Addons for Elementor Lite WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the settings parameter found in the ~/includes/Traits/Helper.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 5.0.8. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0683
CVE-2022-0710 The Header Footer Code Manager plugin <= 1.1.16 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0710
CVE-2022-25305 The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the ~/includes/class-wp-statistics-ip.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions up to and including 13.1.5. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25305
CVE-2022-25306 The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions up to and including 13.1.5. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25306
CVE-2022-25307 The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions up to and including 13.1.5. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25307
CVE-2022-24709 @awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Users are advised to upgrade to version 3.0.367 or later. There are no known workarounds for this issue. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24709
CVE-2021-29216 A remote cross-site scripting vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-29216
CVE-2021-29217 A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-29217
CVE-2021-34361 A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-34361
CVE-2021-45229 It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-45229
CVE-2022-24948 A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.2 or later. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24948
CVE-2022-24330 In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24330
CVE-2022-24338 JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24338
CVE-2021-37504 A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-37504
CVE-2021-42244 A cross-site scripting (XSS) vulnerability in PaquitoSoftware Notimoo v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted title or message in a notification. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-42244
CVE-2021-23495 The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-23495
CVE-2022-25259 JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25259
CVE-2022-25261 JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25261
CVE-2020-36510 The 15Zine WordPress theme before 3.3.0 does not sanitise and escape the cbi parameter before outputing it back in the response via the cb_s_a AJAX action, leading to a Reflected Cross-Site Scripting 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-36510
CVE-2021-24977 The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the backend, it could also lead to Stored XSS issues 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-24977
CVE-2021-24994 The Migration, Backup, Staging WordPress plugin before 0.9.69 does not have authorisation when adding remote storages, and does not sanitise as well as escape a parameter from such unauthenticated requests before outputting it in admin page, leading to a Stored Cross-Site Scripting issue 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-24994
CVE-2021-25034 The WP User WordPress plugin before 7.0 does not sanitise and escape some parameters in pages where the [wp_user] shortcode is used, leading to Reflected Cross-Site Scripting issues 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25034
CVE-2021-25112 The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25112
CVE-2022-0150 The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0150
CVE-2022-0189 The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0189
CVE-2022-0385 The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and escape the username submitted via the login from when displaying them back in the log dashboard, leading to an unauthenticated Stored Cross-Site scripting 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0385
CVE-2022-23912 The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-23912
CVE-2022-23988 The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a privileged user will view the related submission 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-23988
CVE-2022-24572 Car Driving School Management System v1.0 is affected by Cross Site Scripting (XSS) in the User Enrollment Form (Username Field). To exploit this Vulnerability, an admin views the registered user details. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24572
CVE-2022-25642 Obyte (formerly Byteball) Wallet before 3.4.1 allows XSS. A crafted chat message can lead to remote code execution. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25642
CVE-2022-26155 An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26155
CVE-2022-26156 An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places user-supplied input into the action URL of an HTML form. An attacker can use this vulnerability to construct a URL that, if visited by another application user, will modify the action URL of a form to point to the attacker's server. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26156
CVE-2022-26158 An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26158
CVE-2022-23907 CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-23907
CVE-2022-25028 Home Owners Collection Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the collected_by parameter under the List of Collections module. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25028
CVE-2022-25114 Event Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the full_name parameter under register.php. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25114
CVE-2021-3607 An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability. 6 https://nvd.nist.gov/vuln/detail/CVE-2021-3607
CVE-2021-3608 A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability. 6 https://nvd.nist.gov/vuln/detail/CVE-2021-3608
CVE-2019-18285 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The RMI communication between the client and the Application Server is unencrypted. An attacker with access to the communication channel can read credentials of a valid user. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2019-18285
CVE-2021-23336 The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-23336
CVE-2021-31874 Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-31874
CVE-2021-22947 When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-22947
CVE-2021-45081 An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-45081
CVE-2022-21656 Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Name or uniformResourceIndicator to be authenticated as a domain name. This confusion allows for the bypassing of nameConstraints, as processed by the underlying OpenSSL/BoringSSL implementation, exposing the possibility of impersonation of arbitrary servers. As a result Envoy will trust upstream certificates that should not be trusted. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21656
CVE-2021-25011 The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin's settings. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2021-25011
CVE-2022-22844 LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22844
CVE-2021-46661 MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46661
CVE-2021-46662 MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46662
CVE-2021-46663 MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46663
CVE-2021-46664 MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46664
CVE-2021-46665 MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46665
CVE-2021-46666 MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46666
CVE-2021-46668 MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46668
CVE-2022-22716 Microsoft Excel Information Disclosure Vulnerability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22716
CVE-2022-0561 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0561
CVE-2022-0562 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0562
CVE-2022-0617 A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0617
CVE-2021-20320 A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20320
CVE-2021-3947 A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3947
CVE-2022-23645 swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23645
CVE-2021-27755 "Sametime Android potential path traversal vulnerability when using File class" 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27755
CVE-2021-44570 Two heap-overflow vulnerabilities exists in openSUSE/libsolv through 13 Dec 2020 in the bugs in the solver_get_recommendations funtion function at src/solver.c: line 4286 & line 4305 FOR_PROVIDES. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44570
CVE-2022-0563 A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0563
CVE-2021-4115 There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-4115
CVE-2022-0476 Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0476
CVE-2022-0695 Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0695
CVE-2022-24613 metadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. This could be used to mount a denial of service attack against services that use metadata-extractor library. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24613
CVE-2022-24614 When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor library. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24614
CVE-2022-24615 zip4j up to 2.9.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. This could be used to mount a denial of service attack against services that use zip4j library. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24615
CVE-2021-38994 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213072. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-38994
CVE-2021-38995 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213073. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-38995
CVE-2020-14480 Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-14480
CVE-2022-0544 An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0544
CVE-2021-43745 A Denial of Service vulnerabilty exists in Trilium Notes 0.48.6 in the setupPage function 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43745
CVE-2022-0247 An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. A local attacker could modify objects in the VMO that they do not have permission to. We recommend upgrading past commit d97c05d2301799ed585620a9c5c739d36e7b5d3d or any of the listed versions. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0247
CVE-2022-25326 fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25326
CVE-2022-25327 The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to version 0.3.3 or above 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25327
CVE-2021-38993 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the smbcd daemon to cause a denial of service. IBM X-Force ID: 212962. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-38993
CVE-2021-22441 Some Huawei products have an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to kernel crash. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22441
CVE-2021-22478 The interface of a certain HarmonyOS module has a UAF vulnerability. Successful exploitation of this vulnerability may lead to information leakage. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22478
CVE-2021-22479 The interface of a certain HarmonyOS module has an invalid address access vulnerability. Successful exploitation of this vulnerability may lead to kernel crash. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22479
CVE-2021-37103 There is an improper permission management vulnerability in the Wallet apps. Successful exploitation of this vulnerability may affect service confidentiality. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37103
CVE-2022-22908 SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, when they are able to read process memory, to discover the contents of the Username and Password fields. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22908
CVE-2021-44961 A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. Specially crafted stl files can exhaust available memory. An attacker can provide malicious files to trigger this vulnerability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44961
CVE-2021-44962 An out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially crafted stl file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44962
CVE-2022-22293 admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-22293
CVE-2022-0394 Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0394
CVE-2022-21702 Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-21702
CVE-2022-0719 Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0719
CVE-2022-0727 Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0727
CVE-2021-44565 A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-44565
CVE-2021-44566 A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-44566
CVE-2021-44607 A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-44607
CVE-2021-44608 Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) file parameter and (2) type parameter in an edit action in index.php. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-44608
CVE-2022-24565 Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24565
CVE-2022-24566 In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS). 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24566
CVE-2022-24582 Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijacking. The parameter manage_user from User lists is vulnerable to XSS-Stored and PHPSESSID attacks. The malicious user can attack the system by using the already session which he has from inside and outside of the network. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24582
CVE-2022-24620 Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. In this way, admin can steal webmaster's cookies to get the webmaster's access. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24620
CVE-2022-24708 Anuko Time Tracker is an open source, web-based time tracking application written in PHP. ttUser.class.php in Time Tracker versions prior to 1.20.0.5646 was not escaping primary group name for display. Because of that, it was possible for a logged in user to modify primary group name with elements of JavaScript. Such script could then be executed in user browser on subsequent requests on pages where primary group name was displayed. This is vulnerability has been fixed in version 1.20.0.5646. Users who are unable to upgrade may modify ttUser.class.php to use an additional call to htmlspecialchars when printing group name. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24708
CVE-2021-39038 IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 213968. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-39038
CVE-2021-34359 A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-34359
CVE-2022-24612 An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24612
CVE-2022-24339 JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24339
CVE-2022-24344 JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24344
CVE-2022-24347 JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24347
CVE-2022-24710 Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutralization it is possible to perform cross-site scripting via these fields. The issues were fixed in the 4.11 release. Users unable to upgrade are advised to add their own neutralize logic. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24710
CVE-2022-0723 Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0723
CVE-2022-26146 Tricentis qTest before 10.4 allows stored XSS by an authenticated attacker. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-26146
CVE-2021-24933 The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the term_tree AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting issue 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24933
CVE-2021-24971 The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have capability and CSRF checks in the wpr_live_update AJAX action, as well as do not sanitise and escape some of the data submitted. As a result, any authenticated, such as subscriber could update the plugin's settings and perform Cross-Site Scripting attacks against all visitor and users on the frontend 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24971
CVE-2021-25042 The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.5 does not have authorisation and CSRF checks in the updateIpAddress AJAX action, allowing any authenticated user to call it, or make a logged in user do it via a CSRF attack and add an arbitrary IP address to exclude. Furthermore, due to the lack of validation, sanitisation and escaping, users could set a malicious value and perform Cross-Site Scripting attacks against logged in admin 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-25042
CVE-2022-25407 Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-25407
CVE-2022-25408 Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-25408
CVE-2022-25409 Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-25409
CVE-2022-25410 Maxsite CMS v180 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_file_description at /admin/files. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-25410
CVE-2022-25413 Maxsite CMS v108 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_tags at /admin/page_edit/3. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-25413
CVE-2022-26332 Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-26332
CVE-2019-18286 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18287. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2019-18286
CVE-2019-18287 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18286. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2019-18287
CVE-2019-18312 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to enumerate running RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2019-18312
CVE-2019-18331 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access to path and filenames on the server by sending specifically crafted packets to 1099/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2019-18331
CVE-2019-18332 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access to directory listings of the server by sending specifically crafted packets to 80/tcp, 8095/tcp or 8080/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2019-18332
CVE-2019-18333 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access to filenames on the server by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2019-18333
CVE-2019-18334 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to enumerate valid user names by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2019-18334
CVE-2019-18335 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to gain access to logs and configuration files by sending specifically crafted packets to 80/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2019-18335
CVE-2021-25677 A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions >= V0.5.0.0 < V1.0.0.0). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-25677
CVE-2021-22897 curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-22897
CVE-2021-22925 curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-22925
CVE-2021-22939 If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-22939
CVE-2021-31344 A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004) 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-31344
CVE-2022-25336 Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-25336
CVE-2022-24979 An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site Includes (ESI) content element renderer component does not include an access check. This allows an unauthenticated user to render various content elements, resulting in insecure direct object reference (IDOR), with the potential of exposing internal content elements. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24979
CVE-2022-0564 A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-0564
CVE-2022-23655 Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to build 474 or v1.1.10. The only known workaround is to manually apply the patch (e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a) which adds server signature validation. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-23655
CVE-2022-24633 All versions of FileCloud prior to 21.3 are vulnerable to user enumeration. The vulnerability exists in the parameter "path" passing "/SHARED/<username>". A malicious actor could identify the existence of users by requesting share information on specified share paths. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24633
CVE-2022-25355 EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-25355
CVE-2020-10632 Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-10632
CVE-2020-14504 The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-14504
CVE-2021-44532 Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-44532
CVE-2021-44533 Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-44533
CVE-2022-23701 A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 (iLO 4) firmware version(s): Prior to 2.60. This vulnerability could be remotely exploited to allow an attacker to supply invalid input to the iLO 4 webserver, causing it to respond with a redirect to an attacker-controlled domain. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 4 (iLO 4). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-23701
CVE-2022-24594 In waline 1.6.1, an attacker can submit messages using X-Forwarded-For to forge any IP address. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24594
CVE-2022-24329 In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24329
CVE-2022-24332 In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24332
CVE-2022-24334 In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24334
CVE-2022-24336 In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24336
CVE-2022-26159 The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages), which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-26159
CVE-2021-25118 The Yoast SEO WordPress plugin before 17.3 discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-25118
CVE-2022-26157 An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.NET_Sessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-26157
CVE-2021-24689 The Contact Forms - Drag & Drop Contact Form Builder WordPress plugin through 1.0.5 allows high privilege users to download arbitrary files from the web server via a path traversal attack 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-24689
CVE-2021-43943 Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa. The affected versions are before version 4.21.0. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43943
CVE-2021-43724 A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43724
CVE-2022-0763 Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0763
CVE-2022-0772 Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.2.2. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0772
CVE-2021-43945 Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are before version 8.20.3. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43945
CVE-2021-24898 The EditableTable WordPress plugin through 0.1.4 does not sanitise and escape any of the Table and Column fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24898
CVE-2021-24901 The Security Audit WordPress plugin through 1.0.0 does not sanitise and escape the Data Id setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24901
CVE-2021-24903 The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise and escape some of its gallery settings, which could allow high privilege users to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24903
CVE-2021-24920 The StatCounter WordPress plugin before 2.0.7 does not sanitise and escape the Project ID and Secure Code settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24920
CVE-2021-4222 The WP-Paginate WordPress plugin before 2.1.4 does not sanitise and escape its preset settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4222
CVE-2022-0360 The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting issues 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0360
CVE-2022-23987 The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape their Form Name, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23987
CVE-2021-20321 A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2021-20321
CVE-2022-23651 b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use (TOCTOU) race condition. SDK users of the SqliteAccountInfo format are vulnerable while users of the InMemoryAccountInfo format are safe. The SqliteAccountInfo saves API keys (and bucket name-to-id mapping) in a local database file ($XDG_CONFIG_HOME/b2/account_info, ~/.b2_account_info or a user-defined path). When first created, the file is world readable and is (typically a few milliseconds) later altered to be private to the user. If the directory containing the file is readable by a local attacker then during the brief period between file creation and permission modification, a local attacker can race to open the file and maintain a handle to it. This allows the local attacker to read the contents after the file after the sensitive information has been saved to it. Consumers of this SDK who rely on it to save data using SqliteAccountInfo class should upgrade to the latest version of the SDK. Those who believe a local user might have opened a handle using this race condition, should remove the affected database files and regenerate all application keys. Users should upgrade to b2-sdk-python 1.14.1 or later. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2022-23651
CVE-2022-23653 B2 Command Line Tool is the official command line tool for the backblaze cloud storage service. Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use (TOCTOU) race condition. The command line tool saves API keys (and bucket name-to-id mapping) in a local database file (`$XDG_CONFIG_HOME/b2/account_info`, `~/.b2_account_info` or a user-defined path) when `b2 authorize-account` is first run. This happens regardless of whether a valid key is provided or not. When first created, the file is world readable and is (typically a few milliseconds) later altered to be private to the user. If the directory is readable by a local attacker and the user did not yet run `b2 authorize-account` then during the brief period between file creation and permission modification, a local attacker can race to open the file and maintain a handle to it. This allows the local attacker to read the contents after the file after the sensitive information has been saved to it. Users that have not yet run `b2 authorize-account` should upgrade to B2 Command-Line Tool v3.2.1 before running it. Users that have run `b2 authorize-account` are safe if at the time of the file creation no other local users had read access to the local configuration file. Users that have run `b2 authorize-account` where the designated path could be opened by another local user should upgrade to B2 Command-Line Tool v3.2.1 and remove the database and regenerate all application keys. Note that `b2 clear-account` does not remove the database file and it should not be used to ensure that all open handles to the file are invalidated. If B2 Command-Line Tool cannot be upgraded to v3.2.1 due to a dependency conflict, a binary release can be used instead. Alternatively a new version could be installed within a virtualenv, or the permissions can be changed to prevent local users from opening the database file. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2022-23653
CVE-2022-0328 The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack 4.7 https://nvd.nist.gov/vuln/detail/CVE-2022-0328
CVE-2021-43949 Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature. The affected versions are before version 4.21.0. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-43949
CVE-2021-43951 Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature. The affected versions are before version 4.21.0. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-43951
CVE-2022-21673 Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21673
CVE-2022-21713 Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21713
CVE-2021-43950 Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import source configuration information via a Broken Access Control vulnerability in the Insight Import Source feature. The affected versions are before version 4.21.0. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-43950
CVE-2021-43948 Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an Improper Authorization vulnerability in the "Move objects" feature. The affected versions are before version 4.21.0. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-43948
CVE-2022-20625 A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of Cisco Discovery Protocol messages that are processed by the Cisco Discovery Protocol service. An attacker could exploit this vulnerability by sending a series of malicious Cisco Discovery Protocol messages to an affected device. A successful exploit could allow the attacker to cause the Cisco Discovery Protocol service to fail and restart. In rare conditions, repeated failures of the process could occur, which could cause the entire device to restart. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-20625
CVE-2022-21179 Cross-site request forgery (CSRF) vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 (for EC-CUBE 4 series) and ver1.0.0 to 1.0.4 (for EC-CUBE 3 series) allows a remote unauthenticated attacker to hijack the authentication of an administrator via a specially crafted page, and Mail Magazine Templates and/or transmitted history information may be deleted unintendedly. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21179
CVE-2022-22349 IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-22349
CVE-2020-10635 Simulation models for KUKA.Sim Pro version 3.1 are hosted by a server maintained by KUKA. When these devices request a model, the server transmits the model in plaintext. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-10635
CVE-2022-0746 Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-0746
CVE-2022-24343 In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24343
CVE-2022-0762 Business Logic Errors in GitHub repository microweber/microweber prior to 1.3. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-0762
CVE-2021-24688 The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the or_delete_filed one which is available to both unauthenticated and authenticated users could allow attackers to delete arbitrary posts.The AJAX calls performing actions on posts also do not ensure that the post belong to them (or that they are allowed to perform such action on it) 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-24688
CVE-2021-24730 The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswss_save_attachment_data AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-24730
CVE-2021-24913 The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does not have CSRF check in the lswss_save_attachment_data AJAX action, allowing attackers to make a logged in high privilege user, change title, description, alt text, and URL of arbitrary uploaded media. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-24913
CVE-2022-0345 The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes (finding the first letter, then the second one, then the third one etc.). 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-0345
CVE-2022-0377 Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this vulnerability in order to rename an arbitrary image file. By doing this, they could destroy the design of the web site. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-0377
CVE-2022-24446 An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24446
CVE-2020-9488 Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. 3.7 https://nvd.nist.gov/vuln/detail/CVE-2020-9488
CVE-2021-22924 libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate. 3.7 https://nvd.nist.gov/vuln/detail/CVE-2021-22924
CVE-2021-27040 A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-27040
CVE-2021-39865 Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39865
CVE-2022-23649 Cosign provides container signing, verification, and storage in an OCI registry for the sigstore project. Prior to version 1.5.2, Cosign can be manipulated to claim that an entry for a signature exists in the Rekor transparency log even if it doesn't. This requires the attacker to have pull and push permissions for the signature in OCI. This can happen with both standard signing with a keypair and "keyless signing" with Fulcio. If an attacker has access to the signature in OCI, they can manipulate cosign into believing the entry was stored in Rekor even though it wasn't. The vulnerability has been patched in v1.5.2 of Cosign. The `signature` in the `signedEntryTimestamp` provided by Rekor is now compared to the `signature` that is being verified. If these don't match, then an error is returned. If a valid bundle is copied to a different signature, verification should fail. Cosign output now only informs the user that certificates were verified if a certificate was in fact verified. There is currently no known workaround. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-23649
CVE-2021-22898 curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. 3.1 https://nvd.nist.gov/vuln/detail/CVE-2021-22898
CVE-2021-44747 A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. https://nvd.nist.gov/vuln/detail/CVE-2021-44747
CVE-2021-46387 ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking. https://nvd.nist.gov/vuln/detail/CVE-2021-46387
CVE-2020-15936 A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets. https://nvd.nist.gov/vuln/detail/CVE-2020-15936
CVE-2021-32586 An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests. https://nvd.nist.gov/vuln/detail/CVE-2021-32586
CVE-2021-41193 wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 7.1.12. There are currently no known workarounds. https://nvd.nist.gov/vuln/detail/CVE-2021-41193
CVE-2021-43075 A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the alarm dashboard and controller config handlers. https://nvd.nist.gov/vuln/detail/CVE-2021-43075
CVE-2021-43077 A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP monitor handlers. https://nvd.nist.gov/vuln/detail/CVE-2021-43077
CVE-2022-22300 A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user. https://nvd.nist.gov/vuln/detail/CVE-2022-22300
CVE-2022-24717 ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.5, a cross site scripting (XSS) issue can occur when providing untrusted input to the `redirect.link` property as an argument to the `build(MessagePageOptions)` function. While there is no known workaround at this time, there is a patch in version 0.1.5. https://nvd.nist.gov/vuln/detail/CVE-2022-24717
CVE-2022-24718 ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the `svg` property as an argument to the `build(MessagePageOptions)` function. While there is no known workaround at this time, there is a patch in version 0.1.4. https://nvd.nist.gov/vuln/detail/CVE-2022-24718
CVE-2022-24719 Fluture-Node is a FP-style HTTP and streaming utils for Node based on Fluture. Using `followRedirects` or `followRedirectsWith` with any of the redirection strategies built into fluture-node 4.0.0 or 4.0.1, paired with a request that includes confidential headers such as Authorization or Cookie, exposes you to a vulnerability where, if the destination server were to redirect the request to a server on a third-party domain, or the same domain over unencrypted HTTP, the headers would be included in the follow-up request and be exposed to the third party, or potential http traffic sniffing. The redirection strategies made available in version 4.0.2 automatically redact confidential headers when a redirect is followed across to another origin. A workaround has been identified by using a custom redirection strategy via the `followRedirectsWith` function. The custom strategy can be based on the new strategies available in fluture-node@4.0.2. https://nvd.nist.gov/vuln/detail/CVE-2022-24719
CVE-2021-41282 diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (i.e., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location. https://nvd.nist.gov/vuln/detail/CVE-2021-41282
CVE-2021-41652 Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database. https://nvd.nist.gov/vuln/detail/CVE-2021-41652
CVE-2022-24251 Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function. https://nvd.nist.gov/vuln/detail/CVE-2022-24251
CVE-2022-24252 An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file. https://nvd.nist.gov/vuln/detail/CVE-2022-24252
CVE-2022-24253 Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet. https://nvd.nist.gov/vuln/detail/CVE-2022-24253
CVE-2022-24254 An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file. https://nvd.nist.gov/vuln/detail/CVE-2022-24254
CVE-2022-24255 Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges. https://nvd.nist.gov/vuln/detail/CVE-2022-24255
CVE-2022-24720 image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply` method from image_processing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is called internally by Active Storage variants, so Active Storage is vulnerable as well. The vulnerability has been fixed in version 1.12.2 of image_processing. As a workaround, users who process based on user input should always sanitize the user input by allowing only a constrained set of operations. https://nvd.nist.gov/vuln/detail/CVE-2022-24720
CVE-2022-25010 The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entire file system. https://nvd.nist.gov/vuln/detail/CVE-2022-25010
CVE-2022-25012 Argus Surveillance DVR v4.0 employs weak password encryption. https://nvd.nist.gov/vuln/detail/CVE-2022-25012
CVE-2021-45860 An integer overflow in DTSStreamReader::findFrame() of tsMuxer git-2678966 allows attackers to cause a Denial of Service (DoS) via a crafted file. https://nvd.nist.gov/vuln/detail/CVE-2021-45860
CVE-2021-45861 There is an Assertion `num <= INT_BIT' failed at BitStreamReader::skipBits in /bitStream.h:132 of tsMuxer git-c6a0277. https://nvd.nist.gov/vuln/detail/CVE-2021-45861
CVE-2021-45863 tsMuxer git-2678966 was discovered to contain a heap-based buffer overflow via the function HevcUnit::updateBits in hevc.cpp. https://nvd.nist.gov/vuln/detail/CVE-2021-45863
CVE-2021-45864 tsMuxer git-c6a0277 was discovered to contain a segmentation fault via DTSStreamReader::findFrame in dtsStreamReader.cpp. https://nvd.nist.gov/vuln/detail/CVE-2021-45864
CVE-2022-25050 rtl_433 21.12 was discovered to contain a stack overflow in the function somfy_iohc_decode(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. https://nvd.nist.gov/vuln/detail/CVE-2022-25050
CVE-2022-25051 An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when decoding a crafted file. https://nvd.nist.gov/vuln/detail/CVE-2022-25051
CVE-2022-0577 Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1. https://nvd.nist.gov/vuln/detail/CVE-2022-0577
CVE-2021-44166 An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the legitimate user. https://nvd.nist.gov/vuln/detail/CVE-2021-44166
CVE-2022-22301 An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments. https://nvd.nist.gov/vuln/detail/CVE-2022-22301
CVE-2022-22303 An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file. https://nvd.nist.gov/vuln/detail/CVE-2022-22303
CVE-2022-0824 Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. https://nvd.nist.gov/vuln/detail/CVE-2022-0824
CVE-2022-0829 Improper Authorization in GitHub repository webmin/webmin prior to 1.990. https://nvd.nist.gov/vuln/detail/CVE-2022-0829
CVE-2022-23395 jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting (XSS). https://nvd.nist.gov/vuln/detail/CVE-2022-23395
CVE-2022-23779 Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses. https://nvd.nist.gov/vuln/detail/CVE-2022-23779
CVE-2022-24305 Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation. https://nvd.nist.gov/vuln/detail/CVE-2022-24305
CVE-2022-24306 Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled. https://nvd.nist.gov/vuln/detail/CVE-2022-24306
CVE-2022-24447 An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export. https://nvd.nist.gov/vuln/detail/CVE-2022-24447
CVE-2022-25634 Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. https://nvd.nist.gov/vuln/detail/CVE-2022-25634
CVE-2022-0819 Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. https://nvd.nist.gov/vuln/detail/CVE-2022-0819
CVE-2021-38996 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213076. https://nvd.nist.gov/vuln/detail/CVE-2021-38996
CVE-2021-43070 Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. https://nvd.nist.gov/vuln/detail/CVE-2021-43070
CVE-2022-22350 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 220394. https://nvd.nist.gov/vuln/detail/CVE-2022-22350
CVE-2022-25016 Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. https://nvd.nist.gov/vuln/detail/CVE-2022-25016
CVE-2021-38268 The Dynamic Data Mapping module in Liferay Portal through v7.3.6 and Liferay DXP through v7.3 incorrectly sets default permissions for site members, allowing authenticated attackers to add and duplicate forms via the UI or the API. https://nvd.nist.gov/vuln/detail/CVE-2021-38268
CVE-2022-23878 seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php. https://nvd.nist.gov/vuln/detail/CVE-2022-23878
CVE-2022-23640 Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no known workaround. https://nvd.nist.gov/vuln/detail/CVE-2022-23640
CVE-2022-0675 In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state. https://nvd.nist.gov/vuln/detail/CVE-2022-0675
CVE-2022-22944 VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrary script within a user's window. https://nvd.nist.gov/vuln/detail/CVE-2022-22944
CVE-2022-23656 Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a topic with several participants; a victim who then opens an overflow tooltip including this full name on the recent topics page could trigger execution of JavaScript code controlled by the attacker. Users running a Zulip server from the main branch should upgrade from main (2022-03-01 or later) again to deploy this fix. https://nvd.nist.gov/vuln/detail/CVE-2022-23656
CVE-2022-23953 Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. https://nvd.nist.gov/vuln/detail/CVE-2022-23953
CVE-2022-23956 Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. https://nvd.nist.gov/vuln/detail/CVE-2022-23956
CVE-2022-25045 Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. https://nvd.nist.gov/vuln/detail/CVE-2022-25045
CVE-2021-41000 Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities. https://nvd.nist.gov/vuln/detail/CVE-2021-41000
CVE-2021-41001 An authenticated remote code execution vulnerability was discovered in the AOS-CX Network Analytics Engine (NAE) in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2021-41001
CVE-2021-41002 Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities. https://nvd.nist.gov/vuln/detail/CVE-2021-41002
CVE-2021-41003 Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities. https://nvd.nist.gov/vuln/detail/CVE-2021-41003
CVE-2021-45074 JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session. https://nvd.nist.gov/vuln/detail/CVE-2021-45074
CVE-2021-46270 JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation. https://nvd.nist.gov/vuln/detail/CVE-2021-46270
CVE-2022-0711 A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability. https://nvd.nist.gov/vuln/detail/CVE-2022-0711
CVE-2022-23954 Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. https://nvd.nist.gov/vuln/detail/CVE-2022-23954
CVE-2022-23955 Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. https://nvd.nist.gov/vuln/detail/CVE-2022-23955
CVE-2022-23957 Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. https://nvd.nist.gov/vuln/detail/CVE-2022-23957
CVE-2022-23958 Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. https://nvd.nist.gov/vuln/detail/CVE-2022-23958
CVE-2021-23180 A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in file_extension(),in file.c may lead to execute arbitrary code and denial of service. https://nvd.nist.gov/vuln/detail/CVE-2021-23180
CVE-2021-23191 A security issue was found in htmldoc v1.9.12 and before. A NULL pointer dereference in the function image_load_jpeg() in image.cxx may result in denial of service. https://nvd.nist.gov/vuln/detail/CVE-2021-23191
CVE-2021-23192 A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements. https://nvd.nist.gov/vuln/detail/CVE-2021-23192
CVE-2021-23206 A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parse_table() in ps-pdf.cxx may lead to execute arbitrary code and denial of service. https://nvd.nist.gov/vuln/detail/CVE-2021-23206
CVE-2021-23222 A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. https://nvd.nist.gov/vuln/detail/CVE-2021-23222
CVE-2021-38266 Liferay Portal through v7.2.1 and Liferay DXP through v7.2 does not correctly import users from LDAP, allowing remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exists in LDAP. https://nvd.nist.gov/vuln/detail/CVE-2021-38266
CVE-2021-3623 A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability. https://nvd.nist.gov/vuln/detail/CVE-2021-3623
CVE-2021-3631 A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity. https://nvd.nist.gov/vuln/detail/CVE-2021-3631
CVE-2021-3654 A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL. https://nvd.nist.gov/vuln/detail/CVE-2021-3654
CVE-2021-3658 bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers. https://nvd.nist.gov/vuln/detail/CVE-2021-3658
CVE-2021-3667 An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. https://nvd.nist.gov/vuln/detail/CVE-2021-3667
CVE-2021-3677 A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting. https://nvd.nist.gov/vuln/detail/CVE-2021-3677
CVE-2021-3715 A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. https://nvd.nist.gov/vuln/detail/CVE-2021-3715
CVE-2021-3716 A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability. https://nvd.nist.gov/vuln/detail/CVE-2021-3716
CVE-2021-3738 In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only pointed at, and when one connection within that association group ended, the database would be left pointing at an invalid 'struct session_info'. The most likely outcome here is a crash, but it is possible that the use-after-free could instead allow different user state to be pointed at and this might allow more privileged access. https://nvd.nist.gov/vuln/detail/CVE-2021-3738
CVE-2021-3772 A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. https://nvd.nist.gov/vuln/detail/CVE-2021-3772
CVE-2021-4076 A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys. https://nvd.nist.gov/vuln/detail/CVE-2021-4076
CVE-2022-24722 VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the view_component gem. Data received via user input and passed as an interpolation argument to the `translate` method is not properly sanitized before display. Versions 2.31.2 and 2.49.1 have been released and fully mitigate the vulnerability. As a workaround, avoid passing user input to the `translate` function, or sanitize the inputs before passing them. https://nvd.nist.gov/vuln/detail/CVE-2022-24722
CVE-2022-25115 A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via a crafted PNG file. https://nvd.nist.gov/vuln/detail/CVE-2022-25115
CVE-2022-25393 Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via the username parameter. https://nvd.nist.gov/vuln/detail/CVE-2022-25393
CVE-2022-25394 Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php. https://nvd.nist.gov/vuln/detail/CVE-2022-25394
CVE-2022-25395 Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross-site scripting (XSS) attacks via the search parameter under the /cbpos/ app. https://nvd.nist.gov/vuln/detail/CVE-2022-25395
CVE-2022-25396 Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. https://nvd.nist.gov/vuln/detail/CVE-2022-25396
CVE-2022-25398 Auto Spare Parts Management v1.0 was discovered to contain a SQL injection vulnerability via the user parameter. https://nvd.nist.gov/vuln/detail/CVE-2022-25398
CVE-2022-25399 Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. https://nvd.nist.gov/vuln/detail/CVE-2022-25399
CVE-2022-26169 Air Cargo Management System v1.0 was discovered to contain a SQL injection vulnerability via the ref_code parameter. https://nvd.nist.gov/vuln/detail/CVE-2022-26169
CVE-2022-26170 Simple Mobile Comparison Website v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. https://nvd.nist.gov/vuln/detail/CVE-2022-26170
CVE-2022-26171 Bank Management System v1.o was discovered to contain a SQL injection vulnerability via the email parameter. https://nvd.nist.gov/vuln/detail/CVE-2022-26171
CVE-2021-38263 Liferay Portal v7.3.2 and below and Liferay DXP v7.0 and below were discovered to contain a cross-site scripting (XSS) vulnerability via the script console under the Server module. https://nvd.nist.gov/vuln/detail/CVE-2021-38263
CVE-2021-38264 Liferay Portal v7.4.1 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the keywords parameter under the Frontend Taglib module. https://nvd.nist.gov/vuln/detail/CVE-2021-38264
CVE-2021-38265 Liferay Portal v7.3.6 and below and Liferay DXP v7.3 and below were discovered to contain a cross-site scripting (XSS) vulnerability via the _com_liferay_asset_list_web_portlet_AssetListPortlet_title parameter. https://nvd.nist.gov/vuln/detail/CVE-2021-38265
CVE-2021-38267 Liferay Portal through v7.3.6 and Liferay DXP through v7.3 were discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Blog Entry function under the Blog module. https://nvd.nist.gov/vuln/detail/CVE-2021-38267
CVE-2021-38269 Liferay Portal through v7.4.0 and Liferay DXP through v7.1 were discovered to contain a cross-site scripting (XSS) vulnerability via the Gogo Shell module. https://nvd.nist.gov/vuln/detail/CVE-2021-38269
CVE-2021-44335 David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurs in function ok_png_transform_scanline() in "/ok_png.c:533". https://nvd.nist.gov/vuln/detail/CVE-2021-44335
CVE-2021-44343 David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_read_data() in "/ok_png.c". https://nvd.nist.gov/vuln/detail/CVE-2021-44343
CVE-2022-22909 HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module. https://nvd.nist.gov/vuln/detail/CVE-2022-22909
CVE-2022-25089 Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE. https://nvd.nist.gov/vuln/detail/CVE-2022-25089
CVE-2022-25146 The Remote App module in Liferay Portal through v7.4.3.8 and Liferay DXP through v7.4 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message. https://nvd.nist.gov/vuln/detail/CVE-2022-25146
CVE-2022-25471 An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register. https://nvd.nist.gov/vuln/detail/CVE-2022-25471
CVE-2022-24563 In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the intro_title and intro_image parameters. https://nvd.nist.gov/vuln/detail/CVE-2022-24563
CVE-2022-24573 A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field. https://nvd.nist.gov/vuln/detail/CVE-2022-24573
CVE-2021-42950 Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks all previous versions before October 25 2021. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new organization by which additional users can be added for various collaboration abilities, which allows malicious user to create new Zepl Notebooks with various languages, contexts, and deployment scenarios. Upon creating a new notebook with specially crafted malicious code, a user can then launch remote code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-42950
CVE-2022-23849 The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access the application because of authentication bypass. An attacker must rapidly make failed biometric authentication attempts. https://nvd.nist.gov/vuln/detail/CVE-2022-23849
CVE-2022-0528 Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository transloadit/uppy prior to 3.3.1. https://nvd.nist.gov/vuln/detail/CVE-2022-0528
CVE-2021-40635 OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. An attacker can inject a SQL query to extract information from the database. https://nvd.nist.gov/vuln/detail/CVE-2021-40635
CVE-2021-40636 OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract information from the database. https://nvd.nist.gov/vuln/detail/CVE-2021-40636
CVE-2022-23648 containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue. https://nvd.nist.gov/vuln/detail/CVE-2022-23648
CVE-2021-40637 OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php. An attacker can inject JavaScript code to get the user's cookie and take over the working session of user. https://nvd.nist.gov/vuln/detail/CVE-2021-40637
CVE-2021-43774 A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that obtained access to the administrative web interface of a printer (e.g., by using the default credentials) can download the address book file, which contains the list of users (domain users, FTP users, etc.) stored on the printer, together with their encrypted passwords. The passwords are protected by a weak cipher, such as ROT13, which requires minimal effort to instantly retrieve the original password, giving the attacker a list of valid domain or FTP usernames and passwords. https://nvd.nist.gov/vuln/detail/CVE-2021-43774
CVE-2021-45819 Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service path which allows attackers to escalate privileges to the system level. https://nvd.nist.gov/vuln/detail/CVE-2021-45819
CVE-2022-22706 An Arm product family through 2022-01-03 has an Exposed Dangerous Method or Function. https://nvd.nist.gov/vuln/detail/CVE-2022-22706
CVE-2022-25031 Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows attackers to escalate privileges to the system level. https://nvd.nist.gov/vuln/detail/CVE-2022-25031
CVE-2022-0753 Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9. https://nvd.nist.gov/vuln/detail/CVE-2022-0753
CVE-2022-0841 OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4. https://nvd.nist.gov/vuln/detail/CVE-2022-0841
CVE-2022-25138 Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Name parameter. https://nvd.nist.gov/vuln/detail/CVE-2022-25138
CVE-2022-26125 Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c. https://nvd.nist.gov/vuln/detail/CVE-2022-26125
CVE-2022-26126 Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c. https://nvd.nist.gov/vuln/detail/CVE-2022-26126
CVE-2022-26127 A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c. https://nvd.nist.gov/vuln/detail/CVE-2022-26127
CVE-2022-26128 A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c. https://nvd.nist.gov/vuln/detail/CVE-2022-26128
CVE-2022-26129 Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/message.c. https://nvd.nist.gov/vuln/detail/CVE-2022-26129
CVE-2021-3602 An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials). https://nvd.nist.gov/vuln/detail/CVE-2021-3602
CVE-2021-3609 .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root. https://nvd.nist.gov/vuln/detail/CVE-2021-3609
CVE-2021-3620 A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. https://nvd.nist.gov/vuln/detail/CVE-2021-3620
CVE-2022-0492 A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. https://nvd.nist.gov/vuln/detail/CVE-2022-0492
CVE-2022-22700 CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant. https://nvd.nist.gov/vuln/detail/CVE-2022-22700
CVE-2022-23898 MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml. https://nvd.nist.gov/vuln/detail/CVE-2022-23898
CVE-2022-23899 MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java. https://nvd.nist.gov/vuln/detail/CVE-2022-23899
CVE-2022-25125 MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. https://nvd.nist.gov/vuln/detail/CVE-2022-25125
CVE-2022-24724 cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered. https://nvd.nist.gov/vuln/detail/CVE-2022-24724
CVE-2022-21716 Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds. https://nvd.nist.gov/vuln/detail/CVE-2022-21716
CVE-2022-24723 URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse can be used as a workaround. https://nvd.nist.gov/vuln/detail/CVE-2022-24723
CVE-2021-38577 Heap Overflow in BaseBmpSupportLib. https://nvd.nist.gov/vuln/detail/CVE-2021-38577
CVE-2021-38578 Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. https://nvd.nist.gov/vuln/detail/CVE-2021-38578
CVE-2021-3762 A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-3762
CVE-2021-4002 A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. https://nvd.nist.gov/vuln/detail/CVE-2021-4002
CVE-2022-0265 Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast prior to 5.1. https://nvd.nist.gov/vuln/detail/CVE-2022-0265
CVE-2022-22943 VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest OS due to an uncontrolled search path element. https://nvd.nist.gov/vuln/detail/CVE-2022-22943
CVE-2022-22947 In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host. https://nvd.nist.gov/vuln/detail/CVE-2022-22947
CVE-2022-23051 PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svg_file' parameter. https://nvd.nist.gov/vuln/detail/CVE-2022-23051
CVE-2022-23052 PeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application. https://nvd.nist.gov/vuln/detail/CVE-2022-23052
CVE-2022-23708 A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index. https://nvd.nist.gov/vuln/detail/CVE-2022-23708
CVE-2022-23709 A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this privilege could not modify alerting connectors. This effectively means that Read users could disable existing alerting rules. https://nvd.nist.gov/vuln/detail/CVE-2022-23709
CVE-2022-23710 A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s browser. https://nvd.nist.gov/vuln/detail/CVE-2022-23710
CVE-2022-24725 Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix systems when using Bash with the `escape` or `escapeAll` functions from the _shescape_ API with the `interpolation` option set to `true`. Other tested shells, Dash and Zsh, are not affected. Depending on how the output of _shescape_ is used, directory traversal may be possible in the application using _shescape_. The issue was patched in version 1.5.1. As a workaround, manually escape all instances of the tilde character (`~`) using `arg.replace(/~/g, "\\\\~")`. https://nvd.nist.gov/vuln/detail/CVE-2022-24725
CVE-2022-25220 PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding. https://nvd.nist.gov/vuln/detail/CVE-2022-25220
CVE-2021-26259 A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service. https://nvd.nist.gov/vuln/detail/CVE-2021-26259
CVE-2021-26948 Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file. https://nvd.nist.gov/vuln/detail/CVE-2021-26948
CVE-2021-3638 An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. https://nvd.nist.gov/vuln/detail/CVE-2021-3638
CVE-2021-3640 A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system. https://nvd.nist.gov/vuln/detail/CVE-2021-3640
CVE-2022-0730 Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. https://nvd.nist.gov/vuln/detail/CVE-2022-0730
CVE-2022-0838 Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10. https://nvd.nist.gov/vuln/detail/CVE-2022-0838
CVE-2022-0848 OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11. https://nvd.nist.gov/vuln/detail/CVE-2022-0848
CVE-2022-0752 Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9. https://nvd.nist.gov/vuln/detail/CVE-2022-0752
CVE-2022-23327 A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a victim node's memory pool, causing a denial of service (DoS). https://nvd.nist.gov/vuln/detail/CVE-2022-23327
CVE-2022-23328 A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a victim Geth node, which can purge all of pending transactions in a victim node's memory pool and then occupy the memory pool to prevent new transactions from entering the pool, resulting in a denial of service (DoS). https://nvd.nist.gov/vuln/detail/CVE-2022-23328
CVE-2021-43392 STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform. https://nvd.nist.gov/vuln/detail/CVE-2021-43392
CVE-2021-43393 STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform. https://nvd.nist.gov/vuln/detail/CVE-2021-43393
CVE-2021-44321 Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF), where an attacker can update/delete items in the inventory. The attacker must be logged into the application create a malicious file for updating the inventory details and items. https://nvd.nist.gov/vuln/detail/CVE-2021-44321
CVE-2021-46393 There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will be splice to stack by function sscanf without any security check,which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data. https://nvd.nist.gov/vuln/detail/CVE-2021-46393
CVE-2021-46394 There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is directly retrieved from the http request parameter startIp. Then v13 will be splice to stack by function sscanf without any security check, which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data. https://nvd.nist.gov/vuln/detail/CVE-2021-46394
CVE-2022-0831 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. https://nvd.nist.gov/vuln/detail/CVE-2022-0831
CVE-2022-0832 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. https://nvd.nist.gov/vuln/detail/CVE-2022-0832
CVE-2022-26201 Victor CMS v1.0 was discovered to contain a SQL injection vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-26201
CVE-2020-18324 Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template. https://nvd.nist.gov/vuln/detail/CVE-2020-18324
CVE-2020-18325 Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel. https://nvd.nist.gov/vuln/detail/CVE-2020-18325
CVE-2020-18326 Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user. https://nvd.nist.gov/vuln/detail/CVE-2020-18326
CVE-2020-18327 Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2 https://nvd.nist.gov/vuln/detail/CVE-2020-18327
CVE-2021-46378 DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download. https://nvd.nist.gov/vuln/detail/CVE-2021-46378
CVE-2022-0839 Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0. https://nvd.nist.gov/vuln/detail/CVE-2022-0839
CVE-2022-23397 The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-23397
CVE-2021-23214 When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. https://nvd.nist.gov/vuln/detail/CVE-2021-23214
CVE-2021-3743 An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. https://nvd.nist.gov/vuln/detail/CVE-2021-3743
CVE-2021-3744 A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808. https://nvd.nist.gov/vuln/detail/CVE-2021-3744
CVE-2021-46379 DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site. https://nvd.nist.gov/vuln/detail/CVE-2021-46379
CVE-2021-46380 Chained Cross Site Request Forgery (CSRF) with Reflected Cross Site Scripting (XSS) vulnerability in WAGO 750-8212 PFC200 G2 2ETH RS leads to session hijacking. https://nvd.nist.gov/vuln/detail/CVE-2021-46380
CVE-2021-46381 Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow]. https://nvd.nist.gov/vuln/detail/CVE-2021-46381
CVE-2021-46382 Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking. https://nvd.nist.gov/vuln/detail/CVE-2021-46382
CVE-2022-22946 In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates. https://nvd.nist.gov/vuln/detail/CVE-2022-22946
CVE-2022-23729 When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010. https://nvd.nist.gov/vuln/detail/CVE-2022-23729
CVE-2022-26336 A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to poi-scratchpad 5.2.1. https://nvd.nist.gov/vuln/detail/CVE-2022-26336
CVE-2022-21828 A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3. https://nvd.nist.gov/vuln/detail/CVE-2022-21828
CVE-2022-24727 Weblate is a web based localization tool with tight version control integration. Prior to version 4.11.1, Weblate didn't properly sanitize some arguments passed to Git and Mercurial, allowing them to change their behavior in an unintended way. Instances where untrusted users cannot create new components are not affected. The issues were fixed in the 4.11.1 release. https://nvd.nist.gov/vuln/detail/CVE-2022-24727
CVE-2022-25623 The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations. https://nvd.nist.gov/vuln/detail/CVE-2022-25623
CVE-2021-20300 A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability. https://nvd.nist.gov/vuln/detail/CVE-2021-20300
CVE-2021-20302 A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability. https://nvd.nist.gov/vuln/detail/CVE-2021-20302
CVE-2021-20303 A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well. https://nvd.nist.gov/vuln/detail/CVE-2021-20303
CVE-2021-20319 An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data, and achieve full access to the node being installed. https://nvd.nist.gov/vuln/detail/CVE-2021-20319
CVE-2021-3428 A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat. https://nvd.nist.gov/vuln/detail/CVE-2021-3428
CVE-2021-3575 A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg. https://nvd.nist.gov/vuln/detail/CVE-2021-3575
CVE-2022-23232 StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user accounts to access S3 data to which they previously had access. StorageGRID 11.6.0 obtains the user account status from Active Directory or Azure and will block S3 access for disabled user accounts during the subsequent background synchronization. User accounts that are expired or locked for Active Directory or Azure, or user accounts that are disabled, expired, or locked in identity sources other than Active Directory or Azure must be manually removed from group memberships or have their S3 keys manually removed from Tenant Manager in all versions of StorageGRID (formerly StorageGRID Webscale). https://nvd.nist.gov/vuln/detail/CVE-2022-23232
CVE-2022-23233 StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS) of the Local Distribution Router (LDR) service. https://nvd.nist.gov/vuln/detail/CVE-2022-23233
CVE-2022-26318 On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. https://nvd.nist.gov/vuln/detail/CVE-2022-26318
CVE-2021-27757 " Insecure password storage issue.The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Since the information is stored in cleartext, attackers could potentially read it and gain access to sensitive information." https://nvd.nist.gov/vuln/detail/CVE-2021-27757
CVE-2021-3656 A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. https://nvd.nist.gov/vuln/detail/CVE-2021-3656
CVE-2021-3737 A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. https://nvd.nist.gov/vuln/detail/CVE-2021-3737
CVE-2022-0855 Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to 0.0.4. https://nvd.nist.gov/vuln/detail/CVE-2022-0855
CVE-2022-26483 An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. A reflected cross-site scripting (XSS) vulnerability in admin/cgi-bin/listdir.pl allows authenticated remote administrators to inject arbitrary web script or HTML into an HTTP GET parameter (which reflect the user input without sanitization). https://nvd.nist.gov/vuln/detail/CVE-2022-26483
CVE-2022-26484 An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input data, allowing a remote authenticated administrator to read arbitrary files on the system via Directory Traversal. By manipulating the resource name in GET requests referring to files with absolute paths, it is possible to access arbitrary files stored on the filesystem, including application source code, configuration files, and critical system files. https://nvd.nist.gov/vuln/detail/CVE-2022-26484
CVE-2022-23915 The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution. https://nvd.nist.gov/vuln/detail/CVE-2022-23915
CVE-2022-25106 D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. https://nvd.nist.gov/vuln/detail/CVE-2022-25106
CVE-2021-43590 Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. https://nvd.nist.gov/vuln/detail/CVE-2021-43590
CVE-2021-27756 "TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it." https://nvd.nist.gov/vuln/detail/CVE-2021-27756
CVE-2021-32008 This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged in GateManager admin to delete system Files or Directories. https://nvd.nist.gov/vuln/detail/CVE-2021-32008
CVE-2021-40846 An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP to check, and request, updates. Thus, attackers can man-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings. https://nvd.nist.gov/vuln/detail/CVE-2021-40846
CVE-2021-44827 There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the X_TP_ExternalIPv6Address HTTP parameter, allowing a remote attacker to run arbitrary commands on the router with root privileges. https://nvd.nist.gov/vuln/detail/CVE-2021-44827
CVE-2021-46353 An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote unauthenticated attacker to send a specially crafted HTTP request and gain knowledge of different absolute paths that are being used by the web application. https://nvd.nist.gov/vuln/detail/CVE-2021-46353
CVE-2021-46384 https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ¶¶ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS. https://nvd.nist.gov/vuln/detail/CVE-2021-46384
CVE-2022-25312 An XML external entity (XXE) injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions < 2.7. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Any23 2.7. https://nvd.nist.gov/vuln/detail/CVE-2022-25312
CVE-2022-25069 Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into /lib/contentState/pasteCtrl.js. https://nvd.nist.gov/vuln/detail/CVE-2022-25069
CVE-2022-25044 Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString. https://nvd.nist.gov/vuln/detail/CVE-2022-25044
CVE-2022-25465 Espruino 2v11 release was discovered to contain a stack buffer overflow via src/jsvar.c in jsvGetNextSibling. https://nvd.nist.gov/vuln/detail/CVE-2022-25465
CVE-2022-0849 Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6. https://nvd.nist.gov/vuln/detail/CVE-2022-0849
CVE-2022-24921 regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. https://nvd.nist.gov/vuln/detail/CVE-2022-24921
CVE-2022-0845 Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0. https://nvd.nist.gov/vuln/detail/CVE-2022-0845
CVE-2022-26487 Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allow remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). https://nvd.nist.gov/vuln/detail/CVE-2022-26487
CVE-2022-26490 st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. https://nvd.nist.gov/vuln/detail/CVE-2022-26490
CVE-2022-26495 In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages. https://nvd.nist.gov/vuln/detail/CVE-2022-26495
CVE-2022-26496 In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name. https://nvd.nist.gov/vuln/detail/CVE-2022-26496
CVE-2021-46704 In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check. https://nvd.nist.gov/vuln/detail/CVE-2021-46704
CVE-2022-26505 A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files. https://nvd.nist.gov/vuln/detail/CVE-2022-26505
CVE-2022-0869 Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3. https://nvd.nist.gov/vuln/detail/CVE-2022-0869
CVE-2022-0868 Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10. https://nvd.nist.gov/vuln/detail/CVE-2022-0868
CVE-2021-44748 A vulnerability affecting F-Secure SAFE browser was discovered whereby browsers loads images automatically this vulnerability can be exploited remotely by an attacker to execute the JavaScript can be used to trigger universal cross-site scripting through the browser. User interaction is required prior to exploitation, such as entering a malicious website to trigger the vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2021-44748
CVE-2021-44749 A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling can be triggered to cause universal cross-site scripting through browsing protection in a SAFE web browser. User interaction is required prior to exploitation. A successful exploitation may lead to arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-44749
CVE-2022-0697 Open Redirect in GitHub repository archivy/archivy prior to 1.7.0. https://nvd.nist.gov/vuln/detail/CVE-2022-0697
CVE-2022-0766 Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. https://nvd.nist.gov/vuln/detail/CVE-2022-0766
CVE-2022-0767 Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. https://nvd.nist.gov/vuln/detail/CVE-2022-0767
CVE-2021-24216 The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations. https://nvd.nist.gov/vuln/detail/CVE-2021-24216
CVE-2021-24777 The view submission functionality in the Hotscot Contact Form WordPress plugin before 1.3 makes a get request with the sub_id parameter which not sanitised, escaped or validated before inserting to a SQL statement, leading to an SQL injection. https://nvd.nist.gov/vuln/detail/CVE-2021-24777
CVE-2021-24778 The test parameter of the xmlfeed in the Tradetracker-Store WordPress plugin before 4.6.60 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. https://nvd.nist.gov/vuln/detail/CVE-2021-24778
CVE-2021-24810 The WP Event Manager WordPress plugin before 3.1.23 does not escape some of its Field Editor settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed https://nvd.nist.gov/vuln/detail/CVE-2021-24810
CVE-2021-24821 The Cost Calculator WordPress plugin before 1.6 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description fields of a Cost Calculator > Price Settings (which gets injected on the edit page as well as any page that embeds the calculator using the shortcode), as well as the Text Preview field of a Project (injected on the edit project page) https://nvd.nist.gov/vuln/detail/CVE-2021-24821
CVE-2021-24824 The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the email address of orders can be retrieved https://nvd.nist.gov/vuln/detail/CVE-2021-24824
CVE-2021-24825 The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to display arbitrary files from the filesystem (such as logs, .htaccess etc), as well as perform Local File Inclusion attacks as PHP files will be executed. Please note that such attack is still possible by admin+ in single site blogs by default (but won't be when either the unfiltered_html or file_edit is disallowed) https://nvd.nist.gov/vuln/detail/CVE-2021-24825
CVE-2021-24826 The Custom Content Shortcode WordPress plugin before 4.0.2 does not escape custom fields before outputting them, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. Please note that such attack is still possible by admin+ in single site blogs by default (but won't be when the unfiltered_html is disallowed) https://nvd.nist.gov/vuln/detail/CVE-2021-24826
CVE-2021-24952 The Conversios.io WordPress plugin before 4.6.2 does not sanitise, validate and escape the sync_progressive_data parameter for the tvcajax_product_sync_bantch_wise AJAX action before using it in a SQL statement, allowing any authenticated user to perform SQL injection attacks. https://nvd.nist.gov/vuln/detail/CVE-2021-24952
CVE-2021-24953 The Advanced iFrame WordPress plugin before 2022 does not sanitise and escape the ai_config_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue https://nvd.nist.gov/vuln/detail/CVE-2021-24953
CVE-2021-24960 The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be then be used for Cross-Site Scripting attacks https://nvd.nist.gov/vuln/detail/CVE-2021-24960
CVE-2021-24961 The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 does not escape some of its shortcode argument, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks https://nvd.nist.gov/vuln/detail/CVE-2021-24961
CVE-2021-25009 The CorreosExpress WordPress plugin through 2.6.0 generates log files which are publicly accessible, and contain sensitive information such as sender/receiver names, phone numbers, physical and email addresses https://nvd.nist.gov/vuln/detail/CVE-2021-25009
CVE-2021-25038 The WordPress Multisite User Sync/Unsync WordPress plugin before 2.1.2 does not sanitise and escape the wmus_source_blog and wmus_record_per_page parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues https://nvd.nist.gov/vuln/detail/CVE-2021-25038
CVE-2021-25039 The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.0 does not sanitise and escape the wmcc_content_type, wmcc_source_blog and wmcc_record_per_page parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues https://nvd.nist.gov/vuln/detail/CVE-2021-25039
CVE-2021-25087 The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensitive information disclosure, such as posts passwords (fixed in 3.2.24) and files Master Keys (fixed in 3.2.25). https://nvd.nist.gov/vuln/detail/CVE-2021-25087
CVE-2021-25098 The Pricing Tables WordPress Plugin WordPress plugin before 3.1.3 does not verify the CSRF nonce when removing posts, allowing attackers to make a logged in admin remove arbitrary posts from the blog via a CSRF attack, which will be put in the trash https://nvd.nist.gov/vuln/detail/CVE-2021-25098
CVE-2022-0163 The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form. https://nvd.nist.gov/vuln/detail/CVE-2022-0163
CVE-2022-0205 The YOP Poll WordPress plugin before 6.3.5 does not sanitise and escape some of the settings (available to users with a role as low as author) before outputting them, leading to a Stored Cross-Site Scripting issue https://nvd.nist.gov/vuln/detail/CVE-2022-0205
CVE-2022-0267 The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to a SQL injection https://nvd.nist.gov/vuln/detail/CVE-2022-0267
CVE-2022-0347 The LoginPress | Custom Login Page Customizer WordPress plugin before 1.5.12 does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting https://nvd.nist.gov/vuln/detail/CVE-2022-0347
CVE-2022-0349 The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection https://nvd.nist.gov/vuln/detail/CVE-2022-0349
CVE-2022-0384 The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapi_get_wp_users AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog https://nvd.nist.gov/vuln/detail/CVE-2022-0384
CVE-2022-0389 The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. https://nvd.nist.gov/vuln/detail/CVE-2022-0389
CVE-2022-0410 The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection https://nvd.nist.gov/vuln/detail/CVE-2022-0410
CVE-2022-0420 The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rm_form_id parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks https://nvd.nist.gov/vuln/detail/CVE-2022-0420
CVE-2022-0422 The White Label CMS WordPress plugin before 2.2.9 does not sanitise and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting issue https://nvd.nist.gov/vuln/detail/CVE-2022-0422
CVE-2022-0426 The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 does not escape the rowCount parameter before outputting it back in an attribute via the woosea_categories_dropdown AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting https://nvd.nist.gov/vuln/detail/CVE-2022-0426
CVE-2022-0429 The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-0429
CVE-2022-0434 The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks https://nvd.nist.gov/vuln/detail/CVE-2022-0434
CVE-2022-0439 The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the `order` and `orderby` parameters to the `ajax_fetch_report_list` action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protection in place for the action, allowing an attacker to trick any logged in user to perform the action by clicking a link. https://nvd.nist.gov/vuln/detail/CVE-2022-0439
CVE-2022-0440 The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS constants set to true) https://nvd.nist.gov/vuln/detail/CVE-2022-0440
CVE-2022-0441 The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin https://nvd.nist.gov/vuln/detail/CVE-2022-0441
CVE-2022-0442 The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar. https://nvd.nist.gov/vuln/detail/CVE-2022-0442
CVE-2022-0445 The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset them via a CSRF attack https://nvd.nist.gov/vuln/detail/CVE-2022-0445
CVE-2022-0448 The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its "License ID" settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. https://nvd.nist.gov/vuln/detail/CVE-2022-0448
CVE-2022-0533 The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-0533
CVE-2022-0535 The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed https://nvd.nist.gov/vuln/detail/CVE-2022-0535
CVE-2021-4198 A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files.\nThis issue affects:\nBitdefender Total Security\nversions prior to 26.0.3.29.\nBitdefender Internet Security\nversions prior to 26.0.3.29.\nBitdefender Antivirus Plus\nversions prior to 26.0.3.29.\nBitdefender Endpoint Security Tools\nversions prior to 7.2.2.92.\nBitdefender VPN Standalone\nversions prior to 25.5.0.48. https://nvd.nist.gov/vuln/detail/CVE-2021-4198
CVE-2021-4199 Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM.\nThis issue affects:\nBitdefender Total Security\nversions prior to 26.0.10.45.\nBitdefender Internet Security\nversions prior to 26.0.10.45.\nBitdefender Antivirus Plus\nversions prior to 26.0.10.45.\nBitdefender Endpoint Security Tools for Windows\nversions prior to 7.4.3.146. https://nvd.nist.gov/vuln/detail/CVE-2021-4199
CVE-2022-0754 SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5. https://nvd.nist.gov/vuln/detail/CVE-2022-0754
CVE-2022-0755 Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.12.5. https://nvd.nist.gov/vuln/detail/CVE-2022-0755
CVE-2022-0756 Improper Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. https://nvd.nist.gov/vuln/detail/CVE-2022-0756
CVE-2021-38988 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212950. https://nvd.nist.gov/vuln/detail/CVE-2021-38988
CVE-2021-38989 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212951. https://nvd.nist.gov/vuln/detail/CVE-2021-38989
CVE-2022-22351 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted host. IBM X-Force ID: 220396 https://nvd.nist.gov/vuln/detail/CVE-2022-22351
CVE-2022-24738 Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. In versions of evmos prior to 2.0.1 attackers are able to drain unclaimed funds from user addresses. To do this an attacker must create a new chain which does not enforce signature verification and connects it to the target evmos instance. The attacker can use this joined chain to transfer unclaimed funds. Users are advised to upgrade. There are no known workarounds for this issue. https://nvd.nist.gov/vuln/detail/CVE-2022-24738
CVE-2022-24737 HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn‘t distinguish between cookies and hosts they belonged. This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third party website. Users are advised to upgrade. There are no known workarounds. https://nvd.nist.gov/vuln/detail/CVE-2022-24737
CVE-2021-36809 A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client. https://nvd.nist.gov/vuln/detail/CVE-2021-36809
CVE-2021-43944 This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. https://nvd.nist.gov/vuln/detail/CVE-2021-43944
CVE-2021-37208 A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V5.6.0), RUGGEDCOM ROS RMC8388 devices (All versions < V5.6.0), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions < V5.6.0), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2288 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG900 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG920P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0). Improper neutralization of special characters on the web server configuration page could allow an attacker, in a privileged position, to retrieve sensitive information via cross-site scripting. https://nvd.nist.gov/vuln/detail/CVE-2021-37208
CVE-2021-37209 A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V5.6.0), RUGGEDCOM ROS M2200 (All versions < V5.6.0), RUGGEDCOM ROS M969 (All versions < V5.6.0), RUGGEDCOM ROS RMC (All versions < V5.6.0), RUGGEDCOM ROS RMC20 (All versions < V5.6.0), RUGGEDCOM ROS RMC30 (All versions < V5.6.0), RUGGEDCOM ROS RMC40 (All versions < V5.6.0), RUGGEDCOM ROS RMC41 (All versions < V5.6.0), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions < V5.6.0), RUGGEDCOM ROS RS400 (All versions < V5.6.0), RUGGEDCOM ROS RS401 (All versions < V5.6.0), RUGGEDCOM ROS RS416 (All versions < V5.6.0), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions < V5.6.0), RUGGEDCOM ROS RS8000A (All versions < V5.6.0), RUGGEDCOM ROS RS8000H (All versions < V5.6.0), RUGGEDCOM ROS RS8000T (All versions < V5.6.0), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions < V5.6.0), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions < V5.6.0), RUGGEDCOM ROS RS900L (All versions < V5.6.0), RUGGEDCOM ROS RS900L (All versions < V5.6.0), RUGGEDCOM ROS RS900W (All versions < V5.6.0), RUGGEDCOM ROS RS910 (All versions < V5.6.0), RUGGEDCOM ROS RS910L (All versions < V5.6.0), RUGGEDCOM ROS RS910W (All versions < V5.6.0), RUGGEDCOM ROS RS920L (All versions < V5.6.0), RUGGEDCOM ROS RS920W (All versions < V5.6.0), RUGGEDCOM ROS RS930L (All versions < V5.6.0), RUGGEDCOM ROS RS930W (All versions < V5.6.0), RUGGEDCOM ROS RS940G (All versions < V5.6.0), RUGGEDCOM ROS RS969 (All versions < V5.6.0), RUGGEDCOM ROS RSG2100 (All versions < V5.6.0), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2200 (All versions < V5.6.0), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG900 (All versions < V5.6.0), RUGGEDCOM ROS RSG900C (All versions < V5.6.0), RUGGEDCOM ROS RSG900G (All versions < V5.6.0), RUGGEDCOM ROS RSG900R (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions < V5.6.0), RUGGEDCOM ROS i801 (All versions < V5.6.0), RUGGEDCOM ROS i802 (All versions < V5.6.0), RUGGEDCOM ROS i803 (All versions < V5.6.0). Unencrypted storage of passwords in the client configuration files and during\nnetwork transmission could allow an attacker in a privileged position to\nobtain access passwords. https://nvd.nist.gov/vuln/detail/CVE-2021-37209
CVE-2021-41541 A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The Group Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action. https://nvd.nist.gov/vuln/detail/CVE-2021-41541
CVE-2021-41542 A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The User Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action. https://nvd.nist.gov/vuln/detail/CVE-2021-41542
CVE-2021-41543 A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files. https://nvd.nist.gov/vuln/detail/CVE-2021-41543
CVE-2021-42016 A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V5.6.0), RUGGEDCOM ROS RMC8388 devices (All versions < V5.6.0), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions < V5.6.0), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2288 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG900 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG920P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0). A timing attack in a third-party component could make the retrieval of the private key possible, used for encryption of sensitive data. If a threat actor were to exploit this, the data integrity and security could be compromised. https://nvd.nist.gov/vuln/detail/CVE-2021-42016
CVE-2021-42017 A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V5.6.0), RUGGEDCOM ROS RMC8388 devices (All versions < V5.6.0), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions < V5.6.0), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2288 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG900 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG920P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0). A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2. If an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications. https://nvd.nist.gov/vuln/detail/CVE-2021-42017
CVE-2021-42018 A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V5.6.0), RUGGEDCOM ROS RMC8388 devices (All versions < V5.6.0), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions < V5.6.0), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2288 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG900 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG920P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0). Within a third-party component, whenever memory allocation is requested, the out of bound size is not checked. Therefore, if size exceeding the expected allocation is assigned, it could allocate a smaller buffer instead. If an attacker were to exploit this, they could cause a heap overflow. https://nvd.nist.gov/vuln/detail/CVE-2021-42018
CVE-2021-42019 A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V5.6.0), RUGGEDCOM ROS RMC8388 devices (All versions < V5.6.0), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions < V5.6.0), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2288 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG900 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG920P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0). Within a third-party component, the process to allocate partition size fails to check memory boundaries. Therefore, if a large amount is requested by an attacker, due to an integer-wrap around, it could result in a small size being allocated instead. https://nvd.nist.gov/vuln/detail/CVE-2021-42019
CVE-2021-42020 A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V5.6.0), RUGGEDCOM ROS RMC8388 devices (All versions < V5.6.0), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions < V5.6.0), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2288 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG900 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG920P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0). The third-party component in its TFTP functionality fails to check for null terminations in file names. If an attacker were to exploit this, it could result in data corruption, and possibly a hard-fault of the application. https://nvd.nist.gov/vuln/detail/CVE-2021-42020
CVE-2021-44478 A vulnerability has been identified in Polarion Subversion Webclient (V21 R1). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product.\n\nAn attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges. https://nvd.nist.gov/vuln/detail/CVE-2021-44478
CVE-2022-24281 A vulnerability has been identified in SINEC NMS (All versions). A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application. https://nvd.nist.gov/vuln/detail/CVE-2022-24281
CVE-2022-24282 A vulnerability has been identified in SINEC NMS (All versions). The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a maliciously crafted serialized Java object. This could allow the attacker to execute arbitrary code on the device with root privileges. https://nvd.nist.gov/vuln/detail/CVE-2022-24282
CVE-2022-24309 A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29), Mendix Applications using Mendix 8 (All versions < V8.18.16), Mendix Applications using Mendix 9 (All versions). If an entity has an association readable by the user, then in some cases, Mendix Runtime may not apply checks for XPath constraints that parse said associations, within apps running on affected versions. A malicious user could use this to dump and manipulate sensitive data. https://nvd.nist.gov/vuln/detail/CVE-2022-24309
CVE-2022-24408 A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files.\n\nA specific set of operations using sc could allow local attackers to escalate their privileges to root. https://nvd.nist.gov/vuln/detail/CVE-2022-24408
CVE-2022-24661 A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < V2022.1). The starview+.exe contains a memory corruption vulnerability while parsing\nspecially crafted .SCE files. This could allow an attacker to execute code in the context of the current process. https://nvd.nist.gov/vuln/detail/CVE-2022-24661
CVE-2022-25311 A vulnerability has been identified in SINEC NMS (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation. https://nvd.nist.gov/vuln/detail/CVE-2022-25311
CVE-2022-26313 A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1). In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts. https://nvd.nist.gov/vuln/detail/CVE-2022-26313
CVE-2022-26314 A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1), Mendix Forgot Password Appstore module (Mendix 7 compatible) (All versions < V3.2.2). Initial passwords are generated in an insecure manner. This could allow an unauthenticated remote attacker to efficiently brute force passwords in specific situations. https://nvd.nist.gov/vuln/detail/CVE-2022-26314
CVE-2022-26317 A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29). When returning the result of a completed Microflow execution call the affected framework does not correctly verify, if the request was initially made by the user requesting the result. Together with predictable identifiers for Microflow execution calls, this could allow a malicious attacker to retrieve information about arbitrary Microflow execution calls made by users within the affected system. https://nvd.nist.gov/vuln/detail/CVE-2022-26317
CVE-2022-0877 Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3. https://nvd.nist.gov/vuln/detail/CVE-2022-0877
CVE-2021-41180 Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validation on the link. This could result in an open-redirect, but required user interaction. This only affected users of the Android Talk client. It is recommended that the Nextcloud Talk App is upgraded to 12.1.2. There are no known workarounds.\n https://nvd.nist.gov/vuln/detail/CVE-2021-41180
CVE-2021-41181 Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim received a phone call the attacker could gain access to the chat messages and files of the user. It is recommended that the Nextcloud Android Talk App is upgraded to 12.3.0. There are no known workarounds.\n https://nvd.nist.gov/vuln/detail/CVE-2021-41181
CVE-2021-41239 Nextcloud server is a self hosted system designed to provide cloud style services. In affected versions the User Status API did not consider the user enumeration settings by the administrator. This allowed a user to enumerate other users on the instance, even when user listings where disabled. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. There are no known workarounds. https://nvd.nist.gov/vuln/detail/CVE-2021-41239
CVE-2021-41241 Nextcloud server is a self hosted system designed to provide cloud style services. The groupfolders application for Nextcloud allows sharing a folder with a group of people. In addition, it allows setting "advanced permissions" on subfolders, for example, a user could be granted access to the groupfolder but not specific subfolders. Due to a lacking permission check in affected versions, a user could still access these subfolders by copying the groupfolder to another location. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the "groupfolders" application in the admin settings.\n https://nvd.nist.gov/vuln/detail/CVE-2021-41241
CVE-2022-24713 regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.\n https://nvd.nist.gov/vuln/detail/CVE-2022-24713
CVE-2022-24714 Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may still have access to a collection of content. Note that this only applies if a role has implicitly permitted access to hosts, due to permitted access to at least one of their services. If access to a host is permitted by other means, no sensible information has been disclosed to unauthorized users. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2.\n https://nvd.nist.gov/vuln/detail/CVE-2022-24714
CVE-2022-24715 Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration. https://nvd.nist.gov/vuln/detail/CVE-2022-24715
CVE-2022-24716 Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated.\n https://nvd.nist.gov/vuln/detail/CVE-2022-24716
CVE-2022-24739 alltube is an html front end for youtube-dl. On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack (depending on how AllTube is configured). The impact is mitigated by the fact the SSRF attack is only possible when the `stream` option is enabled in the configuration. (This option is disabled by default.) 3.0.3 contains a fix for this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-24739
CVE-2022-26319 An installer search patch element vulnerability in Trend Micro Portable Security 3.0 Pro, 3.0 and 2.0 could allow a local attacker to place an arbitrarily generated DLL file in an installer folder to elevate local privileges.\r\n\r\nPlease note: an attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-26319
CVE-2022-26337 Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially crafted file to exploit the vulnerability and escalate local privileges on the affected machine. https://nvd.nist.gov/vuln/detail/CVE-2022-26337