Security Bulletin 16 Mar 2022

Published on 16 Mar 2022

Updated on 16 Mar 2022

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Criticalvulnerabilities with a base score of 9.0 to 10.0
Highvulnerabilities with a base score of 7.0 to 8.9
Mediumvulnerabilities with a base score of 4.0 to 6.9
Lowvulnerabilities with a base score of 0.1 to 3.9
Nonevulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2021-44228Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.10https://nvd.nist.gov/vuln/detail/CVE-2021-44228
CVE-2022-0543It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.10https://nvd.nist.gov/vuln/detail/CVE-2022-0543
CVE-2022-0767Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.9.9https://nvd.nist.gov/vuln/detail/CVE-2022-0767
CVE-2017-5641Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such behaviors. One vector in the Java standard library exists that allows an attacker to trigger possibly further exploitable Java deserialization of untrusted data. Other known vectors in third party libraries can be used to trigger remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-5641
CVE-2018-20748LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-20748
CVE-2018-20749LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-20749
CVE-2018-20750LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-20750
CVE-2019-14379SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-14379
CVE-2019-19317lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-19317
CVE-2019-19646pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-19646
CVE-2020-11656In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-11656
CVE-2019-20788libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-20788
CVE-2020-17456SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-17456
CVE-2021-31784An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021.6 on all supported by ODA platforms in static configuration. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-31784
CVE-2021-25216In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting values for the tkey-gssapi-keytab or tkey-gssapi-credential configuration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. For servers that meet these conditions, the ISC SPNEGO implementation is vulnerable to various attacks, depending on the CPU architecture for which BIND was built: For named binaries compiled for 64-bit platforms, this flaw can be used to trigger a buffer over-read, leading to a server crash. For named binaries compiled for 32-bit platforms, this flaw can be used to trigger a server crash due to a buffer overflow and possibly also to achieve remote code execution. We have determined that standard SPNEGO implementations are available in the MIT and Heimdal Kerberos libraries, which support a broad range of operating systems, rendering the ISC implementation unnecessary and obsolete. Therefore, to reduce the attack surface for BIND users, we will be removing the ISC SPNEGO implementation in the April releases of BIND 9.11 and 9.16 (it had already been dropped from BIND 9.17). We would not normally remove something from a stable ESV (Extended Support Version) of BIND, but since system libraries can replace the ISC SPNEGO implementation, we have made an exception in this case for reasons of stability and security.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-25216
CVE-2021-22931Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-22931
CVE-2021-3711In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).9.8https://nvd.nist.gov/vuln/detail/CVE-2021-3711
CVE-2021-22930Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-22930
CVE-2020-27304The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal9.8https://nvd.nist.gov/vuln/detail/CVE-2020-27304
CVE-2021-44677An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14078).9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44677
CVE-2021-44678An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14076).9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44678
CVE-2021-44679An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14074).9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44679
CVE-2021-44680An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14075).9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44680
CVE-2021-44681An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14080).9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44681
CVE-2021-44682An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14079).9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44682
CVE-2021-43527NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \\#7, or PKCS \\#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43527
CVE-2021-37706PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-37706
CVE-2022-23852Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23852
CVE-2022-23993/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23993
CVE-2022-22994A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an unsecured HTTP call. This was a result insufficient verification of calls to the device. The vulnerability was addressed by disabling checks for internet connectivity using HTTP.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22994
CVE-2022-21724pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-21724
CVE-2021-44880D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882_FW1.30B06_Hotfix_02 were discovered to contain a command injection vulnerability in the system function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44880
CVE-2021-44881D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44881
CVE-2021-44882D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44882
CVE-2021-45998D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the LocalIPAddress parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-45998
CVE-2021-46226D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function wget_test.asp. This vulnerability allows attackers to execute arbitrary commands via the url parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-46226
CVE-2021-46227D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function proxy_client.asp. This vulnerability allows attackers to execute arbitrary commands via the proxy_srv, proxy_srvport, proxy_lanip, proxy_lanport parameters.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-46227
CVE-2021-46228D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpd_debug.asp. This vulnerability allows attackers to execute arbitrary commands via the time parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-46228
CVE-2021-46229D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function usb_paswd.asp. This vulnerability allows attackers to execute arbitrary commands via the name parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-46229
CVE-2021-46230D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function upgrade_filter. This vulnerability allows attackers to execute arbitrary commands via the path and time parameters.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-46230
CVE-2021-46231D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function urlrd_opt.asp. This vulnerability allows attackers to execute arbitrary commands via the url_en parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-46231
CVE-2021-46232D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function version_upgrade.asp. This vulnerability allows attackers to execute arbitrary commands via the path parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-46232
CVE-2021-46233D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function msp_info.htm. This vulnerability allows attackers to execute arbitrary commands via the cmd parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-46233
CVE-2021-46452D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via the tomography_ping_address, tomography_ping_number, tomography_ping_size, tomography_ping_timeout, and tomography_ping_ttl parameters.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-46452
CVE-2021-46453D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStaticRouteSettings. This vulnerability allows attackers to execute arbitrary commands via the staticroute_list parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-46453
CVE-2021-46454D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanApcliSettings. This vulnerability allows attackers to execute arbitrary commands via the ApCliKeyStr parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-46454
CVE-2021-46455D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStationSettings. This vulnerability allows attackers to execute arbitrary commands via the station_access_enable parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-46455
CVE-2021-46456D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanACLSettings. This vulnerability allows attackers to execute arbitrary commands via the wl(0).(0)_maclist parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-46456
CVE-2021-46457D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function ChgSambaUserSettings. This vulnerability allows attackers to execute arbitrary commands via the samba_name parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-46457
CVE-2022-24259An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24259
CVE-2022-24260A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24260
CVE-2022-24112An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24112
CVE-2020-14521Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-14521
CVE-2022-25235xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25235
CVE-2022-25236xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25236
CVE-2022-0559Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0559
CVE-2022-25315In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25315
CVE-2022-23608PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23608
CVE-2022-25809Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote attackers) or by pairing a malicious Bluetooth device (in the case of physically proximate attackers), aka an "Alexa versus Alexa (AvA)" attack.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25809
CVE-2022-25003Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/view_doctor.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25003
CVE-2021-39363Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ARP cache poisoning has been achieved.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-39363
CVE-2022-25060TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25060
CVE-2022-25061TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25061
CVE-2021-45414A Remote Code Execution (RCE) vulnerability exists in DataRobot through 2021-10-28 because it allows submission of a Docker environment or Java driver.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-45414
CVE-2020-12775Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary system command, disrupt system or terminate service.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-12775
CVE-2021-4039A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-4039
CVE-2021-36166An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-36166
CVE-2021-32586An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-32586
CVE-2021-41193wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 7.1.12. There are currently no known workarounds.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-41193
CVE-2022-24720image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply` method from image_processing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is called internally by Active Storage variants, so Active Storage is vulnerable as well. The vulnerability has been fixed in version 1.12.2 of image_processing. As a workaround, users who process based on user input should always sanitize the user input by allowing only a constrained set of operations.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24720
CVE-2022-24305Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24305
CVE-2022-24306Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24306
CVE-2022-25016Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25016
CVE-2022-23878seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23878
CVE-2022-23640Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no known workaround.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23640
CVE-2022-0675In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0675
CVE-2022-25045Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25045
CVE-2022-25394Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25394
CVE-2022-25396Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25396
CVE-2022-25398Auto Spare Parts Management v1.0 was discovered to contain a SQL injection vulnerability via the user parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25398
CVE-2022-25399Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25399
CVE-2022-26169Air Cargo Management System v1.0 was discovered to contain a SQL injection vulnerability via the ref_code parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26169
CVE-2022-26170Simple Mobile Comparison Website v1.0 was discovered to contain a SQL injection vulnerability via the search parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26170
CVE-2022-26171Bank Management System v1.o was discovered to contain a SQL injection vulnerability via the email parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26171
CVE-2022-25089Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE via UITasks.PersistentRegistryData.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25089
CVE-2022-0841OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0841
CVE-2022-23898MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23898
CVE-2022-23899MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23899
CVE-2022-25125MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25125
CVE-2022-24724cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24724
CVE-2021-38577Heap Overflow in BaseBmpSupportLib.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-38577
CVE-2021-38578Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-38578
CVE-2022-0265Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast prior to 5.1.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0265
CVE-2022-0730Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0730
CVE-2022-0848OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0848
CVE-2021-46393There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will be splice to stack by function sscanf without any security check,which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-46393
CVE-2021-46394There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is directly retrieved from the http request parameter startIp. Then v13 will be splice to stack by function sscanf without any security check, which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-46394
CVE-2022-26201Victor CMS v1.0 was discovered to contain a SQL injection vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26201
CVE-2022-26318On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26318
CVE-2021-46384https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ¶¶ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-46384
CVE-2022-0845Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0845
CVE-2022-26495In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26495
CVE-2022-26496In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26496
CVE-2021-46704In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-46704
CVE-2022-0766Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0766
CVE-2022-0349The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0349
CVE-2022-0434The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0434
CVE-2022-0441The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0441
CVE-2021-42018A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). Within a third-party component, whenever memory allocation is requested, the out of bound size is not checked. Therefore, if size exceeding the expected allocation is assigned, it could allocate a smaller buffer instead. If an attacker were to exploit this, they could cause a heap overflow.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-42018
CVE-2021-42019A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). Within a third-party component, the process to allocate partition size fails to check memory boundaries. Therefore, if a large amount is requested by an attacker, due to an integer-wrap around, it could result in a small size being allocated instead.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-42019
CVE-2022-26313A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1). In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26313
CVE-2022-26314A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1), Mendix Forgot Password Appstore module (Mendix 7 compatible) (All versions < V3.2.2). Initial passwords are generated in an insecure manner. This could allow an unauthenticated remote attacker to efficiently brute force passwords in specific situations.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26314
CVE-2020-14115A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-14115
CVE-2021-40050There is an out-of-bounds read vulnerability in the IFAA module. Successful exploitation of this vulnerability may cause stack overflow.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-40050
CVE-2021-42787It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentConfigurationServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/configuration" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-42787
CVE-2021-42853It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDiagnosticServlet has directory traversal vulnerability at the "/api/appInternals/1.0/agent/diagnostic/logs" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-42853
CVE-2021-42854It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) PluginServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/plugin/pmx" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-42854
CVE-2021-44622A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44622
CVE-2021-44623A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 via the /cloud_config/router_post/check_reset_pwd_verify_code interface.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44623
CVE-2021-44625A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/cloud_device/info interface, which allows a malicious user to executee arbitrary code on the system via a crafted post request.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44625
CVE-2021-44626A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reg_verify_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44626
CVE-2021-44627A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reset_pwd_veirfy_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44627
CVE-2021-44628A Buffer Overflow vulnerabiltiy exists in TP-LINK WR-886N 20190826 2.3.8 in thee /cloud_config/router_post/login feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44628
CVE-2021-44629A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/register feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44629
CVE-2021-44630A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44630
CVE-2021-44631A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/reset_cloud_pwd feature, which allows malicous users to execute arbitrary code on the system via a crafted post request.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44631
CVE-2021-44632A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/upgrade_info feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44632
CVE-2021-4045TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-4045
CVE-2022-22814The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalation.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22814
CVE-2022-24193CasaOS before v0.2.7 was discovered to contain a command injection vulnerability via the component leave or join zerotier api.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24193
CVE-2022-0097Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page.9.6https://nvd.nist.gov/vuln/detail/CVE-2022-0097
CVE-2022-25395Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross-site scripting (XSS) attacks via the search parameter under the /cbpos/ app.9.6https://nvd.nist.gov/vuln/detail/CVE-2022-25395
CVE-2022-25069Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into /lib/contentState/pasteCtrl.js.9.6https://nvd.nist.gov/vuln/detail/CVE-2022-25069
CVE-2021-44749A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling can be triggered to cause universal cross-site scripting through browsing protection in a SAFE web browser. User interaction is required prior to exploitation. A successful exploitation may lead to arbitrary code execution.9.6https://nvd.nist.gov/vuln/detail/CVE-2021-44749
CVE-2021-22945When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-22945
CVE-2021-40011There is an uncontrolled resource consumption vulnerability in the display module. Successful exploitation of this vulnerability may affect integrity.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-40011
CVE-2021-3850Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-3850
CVE-2022-21723PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-21723
CVE-2021-42767A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-42767
CVE-2022-25010The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entire file system.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-25010
CVE-2022-25312An XML external entity (XXE) injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions < 2.7. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Any23 2.7.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-25312
CVE-2022-0482Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-0482
CVE-2021-33293Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-bounds read in the function panoParserFindOLine() in parser.c.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-33293
CVE-2021-40053There is a permission control vulnerability in the Nearby module. Successful exploitation of this vulnerability will affect availability and integrity.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-40053
CVE-2022-22795Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected machine An attacker can read all the system files, the product is running with root on Linux systems and nt/authority on windows systems, which allows him to access and extract any file on the systems, such as passwd, shadow, hosts and so on. By gaining access to these files, attackers can steal sensitive information from the victims machine.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-22795
CVE-2022-23383YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnerability can access other users' home pages through the non login status because real authentication is not carried out.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-23383

OTHER VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2021-20083Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-20083
CVE-2021-39126Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-39126
CVE-2022-0096Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0096
CVE-2022-0098Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0098
CVE-2022-0099Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gesture.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0099
CVE-2022-0100Heap buffer overflow in Media streams API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0100
CVE-2022-0101Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via specific user gesture.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0101
CVE-2022-0102Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0102
CVE-2022-0103Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0103
CVE-2022-0104Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0104
CVE-2022-0105Use after free in PDF Accessibility in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0105
CVE-2022-0106Use after free in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0106
CVE-2022-0115Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0115
CVE-2022-0729Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0729
CVE-2022-24407In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24407
CVE-2022-25023Audio File commit 004065d was discovered to contain a heap-buffer overflow in the function fouBytesToInt():AudioFile.h.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-25023
CVE-2021-42951A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October 10 2021 of SaaS. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new, specially crafted Algorithm and subsequently launch remote code execution with their desired result.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-42951
CVE-2022-25018Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-25018
CVE-2021-43075A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the alarm dashboard and controller config handlers.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-43075
CVE-2021-43077A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP monitor handlers.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-43077
CVE-2022-22300A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-22300
CVE-2021-41282diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (i.e., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-41282
CVE-2022-24251Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24251
CVE-2022-24252An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24252
CVE-2022-24253Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24253
CVE-2022-24254An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24254
CVE-2022-24255Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24255
CVE-2022-0824Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0824
CVE-2022-0819Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0819
CVE-2021-41000Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-41000
CVE-2021-41001An authenticated remote code execution vulnerability was discovered in the AOS-CX Network Analytics Engine (NAE) in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-41001
CVE-2021-3738In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only pointed at, and when one connection within that association group ended, the database would be left pointing at an invalid 'struct session_info'. The most likely outcome here is a crash, but it is possible that the use-after-free could instead allow different user state to be pointed at and this might allow more privileged access.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-3738
CVE-2022-22909HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-22909
CVE-2021-42950Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks all previous versions before October 25 2021. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new organization by which additional users can be added for various collaboration abilities, which allows malicious user to create new Zepl Notebooks with various languages, contexts, and deployment scenarios. Upon creating a new notebook with specially crafted malicious code, a user can then launch remote code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-42950
CVE-2020-18326Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-18326
CVE-2021-46380Chained Cross Site Request Forgery (CSRF) with Reflected Cross Site Scripting (XSS) vulnerability in WAGO 750-8212 PFC200 G2 2ETH RS leads to session hijacking.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-46380
CVE-2021-3656A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-3656
CVE-2022-23915The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-23915
CVE-2021-44827There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the X_TP_ExternalIPv6Address HTTP parameter, allowing a remote attacker to run arbitrary commands on the router with root privileges.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-44827
CVE-2021-24952The Conversios.io WordPress plugin before 4.6.2 does not sanitise, validate and escape the sync_progressive_data parameter for the tvcajax_product_sync_bantch_wise AJAX action before using it in a SQL statement, allowing any authenticated user to perform SQL injection attacks.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-24952
CVE-2022-0410The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0410
CVE-2022-0439The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the `order` and `orderby` parameters to the `ajax_fetch_report_list` action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protection in place for the action, allowing an attacker to trick any logged in user to perform the action by clicking a link.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0439
CVE-2022-24715Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24715
CVE-2022-0896Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0896
CVE-2021-36777A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service login-proxy-scripts versions prior to dc000cdfe9b9b715fb92195b1a57559362f689ef.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-36777
CVE-2022-21990Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-23285.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-21990
CVE-2022-23265Microsoft Defender for IoT Remote Code Execution Vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-23265
CVE-2022-23277Microsoft Exchange Server Remote Code Execution Vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-23277
CVE-2022-23285Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21990.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-23285
CVE-2022-23294Windows Event Tracing Remote Code Execution Vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-23294
CVE-2022-24469Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24506, CVE-2022-24515, CVE-2022-24518, CVE-2022-24519.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24469
CVE-2022-24508Windows SMBv3 Client/Server Remote Code Execution Vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24508
CVE-2020-36123saitoha libsixel v1.8.6 was discovered to contain a double free via the component sixel_chunk_destroy at /root/libsixel/src/chunk.c.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-36123
CVE-2021-43970An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 (1043) via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an authenticated (low privileged) attacker to execute remote code on the target server within the context of application's permissions (SYSTEM).8.8https://nvd.nist.gov/vuln/detail/CVE-2021-43970
CVE-2022-0507Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0507
CVE-2022-22834An issue was discovered in OverIT Geocall before 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XSLT Injection vulnerability. Attackers could exploit this issue to achieve remote code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-22834
CVE-2022-22985The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the specific web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to review history.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-22985
CVE-2021-32008This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged in GateManager admin to delete system Files or Directories.8.7https://nvd.nist.gov/vuln/detail/CVE-2021-32008
CVE-2021-37701The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory, where the symlink and directory names in the archive entry used backslashes as a path separator on posix systems. The cache checking logic used both `\\` and `/` characters as path separators, however `\\` is a valid filename character on posix systems. By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. Additionally, a similar confusion could arise on case-insensitive filesystems. If a tar archive contained a directory at `FOO`, followed by a symbolic link named `foo`, then on case-insensitive file systems, the creation of the symbolic link would remove the directory from the filesystem, but _not_ from the internal directory cache, as it would not be treated as a cache hit. A subsequent file entry within the `FOO` directory would then be placed in the target of the symbolic link, thinking that the directory had already been created. These issues were addressed in releases 4.4.16, 5.0.8 and 6.1.7. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. If this is not possible, a workaround is available in the referenced GHSA-9r2w-394v-53qc.8.6https://nvd.nist.gov/vuln/detail/CVE-2021-37701
CVE-2021-37712The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with names containing unicode values that normalized to the same value. Additionally, on Windows systems, long path portions would resolve to the same file system entities as their 8.3 "short path" counterparts. A specially crafted tar archive could thus include a directory with one form of the path, followed by a symbolic link with a different string that resolves to the same file system entity, followed by a file using the first form. By first creating a directory, and then replacing that directory with a symlink that had a different apparent name that resolved to the same entry in the filesystem, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. If this is not possible, a workaround is available in the referenced GHSA-qq89-hq3f-393p.8.6https://nvd.nist.gov/vuln/detail/CVE-2021-37712
CVE-2021-37713The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, in part, accomplished by sanitizing absolute paths of entries within the archive, skipping archive entries that contain `..` path portions, and resolving the sanitized paths against the extraction target directory. This logic was insufficient on Windows systems when extracting tar files that contained a path that was not an absolute path, but specified a drive letter different from the extraction target, such as `C:some\\path`. If the drive letter does not match the extraction target, for example `D:\\extraction\\dir`, then the result of `path.resolve(extractionDirectory, entryPath)` would resolve against the current working directory on the `C:` drive, rather than the extraction target directory. Additionally, a `..` portion of the path could occur immediately after the drive letter, such as `C:../foo`, and was not properly sanitized by the logic that checked for `..` within the normalized and split portions of the path. This only affects users of `node-tar` on Windows systems. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. There is no reasonable way to work around this issue without performing the same path normalization procedures that node-tar now does. Users are encouraged to upgrade to the latest patched versions of node-tar, rather than attempt to sanitize paths themselves.8.6https://nvd.nist.gov/vuln/detail/CVE-2021-37713
CVE-2022-21668pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims who use pipenv to install the requirements file to download dependencies from a package index server controlled by the attacker. By embedding malicious code in packages served from their malicious index server, the attacker can trigger arbitrary remote code execution (RCE) on the victims' systems. If an attacker is able to hide a malicious `--index-url` option in a requirements file that a victim installs with pipenv, the attacker can embed arbitrary malicious code in packages served from their malicious index server that will be executed on the victim's host during installation (remote code execution/RCE). When pip installs from a source distribution, any code in the setup.py is executed by the install process. This issue is patched in version 2022.1.8. The GitHub Security Advisory contains more information about this vulnerability.8.6https://nvd.nist.gov/vuln/detail/CVE-2022-21668
CVE-2022-21824Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to.8.2https://nvd.nist.gov/vuln/detail/CVE-2022-21824
CVE-2021-3623A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability.8.2https://nvd.nist.gov/vuln/detail/CVE-2021-3623
CVE-2019-17498In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.8.1https://nvd.nist.gov/vuln/detail/CVE-2019-17498
CVE-2020-8265Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-8265
CVE-2020-8625BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch8.1https://nvd.nist.gov/vuln/detail/CVE-2020-8625
CVE-2021-22901curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-22901
CVE-2021-32803The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary `stat` calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory. This order of operations resulted in the directory being created and added to the `node-tar` directory cache. When a directory is present in the directory cache, subsequent calls to mkdir for that directory are skipped. However, this is also where `node-tar` checks for symlinks occur. By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass `node-tar` symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. This issue was addressed in releases 3.2.3, 4.4.15, 5.0.7 and 6.1.2.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-32803
CVE-2021-32804The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the `preservePaths` flag is not set to `true`. This is achieved by stripping the absolute path root from any absolute file paths contained in a tar file. For example `/home/user/.bashrc` would turn into `home/user/.bashrc`. This logic was insufficient when file paths contained repeated path roots such as `////home/user/.bashrc`. `node-tar` would only strip a single path root from such paths. When given an absolute file path with repeating path roots, the resulting path (e.g. `///home/user/.bashrc`) would still resolve to an absolute path, thus allowing arbitrary file creation and overwrite. This issue was addressed in releases 3.2.2, 4.4.14, 5.0.6 and 6.1.1. Users may work around this vulnerability without upgrading by creating a custom `onentry` method which sanitizes the `entry.path` or a `filter` method which removes entries with absolute paths. See referenced GitHub Advisory for details. Be aware of CVE-2021-32803 which fixes a similar bug in later versions of tar.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-32804
CVE-2022-0114Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-0114
CVE-2021-41112Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could cause Scheduled Jobs to execute, or not execute on desired calendar days. Severity depends on trust level of authenticated users and impact of running or not running scheduled jobs on days governed by calendar definitions. Version 3.4.5 contains a patch for this issue. There are currently no known workarounds.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-41112
CVE-2021-36171The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-36171
CVE-2022-0829Improper Authorization in GitHub repository webmin/webmin prior to 1.990.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-0829
CVE-2021-41002Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-41002
CVE-2022-25471An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-25471
CVE-2021-23214When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-23214
CVE-2022-24309A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29), Mendix Applications using Mendix 8 (All versions < V8.18.16), Mendix Applications using Mendix 9 (All versions). If an entity has an association readable by the user, then in some cases, Mendix Runtime may not apply checks for XPath constraints that parse said associations, within apps running on affected versions. A malicious user could use this to dump and manipulate sensitive data.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-24309
CVE-2016-5195Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."7.8https://nvd.nist.gov/vuln/detail/CVE-2016-5195
CVE-2021-25173An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).7.8https://nvd.nist.gov/vuln/detail/CVE-2021-25173
CVE-2021-25174An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).7.8https://nvd.nist.gov/vuln/detail/CVE-2021-25174
CVE-2021-25175An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).7.8https://nvd.nist.gov/vuln/detail/CVE-2021-25175
CVE-2021-25176An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).7.8https://nvd.nist.gov/vuln/detail/CVE-2021-25176
CVE-2021-25177An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).7.8https://nvd.nist.gov/vuln/detail/CVE-2021-25177
CVE-2021-25178An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. This can allow attackers to cause a crash potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-25178
CVE-2021-32946An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32946
CVE-2021-32936An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32936
CVE-2021-32944A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32944
CVE-2021-32948An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32948
CVE-2021-32952An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32952
CVE-2021-32490A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32490
CVE-2021-32491A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32491
CVE-2021-32492A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32492
CVE-2021-32493A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32493
CVE-2021-3500A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may lead to application crash and other consequences.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3500
CVE-2021-27041A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-27041
CVE-2021-27042A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. The vulnerability exists because the application fails to handle a crafted DWG file, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-27042
CVE-2021-27035A maliciously crafted TIFF, PICT, TGA, or DWF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA or DWF files. This vulnerability can be exploited to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-27035
CVE-2021-27036A maliciously crafted PCX, PICT, RCL or TIFF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to write beyond the allocated buffer while parsing PCX, PDF, PICT, RCL or TIFF files. This vulnerability can be exploited to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-27036
CVE-2021-27037A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to attempt to free an object that has already been freed while parsing them. This vulnerability can be exploited by remote attackers to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-27037
CVE-2021-27039A maliciously crafted TIFF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-27039
CVE-2021-22921Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-22921
CVE-2021-1106NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service, unconstrained information disclosure, and serious data tampering of all processes on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1106
CVE-2021-1107NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution, complete denial of service, and seriously compromised integrity of all system components.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1107
CVE-2021-39134`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is, in part, accomplished by resolving dependency specifiers defined in `package.json` manifests for dependencies with a specific name, and nesting folders to resolve conflicting dependencies. When multiple dependencies differ only in the case of their name, Arborist's internal data structure saw them as separate items that could coexist within the same level in the `node_modules` hierarchy. However, on case-insensitive file systems (such as macOS and Windows), this is not the case. Combined with a symlink dependency such as `file:/some/path`, this allowed an attacker to create a situation in which arbitrary contents could be written to any location on the filesystem. For example, a package `pwn-a` could define a dependency in their `package.json` file such as `"foo": "file:/some/path"`. Another package, `pwn-b` could define a dependency such as `FOO: "file:foo.tgz"`. On case-insensitive file systems, if `pwn-a` was installed, and then `pwn-b` was installed afterwards, the contents of `foo.tgz` would be written to `/some/path`, and any existing contents of `/some/path` would be removed. Anyone using npm v7.20.6 or earlier on a case-insensitive filesystem is potentially affected. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-39134
CVE-2021-39135`@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is accomplished by extracting package contents into a project's `node_modules` folder. If the `node_modules` folder of the root project or any of its dependencies is somehow replaced with a symbolic link, it could allow Arborist to write package dependencies to any arbitrary location on the file system. Note that symbolic links contained within package artifact contents are filtered out, so another means of creating a `node_modules` symbolic link would have to be employed. 1. A `preinstall` script could replace `node_modules` with a symlink. (This is prevented by using `--ignore-scripts`.) 2. An attacker could supply the target with a git repository, instructing them to run `npm install --ignore-scripts` in the root. This may be successful, because `npm install --ignore-scripts` is typically not capable of making changes outside of the project directory, so it may be deemed safe. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above. For more information including workarounds please see the referenced GHSA-gmw6-94gg-2rc2.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-39135
CVE-2021-38300arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-38300
CVE-2021-41864prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-41864
CVE-2021-3872vim is vulnerable to Heap-based Buffer Overflow7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3872
CVE-2021-3927vim is vulnerable to Heap-based Buffer Overflow7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3927
CVE-2021-3928vim is vulnerable to Use of Uninitialized Variable7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3928
CVE-2021-3974vim is vulnerable to Use After Free7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3974
CVE-2021-3973vim is vulnerable to Heap-based Buffer Overflow7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3973
CVE-2021-4019vim is vulnerable to Heap-based Buffer Overflow7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4019
CVE-2021-3984vim is vulnerable to Heap-based Buffer Overflow7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3984
CVE-2021-4069vim is vulnerable to Use After Free7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4069
CVE-2021-4136vim is vulnerable to Heap-based Buffer Overflow7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4136
CVE-2021-40160A maliciously crafted PDF file prior to 9.0.7 may be forced to read beyond allocated boundaries when parsing the PDF file. This vulnerability can be exploited to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40160
CVE-2021-45469In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-45469
CVE-2021-4173vim is vulnerable to Use After Free7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4173
CVE-2021-45909An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow vulnerability in the DecodeLZW function. It allows an attacker to write a large amount of arbitrary data outside the boundaries of a buffer.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-45909
CVE-2021-45910An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and (to some extent) control over the amount of data that is written.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-45910
CVE-2021-45911An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-45911
CVE-2021-4187vim is vulnerable to Use After Free7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4187
CVE-2021-4192vim is vulnerable to Use After Free7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4192
CVE-2022-0128vim is vulnerable to Out-of-bounds Read7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0128
CVE-2021-45844Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-45844
CVE-2021-40158A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability can be exploited to execute arbitrary code7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40158
CVE-2022-0359Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0359
CVE-2022-0361Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0361
CVE-2021-22600A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a97557.8https://nvd.nist.gov/vuln/detail/CVE-2021-22600
CVE-2022-0368Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0368
CVE-2022-0408Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0408
CVE-2022-24262The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24262
CVE-2022-23613xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in version 0.9.18.1 and above. Users are advised to upgrade. There are no known workarounds.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23613
CVE-2022-0520Use After Free in NPM radare2.js prior to 5.6.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0520
CVE-2022-0523Expired Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0523
CVE-2022-0554Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0554
CVE-2022-0107Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0107
CVE-2022-22765BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). BD Viper LT system versions 4.0 and later utilize Microsoft Windows 10 and have additional Operating System hardening configurations which increase the attack complexity required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22765
CVE-2022-23410AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working directory which could allow for remote code execution if a compromised DLL would be placed in the same folder.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23410
CVE-2021-3760A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3760
CVE-2021-45082An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)7.8https://nvd.nist.gov/vuln/detail/CVE-2021-45082
CVE-2022-0685Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0685
CVE-2022-0676Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0676
CVE-2019-25058An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-25058
CVE-2022-25636net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25636
CVE-2022-21209The affected product is vulnerable to an out-of-bounds read while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-21209
CVE-2022-23985The affected product is vulnerable to an out-of-bounds write while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23985
CVE-2022-26181Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligned_dealloc():src/lepton/bitops.cc:108.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26181
CVE-2021-43619Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43619
CVE-2022-22301An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22301
CVE-2021-23180A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in file_extension(),in file.c may lead to execute arbitrary code and denial of service.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-23180
CVE-2021-23191A security issue was found in htmldoc v1.9.12 and before. A NULL pointer dereference in the function image_load_jpeg() in image.cxx may result in denial of service.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-23191
CVE-2021-23206A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parse_table() in ps-pdf.cxx may lead to execute arbitrary code and denial of service.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-23206
CVE-2021-3715A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3715
CVE-2022-25115A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via a crafted PNG file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25115
CVE-2021-44335David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurs in function ok_png_transform_scanline() in "/ok_png.c:533".7.8https://nvd.nist.gov/vuln/detail/CVE-2021-44335
CVE-2021-44343David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_read_data() in "/ok_png.c".7.8https://nvd.nist.gov/vuln/detail/CVE-2021-44343
CVE-2021-45819Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service path which allows attackers to escalate privileges to the system level.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-45819
CVE-2022-25031Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows attackers to escalate privileges to the system level.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25031
CVE-2022-26125Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26125
CVE-2022-26126Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26126
CVE-2022-26127A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26127
CVE-2022-26128A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26128
CVE-2022-26129Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/message.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26129
CVE-2022-0492A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0492
CVE-2021-26259A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-26259
CVE-2021-26948Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-26948
CVE-2022-23729When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23729
CVE-2022-25623The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25623
CVE-2021-20319An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data, and achieve full access to the node being installed.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-20319
CVE-2021-3575A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3575
CVE-2022-25044Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25044
CVE-2022-25465Espruino 2v11 release was discovered to contain a stack buffer overflow via src/jsvar.c in jsvGetNextSibling.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25465
CVE-2022-26490st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26490
CVE-2021-4199Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.3.146.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4199
CVE-2022-24408A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files. A specific set of operations using sc could allow local attackers to escalate their privileges to root.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24408
CVE-2022-24661A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < V2022.1). The starview+.exe contains a memory corruption vulnerability while parsing specially crafted .SCE files. This could allow an attacker to execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24661
CVE-2022-25943The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25943
CVE-2022-22006HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22007, CVE-2022-23301, CVE-2022-24452, CVE-2022-24453, CVE-2022-24456.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22006
CVE-2022-22007HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-23301, CVE-2022-24452, CVE-2022-24453, CVE-2022-24456.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22007
CVE-2022-23266Microsoft Defender for IoT Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23266
CVE-2022-23282Paint 3D Remote Code Execution Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23282
CVE-2022-23290Windows Inking COM Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23290
CVE-2022-23291Windows DWM Core Library Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23288.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23291
CVE-2022-23293Windows Fast FAT File System Driver Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23293
CVE-2022-23295Raw Image Extension Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-23300.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23295
CVE-2022-23296Windows Installer Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23296
CVE-2022-23299Windows PDEV Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23299
CVE-2022-23300Raw Image Extension Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-23295.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23300
CVE-2022-23301HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-22007, CVE-2022-24452, CVE-2022-24453, CVE-2022-24456.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23301
CVE-2022-24451VP9 Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24501.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24451
CVE-2022-24452HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-22007, CVE-2022-23301, CVE-2022-24453, CVE-2022-24456.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24452
CVE-2022-24453HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-22007, CVE-2022-23301, CVE-2022-24452, CVE-2022-24456.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24453
CVE-2022-24454Windows Security Support Provider Interface Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24454
CVE-2022-24455Windows CD-ROM Driver Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24455
CVE-2022-24456HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-22007, CVE-2022-23301, CVE-2022-24452, CVE-2022-24453.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24456
CVE-2022-24457HEIF Image Extensions Remote Code Execution Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24457
CVE-2022-24459Windows Fax and Scan Service Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24459
CVE-2022-24461Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24509, CVE-2022-24510.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24461
CVE-2022-24501VP9 Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24451.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24501
CVE-2022-24507Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24507
CVE-2022-24509Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24461, CVE-2022-24510.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24509
CVE-2022-24510Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24461, CVE-2022-24509.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24510
CVE-2020-14111A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-14111
CVE-2021-42855It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the ".debug_command.config" file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the "/api/appInternals/1.0/agent/configuration" API to map the corresponding ID to a command to be executed.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-42855
CVE-2022-0847A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0847
CVE-2022-20047In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917489; Issue ID: ALPS05917489.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-20047
CVE-2022-21219Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-21219
CVE-2022-25230Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25230
CVE-2022-25234Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25234
CVE-2022-25325Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25325
CVE-2022-23187Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Illustrator.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23187
CVE-2022-24095Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24095
CVE-2022-24096Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by an Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24096
CVE-2022-24097Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24097
CVE-2021-22783A CWE-200: Information Exposure vulnerability exists which could allow a session hijack when the door panel is communicating with the door. Affected Product: Ritto Wiser Door (All versions)7.6https://nvd.nist.gov/vuln/detail/CVE-2021-22783
CVE-2022-21819NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components.7.6https://nvd.nist.gov/vuln/detail/CVE-2022-21819
CVE-2017-9735Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-9735
CVE-2018-19205Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-19205
CVE-2019-19244sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-19244
CVE-2019-19603SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-19603
CVE-2019-19880exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-19880
CVE-2019-19926multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-19926
CVE-2019-19923flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).7.5https://nvd.nist.gov/vuln/detail/CVE-2019-19923
CVE-2019-19925zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-19925
CVE-2020-7226CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-7226
CVE-2020-9327In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-9327
CVE-2020-11655SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-11655
CVE-2020-13871SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-13871
CVE-2018-21247An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-21247
CVE-2019-20839libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-20839
CVE-2019-20840An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-20840
CVE-2020-14396An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-14396
CVE-2020-14397An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-14397
CVE-2020-14398An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-14398
CVE-2020-8169curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).7.5https://nvd.nist.gov/vuln/detail/CVE-2020-8169
CVE-2020-8231Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-8231
CVE-2020-8285curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-8285
CVE-2020-8286curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-8286
CVE-2021-23840Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).7.5https://nvd.nist.gov/vuln/detail/CVE-2021-23840
CVE-2021-22883Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-22883
CVE-2021-22884Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-22884
CVE-2021-27290ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-27290
CVE-2021-25215In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-25215
CVE-2021-22926libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like `/tmp`), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-22926
CVE-2021-22940Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-22940
CVE-2021-35497The FTL Server (tibftlserver) and Docker images containing tibftlserver components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, TIBCO ActiveSpaces - Enterprise Edition, TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contain a vulnerability that theoretically allows a non-administrative, authenticated FTL user to trick the affected components into creating illegitimate certificates. These maliciously generated certificates can be used to enable man-in-the-middle attacks or to escalate privileges so that the malicious user has administrative privileges. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Developer Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Enterprise Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO FTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, and TIBCO eFTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-35497
CVE-2021-39928NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file7.5https://nvd.nist.gov/vuln/detail/CVE-2021-39928
CVE-2021-39921NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file7.5https://nvd.nist.gov/vuln/detail/CVE-2021-39921
CVE-2021-39922Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file7.5https://nvd.nist.gov/vuln/detail/CVE-2021-39922
CVE-2021-39923Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file7.5https://nvd.nist.gov/vuln/detail/CVE-2021-39923
CVE-2021-39924Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file7.5https://nvd.nist.gov/vuln/detail/CVE-2021-39924
CVE-2021-39925Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file7.5https://nvd.nist.gov/vuln/detail/CVE-2021-39925
CVE-2021-39929Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file7.5https://nvd.nist.gov/vuln/detail/CVE-2021-39929
CVE-2022-23837In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23837
CVE-2021-22570Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-22570
CVE-2021-46667MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-46667
CVE-2021-46669MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-46669
CVE-2022-24030An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24030
CVE-2021-39364Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for camera control) after ARP cache poisoning has been achieved.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-39364
CVE-2022-23308valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23308
CVE-2022-0777Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0777
CVE-2022-23387An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23387
CVE-2021-41652Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-41652
CVE-2022-25634Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25634
CVE-2022-0711A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0711
CVE-2021-23192A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-23192
CVE-2021-38266Liferay Portal through v7.2.1 and Liferay DXP through v7.2 does not correctly import users from LDAP, allowing remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exists in LDAP.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-38266
CVE-2021-4076A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-4076
CVE-2022-25393Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via the username parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25393
CVE-2022-0528Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository transloadit/uppy prior to 3.3.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0528
CVE-2021-40635OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. An attacker can inject a SQL query to extract information from the database.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40635
CVE-2021-40636OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract information from the database.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40636
CVE-2022-23648containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23648
CVE-2022-21716Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-21716
CVE-2021-46381Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].7.5https://nvd.nist.gov/vuln/detail/CVE-2021-46381
CVE-2022-23233StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS) of the Local Distribution Router (LDR) service.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23233
CVE-2021-27757" Insecure password storage issue.The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Since the information is stored in cleartext, attackers could potentially read it and gain access to sensitive information."7.5https://nvd.nist.gov/vuln/detail/CVE-2021-27757
CVE-2021-3737A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-3737
CVE-2021-27756"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."7.5https://nvd.nist.gov/vuln/detail/CVE-2021-27756
CVE-2021-40846An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP to check, and request, updates. Thus, attackers can man-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40846
CVE-2022-24921regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24921
CVE-2021-25087The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensitive information disclosure, such as posts passwords (fixed in 3.2.24) and files Master Keys (fixed in 3.2.25).7.5https://nvd.nist.gov/vuln/detail/CVE-2021-25087
CVE-2021-42016A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). A timing attack, in a third-party component, could make the retrieval of the private key possible, used for encryption of sensitive data. If a threat actor were to exploit this, the data integrity and security could be compromised.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-42016
CVE-2021-42020A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). The third-party component, in its TFTP functionality fails to check for null terminations in file names. If an attacker were to exploit this, it could result in data corruption, and possibly a hard-fault of the application.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-42020
CVE-2022-24716Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24716
CVE-2022-24464.NET and Visual Studio Denial of Service Vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24464
CVE-2021-38296Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would allow someone to decrypt plaintext traffic offline. Note that this does not affect security mechanisms controlled by "spark.authenticate.enableSaslEncryption", "spark.io.encryption.enabled", "spark.ssl", "spark.ui.strictTransportSecurity". Update to Apache Spark 3.1.3 or later7.5https://nvd.nist.gov/vuln/detail/CVE-2021-38296
CVE-2020-36517An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-36517
CVE-2021-3698A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-3698
CVE-2021-40047There is a vulnerability of memory not being released after effective lifetime in the Bastet module. Successful exploitation of this vulnerability may affect integrity.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40047
CVE-2021-40048There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability will affect availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40048
CVE-2021-40049There is a permission control vulnerability in the PMS module. Successful exploitation of this vulnerability can lead to sensitive system information being obtained without authorization.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40049
CVE-2021-40051There is an unauthorized access vulnerability in system components. Successful exploitation of this vulnerability will affect confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40051
CVE-2021-40052There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40052
CVE-2021-40054There is an integer underflow vulnerability in the atcmdserver module. Successful exploitation of this vulnerability may affect integrity.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40054
CVE-2021-40056There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40056
CVE-2021-40057There is a heap-based and stack-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40057
CVE-2021-40058There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40058
CVE-2021-40060There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40060
CVE-2021-40061There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module. Successful exploitation of this vulnerability may affect integrity.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40061
CVE-2021-40062There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40062
CVE-2021-40063There is an improper access control vulnerability in the video module. Successful exploitation of this vulnerability may affect confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40063
CVE-2021-40064There is a heap-based buffer overflow vulnerability in system components. Successful exploitation of this vulnerability may affect system stability.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40064
CVE-2021-44032TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method specified in a connection request is allowed. An attacker can bypass the captive portal authentication process by using the downgraded "no authentication" method, and access the protected network. For example, the attacker can simply set window.authType=0 in client-side JavaScript.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-44032
CVE-2021-46408Tenda AX12 v22.03.01.21 was discovered to contain a stack buffer overflow in the function sub_422CE4. This vulnerability allows attackers to cause a Denial of Service (DoS) via the strcpy parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-46408
CVE-2022-0725A flaw was found in KeePass. The vulnerability occurs due to logging the plain text passwords in the system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0725
CVE-2022-0813PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0813
CVE-2022-0903A call stack overflow bug in the SAML login feature in Mattermost server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted POST body.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0903
CVE-2022-25546Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsUser parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25546
CVE-2022-25547Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25547
CVE-2022-25548Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the serverName parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25548
CVE-2022-25549Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsEn parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25549
CVE-2022-25550Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceName parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25550
CVE-2022-25551Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsDomain parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25551
CVE-2022-25552Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25552
CVE-2022-25553Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsPwd parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25553
CVE-2022-25554Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceId parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25554
CVE-2022-25555Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ntpServer parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25555
CVE-2022-25557Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the urls parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25557
CVE-2022-25558Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetProvince. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ProvinceCode parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25558
CVE-2022-25566Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25566
CVE-2021-3450The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).7.4https://nvd.nist.gov/vuln/detail/CVE-2021-3450
CVE-2021-25217In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.7.4https://nvd.nist.gov/vuln/detail/CVE-2021-25217
CVE-2021-3712ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).7.4https://nvd.nist.gov/vuln/detail/CVE-2021-3712
CVE-2021-20322A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.7.4https://nvd.nist.gov/vuln/detail/CVE-2021-20322
CVE-2022-26505A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files.7.4https://nvd.nist.gov/vuln/detail/CVE-2022-26505
CVE-2020-7774This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true7.3https://nvd.nist.gov/vuln/detail/CVE-2020-7774
CVE-2021-1108NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and serious confidentiality loss for all processes in the system.7.3https://nvd.nist.gov/vuln/detail/CVE-2021-1108
CVE-2021-44750An arbitrary code execution vulnerability was found in the F-Secure Support Tool. A standard user can craft a special configuration file, which when run by administrator can execute any commands.7.3https://nvd.nist.gov/vuln/detail/CVE-2021-44750
CVE-2021-24216The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-24216
CVE-2021-24777The view submission functionality in the Hotscot Contact Form WordPress plugin before 1.3 makes a get request with the sub_id parameter which not sanitised, escaped or validated before inserting to a SQL statement, leading to an SQL injection.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-24777
CVE-2021-24778The test parameter of the xmlfeed in the Tradetracker-Store WordPress plugin before 4.6.60 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-24778
CVE-2022-0267The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to a SQL injection7.2https://nvd.nist.gov/vuln/detail/CVE-2022-0267
CVE-2022-0420The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rm_form_id parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks7.2https://nvd.nist.gov/vuln/detail/CVE-2022-0420
CVE-2022-0440The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS constants set to true)7.2https://nvd.nist.gov/vuln/detail/CVE-2022-0440
CVE-2021-43944This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-43944
CVE-2022-24281A vulnerability has been identified in SINEC NMS (All versions). A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-24281
CVE-2022-24282A vulnerability has been identified in SINEC NMS (All versions). The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a maliciously crafted serialized Java object. This could allow the attacker to execute arbitrary code on the device with root privileges.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-24282
CVE-2022-25311A vulnerability has been identified in SINEC NMS (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-25311
CVE-2022-23284Windows Print Spooler Elevation of Privilege Vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-23284
CVE-2022-24467Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24468, CVE-2022-24470, CVE-2022-24471, CVE-2022-24517, CVE-2022-24520.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-24467
CVE-2022-24468Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24470, CVE-2022-24471, CVE-2022-24517, CVE-2022-24520.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-24468
CVE-2022-24470Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24468, CVE-2022-24471, CVE-2022-24517, CVE-2022-24520.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-24470
CVE-2022-24471Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24468, CVE-2022-24470, CVE-2022-24517, CVE-2022-24520.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-24471
CVE-2022-24517Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24468, CVE-2022-24470, CVE-2022-24471, CVE-2022-24520.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-24517
CVE-2022-24520Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24468, CVE-2022-24470, CVE-2022-24471, CVE-2022-24517.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-24520
CVE-2022-24734MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. MyBB's Settings module, which allows administrators to add, edit, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (\\n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-24734
CVE-2020-8177curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.7.1https://nvd.nist.gov/vuln/detail/CVE-2020-8177
CVE-2021-32938Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing of DWG files resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of service condition or read sensitive information from memory.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-32938
CVE-2021-32940An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or read sensitive information from memory locations.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-32940
CVE-2021-32950An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of-service condition or read sensitive information from memory locations.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-32950
CVE-2021-4166vim is vulnerable to Out-of-bounds Read7.1https://nvd.nist.gov/vuln/detail/CVE-2021-4166
CVE-2021-25095The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and CSRF checks in the ip2location_country_blocker_save_rules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing users from accessing the frontend.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-25095
CVE-2022-0518Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-0518
CVE-2022-0519Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-0519
CVE-2022-0521Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-0521
CVE-2022-0522Access of Memory Location Before Start of Buffer in NPM radare2.js prior to 5.6.2.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-0522
CVE-2021-3752A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-3752
CVE-2021-45083An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler local installation. In the case of an easy-to-guess password, it's trivial to obtain the plaintext string. The settings.yaml file contains secrets such as the hashed default password.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-45083
CVE-2022-0713Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-0713
CVE-2021-3743An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-3743
CVE-2021-3739A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability is to system availability.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-3739
CVE-2022-0891A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact7.1https://nvd.nist.gov/vuln/detail/CVE-2022-0891
CVE-2017-7536In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().7https://nvd.nist.gov/vuln/detail/CVE-2017-7536
CVE-2020-13630ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.7https://nvd.nist.gov/vuln/detail/CVE-2020-13630
CVE-2021-44733A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.7https://nvd.nist.gov/vuln/detail/CVE-2021-44733
CVE-2021-4083A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4.7https://nvd.nist.gov/vuln/detail/CVE-2021-4083
CVE-2021-3609.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.7https://nvd.nist.gov/vuln/detail/CVE-2021-3609
CVE-2022-21967Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability.7https://nvd.nist.gov/vuln/detail/CVE-2022-21967
CVE-2022-23283Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23287, CVE-2022-24505.7https://nvd.nist.gov/vuln/detail/CVE-2022-23283
CVE-2022-23286Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability.7https://nvd.nist.gov/vuln/detail/CVE-2022-23286
CVE-2022-23287Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23283, CVE-2022-24505.7https://nvd.nist.gov/vuln/detail/CVE-2022-23287
CVE-2022-23288Windows DWM Core Library Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23291.7https://nvd.nist.gov/vuln/detail/CVE-2022-23288
CVE-2022-23298Windows NT OS Kernel Elevation of Privilege Vulnerability.7https://nvd.nist.gov/vuln/detail/CVE-2022-23298
CVE-2022-24460Tablet Windows User Interface Application Elevation of Privilege Vulnerability.7https://nvd.nist.gov/vuln/detail/CVE-2022-24460
CVE-2022-24505Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23283, CVE-2022-23287.7https://nvd.nist.gov/vuln/detail/CVE-2022-24505
CVE-2022-24525Windows Update Stack Elevation of Privilege Vulnerability.7https://nvd.nist.gov/vuln/detail/CVE-2022-24525
CVE-2022-24753Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are `stripe login`, `stripe config -e`, `stripe community`, and `stripe open`. MacOS and Linux are unaffected. An attacker who successfully exploits the vulnerability can run arbitrary code in the context of the current user. The update addresses the vulnerability by throwing an error in these situations before the code can run.Users are advised to upgrade to version 1.7.13. There are no known workarounds for this issue.7https://nvd.nist.gov/vuln/detail/CVE-2022-24753
CVE-2021-42739The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-42739
CVE-2021-43975In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-43975
CVE-2022-0213vim is vulnerable to Heap-based Buffer Overflow6.6https://nvd.nist.gov/vuln/detail/CVE-2022-0213
CVE-2022-23849The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access the application because of authentication bypass. An attacker must rapidly make failed biometric authentication attempts.6.6https://nvd.nist.gov/vuln/detail/CVE-2022-23849
CVE-2020-14401An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-14401
CVE-2020-14405An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-14405
CVE-2020-13945In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-13945
CVE-2020-8287Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-8287
CVE-2020-27737A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). The DNS response parsing functionality does not properly validate various length and counts of the records. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the memory past the allocated structure.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-27737
CVE-2021-25214In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-25214
CVE-2021-36976libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).6.5https://nvd.nist.gov/vuln/detail/CVE-2021-36976
CVE-2021-22922When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-22922
CVE-2021-28711Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-287136.5https://nvd.nist.gov/vuln/detail/CVE-2021-28711
CVE-2021-28712Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-287136.5https://nvd.nist.gov/vuln/detail/CVE-2021-28712
CVE-2021-28713Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-287136.5https://nvd.nist.gov/vuln/detail/CVE-2021-28713
CVE-2021-28714Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714)6.5https://nvd.nist.gov/vuln/detail/CVE-2021-28714
CVE-2021-28715Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714)6.5https://nvd.nist.gov/vuln/detail/CVE-2021-28715
CVE-2021-4145A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-4145
CVE-2021-24947The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server6.5https://nvd.nist.gov/vuln/detail/CVE-2021-24947
CVE-2022-0108Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0108
CVE-2022-0109Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0109
CVE-2022-0111Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to incorrectly set origin via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0111
CVE-2022-0113Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0113
CVE-2022-0117Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0117
CVE-2022-0120Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data via a malicious website.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0120
CVE-2022-25313In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-25313
CVE-2021-44747A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-44747
CVE-2022-24718ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the `svg` property as an argument to the `build(MessagePageOptions)` function. While there is no known workaround at this time, there is a patch in version 0.1.4.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-24718
CVE-2022-0577Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0577
CVE-2022-24447An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-24447
CVE-2021-43070Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-43070
CVE-2021-38268The Dynamic Data Mapping module in Liferay Portal through v7.3.6 and Liferay DXP through v7.3 incorrectly sets default permissions for site members, allowing authenticated attackers to add and duplicate forms via the UI or the API.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-38268
CVE-2021-3658bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-3658
CVE-2021-3667An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-3667
CVE-2021-3677A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-3677
CVE-2021-3772A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-3772
CVE-2022-23052PeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-23052
CVE-2021-3638An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-3638
CVE-2021-25098The Pricing Tables WordPress Plugin WordPress plugin before 3.1.3 does not verify the CSRF nonce when removing posts, allowing attackers to make a logged in admin remove arbitrary posts from the blog via a CSRF attack, which will be put in the trash6.5https://nvd.nist.gov/vuln/detail/CVE-2021-25098
CVE-2022-0163The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0163
CVE-2022-0445The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset them via a CSRF attack6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0445
CVE-2022-0754SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0754
CVE-2022-0756Improper Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0756
CVE-2021-37209A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions), RUGGEDCOM ROS RSG2300 (All versions), RUGGEDCOM ROS RSG2300P (All versions), RUGGEDCOM ROS RSG2488 (All versions), RUGGEDCOM ROS RSG907R (All versions), RUGGEDCOM ROS RSG908C (All versions), RUGGEDCOM ROS RSG909R (All versions), RUGGEDCOM ROS RSG910C (All versions), RUGGEDCOM ROS RSG920P (All versions), RUGGEDCOM ROS RSL910 (All versions), RUGGEDCOM ROS RST2228 (All versions), RUGGEDCOM ROS RST2228P (All versions), RUGGEDCOM ROS RST916C (All versions), RUGGEDCOM ROS RST916P (All versions), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-37209
CVE-2021-41543A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-41543
CVE-2022-26317A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29). When returning the result of a completed Microflow execution call the affected framework does not correctly verify, if the request was initially made by the user requesting the result. Together with predictable identifiers for Microflow execution calls, this could allow a malicious attacker to retrieve information about arbitrary Microflow execution calls made by users within the affected system.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-26317
CVE-2022-0881Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0881
CVE-2022-23253Point-to-Point Tunneling Protocol Denial of Service Vulnerability.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-23253
CVE-2022-24463Microsoft Exchange Server Spoofing Vulnerability.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-24463
CVE-2022-24506Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24469, CVE-2022-24515, CVE-2022-24518, CVE-2022-24519.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-24506
CVE-2022-24515Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24469, CVE-2022-24506, CVE-2022-24518, CVE-2022-24519.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-24515
CVE-2022-24522Skype Extension for Chrome Information Disclosure Vulnerability.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-24522
CVE-2021-28488Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). Users in the same AMOS authorization group can retrieve managed-network that was not set to be accessible to the entire group (i.e., was only set to be accessible to a subset of that group).6.5https://nvd.nist.gov/vuln/detail/CVE-2021-28488
CVE-2021-32436An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-32436
CVE-2021-34338Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function getName() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-34338
CVE-2021-34339Ming 0.4.8 has an out-of-bounds buffer access issue in the function getString() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-34339
CVE-2021-34340Ming 0.4.8 has an out-of-bounds buffer access issue in the function decompileINCR_DECR() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-34340
CVE-2021-34341Ming 0.4.8 has an out-of-bounds read vulnerability in the function decompileIF() in the decompile.c file that causes a direct segmentation fault and leads to denial of service.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-34341
CVE-2021-34342Ming 0.4.8 has an out-of-bounds read vulnerability in the function newVar_N() in decompile.c which causes a huge information leak.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-34342
CVE-2021-3733There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-3733
CVE-2021-40059There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect confidentiality.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-40059
CVE-2021-43969The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database (up to and including the administrative accounts' login IDs and passwords) via the login.jsp uname parameter.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-43969
CVE-2022-0856libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0856
CVE-2022-0865Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0865
CVE-2022-0904A stack overflow bug in the document extractor in Mattermost Server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted Apple Pages document.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0904
CVE-2022-21132Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.6_1 allows a remote authenticated attacker to lead a pfSense user to view a file outside the public folder.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-21132
CVE-2022-22835An issue was discovered in OverIT Geocall before version 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XXE vulnerability to read arbitrary files from the filesystem.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-22835
CVE-2021-3631A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.6.3https://nvd.nist.gov/vuln/detail/CVE-2021-3631
CVE-2022-24512.NET and Visual Studio Remote Code Execution Vulnerability.6.3https://nvd.nist.gov/vuln/detail/CVE-2022-24512
CVE-2021-43392STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform.6.2https://nvd.nist.gov/vuln/detail/CVE-2021-43392
CVE-2021-43393STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform.6.2https://nvd.nist.gov/vuln/detail/CVE-2021-43393
CVE-2021-20269A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47.6.2https://nvd.nist.gov/vuln/detail/CVE-2021-20269
CVE-2018-19206steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment.6.1https://nvd.nist.gov/vuln/detail/CVE-2018-19206
CVE-2020-35730An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-35730
CVE-2021-30151Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-30151
CVE-2021-1094NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an out of bounds array access may lead to denial of service or information disclosure.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-1094
CVE-2022-0352Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0352
CVE-2022-25013Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the "key" and "fm" parameters in the component login.php.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-25013
CVE-2022-25014Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "m" parameter in the Dashboard of the current user. This vulnerability allows attackers to compromise session credentials via user interaction with a crafted link.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-25014
CVE-2022-0776Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0776
CVE-2021-46387ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-46387
CVE-2022-24717ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.5, a cross site scripting (XSS) issue can occur when providing untrusted input to the `redirect.link` property as an argument to the `build(MessagePageOptions)` function. While there is no known workaround at this time, there is a patch in version 0.1.5.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-24717
CVE-2022-24719Fluture-Node is a FP-style HTTP and streaming utils for Node based on Fluture. Using `followRedirects` or `followRedirectsWith` with any of the redirection strategies built into fluture-node 4.0.0 or 4.0.1, paired with a request that includes confidential headers such as Authorization or Cookie, exposes you to a vulnerability where, if the destination server were to redirect the request to a server on a third-party domain, or the same domain over unencrypted HTTP, the headers would be included in the follow-up request and be exposed to the third party, or potential http traffic sniffing. The redirection strategies made available in version 4.0.2 automatically redact confidential headers when a redirect is followed across to another origin. A workaround has been identified by using a custom redirection strategy via the `followRedirectsWith` function. The custom strategy can be based on the new strategies available in fluture-node@4.0.2.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-24719
CVE-2022-23395jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting (XSS).6.1https://nvd.nist.gov/vuln/detail/CVE-2022-23395
CVE-2021-41003Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-41003
CVE-2021-3654A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-3654
CVE-2022-24722VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the view_component gem. Data received via user input and passed as an interpolation argument to the `translate` method is not properly sanitized before display. Versions 2.31.2 and 2.49.1 have been released and fully mitigate the vulnerability. As a workaround, avoid passing user input to the `translate` function, or sanitize the inputs before passing them.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-24722
CVE-2021-38263Liferay Portal v7.3.2 and below and Liferay DXP v7.0 and below were discovered to contain a cross-site scripting (XSS) vulnerability via the script console under the Server module.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38263
CVE-2021-38264Liferay Portal v7.4.1 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the keywords parameter under the Frontend Taglib module.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38264
CVE-2022-24573A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-24573
CVE-2021-40637OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php. An attacker can inject JavaScript code to get the user's cookie and take over the working session of user.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-40637
CVE-2022-0753Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0753
CVE-2022-23710A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s browser.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-23710
CVE-2022-0838Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0838
CVE-2022-0752Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0752
CVE-2020-18324Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-18324
CVE-2020-18325Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-18325
CVE-2020-18327Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.26.1https://nvd.nist.gov/vuln/detail/CVE-2020-18327
CVE-2021-46382Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-46382
CVE-2021-20303A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-20303
CVE-2022-0855Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to 0.0.4.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0855
CVE-2022-0869Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0869
CVE-2022-0868Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0868
CVE-2021-44748A vulnerability affecting F-Secure SAFE browser was discovered whereby browsers loads images automatically this vulnerability can be exploited remotely by an attacker to execute the JavaScript can be used to trigger universal cross-site scripting through the browser. User interaction is required prior to exploitation, such as entering a malicious website to trigger the vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-44748
CVE-2022-0697Open Redirect in GitHub repository archivy/archivy prior to 1.7.0.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0697
CVE-2021-24953The Advanced iFrame WordPress plugin before 2022 does not sanitise and escape the ai_config_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue6.1https://nvd.nist.gov/vuln/detail/CVE-2021-24953
CVE-2021-25038The WordPress Multisite User Sync/Unsync WordPress plugin before 2.1.2 does not sanitise and escape the wmus_source_blog and wmus_record_per_page parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues6.1https://nvd.nist.gov/vuln/detail/CVE-2021-25038
CVE-2021-25039The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.0 does not sanitise and escape the wmcc_content_type, wmcc_source_blog and wmcc_record_per_page parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues6.1https://nvd.nist.gov/vuln/detail/CVE-2021-25039
CVE-2022-0347The LoginPress | Custom Login Page Customizer WordPress plugin before 1.5.12 does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0347
CVE-2022-0422The White Label CMS WordPress plugin before 2.2.9 does not sanitise and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting issue6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0422
CVE-2022-0429The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0429
CVE-2022-0533The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0533
CVE-2021-4198A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. Bitdefender VPN Standalone versions prior to 25.5.0.48.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-4198
CVE-2021-41541A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The Group Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-41541
CVE-2021-41542A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The User Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-41542
CVE-2021-44478A vulnerability has been identified in Polarion Subversion Webclient (V21 R1). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-44478
CVE-2021-41180Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validation on the link. This could result in an open-redirect, but required user interaction. This only affected users of the Android Talk client. It is recommended that the Nextcloud Talk App is upgraded to 12.1.2. There are no known workarounds.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-41180
CVE-2022-24739alltube is an html front end for youtube-dl. On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack (depending on how AllTube is configured). The impact is mitigated by the fact the SSRF attack is only possible when the `stream` option is enabled in the configuration. (This option is disabled by default.) 3.0.3 contains a fix for this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-24739
CVE-2021-42856It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-42856
CVE-2022-21146Persistent cross-site scripting in the web interface of ipDIO allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into a specific parameter. The XSS payload will be executed when a legitimate user attempts to review history.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-21146
CVE-2021-43590Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.6https://nvd.nist.gov/vuln/detail/CVE-2021-43590
CVE-2021-36809A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client.6https://nvd.nist.gov/vuln/detail/CVE-2021-36809
CVE-2019-19242SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.5.9https://nvd.nist.gov/vuln/detail/CVE-2019-19242
CVE-2020-1971The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).5.9https://nvd.nist.gov/vuln/detail/CVE-2020-1971
CVE-2021-3449An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).5.9https://nvd.nist.gov/vuln/detail/CVE-2021-3449
CVE-2021-22947When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.5.9https://nvd.nist.gov/vuln/detail/CVE-2021-22947
CVE-2022-24319A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)5.9https://nvd.nist.gov/vuln/detail/CVE-2022-24319
CVE-2022-24320A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)5.9https://nvd.nist.gov/vuln/detail/CVE-2022-24320
CVE-2020-36516An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.5.9https://nvd.nist.gov/vuln/detail/CVE-2020-36516
CVE-2021-23222A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.5.9https://nvd.nist.gov/vuln/detail/CVE-2021-23222
CVE-2021-42017A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2. If an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications.5.9https://nvd.nist.gov/vuln/detail/CVE-2021-42017
CVE-2022-23278Microsoft Defender for Endpoint Spoofing Vulnerability.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-23278
CVE-2022-24322A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior)5.9https://nvd.nist.gov/vuln/detail/CVE-2022-24322
CVE-2022-24323A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Process Expert (V2021 and prior), EcoStruxure Control Expert (V15.0 SP1 and prior)5.9https://nvd.nist.gov/vuln/detail/CVE-2022-24323
CVE-2021-40055There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity.5.9https://nvd.nist.gov/vuln/detail/CVE-2021-40055
CVE-2021-3672A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.5.6https://nvd.nist.gov/vuln/detail/CVE-2021-3672
CVE-2019-19645alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.5.5https://nvd.nist.gov/vuln/detail/CVE-2019-19645
CVE-2020-13631SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-13631
CVE-2020-13632ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-13632
CVE-2020-15358In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-15358
CVE-2021-28950An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-28950
CVE-2020-36310An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-36310
CVE-2020-36322An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-36322
CVE-2021-27043An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-27043
CVE-2021-1093NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of service or system crash.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-1093
CVE-2021-1095NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an untrusted pointer may lead to denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-1095
CVE-2021-43389An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-43389
CVE-2021-45095pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-45095
CVE-2021-45480An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-45480
CVE-2021-4193vim is vulnerable to Out-of-bounds Read5.5https://nvd.nist.gov/vuln/detail/CVE-2021-4193
CVE-2022-22844LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-22844
CVE-2022-0156vim is vulnerable to Use After Free5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0156
CVE-2022-0319Out-of-bounds Read in vim/vim prior to 8.2.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0319
CVE-2021-46657get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-46657
CVE-2021-46658save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-46658
CVE-2021-46659MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-46659
CVE-2021-46661MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).5.5https://nvd.nist.gov/vuln/detail/CVE-2021-46661
CVE-2021-46662MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-46662
CVE-2021-46663MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-46663
CVE-2021-46664MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-46664
CVE-2021-46665MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-46665
CVE-2021-46666MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-46666
CVE-2021-46668MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-46668
CVE-2022-0487A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0487
CVE-2022-24959An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-24959
CVE-2022-22766Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-22766
CVE-2022-0617A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0617
CVE-2022-25375An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-25375
CVE-2022-0712NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0712
CVE-2022-0714Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0714
CVE-2022-0476Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0476
CVE-2022-0695Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0695
CVE-2021-46702Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn't properly free memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-46702
CVE-2021-44962An out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially crafted stl file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-44962
CVE-2020-4925A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests. IBM X-Force ID: 191599.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-4925
CVE-2022-22321IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-22321
CVE-2022-25012Argus Surveillance DVR v4.0 employs weak password encryption.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-25012
CVE-2021-45860An integer overflow in DTSStreamReader::findFrame() of tsMuxer git-2678966 allows attackers to cause a Denial of Service (DoS) via a crafted file.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-45860
CVE-2021-45861There is an Assertion `num <= INT_BIT' failed at BitStreamReader::skipBits in /bitStream.h:132 of tsMuxer git-c6a0277.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-45861
CVE-2021-45863tsMuxer git-2678966 was discovered to contain a heap-based buffer overflow via the function HevcUnit::updateBits in hevc.cpp.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-45863
CVE-2021-45864tsMuxer git-c6a0277 was discovered to contain a segmentation fault via DTSStreamReader::findFrame in dtsStreamReader.cpp.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-45864
CVE-2022-25050rtl_433 21.12 was discovered to contain a stack overflow in the function somfy_iohc_decode(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-25050
CVE-2022-25051An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when decoding a crafted file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-25051
CVE-2022-22303An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-22303
CVE-2021-38996IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213076.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-38996
CVE-2022-22350IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 220394.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-22350
CVE-2022-23953Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-23953
CVE-2022-23956Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-23956
CVE-2022-23954Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-23954
CVE-2022-23955Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-23955
CVE-2022-23957Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-23957
CVE-2022-23958Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-23958
CVE-2021-3602An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials).5.5https://nvd.nist.gov/vuln/detail/CVE-2021-3602
CVE-2021-3620A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-3620
CVE-2021-3744A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-3744
CVE-2021-3428A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-3428
CVE-2022-25106D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-25106
CVE-2022-0849Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0849
CVE-2022-21973Windows Media Center Update Denial of Service Vulnerability.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-21973
CVE-2022-22010Media Foundation Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21977.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-22010
CVE-2022-23281Windows Common Log File System Driver Information Disclosure Vulnerability.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-23281
CVE-2022-23297Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-23297
CVE-2022-24462Microsoft Word Security Feature Bypass Vulnerability.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-24462
CVE-2022-24465Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-24465
CVE-2022-24511Microsoft Office Word Tampering Vulnerability.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-24511
CVE-2022-24526Visual Studio Code Spoofing Vulnerability.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-24526
CVE-2021-32434abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-32434
CVE-2021-32435Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-32435
CVE-2021-34122The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NULL pointer dereference.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-34122
CVE-2021-3732A security issue was found in Linux kernel’s OverlayFS subsystem where a local attacker who has the ability to mount the TmpFS filesystem with OverlayFS can abuse a logic bug in the overlayfs code which can inadvertently reveal files hidden in the original mount.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-3732
CVE-2021-44215Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have an unspecified impact.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-44215
CVE-2021-44216Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-44216
CVE-2021-44269An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-44269
CVE-2021-44421The pointer-validation logic in util/mem_util.rs in Occlum before 0.26.0 for Intel SGX acts as a confused deputy that allows a local attacker to access unauthorized information via side-channel analysis.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-44421
CVE-2021-4023A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This flaw allows a local user with permissions to execute io-uring requests to possibly crash the system.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-4023
CVE-2021-4095A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-4095
CVE-2022-25108Foxit PDF Reader and Editor before 11.2.1 and PhantomPDF before 10.1.7 allow a NULL pointer dereference during PDF parsing because the pointer is used without proper validation.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-25108
CVE-2022-24090Adobe Photoshop versions 23.1.1 (and earlier) and 22.5.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-24090
CVE-2020-14402An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-14402
CVE-2020-14403An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-14403
CVE-2020-14404An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-14404
CVE-2021-26925Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-26925
CVE-2020-18670Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-18670
CVE-2020-18671Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-18671
CVE-2022-25015A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS allows attackers to steal cookies via a crafted payload inserted into the First Name field.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-25015
CVE-2021-41111Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to versions 3.4.5 and 3.3.15, an authenticated user with authorization to read webhooks in one project can craft a request to reveal Webhook definitions and tokens in another project. The user could use the revealed webhook tokens to trigger webhooks. Severity depends on trust level of authenticated users and whether any webhooks exist that trigger sensitive actions. There are patches for this vulnerability in versions 3.4.5 and 3.3.15. There are currently no known workarounds.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-41111
CVE-2022-25020A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-25020
CVE-2022-25022A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-25022
CVE-2021-38986IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-38986
CVE-2022-22944VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrary script within a user's window.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-22944
CVE-2022-23656Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a topic with several participants; a victim who then opens an overflow tooltip including this full name on the recent topics page could trigger execution of JavaScript code controlled by the attacker. Users running a Zulip server from the main branch should upgrade from main (2022-03-01 or later) again to deploy this fix.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-23656
CVE-2021-45074JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-45074
CVE-2021-38265Liferay Portal v7.3.6 and below and Liferay DXP v7.3 and below were discovered to contain a cross-site scripting (XSS) vulnerability via the _com_liferay_asset_list_web_portlet_AssetListPortlet_title parameter.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-38265
CVE-2021-38267Liferay Portal through v7.3.6 and Liferay DXP through v7.3 were discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Blog Entry function under the Blog module.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-38267
CVE-2021-38269Liferay Portal through v7.4.0 and Liferay DXP through v7.1 were discovered to contain a cross-site scripting (XSS) vulnerability via the Gogo Shell module.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-38269
CVE-2022-24563In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the intro_title and intro_image parameters.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-24563
CVE-2022-25138Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Name parameter.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-25138
CVE-2022-23051PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svg_file' parameter.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-23051
CVE-2022-0831Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0831
CVE-2022-0832Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0832
CVE-2021-24821The Cost Calculator WordPress plugin before 1.6 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description fields of a Cost Calculator > Price Settings (which gets injected on the edit page as well as any page that embeds the calculator using the shortcode), as well as the Text Preview field of a Project (injected on the edit project page)5.4https://nvd.nist.gov/vuln/detail/CVE-2021-24821
CVE-2021-24826The Custom Content Shortcode WordPress plugin before 4.0.2 does not escape custom fields before outputting them, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. Please note that such attack is still possible by admin+ in single site blogs by default (but won't be when the unfiltered_html is disallowed)5.4https://nvd.nist.gov/vuln/detail/CVE-2021-24826
CVE-2021-24960The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be then be used for Cross-Site Scripting attacks5.4https://nvd.nist.gov/vuln/detail/CVE-2021-24960
CVE-2021-24961The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 does not escape some of its shortcode argument, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks5.4https://nvd.nist.gov/vuln/detail/CVE-2021-24961
CVE-2022-0205The YOP Poll WordPress plugin before 6.3.5 does not sanitise and escape some of the settings (available to users with a role as low as author) before outputting them, leading to a Stored Cross-Site Scripting issue5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0205
CVE-2022-0426The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 does not escape the rowCount parameter before outputting it back in an attribute via the woosea_categories_dropdown AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0426
CVE-2021-37208A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). Improper neutralization of special characters on the web server configuration page could allow an attacker, in a privileged position, to retrieve sensitive information via cross-site scripting.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-37208
CVE-2022-0877Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0877
CVE-2022-24503Remote Desktop Protocol Client Information Disclosure Vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-24503
CVE-2021-32005Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteManager allows a logged in user to store javascript for later execution. This issue affects: Secomea SiteManager Version 9.6.621421014 and all prior versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-32005
CVE-2021-33851A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-33851
CVE-2021-33852A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Duplicate Title" text box executes whenever the user opens the Settings Page of the Post Duplicator Plugin or the application root page after duplicating any of the existing posts.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-33852
CVE-2022-21158A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link (with javascript\: scheme) inside the document may allow an attacker to execute an arbitrary script on the PC of the user using marktext.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-21158
CVE-2019-19924SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.5.3https://nvd.nist.gov/vuln/detail/CVE-2019-19924
CVE-2021-23362The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-23362
CVE-2021-22876curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-22876
CVE-2021-22897curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-22897
CVE-2021-22918Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo().5.3https://nvd.nist.gov/vuln/detail/CVE-2021-22918
CVE-2021-22923When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-22923
CVE-2021-22925curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-22925
CVE-2021-22939If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-22939
CVE-2021-25219In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-25219
CVE-2022-26315qrcp through 0.8.4, in receive mode, allows ../ Directory Traversal via the file name specified by the uploader.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-26315
CVE-2022-23779Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-23779
CVE-2022-25146The Remote App module in Liferay Portal through v7.4.3.8 and Liferay DXP through v7.4 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-25146
CVE-2022-22700CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-22700
CVE-2022-24723URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse can be used as a workaround.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-24723
CVE-2021-46353An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote unauthenticated attacker to send a specially crafted HTTP request and gain knowledge of different absolute paths that are being used by the web application.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-46353
CVE-2021-25009The CorreosExpress WordPress plugin through 2.6.0 generates log files which are publicly accessible, and contain sensitive information such as sender/receiver names, phone numbers, physical and email addresses5.3https://nvd.nist.gov/vuln/detail/CVE-2021-25009
CVE-2021-41239Nextcloud server is a self hosted system designed to provide cloud style services. In affected versions the User Status API did not consider the user enumeration settings by the administrator. This allowed a user to enumerate other users on the instance, even when user listings where disabled. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. There are no known workarounds.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-41239
CVE-2022-24714Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may still have access to a collection of content. Note that this only applies if a role has implicitly permitted access to hosts, due to permitted access to at least one of their services. If access to a host is permitted by other means, no sensible information has been disclosed to unauthorized users. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-24714
CVE-2020-14112Information Leak Vulnerability exists in the Xiaomi Router AX6000. The vulnerability is caused by incorrect routing configuration. Attackers can exploit this vulnerability to download part of the files in Xiaomi Router AX6000.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-14112
CVE-2021-35251Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-35251
CVE-2021-42857It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDaServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/da/pcf" API. The affected endpoint does not have any validation of the user's input that allows a malicious payload to be injected.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-42857
CVE-2021-44321Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF), where an attacker can update/delete items in the inventory. The attacker must be logged into the application create a malicious file for updating the inventory details and items.5https://nvd.nist.gov/vuln/detail/CVE-2021-44321
CVE-2021-27653Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure.4.9https://nvd.nist.gov/vuln/detail/CVE-2021-27653
CVE-2022-23232StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user accounts to access S3 data to which they previously had access. StorageGRID 11.6.0 obtains the user account status from Active Directory or Azure and will block S3 access for disabled user accounts during the subsequent background synchronization. User accounts that are expired or locked for Active Directory or Azure, or user accounts that are disabled, expired, or locked in identity sources other than Active Directory or Azure must be manually removed from group memberships or have their S3 keys manually removed from Tenant Manager in all versions of StorageGRID (formerly StorageGRID Webscale).4.9https://nvd.nist.gov/vuln/detail/CVE-2022-23232
CVE-2022-26484An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input data, allowing a remote authenticated administrator to read arbitrary files on the system via Directory Traversal. By manipulating the resource name in GET requests referring to files with absolute paths, it is possible to access arbitrary files stored on the filesystem, including application source code, configuration files, and critical system files.4.9https://nvd.nist.gov/vuln/detail/CVE-2022-26484
CVE-2022-24518Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24469, CVE-2022-24506, CVE-2022-24515, CVE-2022-24519.4.9https://nvd.nist.gov/vuln/detail/CVE-2022-24518
CVE-2022-24519Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24469, CVE-2022-24506, CVE-2022-24515, CVE-2022-24518.4.9https://nvd.nist.gov/vuln/detail/CVE-2022-24519
CVE-2022-25220PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-25220
CVE-2022-26483An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. A reflected cross-site scripting (XSS) vulnerability in admin/cgi-bin/listdir.pl allows authenticated remote administrators to inject arbitrary web script or HTML into an HTTP GET parameter (which reflect the user input without sanitization).4.8https://nvd.nist.gov/vuln/detail/CVE-2022-26483
CVE-2021-24810The WP Event Manager WordPress plugin before 3.1.23 does not escape some of its Field Editor settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed4.8https://nvd.nist.gov/vuln/detail/CVE-2021-24810
CVE-2022-0389The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-0389
CVE-2022-0448The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its "License ID" settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-0448
CVE-2022-0535The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed4.8https://nvd.nist.gov/vuln/detail/CVE-2022-0535
CVE-2021-20321A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.4.7https://nvd.nist.gov/vuln/detail/CVE-2021-20321
CVE-2022-21975Windows Hyper-V Denial of Service Vulnerability.4.7https://nvd.nist.gov/vuln/detail/CVE-2022-21975
CVE-2021-43976In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).4.6https://nvd.nist.gov/vuln/detail/CVE-2021-43976
CVE-2022-25258An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur.4.6https://nvd.nist.gov/vuln/detail/CVE-2022-25258
CVE-2022-0743Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31.4.6https://nvd.nist.gov/vuln/detail/CVE-2022-0743
CVE-2020-15936A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets.4.5https://nvd.nist.gov/vuln/detail/CVE-2020-15936
CVE-2021-20317A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP.4.4https://nvd.nist.gov/vuln/detail/CVE-2021-20317
CVE-2021-38955IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. IBM X-Force ID: 211825.4.4https://nvd.nist.gov/vuln/detail/CVE-2021-38955
CVE-2022-0022Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal (non-FIPS-CC) operational mode. An attacker must have access to the account password hashes to take advantage of this weakness and can acquire those hashes if they are able to gain access to the PAN-OS software configuration. Fixed versions of PAN-OS software use a secure cryptographic algorithm for account password hashes. This issue does not impact Prisma Access firewalls. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.21; All versions of PAN-OS 9.0; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11; PAN-OS 10.0 versions earlier than PAN-OS 10.0.7.4.4https://nvd.nist.gov/vuln/detail/CVE-2022-0022
CVE-2022-0110Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-0110
CVE-2022-0112Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-0112
CVE-2022-0116Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-0116
CVE-2022-0118Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-0118
CVE-2021-43953Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-43953
CVE-2020-27958The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-27958
CVE-2021-24824The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the email address of orders can be retrieved4.3https://nvd.nist.gov/vuln/detail/CVE-2021-24824
CVE-2021-24825The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to display arbitrary files from the filesystem (such as logs, .htaccess etc), as well as perform Local File Inclusion attacks as PHP files will be executed. Please note that such attack is still possible by admin+ in single site blogs by default (but won't be when either the unfiltered_html or file_edit is disallowed)4.3https://nvd.nist.gov/vuln/detail/CVE-2021-24825
CVE-2022-0384The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapi_get_wp_users AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog4.3https://nvd.nist.gov/vuln/detail/CVE-2022-0384
CVE-2022-0442The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-0442
CVE-2022-0755Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.12.5.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-0755
CVE-2021-41241Nextcloud server is a self hosted system designed to provide cloud style services. The groupfolders application for Nextcloud allows sharing a folder with a group of people. In addition, it allows setting "advanced permissions" on subfolders, for example, a user could be granted access to the groupfolder but not specific subfolders. Due to a lacking permission check in affected versions, a user could still access these subfolders by copying the groupfolder to another location. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the "groupfolders" application in the admin settings.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-41241
CVE-2022-24502Windows HTML Platforms Security Feature Bypass Vulnerability.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-24502
CVE-2021-3660Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-3660
CVE-2021-42186SAS Logon Manager v9.4 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-42186
CVE-2021-44166An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the legitimate user.4.1https://nvd.nist.gov/vuln/detail/CVE-2021-44166
CVE-2020-8284A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.3.7https://nvd.nist.gov/vuln/detail/CVE-2020-8284
CVE-2021-22890curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.3.7https://nvd.nist.gov/vuln/detail/CVE-2021-22890
CVE-2021-22924libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.3.7https://nvd.nist.gov/vuln/detail/CVE-2021-22924
CVE-2020-29374An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.3.6https://nvd.nist.gov/vuln/detail/CVE-2020-29374
CVE-2021-27040A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-27040
CVE-2022-0158vim is vulnerable to Heap-based Buffer Overflow3.3https://nvd.nist.gov/vuln/detail/CVE-2022-0158
CVE-2022-24448An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-24448
CVE-2022-21977Media Foundation Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-22010.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-21977
CVE-2021-3981A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-3981
CVE-2021-22898curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.3.1https://nvd.nist.gov/vuln/detail/CVE-2021-22898
CVE-2021-3716A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.3.1https://nvd.nist.gov/vuln/detail/CVE-2021-3716
CVE-2021-46270JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.2.7https://nvd.nist.gov/vuln/detail/CVE-2021-46270
CVE-2021-30918A Lock Screen issue was addressed with improved state management. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.0.1 and iPadOS 15.0.1. A user may be able to view restricted content from the Lock Screen.2.4https://nvd.nist.gov/vuln/detail/CVE-2021-30918
CVE-2021-41181Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim received a phone call the attacker could gain access to the chat messages and files of the user. It is recommended that the Nextcloud Android Talk App is upgraded to 12.3.0. There are no known workarounds.2.4https://nvd.nist.gov/vuln/detail/CVE-2021-41181
CVE-2015-3269Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.https://nvd.nist.gov/vuln/detail/CVE-2015-3269
CVE-2021-4002A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.https://nvd.nist.gov/vuln/detail/CVE-2021-4002
CVE-2022-22947In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.https://nvd.nist.gov/vuln/detail/CVE-2022-22947
CVE-2021-3640A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.https://nvd.nist.gov/vuln/detail/CVE-2021-3640
CVE-2021-38988IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212950.https://nvd.nist.gov/vuln/detail/CVE-2021-38988
CVE-2021-38989IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212951.https://nvd.nist.gov/vuln/detail/CVE-2021-38989
CVE-2022-22351IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted host. IBM X-Force ID: 220396https://nvd.nist.gov/vuln/detail/CVE-2022-22351
CVE-2022-24713regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.https://nvd.nist.gov/vuln/detail/CVE-2022-24713
CVE-2022-26319An installer search patch element vulnerability in Trend Micro Portable Security 3.0 Pro, 3.0 and 2.0 could allow a local attacker to place an arbitrarily generated DLL file in an installer folder to elevate local privileges. Please note: an attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-26319
CVE-2022-0715A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)https://nvd.nist.gov/vuln/detail/CVE-2022-0715
CVE-2022-22511Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.https://nvd.nist.gov/vuln/detail/CVE-2022-22511
CVE-2022-22805A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)https://nvd.nist.gov/vuln/detail/CVE-2022-22805
CVE-2022-22806A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)https://nvd.nist.gov/vuln/detail/CVE-2022-22806
CVE-2022-24349An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim’s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel.https://nvd.nist.gov/vuln/detail/CVE-2022-24349
CVE-2022-24732Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing filtering mechanisms.https://nvd.nist.gov/vuln/detail/CVE-2022-24732
CVE-2022-24917An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.https://nvd.nist.gov/vuln/detail/CVE-2022-24917
CVE-2022-24918An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.https://nvd.nist.gov/vuln/detail/CVE-2022-24918
CVE-2022-24919An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.https://nvd.nist.gov/vuln/detail/CVE-2022-24919
CVE-2022-24741Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial of service by uploading specially crafted files which will cause the server to allocate too much memory / CPU. It is recommended that the Nextcloud Server is upgraded to 21.0.8 , 22.2.4 or 23.0.1. Users unable to upgrade should disable preview generation with the `'enable_previews'` config flag.https://nvd.nist.gov/vuln/detail/CVE-2022-24741
CVE-2022-24744Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.https://nvd.nist.gov/vuln/detail/CVE-2022-24744
CVE-2022-24745Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected by this issue. This issue has been resolved in version 6.4.8.2. Users unable to upgrade should disable the HTTP Cache.https://nvd.nist.gov/vuln/detail/CVE-2022-24745
CVE-2022-24746Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions it is possible to inject code via the voucher code form. This issue has been patched in version 6.4.8.1. There are no known workarounds for this issue.https://nvd.nist.gov/vuln/detail/CVE-2022-24746
CVE-2022-24747Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP caches. This issue has been resolved in version 6.4.8.2. There are no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2022-24747
CVE-2022-24748Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In versions prior to 6.4.8.2 it is possible to modify customers and to create orders without App Permission. This issue is a result of improper api route checking. Users are advised to upgrade to version 6.4.8.2. There are no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2022-24748
CVE-2022-0890NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2.https://nvd.nist.gov/vuln/detail/CVE-2022-0890
CVE-2022-0895Static Code Injection in GitHub repository microweber/microweber prior to 1.3.https://nvd.nist.gov/vuln/detail/CVE-2022-0895
CVE-2022-0905Improper Authorization in GitHub repository go-gitea/gitea prior to 1.16.4.https://nvd.nist.gov/vuln/detail/CVE-2022-0905
CVE-2022-0906Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12.https://nvd.nist.gov/vuln/detail/CVE-2022-0906
CVE-2021-32006This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup files.https://nvd.nist.gov/vuln/detail/CVE-2021-32006
CVE-2021-32025An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system.https://nvd.nist.gov/vuln/detail/CVE-2021-32025
CVE-2021-40376otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000.https://nvd.nist.gov/vuln/detail/CVE-2021-40376
CVE-2021-41657SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack.https://nvd.nist.gov/vuln/detail/CVE-2021-41657
CVE-2021-42786It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not have any input validation of the user's input that allowed a malicious payload to be injected.https://nvd.nist.gov/vuln/detail/CVE-2021-42786
CVE-2022-0204A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.https://nvd.nist.gov/vuln/detail/CVE-2022-0204
CVE-2022-0433A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1.https://nvd.nist.gov/vuln/detail/CVE-2022-0433
CVE-2022-0516A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.https://nvd.nist.gov/vuln/detail/CVE-2022-0516
CVE-2022-0618A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS or HTTP/2 PUSH_PROMISE frame where the frame contains padding information without any other data. This logical error caused confusion about the size of the frame, leading to a parsing error. This parsing error immediately crashes the entire process. Sending a HEADERS frame or PUSH_PROMISE frame with HTTP/2 padding information does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted frame. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the frame in memory-safe code, so the crash is safe. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz.https://nvd.nist.gov/vuln/detail/CVE-2022-0618
CVE-2022-20048In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917502; Issue ID: ALPS05917502.https://nvd.nist.gov/vuln/detail/CVE-2022-20048
CVE-2022-20049In vpu, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05954679; Issue ID: ALPS05954679.https://nvd.nist.gov/vuln/detail/CVE-2022-20049
CVE-2022-20050In connsyslogger, there is a possible symbolic link following due to improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06335038; Issue ID: ALPS06335038.https://nvd.nist.gov/vuln/detail/CVE-2022-20050
CVE-2022-20051In ims service, there is a possible unexpected application behavior due to incorrect privilege assignment. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219127; Issue ID: ALPS06219127.https://nvd.nist.gov/vuln/detail/CVE-2022-20051
CVE-2022-20053In ims service, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219097; Issue ID: ALPS06219097.https://nvd.nist.gov/vuln/detail/CVE-2022-20053
CVE-2022-20054In ims service, there is a possible AT command injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219083; Issue ID: ALPS06219083.https://nvd.nist.gov/vuln/detail/CVE-2022-20054
CVE-2022-20055In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160830.https://nvd.nist.gov/vuln/detail/CVE-2022-20055
CVE-2022-20056In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160820.https://nvd.nist.gov/vuln/detail/CVE-2022-20056
CVE-2022-20057In btif, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06271186; Issue ID: ALPS06271186.https://nvd.nist.gov/vuln/detail/CVE-2022-20057
CVE-2022-20058In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160485.https://nvd.nist.gov/vuln/detail/CVE-2022-20058
CVE-2022-20059In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160781.https://nvd.nist.gov/vuln/detail/CVE-2022-20059
CVE-2022-20060In preloader (usb), there is a possible permission bypass due to a missing proper image authentication. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06137462.https://nvd.nist.gov/vuln/detail/CVE-2022-20060
CVE-2022-21124Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25234.https://nvd.nist.gov/vuln/detail/CVE-2022-21124
CVE-2022-21170Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication.https://nvd.nist.gov/vuln/detail/CVE-2022-21170
CVE-2022-22547Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows an attacker to access information which would otherwise be restricted via a random port 9000-65535. This allows information gathering which could be used exploit future open-source security exploits.https://nvd.nist.gov/vuln/detail/CVE-2022-22547
CVE-2022-23940SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients property. By using a crafted request, they can create a malicious report, containing a PHP-deserialization payload in the email_recipients field. Once someone accesses this report, the backend will deserialize the content of the email_recipients field and the payload gets executed. Project dependencies include a number of interesting PHP deserialization gadgets (e.g., Monolog/RCE1 from phpggc) that can be used for Code Execution.https://nvd.nist.gov/vuln/detail/CVE-2022-23940
CVE-2022-24177A cross-site scripting (XSS) vulnerability in the component cgi-bin/ej.cgi of Ex libris ALEPH 500 v18.1 and v20 allows attackers to execute arbitrary web scripts or HTML.https://nvd.nist.gov/vuln/detail/CVE-2022-24177
CVE-2022-24285Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority called ACCsvc through a named pipe. In this case, the Named Pipe is also given Read and Write rights to the general user. In addition, the service program does not verify the user when communicating. A thread may exist with a specific command. When the path of the program to be executed is sent, there is a local privilege escalation in which the service program executes the path with system privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-24285
CVE-2022-24286Acer QuickAccess 2.01.300x before 2.01.3030 and 3.00.30xx before 3.00.3038 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority through a named pipe. In this case, the Named Pipe is also given Read and Write rights to the general user. In addition, the service program does not verify the user when communicating. A thread may exist with a specific command. When the path of the program to be executed is sent, there is a local privilege escalation in which the service program executes the path with system privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-24286
CVE-2022-24395SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-24395
CVE-2022-24396The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities and read, modify, or delete sensitive information and configurations.https://nvd.nist.gov/vuln/detail/CVE-2022-24396
CVE-2022-24397SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser.https://nvd.nist.gov/vuln/detail/CVE-2022-24397
CVE-2022-24398Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted.https://nvd.nist.gov/vuln/detail/CVE-2022-24398
CVE-2022-24399The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting (XSS) vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-24399
CVE-2022-24432Persistent cross-site scripting (XSS) in the web interface of ipDIO allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into specific fields. The XSS payload will be executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services).https://nvd.nist.gov/vuln/detail/CVE-2022-24432
CVE-2022-24600Luocms v2.0 is affected by SQL Injection through /admin/login.php. An attacker can log in to the background through SQL injection statements.https://nvd.nist.gov/vuln/detail/CVE-2022-24600
CVE-2022-24601Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. An attacker can obtain sensitive information through SQL injection statements.https://nvd.nist.gov/vuln/detail/CVE-2022-24601
CVE-2022-24602Luocms v2.0 is affected by SQL Injection in /admin/news/news_mod.php.https://nvd.nist.gov/vuln/detail/CVE-2022-24602
CVE-2022-24603Luocms v2.0 is affected by SQL Injection in /admin/news/sort_mod.php.https://nvd.nist.gov/vuln/detail/CVE-2022-24603
CVE-2022-24604Luocms v2.0 is affected by SQL Injection in /admin/link/link_mod.php.https://nvd.nist.gov/vuln/detail/CVE-2022-24604
CVE-2022-24605Luocms v2.0 is affected by SQL Injection in /admin/link/link_ok.php.https://nvd.nist.gov/vuln/detail/CVE-2022-24605
CVE-2022-24606Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php.https://nvd.nist.gov/vuln/detail/CVE-2022-24606
CVE-2022-24607Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php.https://nvd.nist.gov/vuln/detail/CVE-2022-24607
CVE-2022-24608Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function.php.https://nvd.nist.gov/vuln/detail/CVE-2022-24608
CVE-2022-24609Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/template_manage.php, an attacker can write an arbitrary shell file.https://nvd.nist.gov/vuln/detail/CVE-2022-24609
CVE-2022-24618Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by triggering a "Repair" on the MSI package located in C:\\Windows\\Installer.https://nvd.nist.gov/vuln/detail/CVE-2022-24618
CVE-2022-24644ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affected installation of KeyMouse.https://nvd.nist.gov/vuln/detail/CVE-2022-24644
CVE-2022-24651sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload.https://nvd.nist.gov/vuln/detail/CVE-2022-24651
CVE-2022-24652sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload.https://nvd.nist.gov/vuln/detail/CVE-2022-24652
CVE-2022-24915The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services).https://nvd.nist.gov/vuln/detail/CVE-2022-24915
CVE-2022-24928Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP.https://nvd.nist.gov/vuln/detail/CVE-2022-24928
CVE-2022-24929Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication.https://nvd.nist.gov/vuln/detail/CVE-2022-24929
CVE-2022-24930An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper permissionhttps://nvd.nist.gov/vuln/detail/CVE-2022-24930
CVE-2022-24931Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permissionhttps://nvd.nist.gov/vuln/detail/CVE-2022-24931
CVE-2022-24932Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard.https://nvd.nist.gov/vuln/detail/CVE-2022-24932
CVE-2022-24960A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. A crafted PDF can overwrite RIP with data previously allocated on the heap. This issue affects: PDFTron PDFTron SDK 9.2.0 on OSX; 9.2.0 on Linux; 9.2.0 on Windows.https://nvd.nist.gov/vuln/detail/CVE-2022-24960
CVE-2022-24995Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-24995
CVE-2022-25090Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition.https://nvd.nist.gov/vuln/detail/CVE-2022-25090
CVE-2022-25213Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell.https://nvd.nist.gov/vuln/detail/CVE-2022-25213
CVE-2022-25214Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated remote attacker to obtain the WPA passphrases for the 2.4GHz and 5.0GHz wireless networks. This is particularly dangerous given that the K2G setup wizard presents the user with the option of using the same password for the 2.4Ghz network and the administrative interface, by clicking a checkbox. When Remote Managment is enabled, these endpoints are exposed to the WAN.https://nvd.nist.gov/vuln/detail/CVE-2022-25214
CVE-2022-25215Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router itself.https://nvd.nist.gov/vuln/detail/CVE-2022-25215
CVE-2022-25217Use of a hard-coded cryptographic key pair by the telnetd_startup service allows an attacker on the local area network to obtain a root shell on the device over telnet. The builds of telnetd_startup included in the version 22.5.9.163 of the K2 firmware, and version 32.1.15.93 of the K3C firmware (possibly amongst many other releases) included both the private and public RSA keys. The remaining versions cited here redacted the private key, but left the public key unchanged. An attacker in possession of the leaked private key may, through a scripted exchange of UDP packets, instruct telnetd_startup to spawn an unauthenticated telnet shell as root, by means of which they can then obtain complete control of the device. A consequence of the limited availablility of firmware images for testing is that models and versions not listed here may share this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-25217
CVE-2022-25218The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the "plaintext" to which an arbitrary blob of ciphertext will be decrypted by OpenSSL's RSA_public_decrypt() function. This weakness allows the attacker to manipulate the various iterations of the telnetd startup state machine and eventually obtain a root shell on the device, by means of an exchange of crafted UDP packets. In all versions but K2 22.5.9.163 and K3C 32.1.15.93 a successful attack also requires the exploitation of a null-byte interaction error (CVE-2022-25219).https://nvd.nist.gov/vuln/detail/CVE-2022-25218
CVE-2022-25219A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP packets, an unauthenticated attacker on the local network can leverage this null byte interaction error in such a way as to make those ephemeral passwords predictable (with 1-in-94 odds). Since the attacker must manipulate data processed by the OpenSSL function RSA_public_decrypt(), successful exploitation of this vulnerability depends on the use of an unpadded RSA cipher (CVE-2022-25218).https://nvd.nist.gov/vuln/detail/CVE-2022-25219
CVE-2022-25225Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation (PostgreSQL) by exploiting this issue.https://nvd.nist.gov/vuln/detail/CVE-2022-25225
CVE-2022-25243"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4.https://nvd.nist.gov/vuln/detail/CVE-2022-25243
CVE-2022-25244Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10.https://nvd.nist.gov/vuln/detail/CVE-2022-25244
CVE-2022-25294Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. All versions prior to 7.12.1 are affected. Agents for MacOS and Linux and Cloud are unaffected. Proofpoint has released fixed software version 7.12.1. The fixed software versions are available through the customer support portal.https://nvd.nist.gov/vuln/detail/CVE-2022-25294
CVE-2022-25368Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected.https://nvd.nist.gov/vuln/detail/CVE-2022-25368
CVE-2022-25556Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42E328. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-25556
CVE-2022-25560Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_4327CC. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-25560
CVE-2022-25561Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42DE00. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-25561
CVE-2022-25814PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.https://nvd.nist.gov/vuln/detail/CVE-2022-25814
CVE-2022-25815PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.https://nvd.nist.gov/vuln/detail/CVE-2022-25815
CVE-2022-25816Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authenticationhttps://nvd.nist.gov/vuln/detail/CVE-2022-25816
CVE-2022-25817Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent.https://nvd.nist.gov/vuln/detail/CVE-2022-25817
CVE-2022-25818Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-25818
CVE-2022-25819OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory.https://nvd.nist.gov/vuln/detail/CVE-2022-25819
CVE-2022-25820A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password.https://nvd.nist.gov/vuln/detail/CVE-2022-25820
CVE-2022-25821Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read.https://nvd.nist.gov/vuln/detail/CVE-2022-25821
CVE-2022-25822An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash.https://nvd.nist.gov/vuln/detail/CVE-2022-25822
CVE-2022-25823Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.220126741 allows attackers to access user information in log.https://nvd.nist.gov/vuln/detail/CVE-2022-25823
CVE-2022-25824Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview.https://nvd.nist.gov/vuln/detail/CVE-2022-25824
CVE-2022-25825Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in.https://nvd.nist.gov/vuln/detail/CVE-2022-25825
CVE-2022-25826Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the loghttps://nvd.nist.gov/vuln/detail/CVE-2022-25826
CVE-2022-25827Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.22012751 allows attacker to access password information of connected WiFiAp in the loghttps://nvd.nist.gov/vuln/detail/CVE-2022-25827
CVE-2022-25828Information Exposure vulnerability in Watch Active Plugin prior to version 2.2.07.22012751 allows attacker to access password information of connected WiFiAp in the loghttps://nvd.nist.gov/vuln/detail/CVE-2022-25828
CVE-2022-25829Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the loghttps://nvd.nist.gov/vuln/detail/CVE-2022-25829
CVE-2022-25830Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the loghttps://nvd.nist.gov/vuln/detail/CVE-2022-25830
CVE-2022-25922Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions.https://nvd.nist.gov/vuln/detail/CVE-2022-25922
CVE-2022-26100SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a result, the SAPCAR process may crash, and the attacker may obtain privileged access to the system.https://nvd.nist.gov/vuln/detail/CVE-2022-26100
CVE-2022-26101Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-26101
CVE-2022-26102Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authorized for that transaction. A successful exploitation could expose information and in worst case manipulate data before the start screen is executed, resulting in limited impact on confidentiality and integrity of the application.https://nvd.nist.gov/vuln/detail/CVE-2022-26102
CVE-2022-26103Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks.https://nvd.nist.gov/vuln/detail/CVE-2022-26103
CVE-2022-26104SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message.https://nvd.nist.gov/vuln/detail/CVE-2022-26104
CVE-2022-26131Power Line Communications PLC4TRUCKS J2497 trailer receivers are susceptible to remote RF induced signals.https://nvd.nist.gov/vuln/detail/CVE-2022-26131
CVE-2022-26143The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.https://nvd.nist.gov/vuln/detail/CVE-2022-26143
CVE-2022-26311Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to an Unauthorized Actor. Secrets are not redacted in logs collected from Kubernetes environments.https://nvd.nist.gov/vuln/detail/CVE-2022-26311
CVE-2022-26355Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP). This issue only occurs if PowerShell was used when configuring FAS to store the registration authority certificate’s private key in the TPM. It does not occur if the TPM was not selected for use or if the FAS administration console was used for configuration.https://nvd.nist.gov/vuln/detail/CVE-2022-26355
CVE-2022-26488In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2.https://nvd.nist.gov/vuln/detail/CVE-2022-26488
CVE-2022-26521Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type).https://nvd.nist.gov/vuln/detail/CVE-2022-26521
CVE-2022-26652NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected.https://nvd.nist.gov/vuln/detail/CVE-2022-26652
CVE-2022-26661An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system.https://nvd.nist.gov/vuln/detail/CVE-2022-26661
CVE-2022-26662An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server.https://nvd.nist.gov/vuln/detail/CVE-2022-26662
CVE-2022-26778Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.https://nvd.nist.gov/vuln/detail/CVE-2022-26778
CVE-2022-26846SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2022-26846
CVE-2022-26847SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.https://nvd.nist.gov/vuln/detail/CVE-2022-26847
CVE-2021-44673A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script.https://nvd.nist.gov/vuln/detail/CVE-2021-44673
CVE-2021-38910IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID: 209824.https://nvd.nist.gov/vuln/detail/CVE-2021-38910
CVE-2021-39022IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. IBM X-Force ID: 213858.https://nvd.nist.gov/vuln/detail/CVE-2021-39022
CVE-2021-39025IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. IBM X-Force 213863.https://nvd.nist.gov/vuln/detail/CVE-2021-39025
CVE-2022-23036Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042https://nvd.nist.gov/vuln/detail/CVE-2022-23036
CVE-2022-23037Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042https://nvd.nist.gov/vuln/detail/CVE-2022-23037
CVE-2022-23038Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042https://nvd.nist.gov/vuln/detail/CVE-2022-23038
CVE-2022-23039Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042https://nvd.nist.gov/vuln/detail/CVE-2022-23039
CVE-2022-23040Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042https://nvd.nist.gov/vuln/detail/CVE-2022-23040
CVE-2022-23041Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042https://nvd.nist.gov/vuln/detail/CVE-2022-23041
CVE-2022-23042Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042https://nvd.nist.gov/vuln/detail/CVE-2022-23042
CVE-2021-41233Nextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Due to an issue with the Nextcloud Text application, which is by default shipped with Nextcloud Server, an attacker is able to access the folder names of "File Drop". For successful exploitation an attacker requires knowledge of the sharing link. It is recommended that users upgrade their Nextcloud Server to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the Nextcloud Text application in the application settings.https://nvd.nist.gov/vuln/detail/CVE-2021-41233
CVE-2021-44585A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event.https://nvd.nist.gov/vuln/detail/CVE-2021-44585
CVE-2021-44597An Access Control vunerabiity exists in Gerapy v 0.9.7 via the spider parameter in project_configure function.https://nvd.nist.gov/vuln/detail/CVE-2021-44597
CVE-2022-24726Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing when the validating webhook for a cluster is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [external istiod](https://istio.io/latest/docs/setup/install/external-controlplane/) topologies, this port is exposed over the public internet. This issue has been patched in versions 1.13.2, 1.12.5 and 1.11.8. Users are advised to upgrade. Users unable to upgrade should disable access to a validating webhook that is exposed to the public internet or restrict the set of IP addresses that can query it to a set of known, trusted entities.https://nvd.nist.gov/vuln/detail/CVE-2022-24726
CVE-2022-24750UltraVNC is a free and open source remote pc access software. A vulnerability has been found in versions prior to 1.3.8.0 in which the DSM plugin module, which allows a local authenticated user to achieve local privilege escalation (LPE) on a vulnerable system. The vulnerability has been fixed to allow loading of plugins from the installed directory. Affected users should upgrade their UltraVNC to 1.3.8.0. Users unable to upgrade should not install and run UltraVNC server as a service. It is advisable to create a scheduled task on a low privilege account to launch WinVNC.exe instead. There are no known workarounds if wincnc needs to be started as a service.https://nvd.nist.gov/vuln/detail/CVE-2022-24750
CVE-2022-0280A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them.https://nvd.nist.gov/vuln/detail/CVE-2022-0280
CVE-2022-0815Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected.https://nvd.nist.gov/vuln/detail/CVE-2022-0815
CVE-2022-0820Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0.https://nvd.nist.gov/vuln/detail/CVE-2022-0820
CVE-2022-0821Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0.https://nvd.nist.gov/vuln/detail/CVE-2022-0821
CVE-2022-25506FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser.https://nvd.nist.gov/vuln/detail/CVE-2022-25506
CVE-2022-25507FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Callsign parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-25507
CVE-2022-25508An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created routes, or create unsafe or false routes for legitimate users.https://nvd.nist.gov/vuln/detail/CVE-2022-25508
CVE-2022-25510FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-25510
CVE-2022-25511An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system.https://nvd.nist.gov/vuln/detail/CVE-2022-25511
CVE-2022-25512FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys.https://nvd.nist.gov/vuln/detail/CVE-2022-25512
CVE-2022-0822Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0.https://nvd.nist.gov/vuln/detail/CVE-2022-0822
CVE-2018-25031Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.https://nvd.nist.gov/vuln/detail/CVE-2018-25031
CVE-2020-36518jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.https://nvd.nist.gov/vuln/detail/CVE-2020-36518
CVE-2021-46708The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.https://nvd.nist.gov/vuln/detail/CVE-2021-46708
CVE-2022-26874lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering.https://nvd.nist.gov/vuln/detail/CVE-2022-26874
CVE-2022-26878drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed).https://nvd.nist.gov/vuln/detail/CVE-2022-26878
CVE-2022-21177There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.https://nvd.nist.gov/vuln/detail/CVE-2022-21177
CVE-2022-21194The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00.https://nvd.nist.gov/vuln/detail/CVE-2022-21194
CVE-2022-21808Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.https://nvd.nist.gov/vuln/detail/CVE-2022-21808
CVE-2022-22141'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.https://nvd.nist.gov/vuln/detail/CVE-2022-22141
CVE-2022-22145CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.https://nvd.nist.gov/vuln/detail/CVE-2022-22145
CVE-2022-22148'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.https://nvd.nist.gov/vuln/detail/CVE-2022-22148
CVE-2022-22151CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.https://nvd.nist.gov/vuln/detail/CVE-2022-22151
CVE-2022-22729CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.https://nvd.nist.gov/vuln/detail/CVE-2022-22729
CVE-2022-23401The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.https://nvd.nist.gov/vuln/detail/CVE-2022-23401
CVE-2022-23402The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00https://nvd.nist.gov/vuln/detail/CVE-2022-23402
CVE-2022-0912Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11.https://nvd.nist.gov/vuln/detail/CVE-2022-0912
CVE-2022-0913Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3.https://nvd.nist.gov/vuln/detail/CVE-2022-0913
CVE-2022-0870Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.https://nvd.nist.gov/vuln/detail/CVE-2022-0870
CVE-2022-0928Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.https://nvd.nist.gov/vuln/detail/CVE-2022-0928
CVE-2022-0871Improper Authorization in GitHub repository gogs/gogs prior to 0.12.5.https://nvd.nist.gov/vuln/detail/CVE-2022-0871
CVE-2022-0860Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.https://nvd.nist.gov/vuln/detail/CVE-2022-0860
CVE-2022-0932Improper Authorization in GitHub repository saleor/saleor prior to 3.1.2.https://nvd.nist.gov/vuln/detail/CVE-2022-0932
CVE-2021-44618A Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header.https://nvd.nist.gov/vuln/detail/CVE-2021-44618
CVE-2021-44620A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters.https://nvd.nist.gov/vuln/detail/CVE-2021-44620
CVE-2022-24433The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary command execution.https://nvd.nist.gov/vuln/detail/CVE-2022-24433
CVE-2021-23246In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure.https://nvd.nist.gov/vuln/detail/CVE-2021-23246
CVE-2021-26341Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.https://nvd.nist.gov/vuln/detail/CVE-2021-26341
CVE-2021-26401LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.https://nvd.nist.gov/vuln/detail/CVE-2021-26401
CVE-2021-27414An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials.https://nvd.nist.gov/vuln/detail/CVE-2021-27414
CVE-2021-27416An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session.https://nvd.nist.gov/vuln/detail/CVE-2021-27416
CVE-2021-32009Cross-site Scripting (XSS) vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions.https://nvd.nist.gov/vuln/detail/CVE-2021-32009
CVE-2021-32472Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected.https://nvd.nist.gov/vuln/detail/CVE-2021-32472
CVE-2021-32473It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affectedhttps://nvd.nist.gov/vuln/detail/CVE-2021-32473
CVE-2021-32474An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.https://nvd.nist.gov/vuln/detail/CVE-2021-32474
CVE-2021-32475ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.https://nvd.nist.gov/vuln/detail/CVE-2021-32475
CVE-2021-32476A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.https://nvd.nist.gov/vuln/detail/CVE-2021-32476
CVE-2021-32477The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected.https://nvd.nist.gov/vuln/detail/CVE-2021-32477
CVE-2021-32478The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.https://nvd.nist.gov/vuln/detail/CVE-2021-32478
CVE-2021-33150Hardware allows activation of test or debug logic at runtime for some Intel(R) Trace Hub instances which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.https://nvd.nist.gov/vuln/detail/CVE-2021-33150
CVE-2021-33658atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration.https://nvd.nist.gov/vuln/detail/CVE-2021-33658
CVE-2022-0001Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.https://nvd.nist.gov/vuln/detail/CVE-2022-0001
CVE-2022-0002Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.https://nvd.nist.gov/vuln/detail/CVE-2022-0002
CVE-2022-0853A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-0853
CVE-2022-0907Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.https://nvd.nist.gov/vuln/detail/CVE-2022-0907
CVE-2022-0908Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.https://nvd.nist.gov/vuln/detail/CVE-2022-0908
CVE-2022-0909Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.https://nvd.nist.gov/vuln/detail/CVE-2022-0909
CVE-2022-0921Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12.https://nvd.nist.gov/vuln/detail/CVE-2022-0921
CVE-2022-0924Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.https://nvd.nist.gov/vuln/detail/CVE-2022-0924
CVE-2022-23625Wire-ios is a messaging application using the wire protocol on apple's ios platform. In versions prior to 3.95 malformed resource identifiers may render the iOS Wire Client completely unusable by causing it to repeatedly crash on launch. These malformed resource identifiers can be generated and sent between Wire users. The root cause lies in [wireapp/wire-ios-transport](https://github.com/wireapp/wire-ios-transport), where code responsible for removing sensible tokens before logging may fail and lead to a crash (Swift exception) of the application. This causes undesirable behavior, however the (greater) Wire system is still functional. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.https://nvd.nist.gov/vuln/detail/CVE-2022-23625
CVE-2022-23730The public API error causes for the attacker to be able to bypass API access control.https://nvd.nist.gov/vuln/detail/CVE-2022-23730
CVE-2022-23731V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models.https://nvd.nist.gov/vuln/detail/CVE-2022-23731
CVE-2022-23924Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.https://nvd.nist.gov/vuln/detail/CVE-2022-23924
CVE-2022-23925Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.https://nvd.nist.gov/vuln/detail/CVE-2022-23925
CVE-2022-23926Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.https://nvd.nist.gov/vuln/detail/CVE-2022-23926
CVE-2022-23927Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.https://nvd.nist.gov/vuln/detail/CVE-2022-23927
CVE-2022-23928Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.https://nvd.nist.gov/vuln/detail/CVE-2022-23928
CVE-2022-23929Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.https://nvd.nist.gov/vuln/detail/CVE-2022-23929
CVE-2022-23930Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.https://nvd.nist.gov/vuln/detail/CVE-2022-23930
CVE-2022-23931Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.https://nvd.nist.gov/vuln/detail/CVE-2022-23931
CVE-2022-23932Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.https://nvd.nist.gov/vuln/detail/CVE-2022-23932
CVE-2022-23933Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.https://nvd.nist.gov/vuln/detail/CVE-2022-23933
CVE-2022-23934Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.https://nvd.nist.gov/vuln/detail/CVE-2022-23934
CVE-2022-24094Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.https://nvd.nist.gov/vuln/detail/CVE-2022-24094
CVE-2022-25216An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access, by means of an HTTP GET request to http://<IP_ADDRESS>:32080/download/<URL_ENCODED_PATH>.https://nvd.nist.gov/vuln/detail/CVE-2022-25216
CVE-2022-25600Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3).https://nvd.nist.gov/vuln/detail/CVE-2022-25600
CVE-2022-25601Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4).https://nvd.nist.gov/vuln/detail/CVE-2022-25601
CVE-2022-25621UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior, UNIVERGE WA 2021 Ver8.2.11 and prior, UNIVERGE WA 2610-AP Ver8.2.11 and prior, UNIVERGE WA 2611-AP Ver8.2.11 and prior, UNIVERGE WA 2611E-AP Ver8.2.11 and prior, UNIVERGE WA WA2612-AP Ver8.2.11 and prior allows a remote attacker to execute arbitrary OS commands.https://nvd.nist.gov/vuln/detail/CVE-2022-25621
CVE-2021-44667A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters.https://nvd.nist.gov/vuln/detail/CVE-2021-44667
CVE-2022-24754PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to `PJSIP_MD5STRLEN` before passing to PJSIP.https://nvd.nist.gov/vuln/detail/CVE-2022-24754
CVE-2022-25839The package url-js before 2.1.0 are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\\\\\\\\\\\\\localhost and http://localhost are the same URL. However, the hostname is not parsed as localhost, and the backslash is reflected as it is.https://nvd.nist.gov/vuln/detail/CVE-2022-25839
CVE-2022-24415Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.https://nvd.nist.gov/vuln/detail/CVE-2022-24415
CVE-2022-24416Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.https://nvd.nist.gov/vuln/detail/CVE-2022-24416
CVE-2022-24419Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.https://nvd.nist.gov/vuln/detail/CVE-2022-24419
CVE-2022-24420Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.https://nvd.nist.gov/vuln/detail/CVE-2022-24420
CVE-2022-24421Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.https://nvd.nist.gov/vuln/detail/CVE-2022-24421
CVE-2021-41848An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It mishandles software updates such that local third-party apps can provide a spoofed software update file that contains an arbitrary shell script and arbitrary ARM binary, where both will be executed as the root user with an SELinux domain named osi. To exploit this vulnerability, a local third-party app needs to have write access to external storage to write the spoofed update at the expected path. The vulnerable system binary (i.e., /system/bin/osi_bin) does not perform any authentication of the update file beyond ensuring that it is encrypted with an AES key (that is hard-coded in the vulnerable system binary). Processes executing with the osi SELinux domain can programmatically perform the following actions: install apps, grant runtime permissions to apps (including permissions with protection levels of dangerous and development), access extensive Personally Identifiable Information (PII) using the programmatically grant permissions, uninstall apps, set the default launcher app to a malicious launcher app that spoofs other apps, set a network proxy to intercept network traffic, unload kernel modules, set the default keyboard to a keyboard that has keylogging functionality, examine notification contents, send text messages, and more. The spoofed update can optionally contain an arbitrary ARM binary that will be locally stored in internal storage and executed at system startup to achieve persistent code execution as the root user with the osi SELinux domain. This ARM binary will continue to execute at startup even if the app that provided the spoofed update is uninstalled.https://nvd.nist.gov/vuln/detail/CVE-2021-41848
CVE-2021-41849An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user's list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software.https://nvd.nist.gov/vuln/detail/CVE-2021-41849
CVE-2021-41850An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property values can be obtained via getprop by all third-party applications co-located on the device, even those with no permissions granted, exposing the IMEI values to processes without enforcing any access control.https://nvd.nist.gov/vuln/detail/CVE-2021-41850
CVE-2021-42262An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition.https://nvd.nist.gov/vuln/detail/CVE-2021-42262
CVE-2021-42577An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference.https://nvd.nist.gov/vuln/detail/CVE-2021-42577
CVE-2022-24760Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file `DatabaseController.js`, so it is likely to affect Postgres and any other database backend as well. This vulnerability has been confirmed on Linux (Ubuntu) and Windows. Users are advised to upgrade as soon as possible. The only known workaround is to manually patch your installation with code referenced at the source GHSA-p6h4-93qp-jhcm.https://nvd.nist.gov/vuln/detail/CVE-2022-24760
CVE-2022-26276An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal.https://nvd.nist.gov/vuln/detail/CVE-2022-26276
CVE-2022-26533Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist.https://nvd.nist.gov/vuln/detail/CVE-2022-26533
CVE-2022-0880Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.https://nvd.nist.gov/vuln/detail/CVE-2022-0880
CVE-2022-0926File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.https://nvd.nist.gov/vuln/detail/CVE-2022-0926
CVE-2022-0929XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11.https://nvd.nist.gov/vuln/detail/CVE-2022-0929
CVE-2022-0930File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.https://nvd.nist.gov/vuln/detail/CVE-2022-0930
CVE-2022-26966An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.https://nvd.nist.gov/vuln/detail/CVE-2022-26966
CVE-2022-26967GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be triggered via MP4Box.https://nvd.nist.gov/vuln/detail/CVE-2022-26967
CVE-2022-23960Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.https://nvd.nist.gov/vuln/detail/CVE-2022-23960
CVE-2021-45886An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally valid, making the web application vulnerable to a weakened version of CSRF, where an arbitrary token of a low-privileged user (such as operator) can be used to confirm actions of higher-privileged ones (such as xpadmin).https://nvd.nist.gov/vuln/detail/CVE-2021-45886
CVE-2021-45887An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private/SchemaSetUpload.do for uploaded ZIP files, an executable script can be uploaded by web application administrators, giving the attacker remote code execution on the underlying server via an imgs/*.jsp URI.https://nvd.nist.gov/vuln/detail/CVE-2021-45887
CVE-2021-45888An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role Configuration Administrator or Administrator.https://nvd.nist.gov/vuln/detail/CVE-2021-45888
CVE-2021-45889An issue was discovered in PONTON X/P Messenger before 3.11.2. Several functions are vulnerable to reflected XSS, as demonstrated by private/index.jsp?partners/ShowNonLocalPartners.do?localID= or private/index.jsp or private/index.jsp?database/databaseTab.jsp or private/index.jsp?activation/activationMainTab.jsp or private/index.jsp?communication/serverTab.jsp or private/index.jsp?emailNotification/notificationTab.jsp.https://nvd.nist.gov/vuln/detail/CVE-2021-45889
CVE-2022-24128Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivileged user to precreate objects. These objects will be used by the installer (which executes as Superuser), leading to privilege escalation. In order to be able to take advantage of this, an unprivileged user would need to be able to create objects in a database and then get a Superuser to install TimescaleDB into their database. (In the fixed versions, the installation aborts when it finds that an object already exists.)https://nvd.nist.gov/vuln/detail/CVE-2022-24128
CVE-2022-24696Mirametrix Glance before 5.1.1.42207 (released on 2018-08-30) allows a local attacker to elevate privileges. NOTE: this is unrelated to products from the glance.com and glance.net websites.https://nvd.nist.gov/vuln/detail/CVE-2022-24696
CVE-2022-26981Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c).https://nvd.nist.gov/vuln/detail/CVE-2022-26981
CVE-2021-46709phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows parameter (aka num or number).https://nvd.nist.gov/vuln/detail/CVE-2021-46709
CVE-2021-43954The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-43954
CVE-2022-0937Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4.https://nvd.nist.gov/vuln/detail/CVE-2022-0937
CVE-2022-0341Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12.https://nvd.nist.gov/vuln/detail/CVE-2022-0341
CVE-2022-0938Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4.https://nvd.nist.gov/vuln/detail/CVE-2022-0938
CVE-2022-0940Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.https://nvd.nist.gov/vuln/detail/CVE-2022-0940
CVE-2022-22719A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.https://nvd.nist.gov/vuln/detail/CVE-2022-22719
CVE-2022-22720Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smugglinghttps://nvd.nist.gov/vuln/detail/CVE-2022-22720
CVE-2022-22721If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.https://nvd.nist.gov/vuln/detail/CVE-2022-22721
CVE-2022-23943Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.https://nvd.nist.gov/vuln/detail/CVE-2022-23943
CVE-2022-0941Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.https://nvd.nist.gov/vuln/detail/CVE-2022-0941
CVE-2022-24384Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.https://nvd.nist.gov/vuln/detail/CVE-2022-24384
CVE-2022-24385A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.https://nvd.nist.gov/vuln/detail/CVE-2022-24385
CVE-2022-24386Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.https://nvd.nist.gov/vuln/detail/CVE-2022-24386
CVE-2022-24387With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010https://nvd.nist.gov/vuln/detail/CVE-2022-24387
CVE-2022-0946Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4.https://nvd.nist.gov/vuln/detail/CVE-2022-0946
CVE-2022-24574GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_field.isra ().https://nvd.nist.gov/vuln/detail/CVE-2022-24574
CVE-2022-24575GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box.https://nvd.nist.gov/vuln/detail/CVE-2022-24575
CVE-2022-24576GPAC 1.0.1 is affected by Use After Free through MP4Box.https://nvd.nist.gov/vuln/detail/CVE-2022-24576
CVE-2021-24692The Simple Download Monitor WordPress plugin before 3.9.5 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector.https://nvd.nist.gov/vuln/detail/CVE-2021-24692
CVE-2021-24895The Cybersoldier WordPress plugin before 1.7.0 does not sanitise and escape the URL settings before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedhttps://nvd.nist.gov/vuln/detail/CVE-2021-24895
CVE-2021-24897The Add Subtitle WordPress plugin through 1.1.0 does not sanitise or escape the sub-title field (available only with classic editor) when output in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attackshttps://nvd.nist.gov/vuln/detail/CVE-2021-24897
CVE-2021-24940The Persian Woocommerce WordPress plugin through 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issuehttps://nvd.nist.gov/vuln/detail/CVE-2021-24940
CVE-2021-24950The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in the insight_customizer_options_import (available to any authenticated user), does not validate user input before passing it to unserialize(), nor sanitise and escape it before outputting it in the response. As a result, it could allow users with a role as low as Subscriber to perform PHP Object Injection, as well as Stored Cross-Site Scripting attackshttps://nvd.nist.gov/vuln/detail/CVE-2021-24950
CVE-2021-24958The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF checks in the meks_save_business_selected_account AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any authenticated user, such as subscriber could update the plugin's settings and put Cross-Site Scripting payloads in themhttps://nvd.nist.gov/vuln/detail/CVE-2021-24958
CVE-2021-24959The WP Email Users WordPress plugin through 1.7.6 does not escape the data_raw parameter in the weu_selected_users_1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks.https://nvd.nist.gov/vuln/detail/CVE-2021-24959
CVE-2021-24966The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folderhttps://nvd.nist.gov/vuln/detail/CVE-2021-24966
CVE-2021-24982The Child Theme Generator WordPress plugin through 2.2.7 does not sanitise escape the parade parameter before outputting it back, leading to a Reflected Cross-Site Scripting in the admin dashboardhttps://nvd.nist.gov/vuln/detail/CVE-2021-24982
CVE-2021-24995The HTML5 Responsive FAQ WordPress plugin through 2.8.5 does not properly sanitise and escape some of its settings, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowedhttps://nvd.nist.gov/vuln/detail/CVE-2021-24995
CVE-2021-24996The IDPay for Contact Form 7 WordPress plugin through 2.1.2 does not sanitise and escape the idpay_error parameter before outputting it back in the page leading to a Reflected Cross-Site Scriptinghttps://nvd.nist.gov/vuln/detail/CVE-2021-24996
CVE-2021-25003The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCEhttps://nvd.nist.gov/vuln/detail/CVE-2021-25003
CVE-2021-25006The MOLIE WordPress plugin through 0.5 does not escape the course_id parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issuehttps://nvd.nist.gov/vuln/detail/CVE-2021-25006
CVE-2021-25007The MOLIE WordPress plugin through 0.5 does not validate and escape a post parameter before using in a SQL statement, leading to an SQL Injectionhttps://nvd.nist.gov/vuln/detail/CVE-2021-25007
CVE-2021-25026The Patreon WordPress plugin before 1.8.2 does not sanitise and escape the field "Custom Patreon Page name", which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedhttps://nvd.nist.gov/vuln/detail/CVE-2021-25026
CVE-2021-41952Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim's cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS.https://nvd.nist.gov/vuln/detail/CVE-2021-41952
CVE-2021-42171Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth.https://nvd.nist.gov/vuln/detail/CVE-2021-42171
CVE-2021-44964Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.https://nvd.nist.gov/vuln/detail/CVE-2021-44964
CVE-2022-0147The Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected Cross-Site Scripting issuehttps://nvd.nist.gov/vuln/detail/CVE-2022-0147
CVE-2022-0161The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scriptinghttps://nvd.nist.gov/vuln/detail/CVE-2022-0161
CVE-2022-0165The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated usershttps://nvd.nist.gov/vuln/detail/CVE-2022-0165
CVE-2022-0169The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injectionhttps://nvd.nist.gov/vuln/detail/CVE-2022-0169
CVE-2022-0230The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against adminshttps://nvd.nist.gov/vuln/detail/CVE-2022-0230
CVE-2022-0248The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the malicious submissionhttps://nvd.nist.gov/vuln/detail/CVE-2022-0248
CVE-2022-0254The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injectionhttps://nvd.nist.gov/vuln/detail/CVE-2022-0254
CVE-2022-0321The WP Voting Contest WordPress plugin through 2.1 does not sanitise and escape the post_id parameter before outputting it back in the response via the wpvc_social_share_icons AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issuehttps://nvd.nist.gov/vuln/detail/CVE-2022-0321
CVE-2022-0327The Master Addons for Elementor WordPress plugin before 1.8.5 does not sanitise and escape the error_message parameter before outputting it back in the response of the jltma_restrict_content AJAX action, available to unauthenticated and authenticated users, leading to a Reflected Cross-Site Scriptinghttps://nvd.nist.gov/vuln/detail/CVE-2022-0327
CVE-2022-0399The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener AJAX action's response, leading to a Reflected Cross-Site Scriptinghttps://nvd.nist.gov/vuln/detail/CVE-2022-0399
CVE-2022-0449The Flexi WordPress plugin before 4.20 does not sanitise and escape various parameters before outputting them back in some pages such as the user dashboard, leading to a Reflected Cross-Site Scriptinghttps://nvd.nist.gov/vuln/detail/CVE-2022-0449
CVE-2022-0478The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the post_author_gutenberg parameter before using it in a SQL statement when creating/editing events, which could allow users with a role as low as contributor to perform SQL Injection attackshttps://nvd.nist.gov/vuln/detail/CVE-2022-0478
CVE-2022-0503The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.2 does not sanitise and escape the s parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in the network dashboardhttps://nvd.nist.gov/vuln/detail/CVE-2022-0503
CVE-2022-0593The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation.https://nvd.nist.gov/vuln/detail/CVE-2022-0593
CVE-2022-0601The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 does not sanitize and escape the post parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.https://nvd.nist.gov/vuln/detail/CVE-2022-0601
CVE-2022-0648The Team Circle Image Slider With Lightbox WordPress plugin before 1.0.16 does not sanitize and escape the order_pos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.https://nvd.nist.gov/vuln/detail/CVE-2022-0648
CVE-2022-0658The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendar_data AJAX action (available to unauthenticated users) before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injectionhttps://nvd.nist.gov/vuln/detail/CVE-2022-0658
CVE-2022-0659The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedhttps://nvd.nist.gov/vuln/detail/CVE-2022-0659
CVE-2022-0674The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedhttps://nvd.nist.gov/vuln/detail/CVE-2022-0674
CVE-2022-0684The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedhttps://nvd.nist.gov/vuln/detail/CVE-2022-0684
CVE-2022-0700The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedhttps://nvd.nist.gov/vuln/detail/CVE-2022-0700
CVE-2022-0701The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedhttps://nvd.nist.gov/vuln/detail/CVE-2022-0701
CVE-2022-0702The Petfinder Listings WordPress plugin through 1.0.18 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedhttps://nvd.nist.gov/vuln/detail/CVE-2022-0702
CVE-2022-0703The GD Mylist WordPress plugin through 1.1.1 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedhttps://nvd.nist.gov/vuln/detail/CVE-2022-0703
CVE-2022-0960Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4.https://nvd.nist.gov/vuln/detail/CVE-2022-0960
CVE-2022-22734The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in themhttps://nvd.nist.gov/vuln/detail/CVE-2022-22734
CVE-2022-22735The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation (and CSRF) checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, allowing any authenticated users, such as subscriber to perform SQL injection attackshttps://nvd.nist.gov/vuln/detail/CVE-2022-22735
CVE-2022-24577GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen ().https://nvd.nist.gov/vuln/detail/CVE-2022-24577
CVE-2022-0962Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4.https://nvd.nist.gov/vuln/detail/CVE-2022-0962
CVE-2021-38971IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an authorized user to bypass data masking rules and obtain sensitve information. IBM X-Force ID: 212620.https://nvd.nist.gov/vuln/detail/CVE-2021-38971
CVE-2021-39051IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server registration form in the portal UI to enumerate and attack services that are running on those hosts. IBM X-Force ID: 214441.https://nvd.nist.gov/vuln/detail/CVE-2021-39051
CVE-2021-39055IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214534.https://nvd.nist.gov/vuln/detail/CVE-2021-39055
CVE-2022-22344IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 220038https://nvd.nist.gov/vuln/detail/CVE-2022-22344
CVE-2022-22346IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220048.https://nvd.nist.gov/vuln/detail/CVE-2022-22346
CVE-2022-22348IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 220139.https://nvd.nist.gov/vuln/detail/CVE-2022-22348
CVE-2022-22353IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480.https://nvd.nist.gov/vuln/detail/CVE-2022-22353
CVE-2022-22354IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM X-Force ID: 220485.https://nvd.nist.gov/vuln/detail/CVE-2022-22354
CVE-2022-21187The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the update_repo function (when using hg), the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution.https://nvd.nist.gov/vuln/detail/CVE-2022-21187
CVE-2022-26320The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate.https://nvd.nist.gov/vuln/detail/CVE-2022-26320
CVE-2022-20001fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing to a directory automatically runs `git` commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory into one controlled by the attacker, such as on a shared file system or extracted archive, fish will run arbitrary commands under the attacker's control. This problem has been fixed in fish 3.4.0. Note that running git in these directories, including using the git tab completion, remains a potential trigger for this issue. As a workaround, remove the `fish_git_prompt` function from the prompt.https://nvd.nist.gov/vuln/detail/CVE-2022-20001
CVE-2022-24578GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddString () at bifs/script_dec.c.https://nvd.nist.gov/vuln/detail/CVE-2022-24578
CVE-2022-24733Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. Every response from app should have an X-Frame-Options header set to: ``sameorigin``. To achieve that, add a new `subscriber` in the app.https://nvd.nist.gov/vuln/detail/CVE-2022-24733
CVE-2022-24742Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must strictly redirect to login page even browser back button is pressed. Another possibility is to set more strict cache policies for restricted content.https://nvd.nist.gov/vuln/detail/CVE-2022-24742
CVE-2022-0943Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.https://nvd.nist.gov/vuln/detail/CVE-2022-0943
CVE-2022-24743Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\Bundle\\ApiBundle\\CommandHandler\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory.https://nvd.nist.gov/vuln/detail/CVE-2022-24743
CVE-2022-24749Sylius is an open source eCommerce platform. In versions prior to 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting (XSS) code in the admin panel. In order to perform a XSS attack, the file itself has to be open in a new card or loaded outside of the IMG tag. The problem applies both to the files opened on the admin panel and shop pages. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. As a workaround, require a library that adds on-upload file sanitization and overwrite the service before writing the file to the filesystem. The GitHub Security Advisory contains more specific information about the workaround.https://nvd.nist.gov/vuln/detail/CVE-2022-24749
CVE-2021-42387Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in the length of a copy operation, without checking the upper bounds of the source of the copy operation.https://nvd.nist.gov/vuln/detail/CVE-2021-42387
CVE-2021-42388Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in the length of a copy operation, without checking the lower bounds of the source of the copy operation.https://nvd.nist.gov/vuln/detail/CVE-2021-42388
CVE-2021-42389Divide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.https://nvd.nist.gov/vuln/detail/CVE-2021-42389
CVE-2021-42390Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.https://nvd.nist.gov/vuln/detail/CVE-2021-42390
CVE-2021-42391Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.https://nvd.nist.gov/vuln/detail/CVE-2021-42391
CVE-2021-43304Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits.https://nvd.nist.gov/vuln/detail/CVE-2021-43304
CVE-2021-43305Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.https://nvd.nist.gov/vuln/detail/CVE-2021-43305
CVE-2022-24740Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user's account and privileges. This occurs when using an outdated version of the `react-cookie` library and a server is under high load. A proof of concept does not currently exist, but it is possible for this issue to occur in the wild. The patch and fix is present in Volto 15.0.0-alpha.0. As a workaround, one may manually upgrade the `react-cookie` package to 4.1.1 and then override all Volto components that use this library.https://nvd.nist.gov/vuln/detail/CVE-2022-24740
CVE-2022-24762sysend.js is a library that allows a user to send messages between pages that are open in the same browser. Users that use cross-origin communication may have their communications intercepted. Impact is limited by the communication occurring in the same browser. This issue has been patched in sysend.js version 1.10.0. The only currently known workaround is to avoid sending communications that a user does not want to have intercepted via sysend messages.https://nvd.nist.gov/vuln/detail/CVE-2022-24762
CVE-2022-0944Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1.https://nvd.nist.gov/vuln/detail/CVE-2022-0944
CVE-2022-0945Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4.https://nvd.nist.gov/vuln/detail/CVE-2022-0945
CVE-2022-27193CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter.https://nvd.nist.gov/vuln/detail/CVE-2022-27193
CVE-2022-0950Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4.https://nvd.nist.gov/vuln/detail/CVE-2022-0950
CVE-2022-0951File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4.https://nvd.nist.gov/vuln/detail/CVE-2022-0951
CVE-2022-0893Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.https://nvd.nist.gov/vuln/detail/CVE-2022-0893
CVE-2022-0894Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.https://nvd.nist.gov/vuln/detail/CVE-2022-0894
CVE-2021-45010Path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager Project's Tiny File Manager 2.4.1 allows remote attackers with valid user accounts to upload malicious PHP files to the webroot and achieve code execution on the target server.https://nvd.nist.gov/vuln/detail/CVE-2021-45010
CVE-2022-0954Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.https://nvd.nist.gov/vuln/detail/CVE-2022-0954
CVE-2022-0956Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4.https://nvd.nist.gov/vuln/detail/CVE-2022-0956
CVE-2022-0957Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4.https://nvd.nist.gov/vuln/detail/CVE-2022-0957
CVE-2022-0942Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4.https://nvd.nist.gov/vuln/detail/CVE-2022-0942
CVE-2022-24721CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may be able to watch cluster-internal traffic that contains other users' (possibly sensitive) data. By publishing to those channels, a remote user may be able to create/modify/delete other user's data and modify the cluster structure. A fix is available in versions 5.0.11, 6.0.6, and 7.0.6. As a workaround, install a custom `SecurityPolicy` that forbids subscription and publishing to remote, non-Oort, sessions on Oort and Seti channels.https://nvd.nist.gov/vuln/detail/CVE-2022-24721
CVE-2022-0430Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository httpie/httpie prior to 3.1.0.https://nvd.nist.gov/vuln/detail/CVE-2022-0430
CVE-2022-0961The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12.https://nvd.nist.gov/vuln/detail/CVE-2022-0961
CVE-2022-24752SyliusGridBundle is a package of generic data grids for Symfony applications. Prior to versions 1.10.1 and 1.11-rc2, values added at the end of query sorting were passed directly to the database. The maintainers do not know if this could lead to direct SQL injections but took steps to remediate the vulnerability. The issue is fixed in versions 1.10.1 and 1.11-rc2. As a workaround, overwrite the`Sylius\\Component\\Grid\\Sorting\\Sorter.php` class and register it in the container. More information about this workaround is available in the GitHub Security Advisory.https://nvd.nist.gov/vuln/detail/CVE-2022-24752
CVE-2022-24755Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, it will skip authorization checks completely. Expired accounts and accounts with expired passwords can still login. This problem will affect users that have PAM enabled. Currently there is no authorization (e.g. check for expired or disabled accounts), but only plain authentication (i.e. check if username and password match). Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 implement the authorization check that was previously missing. The only workaround is to make sure that authentication fails if the user is not authorized.https://nvd.nist.gov/vuln/detail/CVE-2022-24755
CVE-2022-24756Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory. An attacker that is able to use the PAM Console (i.e. by knowing the shared secret or via the WebUI) can flood the Director with failing login attempts which will eventually lead to an out-of-memory condition in which the Director will not work anymore. Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 contain a Bugfix for this problem. Users who are unable to upgrade may disable PAM authentication as a workaround.https://nvd.nist.gov/vuln/detail/CVE-2022-24756
CVE-2022-0963Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.https://nvd.nist.gov/vuln/detail/CVE-2022-0963
CVE-2022-0964Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4.https://nvd.nist.gov/vuln/detail/CVE-2022-0964
CVE-2022-0965Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4.https://nvd.nist.gov/vuln/detail/CVE-2022-0965
CVE-2022-0966Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10.https://nvd.nist.gov/vuln/detail/CVE-2022-0966
CVE-2022-0967Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4.https://nvd.nist.gov/vuln/detail/CVE-2022-0967
CVE-2022-0968The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12.https://nvd.nist.gov/vuln/detail/CVE-2022-0968
CVE-2022-26779Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite. This feature is not enabled by default, the attacker is required to know or guess the project ID for the invite in addition to the invitation token, and the attacker would need to be an existing authorized user of CloudStack.https://nvd.nist.gov/vuln/detail/CVE-2022-26779
CVE-2020-4989IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707.https://nvd.nist.gov/vuln/detail/CVE-2020-4989
CVE-2022-0778The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).https://nvd.nist.gov/vuln/detail/CVE-2022-0778
CVE-2022-0970Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31.https://nvd.nist.gov/vuln/detail/CVE-2022-0970
CVE-2022-22771The Server component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: version 7.9.0, TIBCO JasperReports Library for ActiveMatrix BPM: version 7.9.0, TIBCO JasperReports Server: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and 7.9.1, and TIBCO JasperReports Server for Microsoft Azure: version 7.9.1.https://nvd.nist.gov/vuln/detail/CVE-2022-22771
CVE-2022-27195Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their `build.xml` files. These values are stored unencrypted and can be viewed by users with access to the Jenkins controller file system.https://nvd.nist.gov/vuln/detail/CVE-2022-27195
CVE-2022-27196Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions.https://nvd.nist.gov/vuln/detail/CVE-2022-27196
CVE-2022-27197Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views.https://nvd.nist.gov/vuln/detail/CVE-2022-27197
CVE-2022-27198A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.https://nvd.nist.gov/vuln/detail/CVE-2022-27198
CVE-2022-27199A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.https://nvd.nist.gov/vuln/detail/CVE-2022-27199
CVE-2022-27200Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.https://nvd.nist.gov/vuln/detail/CVE-2022-27200
CVE-2022-27201Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.https://nvd.nist.gov/vuln/detail/CVE-2022-27201
CVE-2022-27202Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.https://nvd.nist.gov/vuln/detail/CVE-2022-27202
CVE-2022-27203Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller.https://nvd.nist.gov/vuln/detail/CVE-2022-27203
CVE-2022-27204A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL.https://nvd.nist.gov/vuln/detail/CVE-2022-27204
CVE-2022-27205A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.https://nvd.nist.gov/vuln/detail/CVE-2022-27205
CVE-2022-27206Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.https://nvd.nist.gov/vuln/detail/CVE-2022-27206
CVE-2022-27207Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.https://nvd.nist.gov/vuln/detail/CVE-2022-27207
CVE-2022-27208Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller.https://nvd.nist.gov/vuln/detail/CVE-2022-27208
CVE-2022-27209A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.https://nvd.nist.gov/vuln/detail/CVE-2022-27209
CVE-2022-27210A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.https://nvd.nist.gov/vuln/detail/CVE-2022-27210
CVE-2022-27211A missing/An incorrect permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.https://nvd.nist.gov/vuln/detail/CVE-2022-27211
CVE-2022-27212Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches (and more)' parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.https://nvd.nist.gov/vuln/detail/CVE-2022-27212
CVE-2022-27213Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the Component order configuration values in its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.https://nvd.nist.gov/vuln/detail/CVE-2022-27213
CVE-2022-27214A cross-site request forgery (CSRF) vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.https://nvd.nist.gov/vuln/detail/CVE-2022-27214
CVE-2022-27215A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.https://nvd.nist.gov/vuln/detail/CVE-2022-27215
CVE-2022-27216Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.https://nvd.nist.gov/vuln/detail/CVE-2022-27216
CVE-2022-27217Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.https://nvd.nist.gov/vuln/detail/CVE-2022-27217
CVE-2022-27218Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.https://nvd.nist.gov/vuln/detail/CVE-2022-27218
CVE-2022-25485CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.https://nvd.nist.gov/vuln/detail/CVE-2022-25485
CVE-2022-25486CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.https://nvd.nist.gov/vuln/detail/CVE-2022-25486
CVE-2022-25487Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php.https://nvd.nist.gov/vuln/detail/CVE-2022-25487
CVE-2022-25488Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php.https://nvd.nist.gov/vuln/detail/CVE-2022-25488
CVE-2022-25489Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "A" parameter in /widgets/debug.php.https://nvd.nist.gov/vuln/detail/CVE-2022-25489
CVE-2022-25490HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php.https://nvd.nist.gov/vuln/detail/CVE-2022-25490
CVE-2022-25491HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php.https://nvd.nist.gov/vuln/detail/CVE-2022-25491
CVE-2022-25492HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php.https://nvd.nist.gov/vuln/detail/CVE-2022-25492
CVE-2022-25493HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php.https://nvd.nist.gov/vuln/detail/CVE-2022-25493
CVE-2022-25494Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via staff_login.php.https://nvd.nist.gov/vuln/detail/CVE-2022-25494
CVE-2022-25495The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file.https://nvd.nist.gov/vuln/detail/CVE-2022-25495
CVE-2022-25497CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.https://nvd.nist.gov/vuln/detail/CVE-2022-25497
CVE-2022-25498CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php.https://nvd.nist.gov/vuln/detail/CVE-2022-25498
CVE-2021-45848Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character.https://nvd.nist.gov/vuln/detail/CVE-2021-45848
CVE-2021-29134The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL.https://nvd.nist.gov/vuln/detail/CVE-2021-29134
CVE-2022-23989In Stormshield Network Security (SNS) 3.7.6 through 3.7.24, 3.11.1 through 3.11.12, 4.2.1 through 4.2.9, and 4.3.0 through 4.3.4, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service.https://nvd.nist.gov/vuln/detail/CVE-2022-23989
CVE-2022-26206Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the langType parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-26206
CVE-2022-26207Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the ipDoamin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-26207
CVE-2022-26208Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-26208
CVE-2022-26209Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-26209
CVE-2022-26210Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-26210
CVE-2022-26211Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-26211
CVE-2022-26212Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-26212
CVE-2022-26213Totolink X5000R_Firmware v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function setNtpCfg, via the tz parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-26213
CVE-2022-26214Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the host_time parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-26214
CVE-2022-26990Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the firewall-local log function via the EmailAddress, SmtpServerName, SmtpUsername, and SmtpPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-26990
CVE-2022-26991Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ntp function via the TimeZone parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-26991
CVE-2022-26992Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ddns function via the DdnsUserName, DdnsHostName, and DdnsPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-26992
CVE-2022-26993Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pppoe function via the pppoeUserName, pppoePassword, and pppoe_Service parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-26993
CVE-2022-26994Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pptp function via the pptpUserName and pptpPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-26994
CVE-2022-26995Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pptp.html) function via the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-26995
CVE-2022-26996Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoe_username, pppoe_passwd, and pppoe_servicename parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-26996
CVE-2022-26997Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp function via the upnp_ttl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-26997
CVE-2022-26998Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting function via the wps_enrolee_pin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-26998
CVE-2022-26999Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wan_ip_stat, wan_mask_stat, wan_gw_stat, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-26999
CVE-2022-27000Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the h_primary_ntp_server, h_backup_ntp_server, and h_time_zone parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-27000
CVE-2022-27001Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-27001
CVE-2022-27002Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddns?ddns_host parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-27002
CVE-2022-27003Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6rd function via the relay6rd parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-27003
CVE-2022-27004Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-27004
CVE-2022-27005Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-27005