Security Bulletin 23 Mar 2022

Published on 23 Mar 2022

Updated on 23 Mar 2022

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Criticalvulnerabilities with a base score of 9.0 to 10.0
Highvulnerabilities with a base score of 7.0 to 8.9
Mediumvulnerabilities with a base score of 4.0 to 6.9
Lowvulnerabilities with a base score of 0.1 to 3.9
Nonevulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2021-38503The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.10https://nvd.nist.gov/vuln/detail/CVE-2021-38503
CVE-2022-22947In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.10https://nvd.nist.gov/vuln/detail/CVE-2022-22947
CVE-2022-24760Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file `DatabaseController.js`, so it is likely to affect Postgres and any other database backend as well. This vulnerability has been confirmed on Linux (Ubuntu) and Windows. Users are advised to upgrade as soon as possible. The only known workaround is to manually patch your installation with code referenced at the source GHSA-p6h4-93qp-jhcm.10https://nvd.nist.gov/vuln/detail/CVE-2022-24760
CVE-2016-9877An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.9.8https://nvd.nist.gov/vuln/detail/CVE-2016-9877
CVE-2020-12278An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-12278
CVE-2020-12279An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-12279
CVE-2020-12504Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-12504
CVE-2021-3199Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. sequence in an image upload parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-3199
CVE-2021-44529A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44529
CVE-2021-44790A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44790
CVE-2021-42392The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-42392
CVE-2021-44734Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44734
CVE-2021-44735Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44735
CVE-2021-44736The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44736
CVE-2022-23935lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\\|$/ check, leading to command injection.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23935
CVE-2022-0339Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0339
CVE-2021-24762The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-24762
CVE-2022-24112An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24112
CVE-2022-24724cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24724
CVE-2022-0839Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0839
CVE-2022-26495In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26495
CVE-2022-26496In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26496
CVE-2022-22805A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22805
CVE-2022-22806A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22806
CVE-2022-0895Static Code Injection in GitHub repository microweber/microweber prior to 1.3.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0895
CVE-2021-42786It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not have any input validation of the user's input that allowed a malicious payload to be injected.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-42786
CVE-2022-24600Luocms v2.0 is affected by SQL Injection through /admin/login.php. An attacker can log in to the background through SQL injection statements.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24600
CVE-2022-24602Luocms v2.0 is affected by SQL Injection in /admin/news/news_mod.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24602
CVE-2022-24603Luocms v2.0 is affected by SQL Injection in /admin/news/sort_mod.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24603
CVE-2022-24604Luocms v2.0 is affected by SQL Injection in /admin/link/link_mod.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24604
CVE-2022-24605Luocms v2.0 is affected by SQL Injection in /admin/link/link_ok.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24605
CVE-2022-24606Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24606
CVE-2022-24607Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24607
CVE-2022-24609Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/template_manage.php, an attacker can write an arbitrary shell file.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24609
CVE-2022-24651sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24651
CVE-2022-24652sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24652
CVE-2022-24995Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24995
CVE-2022-25818Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25818
CVE-2022-26100SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a result, the SAPCAR process may crash, and the attacker may obtain privileged access to the system.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26100
CVE-2022-26143The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26143
CVE-2021-44597An Access Control vunerabiity exists in Gerapy v 0.9.7 via the spider parameter in project_configure function.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44597
CVE-2022-21194The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-21194
CVE-2022-23402The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.009.8https://nvd.nist.gov/vuln/detail/CVE-2022-23402
CVE-2021-44618A Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44618
CVE-2021-44620A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44620
CVE-2022-24433The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary command execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24433
CVE-2022-23730The public API error causes for the attacker to be able to bypass API access control.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23730
CVE-2022-25621UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior, UNIVERGE WA 2021 Ver8.2.11 and prior, UNIVERGE WA 2610-AP Ver8.2.11 and prior, UNIVERGE WA 2611-AP Ver8.2.11 and prior, UNIVERGE WA 2611E-AP Ver8.2.11 and prior, UNIVERGE WA WA2612-AP Ver8.2.11 and prior allows a remote attacker to execute arbitrary OS commands.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25621
CVE-2021-45887An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private/SchemaSetUpload.do for uploaded ZIP files, an executable script can be uploaded by web application administrators, giving the attacker remote code execution on the underlying server via an imgs/*.jsp URI.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-45887
CVE-2022-22720Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22720
CVE-2022-22721If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22721
CVE-2022-23943Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23943
CVE-2021-25003The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE9.8https://nvd.nist.gov/vuln/detail/CVE-2021-25003
CVE-2021-25007The MOLIE WordPress plugin through 0.5 does not validate and escape a post parameter before using in a SQL statement, leading to an SQL Injection9.8https://nvd.nist.gov/vuln/detail/CVE-2021-25007
CVE-2021-42171Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-42171
CVE-2022-0169The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0169
CVE-2022-0254The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0254
CVE-2022-0658The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendar_data AJAX action (available to unauthenticated users) before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0658
CVE-2022-21187The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the update_repo function (when using hg), the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-21187
CVE-2022-26206Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the langType parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26206
CVE-2022-26207Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the ipDoamin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26207
CVE-2022-26208Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26208
CVE-2022-26209Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26209
CVE-2022-26210Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26210
CVE-2022-26211Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26211
CVE-2022-26212Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26212
CVE-2022-26213Totolink X5000R_Firmware v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function setNtpCfg, via the tz parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26213
CVE-2022-26214Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the host_time parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26214
CVE-2022-26990Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the firewall-local log function via the EmailAddress, SmtpServerName, SmtpUsername, and SmtpPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26990
CVE-2022-26991Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ntp function via the TimeZone parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26991
CVE-2022-26992Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ddns function via the DdnsUserName, DdnsHostName, and DdnsPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26992
CVE-2022-26993Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pppoe function via the pppoeUserName, pppoePassword, and pppoe_Service parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26993
CVE-2022-26994Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pptp function via the pptpUserName and pptpPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26994
CVE-2022-27003Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6rd function via the relay6rd parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27003
CVE-2022-27004Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27004
CVE-2022-27005Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27005
CVE-2021-43958Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials for authentication via a improper restriction of excess authentication attempts vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43958
CVE-2021-45786In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-45786
CVE-2021-23158A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a write-what-where condition, allowing an attacker to execute arbitrary code and denial of service.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-23158
CVE-2021-23165A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdf_prepare_outpages(), in ps-pdf.cxx may lead to execute arbitrary code and denial of service.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-23165
CVE-2021-39713Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel9.8https://nvd.nist.gov/vuln/detail/CVE-2021-39713
CVE-2021-39723Product: AndroidVersions: Android kernelAndroid ID: A-209014813References: N/A9.8https://nvd.nist.gov/vuln/detail/CVE-2021-39723
CVE-2022-23959In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-23959
CVE-2022-0715A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)9.1https://nvd.nist.gov/vuln/detail/CVE-2022-0715
CVE-2021-33293Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-bounds read in the function panoParserFindOLine() in parser.c.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-33293
CVE-2022-25922Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-25922
CVE-2022-0871Improper Authorization in GitHub repository gogs/gogs prior to 0.12.5.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-0871
CVE-2022-0860Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-0860

OTHER VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2020-3425Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-3425
CVE-2021-20083Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-20083
CVE-2021-29256. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-29256
CVE-2021-29970A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-29970
CVE-2021-29972A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox < 90.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-29972
CVE-2021-29976Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-29976
CVE-2021-29977Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 90.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-29977
CVE-2021-29980Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-29980
CVE-2021-29981An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-29981
CVE-2021-29984Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-29984
CVE-2021-29985A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-29985
CVE-2021-29988Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-29988
CVE-2021-29989Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-29989
CVE-2021-29990Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 91.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-29990
CVE-2021-38493Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-38493
CVE-2021-38495Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-38495
CVE-2021-38496During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-38496
CVE-2021-38500Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-38500
CVE-2021-38504When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-38504
CVE-2021-43534Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-43534
CVE-2021-43535A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-43535
CVE-2021-43537An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-43537
CVE-2021-43539Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-43539
CVE-2021-45960In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).8.8https://nvd.nist.gov/vuln/detail/CVE-2021-45960
CVE-2022-22990A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-22990
CVE-2021-44737PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-44737
CVE-2021-25076The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting8.8https://nvd.nist.gov/vuln/detail/CVE-2021-25076
CVE-2022-22993A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. The vulnerability was addressed by creating a whitelist for valid parameters.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-22993
CVE-2022-0306Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0306
CVE-2022-24508Windows SMBv3 Client/Server Remote Code Execution Vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24508
CVE-2022-24512.NET and Visual Studio Remote Code Execution Vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24512
CVE-2022-24732Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing filtering mechanisms.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24732
CVE-2022-0204A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0204
CVE-2022-23940SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients property. By using a crafted request, they can create a malicious report, containing a PHP-deserialization payload in the email_recipients field. Once someone accesses this report, the backend will deserialize the content of the email_recipients field and the payload gets executed. Project dependencies include a number of interesting PHP deserialization gadgets (e.g., Monolog/RCE1 from phpggc) that can be used for Code Execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-23940
CVE-2022-24644ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affected installation of KeyMouse.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24644
CVE-2022-24915The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services).8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24915
CVE-2022-26846SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-26846
CVE-2021-44673A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-44673
CVE-2021-39022IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. IBM X-Force ID: 213858.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-39022
CVE-2022-25510FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-25510
CVE-2022-21808Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-21808
CVE-2022-22729CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-22729
CVE-2022-25600Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3).8.8https://nvd.nist.gov/vuln/detail/CVE-2022-25600
CVE-2021-45886An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally valid, making the web application vulnerable to a weakened version of CSRF, where an arbitrary token of a low-privileged user (such as operator) can be used to confirm actions of higher-privileged ones (such as xpadmin).8.8https://nvd.nist.gov/vuln/detail/CVE-2021-45886
CVE-2021-24959The WP Email Users WordPress plugin through 1.7.6 does not escape the data_raw parameter in the weu_selected_users_1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-24959
CVE-2022-0165The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0165
CVE-2022-0478The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the post_author_gutenberg parameter before using it in a SQL statement when creating/editing events, which could allow users with a role as low as contributor to perform SQL Injection attacks8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0478
CVE-2022-22735The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation (and CSRF) checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, allowing any authenticated users, such as subscriber to perform SQL injection attacks8.8https://nvd.nist.gov/vuln/detail/CVE-2022-22735
CVE-2022-22346IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220048.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-22346
CVE-2021-43304Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-43304
CVE-2021-43305Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-43305
CVE-2021-45010A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-45010
CVE-2022-22771The Server component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: version 7.9.0, TIBCO JasperReports Library for ActiveMatrix BPM: version 7.9.0, TIBCO JasperReports Server: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and 7.9.1, and TIBCO JasperReports Server for Microsoft Azure: version 7.9.1.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-22771
CVE-2022-27223In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-27223
CVE-2020-25721Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-25721
CVE-2019-1737A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is due to improper socket resources handling in the IP SLA responder application code. An attacker could exploit this vulnerability by sending crafted IP SLA packets to an affected device. An exploit could allow the attacker to cause an interface to become wedged, resulting in an eventual denial of service (DoS) condition on the affected device.8.6https://nvd.nist.gov/vuln/detail/CVE-2019-1737
CVE-2019-1740A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability are due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.8.6https://nvd.nist.gov/vuln/detail/CVE-2019-1740
CVE-2022-22351IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted host. IBM X-Force ID: 2203968.6https://nvd.nist.gov/vuln/detail/CVE-2022-22351
CVE-2022-22706An Arm product family through 2022-01-03 has an Exposed Dangerous Method or Function.8.4https://nvd.nist.gov/vuln/detail/CVE-2022-22706
CVE-2022-25219A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP packets, an unauthenticated attacker on the local network can leverage this null byte interaction error in such a way as to make those ephemeral passwords predictable (with 1-in-94 odds). Since the attacker must manipulate data processed by the OpenSSL function RSA_public_decrypt(), successful exploitation of this vulnerability depends on the use of an unpadded RSA cipher (CVE-2022-25218).8.4https://nvd.nist.gov/vuln/detail/CVE-2022-25219
CVE-2021-44224A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).8.2https://nvd.nist.gov/vuln/detail/CVE-2021-44224
CVE-2022-23924Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.8.2https://nvd.nist.gov/vuln/detail/CVE-2022-23924
CVE-2022-23925Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.8.2https://nvd.nist.gov/vuln/detail/CVE-2022-23925
CVE-2022-23926Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.8.2https://nvd.nist.gov/vuln/detail/CVE-2022-23926
CVE-2022-23927Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.8.2https://nvd.nist.gov/vuln/detail/CVE-2022-23927
CVE-2022-23928Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.8.2https://nvd.nist.gov/vuln/detail/CVE-2022-23928
CVE-2022-23929Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.8.2https://nvd.nist.gov/vuln/detail/CVE-2022-23929
CVE-2022-23930Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.8.2https://nvd.nist.gov/vuln/detail/CVE-2022-23930
CVE-2022-23931Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.8.2https://nvd.nist.gov/vuln/detail/CVE-2022-23931
CVE-2022-23932Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.8.2https://nvd.nist.gov/vuln/detail/CVE-2022-23932
CVE-2022-23933Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.8.2https://nvd.nist.gov/vuln/detail/CVE-2022-23933
CVE-2022-23934Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.8.2https://nvd.nist.gov/vuln/detail/CVE-2022-23934
CVE-2022-24743Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\Bundle\\ApiBundle\\CommandHandler\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory.8.2https://nvd.nist.gov/vuln/detail/CVE-2022-24743
CVE-2018-10887A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.8.1https://nvd.nist.gov/vuln/detail/CVE-2018-10887
CVE-2021-29986A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-29986
CVE-2021-3935When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-3935
CVE-2022-25090Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-25090
CVE-2022-25218The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the "plaintext" to which an arbitrary blob of ciphertext will be decrypted by OpenSSL's RSA_public_decrypt() function. This weakness allows the attacker to manipulate the various iterations of the telnetd startup state machine and eventually obtain a root shell on the device, by means of an exchange of crafted UDP packets. In all versions but K2 22.5.9.163 and K3C 32.1.15.93 a successful attack also requires the exploitation of a null-byte interaction error (CVE-2022-25219).8.1https://nvd.nist.gov/vuln/detail/CVE-2022-25218
CVE-2022-21177There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-21177
CVE-2022-22145CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-22145
CVE-2022-22151CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-22151
CVE-2021-42387Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in the length of a copy operation, without checking the upper bounds of the source of the copy operation.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-42387
CVE-2021-42388Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in the length of a copy operation, without checking the lower bounds of the source of the copy operation.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-42388
CVE-2022-24128Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivileged user to precreate objects. These objects will be used by the installer (which executes as Superuser), leading to privilege escalation. In order to be able to take advantage of this, an unprivileged user would need to be able to create objects in a database and then get a Superuser to install TimescaleDB into their database. (In the fixed versions, the installation aborts when it finds that an object already exists.)8https://nvd.nist.gov/vuln/detail/CVE-2022-24128
CVE-2017-4966An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-4966
CVE-2020-3265A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain root-level privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-3265
CVE-2021-3708D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3707, to execute any OS commands on the vulnerable device.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3708
CVE-2021-42726Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-42726
CVE-2021-42721Acrobat Bridge versions 11.1.1 and earlier are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-42721
CVE-2021-42723Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted SGI file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-42723
CVE-2021-42725Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-42725
CVE-2021-42727Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Bridge.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-42727
CVE-2022-21137Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based buffer overflow while processing specific project files, which may allow an attacker to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-21137
CVE-2022-0392Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0392
CVE-2022-0407Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0407
CVE-2022-21999Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21997, CVE-2022-22717, CVE-2022-22718.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-21999
CVE-2021-3760A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3760
CVE-2022-25265In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25265
CVE-2022-0646A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0646
CVE-2022-24048MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24048
CVE-2022-24050MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24050
CVE-2022-24051MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24051
CVE-2022-24052MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24052
CVE-2021-46162A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15048)7.8https://nvd.nist.gov/vuln/detail/CVE-2021-46162
CVE-2021-46699A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains a stack based buffer overflow vulnerability while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15061)7.8https://nvd.nist.gov/vuln/detail/CVE-2021-46699
CVE-2021-3762A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3762
CVE-2022-26490st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26490
CVE-2022-26337Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially crafted file to exploit the vulnerability and escalate local privileges on the affected machine.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26337
CVE-2022-24507Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24507
CVE-2022-24509Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24461, CVE-2022-24510.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24509
CVE-2022-24510Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24461, CVE-2022-24509.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24510
CVE-2021-32025An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32025
CVE-2021-40376otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40376
CVE-2022-0516A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0516
CVE-2022-20048In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917502; Issue ID: ALPS05917502.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-20048
CVE-2022-20053In ims service, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219097; Issue ID: ALPS06219097.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-20053
CVE-2022-20054In ims service, there is a possible AT command injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219083; Issue ID: ALPS06219083.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-20054
CVE-2022-21124Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25234.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-21124
CVE-2022-24285Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority called ACCsvc through a named pipe. In this case, the Named Pipe is also given Read and Write rights to the general user. In addition, the service program does not verify the user when communicating. A thread may exist with a specific command. When the path of the program to be executed is sent, there is a local privilege escalation in which the service program executes the path with system privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24285
CVE-2022-24286Acer QuickAccess 2.01.300x before 2.01.3030 and 3.00.30xx before 3.00.3038 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority through a named pipe. In this case, the Named Pipe is also given Read and Write rights to the general user. In addition, the service program does not verify the user when communicating. A thread may exist with a specific command. When the path of the program to be executed is sent, there is a local privilege escalation in which the service program executes the path with system privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24286
CVE-2022-24396The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities and read, modify, or delete sensitive information and configurations.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24396
CVE-2022-24618Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by triggering a "Repair" on the MSI package located in C:\\Windows\\Installer.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24618
CVE-2022-24928Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24928
CVE-2022-24931Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24931
CVE-2022-24960A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. A crafted PDF can overwrite RIP with data previously allocated on the heap. This issue affects: PDFTron PDFTron SDK 9.2.0 on OSX; 9.2.0 on Linux; 9.2.0 on Windows.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24960
CVE-2022-25217Use of a hard-coded cryptographic key pair by the telnetd_startup service allows an attacker on the local area network to obtain a root shell on the device over telnet. The builds of telnetd_startup included in the version 22.5.9.163 of the K2 firmware, and version 32.1.15.93 of the K3C firmware (possibly amongst many other releases) included both the private and public RSA keys. The remaining versions cited here redacted the private key, but left the public key unchanged. An attacker in possession of the leaked private key may, through a scripted exchange of UDP packets, instruct telnetd_startup to spawn an unauthenticated telnet shell as root, by means of which they can then obtain complete control of the device. A consequence of the limited availablility of firmware images for testing is that models and versions not listed here may share this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25217
CVE-2022-25294Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. All versions prior to 7.12.1 are affected. Agents for MacOS and Linux and Cloud are unaffected. Proofpoint has released fixed software version 7.12.1. The fixed software versions are available through the customer support portal.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25294
CVE-2022-25814PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25814
CVE-2022-25815PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25815
CVE-2022-24750UltraVNC is a free and open source remote pc access software. A vulnerability has been found in versions prior to 1.3.8.0 in which the DSM plugin module, which allows a local authenticated user to achieve local privilege escalation (LPE) on a vulnerable system. The vulnerability has been fixed to allow loading of plugins from the installed directory. Affected users should upgrade their UltraVNC to 1.3.8.0. Users unable to upgrade should not install and run UltraVNC server as a service. It is advisable to create a scheduled task on a low privilege account to launch WinVNC.exe instead. There are no known workarounds if wincnc needs to be started as a service.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24750
CVE-2022-22141'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22141
CVE-2022-22148'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22148
CVE-2022-23401The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23401
CVE-2021-33658atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-33658
CVE-2022-23187Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Illustrator.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23187
CVE-2022-23731V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23731
CVE-2022-24094Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24094
CVE-2022-24095Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24095
CVE-2022-24096Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by an Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24096
CVE-2022-24097Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24097
CVE-2022-24415Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24415
CVE-2022-24416Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24416
CVE-2022-24419Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24419
CVE-2022-24420Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24420
CVE-2022-24421Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24421
CVE-2021-41850An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property values can be obtained via getprop by all third-party applications co-located on the device, even those with no permissions granted, exposing the IMEI values to processes without enforcing any access control.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-41850
CVE-2022-26967GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be triggered via MP4Box.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26967
CVE-2022-24696Mirametrix Glance before 5.1.1.42207 (released on 2018-08-30) allows a local attacker to elevate privileges. NOTE: this is unrelated to products from the glance.com and glance.net websites.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24696
CVE-2022-26981Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c).7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26981
CVE-2022-24575GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24575
CVE-2022-24577GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen ().7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24577
CVE-2022-20001fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing to a directory automatically runs `git` commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory into one controlled by the attacker, such as on a shared file system or extracted archive, fish will run arbitrary commands under the attacker's control. This problem has been fixed in fish 3.4.0. Note that running git in these directories, including using the git tab completion, remains a potential trigger for this issue. As a workaround, remove the `fish_git_prompt` function from the prompt.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-20001
CVE-2022-24578GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddString () at bifs/script_dec.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24578
CVE-2022-0943Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0943
CVE-2022-21946A Improper Privilege Management vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-21946
CVE-2021-0957In NotificationStackScrollLayout of NotificationStackScrollLayout.java, there is a possible way to bypass Factory Reset Protections. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-1931495507.8https://nvd.nist.gov/vuln/detail/CVE-2021-0957
CVE-2021-40734Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40734
CVE-2021-40735Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40735
CVE-2021-40736Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40736
CVE-2021-40738Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40738
CVE-2021-40739Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40739
CVE-2021-40740Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40740
CVE-2021-40763Adobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a WAF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40763
CVE-2021-40764Adobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40764
CVE-2021-40765Adobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40765
CVE-2021-40777Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40777
CVE-2021-40779Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40779
CVE-2021-40780Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40780
CVE-2021-40786Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40786
CVE-2021-40787Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40787
CVE-2021-40792Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40792
CVE-2021-40793Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40793
CVE-2021-40794Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40794
CVE-2021-42526Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-42526
CVE-2021-42527Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-42527
CVE-2021-42533Adobe Bridge version 11.1.1 (and earlier) is affected by a double free vulnerability when parsing a crafted DCM file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-42533
CVE-2021-42719Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .jpe file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-42719
CVE-2021-42720Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-42720
CVE-2021-42722Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-42722
CVE-2021-42724Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-42724
CVE-2021-42728Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Bridge.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-42728
CVE-2021-42729Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-42729
CVE-2021-42730Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious PSD file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-42730
CVE-2022-24092Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24092
CVE-2022-21819NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components.7.6https://nvd.nist.gov/vuln/detail/CVE-2022-21819
CVE-2018-15501In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\\0' byte to trigger an out-of-bounds read that leads to DoS.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-15501
CVE-2019-11287Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-11287
CVE-2021-37419Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-37419
CVE-2021-24917The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-24917
CVE-2021-44878Pac4j v5.1 and earlier allows (by default) clients to accept and successfully validate ID Tokens with "none" algorithm (i.e., tokens with no signature) which is not secure and violates the OpenID Core Specification. The "none" algorithm does not require any signature verification when validating the ID tokens, which allows the attacker to bypass the token validation by injecting a malformed ID token using "none" as the value of "alg" key in the header with an empty signature value.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-44878
CVE-2021-22570Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-22570
CVE-2021-46667MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-46667
CVE-2022-24683HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24683
CVE-2022-23648containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23648
CVE-2022-23327A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a victim node's memory pool, causing a denial of service (DoS).7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23327
CVE-2022-23328A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a victim Geth node, which can purge all of pending transactions in a victim node's memory pool and then occupy the memory pool to prevent new transactions from entering the pool, resulting in a denial of service (DoS).7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23328
CVE-2021-46378DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-46378
CVE-2021-25087The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensitive information disclosure, such as posts passwords (fixed in 3.2.24) and files Master Keys (fixed in 3.2.25).7.5https://nvd.nist.gov/vuln/detail/CVE-2021-25087
CVE-2022-24713regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24713
CVE-2022-24464.NET and Visual Studio Denial of Service Vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24464
CVE-2022-24748Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In versions prior to 6.4.8.2 it is possible to modify customers and to create orders without App Permission. This issue is a result of improper api route checking. Users are advised to upgrade to version 6.4.8.2. There are no known workarounds.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24748
CVE-2022-0618A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS or HTTP/2 PUSH_PROMISE frame where the frame contains padding information without any other data. This logical error caused confusion about the size of the frame, leading to a parsing error. This parsing error immediately crashes the entire process. Sending a HEADERS frame or PUSH_PROMISE frame with HTTP/2 padding information does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted frame. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the frame in memory-safe code, so the crash is safe. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0618
CVE-2022-0725A flaw was found in KeePass. The vulnerability occurs due to logging the plain text passwords in the system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0725
CVE-2022-22547Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows an attacker to access information which would otherwise be restricted via a random port 9000-65535. This allows information gathering which could be used exploit future open-source security exploits.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-22547
CVE-2022-24601Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. An attacker can obtain sensitive information through SQL injection statements.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24601
CVE-2022-25556Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42E328. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25556
CVE-2022-25560Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_4327CC. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25560
CVE-2022-25561Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42DE00. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25561
CVE-2022-26311Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to an Unauthorized Actor. Secrets are not redacted in logs collected from Kubernetes environments.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26311
CVE-2022-26662An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26662
CVE-2022-24726Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing when the validating webhook for a cluster is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [external istiod](https://istio.io/latest/docs/setup/install/external-controlplane/) topologies, this port is exposed over the public internet. This issue has been patched in versions 1.13.2, 1.12.5 and 1.11.8. Users are advised to upgrade. Users unable to upgrade should disable access to a validating webhook that is exposed to the public internet or restrict the set of IP addresses that can query it to a set of known, trusted entities.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24726
CVE-2022-25508An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created routes, or create unsafe or false routes for legitimate users.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25508
CVE-2022-25512FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25512
CVE-2020-36518jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-36518
CVE-2022-0913Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0913
CVE-2021-23246In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-23246
CVE-2021-32476A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32476
CVE-2022-0853A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0853
CVE-2022-25216An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access, by means of an HTTP GET request to http://<IP_ADDRESS>:32080/download/<URL_ENCODED_PATH>.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25216
CVE-2021-42577An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-42577
CVE-2022-22719A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-22719
CVE-2022-22354IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM X-Force ID: 220485.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-22354
CVE-2022-24740Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user's account and privileges. This occurs when using an outdated version of the `react-cookie` library and a server is under high load. A proof of concept does not currently exist, but it is possible for this issue to occur in the wild. The patch and fix is present in Volto 15.0.0-alpha.0. As a workaround, one may manually upgrade the `react-cookie` package to 4.1.1 and then override all Volto components that use this library.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24740
CVE-2022-26779Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite. This feature is not enabled by default, the attacker is required to know or guess the project ID for the invite in addition to the invitation token, and the attacker would need to be an existing authorized user of CloudStack.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26779
CVE-2022-0778The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0778
CVE-2021-45848Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-45848
CVE-2021-43957Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-43957
CVE-2021-20299A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-20299
CVE-2021-39716Product: AndroidVersions: Android kernelAndroid ID: A-206977562References: N/A7.5https://nvd.nist.gov/vuln/detail/CVE-2021-39716
CVE-2022-25514stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25514
CVE-2022-25515stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG() at stb_truetype.h.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25515
CVE-2022-25516stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbtt__find_table at stb_truetype.h.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25516
CVE-2022-21822NVIDIA FLARE contains a vulnerability in the admin interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-21822
CVE-2021-32998The FANUC R-30iA and R-30iB series controllers are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. INIT START/restore from backup required.7.4https://nvd.nist.gov/vuln/detail/CVE-2021-32998
CVE-2022-23607treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods (`treq.get`, `treq.post`, etc.) and `treq.client.HTTPClient` constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to *every* domain ("supercookies"). This can potentially cause sensitive information to leak upon an HTTP redirect to a different domain., e.g. should `https://example.com` redirect to `http://cloudstorageprovider.com` the latter will receive the cookie `session`. Treq 2021.1.0 and later bind cookies given to request methods (`treq.request`, `treq.get`, `HTTPClient.request`, `HTTPClient.get`, etc.) to the origin of the *url* parameter. Users are advised to upgrade. For users unable to upgrade Instead of passing a dictionary as the *cookies* argument, pass a `http.cookiejar.CookieJar` instance with properly domain- and scheme-scoped cookies in it.7.4https://nvd.nist.gov/vuln/detail/CVE-2022-23607
CVE-2022-24738Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. In versions of evmos prior to 2.0.1 attackers are able to drain unclaimed funds from user addresses. To do this an attacker must create a new chain which does not enforce signature verification and connects it to the target evmos instance. The attacker can use this joined chain to transfer unclaimed funds. Users are advised to upgrade. There are no known workarounds for this issue.7.4https://nvd.nist.gov/vuln/detail/CVE-2022-24738
CVE-2022-25214Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated remote attacker to obtain the WPA passphrases for the 2.4GHz and 5.0GHz wireless networks. This is particularly dangerous given that the K2G setup wizard presents the user with the option of using the same password for the 2.4Ghz network and the administrative interface, by clicking a checkbox. When Remote Managment is enabled, these endpoints are exposed to the WAN.7.4https://nvd.nist.gov/vuln/detail/CVE-2022-25214
CVE-2022-24751Zulip is an open source group chat application. Starting with version 4.0 and prior to version 4.11, Zulip is vulnerable to a race condition during account deactivation, where a simultaneous access by the user being deactivated may, in rare cases, allow continued access by the deactivated user. A patch is available in version 4.11 on the 4.x branch and version 5.0-rc1 on the 5.x branch. Upgrading to a fixed version will, as a side effect, deactivate any cached sessions that may have been leaked through this bug. There are currently no known workarounds.7.4https://nvd.nist.gov/vuln/detail/CVE-2022-24751
CVE-2022-0815Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected.7.3https://nvd.nist.gov/vuln/detail/CVE-2022-0815
CVE-2021-35244The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-35244
CVE-2022-0557OS Command Injection in Packagist microweber/microweber prior to 1.2.11.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-0557
CVE-2022-21828A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-21828
CVE-2022-0440The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS constants set to true)7.2https://nvd.nist.gov/vuln/detail/CVE-2022-0440
CVE-2022-24506Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24469, CVE-2022-24515, CVE-2022-24518, CVE-2022-24519.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-24506
CVE-2022-25225Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation (PostgreSQL) by exploiting this issue.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-25225
CVE-2022-26521Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type).7.2https://nvd.nist.gov/vuln/detail/CVE-2022-26521
CVE-2021-32474An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-32474
CVE-2022-24387With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.140107.2https://nvd.nist.gov/vuln/detail/CVE-2022-24387
CVE-2022-0944Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-0944
CVE-2020-3264A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access and make changes to the system that they are not authorized to make.7.1https://nvd.nist.gov/vuln/detail/CVE-2020-3264
CVE-2021-3752A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-3752
CVE-2021-4090An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this flaw, a local attacker with user privilege may gain access to out-of-bounds memory, leading to a system integrity and confidentiality threat.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-4090
CVE-2022-0905Improper Authorization in GitHub repository go-gitea/gitea prior to 1.16.4.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-0905
CVE-2022-25821Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-25821
CVE-2021-4083A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4.7https://nvd.nist.gov/vuln/detail/CVE-2021-4083
CVE-2021-3640A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.7https://nvd.nist.gov/vuln/detail/CVE-2021-3640
CVE-2022-24505Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23283, CVE-2022-23287.7https://nvd.nist.gov/vuln/detail/CVE-2022-24505
CVE-2022-26488In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2.7https://nvd.nist.gov/vuln/detail/CVE-2022-26488
CVE-2022-23036Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-230427https://nvd.nist.gov/vuln/detail/CVE-2022-23036
CVE-2022-23037Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-230427https://nvd.nist.gov/vuln/detail/CVE-2022-23037
CVE-2022-23038Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-230427https://nvd.nist.gov/vuln/detail/CVE-2022-23038
CVE-2022-23039Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-230427https://nvd.nist.gov/vuln/detail/CVE-2022-23039
CVE-2022-23040Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-230427https://nvd.nist.gov/vuln/detail/CVE-2022-23040
CVE-2022-23041Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-230427https://nvd.nist.gov/vuln/detail/CVE-2022-23041
CVE-2022-23042Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-230427https://nvd.nist.gov/vuln/detail/CVE-2022-23042
CVE-2022-20055In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160830.6.8https://nvd.nist.gov/vuln/detail/CVE-2022-20055
CVE-2022-25213Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell.6.8https://nvd.nist.gov/vuln/detail/CVE-2022-25213
CVE-2021-33150Hardware allows activation of test or debug logic at runtime for some Intel(R) Trace Hub instances which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.6.8https://nvd.nist.gov/vuln/detail/CVE-2021-33150
CVE-2020-5419RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code.6.7https://nvd.nist.gov/vuln/detail/CVE-2020-5419
CVE-2022-22943VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest OS due to an uncontrolled search path element.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-22943
CVE-2022-20049In vpu, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05954679; Issue ID: ALPS05954679.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-20049
CVE-2022-20050In connsyslogger, there is a possible symbolic link following due to improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06335038; Issue ID: ALPS06335038.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-20050
CVE-2022-0921Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-0921
CVE-2021-39719In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205995178References: N/A6.7https://nvd.nist.gov/vuln/detail/CVE-2021-39719
CVE-2022-20056In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160820.6.6https://nvd.nist.gov/vuln/detail/CVE-2022-20056
CVE-2022-20058In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160485.6.6https://nvd.nist.gov/vuln/detail/CVE-2022-20058
CVE-2022-20059In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160781.6.6https://nvd.nist.gov/vuln/detail/CVE-2022-20059
CVE-2022-20060In preloader (usb), there is a possible permission bypass due to a missing proper image authentication. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06137462.6.6https://nvd.nist.gov/vuln/detail/CVE-2022-20060
CVE-2018-8098Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file.6.5https://nvd.nist.gov/vuln/detail/CVE-2018-8098
CVE-2018-8099Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file.6.5https://nvd.nist.gov/vuln/detail/CVE-2018-8099
CVE-2018-10888A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.6.5https://nvd.nist.gov/vuln/detail/CVE-2018-10888
CVE-2021-29975Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly shown in the address bar) resulting in possible user confusion. This vulnerability affects Firefox < 90.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-29975
CVE-2021-29982Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and Thunderbird < 91.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-29982
CVE-2021-29987After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and Thunderbird < 91.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-29987
CVE-2021-40964A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the "fullpath" parameter containing path traversal strings (../ and ..\\) in order to escape the server's intended working directory and write malicious files onto any directory on the computer.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-40964
CVE-2021-37420Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-37420
CVE-2021-41125Scrapy is a high-level web crawling and scraping framework for Python. If you use `HttpAuthMiddleware` (i.e. the `http_user` and `http_pass` spider attributes) for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, such as `robots.txt` requests sent by Scrapy when the `ROBOTSTXT_OBEY` setting is set to `True`, or as requests reached through redirects. Upgrade to Scrapy 2.5.1 and use the new `http_auth_domain` spider attribute to control which domains are allowed to receive the configured HTTP authentication credentials. If you are using Scrapy 1.8 or a lower version, and upgrading to Scrapy 2.5.1 is not an option, you may upgrade to Scrapy 1.8.1 instead. If you cannot upgrade, set your HTTP authentication credentials on a per-request basis, using for example the `w3lib.http.basic_auth_header` function to convert your credentials into a value that you can assign to the `Authorization` header of your request, instead of defining your credentials globally using `HttpAuthMiddleware`.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-41125
CVE-2021-38491Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox < 92.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-38491
CVE-2021-38507The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-38507
CVE-2021-43528Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-43528
CVE-2021-43536Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-43536
CVE-2021-43540WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox < 95.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-43540
CVE-2021-43541When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-43541
CVE-2021-43542Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-43542
CVE-2022-0273Improper Access Control in Pypi calibreweb prior to 0.6.16.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0273
CVE-2021-24761The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-24761
CVE-2021-25097The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication6.5https://nvd.nist.gov/vuln/detail/CVE-2021-25097
CVE-2022-24684HashiCorp Nomad and Nomad Enterprise before 1.0.17, 1.1.x before 1.1.12, and 1.2.x before 1.2.6 has Uncontrolled Resource Consumption.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-24684
CVE-2022-0577Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0577
CVE-2022-24737HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn‘t distinguish between cookies and hosts they belonged. This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third party website. Users are advised to upgrade. There are no known workarounds.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-24737
CVE-2022-26319An installer search patch element vulnerability in Trend Micro Portable Security 3.0 Pro, 3.0 and 2.0 could allow a local attacker to place an arbitrarily generated DLL file in an installer folder to elevate local privileges. Please note: an attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-26319
CVE-2022-24502Windows HTML Platforms Security Feature Bypass Vulnerability.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-24502
CVE-2022-24741Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial of service by uploading specially crafted files which will cause the server to allocate too much memory / CPU. It is recommended that the Nextcloud Server is upgraded to 21.0.8 , 22.2.4 or 23.0.1. Users unable to upgrade should disable preview generation with the `'enable_previews'` config flag.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-24741
CVE-2022-24745Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected by this issue. This issue has been resolved in version 6.4.8.2. Users unable to upgrade should disable the HTTP Cache.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-24745
CVE-2021-28488Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). Users in the same AMOS authorization group can retrieve managed-network data that was not set to be accessible to the entire group (i.e., was only set to be accessible to a subset of that group).6.5https://nvd.nist.gov/vuln/detail/CVE-2021-28488
CVE-2021-32436An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-32436
CVE-2021-41657SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-41657
CVE-2022-20057In btif, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06271186; Issue ID: ALPS06271186.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-20057
CVE-2022-24398Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-24398
CVE-2022-25243"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-25243
CVE-2022-25244Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-25244
CVE-2022-26652NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-26652
CVE-2022-26661An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-26661
CVE-2022-26778Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-26778
CVE-2022-0821Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0821
CVE-2022-25506FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-25506
CVE-2022-25511An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-25511
CVE-2022-0932Improper Authorization in GitHub repository saleor/saleor prior to 3.1.2.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0932
CVE-2021-26341Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-26341
CVE-2022-0001Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0001
CVE-2022-0002Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0002
CVE-2022-23625Wire-ios is a messaging application using the wire protocol on apple's ios platform. In versions prior to 3.95 malformed resource identifiers may render the iOS Wire Client completely unusable by causing it to repeatedly crash on launch. These malformed resource identifiers can be generated and sent between Wire users. The root cause lies in [wireapp/wire-ios-transport](https://github.com/wireapp/wire-ios-transport), where code responsible for removing sensible tokens before logging may fail and lead to a crash (Swift exception) of the application. This causes undesirable behavior, however the (greater) Wire system is still functional. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-23625
CVE-2021-42262An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-42262
CVE-2022-24385A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-24385
CVE-2021-24692The Simple Download Monitor WordPress plugin before 3.9.5 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-24692
CVE-2022-0593The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0593
CVE-2021-39051IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server registration form in the portal UI to enumerate and attack services that are running on those hosts. IBM X-Force ID: 214441.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-39051
CVE-2022-22353IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-22353
CVE-2021-42389Divide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-42389
CVE-2021-42390Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-42390
CVE-2021-42391Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-42391
CVE-2022-24762sysend.js is a library that allows a user to send messages between pages that are open in the same browser. Users that use cross-origin communication may have their communications intercepted. Impact is limited by the communication occurring in the same browser. This issue has been patched in sysend.js version 1.10.0. The only currently known workaround is to avoid sending communications that a user does not want to have intercepted via sysend messages.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-24762
CVE-2022-27201Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-27201
CVE-2022-27208Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-27208
CVE-2022-27210A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-27210
CVE-2022-27225Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safari versions, Keycloak sets a duplicate of the cookie without the Secure attribute, which allows the cookie to be sent when accessing the location that cookie is set for via HTTP. This creates the potential for an attacker (with the ability to impersonate the Gradle Enterprise host) to capture the login session of a user by having them click an http:// link to the server, despite the real server requiring HTTPS.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-27225
CVE-2021-20257An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-20257
CVE-2021-3700A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination.6.4https://nvd.nist.gov/vuln/detail/CVE-2021-3700
CVE-2021-24982The Child Theme Generator WordPress plugin through 2.2.7 does not sanitise escape the parade parameter before outputting it back, leading to a Reflected Cross-Site Scripting in the admin dashboard6.4https://nvd.nist.gov/vuln/detail/CVE-2021-24982
CVE-2022-0280A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them.6.3https://nvd.nist.gov/vuln/detail/CVE-2022-0280
CVE-2021-44964Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.6.3https://nvd.nist.gov/vuln/detail/CVE-2021-44964
CVE-2022-25822An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash.6.2https://nvd.nist.gov/vuln/detail/CVE-2022-25822
CVE-2017-4965An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.6.1https://nvd.nist.gov/vuln/detail/CVE-2017-4965
CVE-2017-4967An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.6.1https://nvd.nist.gov/vuln/detail/CVE-2017-4967
CVE-2021-43543Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-43543
CVE-2021-42063A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-42063
CVE-2022-23397The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-23397
CVE-2021-46379DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-46379
CVE-2022-24746Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions it is possible to inject code via the voucher code form. This issue has been patched in version 6.4.8.1. There are no known workarounds for this issue.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-24746
CVE-2022-24177A cross-site scripting (XSS) vulnerability in the component cgi-bin/ej.cgi of Ex libris ALEPH 500 v18.1 and v20 allows attackers to execute arbitrary web scripts or HTML.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-24177
CVE-2022-24395SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-24395
CVE-2022-24397SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-24397
CVE-2022-24399The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting (XSS) vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-24399
CVE-2022-24608Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function.php.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-24608
CVE-2022-26101Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-26101
CVE-2021-44585A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-44585
CVE-2022-0820Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0820
CVE-2021-46708The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-46708
CVE-2021-27414An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-27414
CVE-2021-32009Cross-site Scripting (XSS) vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-32009
CVE-2021-32478The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-32478
CVE-2022-25601Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4).6.1https://nvd.nist.gov/vuln/detail/CVE-2022-25601
CVE-2021-44667A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-44667
CVE-2022-26533Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-26533
CVE-2022-0929XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0929
CVE-2021-46709phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows parameter (aka num or number).6.1https://nvd.nist.gov/vuln/detail/CVE-2021-46709
CVE-2022-24384Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-24384
CVE-2021-24940The Persian Woocommerce WordPress plugin through 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue6.1https://nvd.nist.gov/vuln/detail/CVE-2021-24940
CVE-2021-24996The IDPay for Contact Form 7 WordPress plugin through 2.1.2 does not sanitise and escape the idpay_error parameter before outputting it back in the page leading to a Reflected Cross-Site Scripting6.1https://nvd.nist.gov/vuln/detail/CVE-2021-24996
CVE-2021-25006The MOLIE WordPress plugin through 0.5 does not escape the course_id parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue6.1https://nvd.nist.gov/vuln/detail/CVE-2021-25006
CVE-2022-0147The Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected Cross-Site Scripting issue6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0147
CVE-2022-0230The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0230
CVE-2022-0248The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the malicious submission6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0248
CVE-2022-0321The WP Voting Contest WordPress plugin through 2.1 does not sanitise and escape the post_id parameter before outputting it back in the response via the wpvc_social_share_icons AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0321
CVE-2022-0327The Master Addons for Elementor WordPress plugin before 1.8.5 does not sanitise and escape the error_message parameter before outputting it back in the response of the jltma_restrict_content AJAX action, available to unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0327
CVE-2022-0399The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener AJAX action's response, leading to a Reflected Cross-Site Scripting6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0399
CVE-2022-0449The Flexi WordPress plugin before 4.20 does not sanitise and escape various parameters before outputting them back in some pages such as the user dashboard, leading to a Reflected Cross-Site Scripting6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0449
CVE-2022-0503The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.2 does not sanitise and escape the s parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in the network dashboard6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0503
CVE-2022-0601The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 does not sanitize and escape the post parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0601
CVE-2022-0648The Team Circle Image Slider With Lightbox WordPress plugin before 1.0.16 does not sanitize and escape the order_pos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0648
CVE-2022-22734The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them6.1https://nvd.nist.gov/vuln/detail/CVE-2022-22734
CVE-2022-22344IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 2200386.1https://nvd.nist.gov/vuln/detail/CVE-2022-22344
CVE-2022-24733Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. Every response from app should have an X-Frame-Options header set to: ``sameorigin``. To achieve that, add a new `subscriber` in the app.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-24733
CVE-2022-24749Sylius is an open source eCommerce platform. In versions prior to 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting (XSS) code in the admin panel. In order to perform a XSS attack, the file itself has to be open in a new card or loaded outside of the IMG tag. The problem applies both to the files opened on the admin panel and shop pages. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. As a workaround, require a library that adds on-upload file sanitization and overwrite the service before writing the file to the filesystem. The GitHub Security Advisory contains more specific information about the workaround.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-24749
CVE-2022-0951File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0951
CVE-2021-43956The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-43956
CVE-2021-42552Cross-site Scripting (XSS) vulnerability in ArchivistaBox webclient allows an attacker to craft a malicious link, executing JavaScript in the context of a victim's browser. This issue affects all ArchivistaBox versions prior to 2022/I.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-42552
CVE-2022-0986Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0986
CVE-2021-3607An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.6https://nvd.nist.gov/vuln/detail/CVE-2021-3607
CVE-2021-3608A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability.6https://nvd.nist.gov/vuln/detail/CVE-2021-3608
CVE-2021-38502Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.5.9https://nvd.nist.gov/vuln/detail/CVE-2021-38502
CVE-2021-4160There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb).5.9https://nvd.nist.gov/vuln/detail/CVE-2021-4160
CVE-2022-24686HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. Fixed in 1.0.18, 1.1.12, and 1.2.65.9https://nvd.nist.gov/vuln/detail/CVE-2022-24686
CVE-2021-26401LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.5.6https://nvd.nist.gov/vuln/detail/CVE-2021-26401
CVE-2022-23960Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.5.6https://nvd.nist.gov/vuln/detail/CVE-2022-23960
CVE-2021-0561In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1743026835.5https://nvd.nist.gov/vuln/detail/CVE-2021-0561
CVE-2021-3707D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-3707
CVE-2021-42733Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-42733
CVE-2021-45958UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-45958
CVE-2022-0561Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0561
CVE-2022-0562Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0562
CVE-2021-3947A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-3947
CVE-2022-24725Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix systems when using Bash with the `escape` or `escapeAll` functions from the _shescape_ API with the `interpolation` option set to `true`. Other tested shells, Dash and Zsh, are not affected. Depending on how the output of _shescape_ is used, directory traversal may be possible in the application using _shescape_. The issue was patched in version 1.5.1. As a workaround, manually escape all instances of the tilde character (`~`) using `arg.replace(/~/g, "\\\\~")`.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-24725
CVE-2022-22946In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-22946
CVE-2022-26336A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to poi-scratchpad 5.2.1.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-26336
CVE-2021-20300A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-20300
CVE-2021-20302A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-20302
CVE-2021-38988IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212950.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-38988
CVE-2021-38989IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212951.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-38989
CVE-2022-24511Microsoft Office Word Tampering Vulnerability.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-24511
CVE-2022-0890NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0890
CVE-2021-32434abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-32434
CVE-2021-32435Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-32435
CVE-2022-0433A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0433
CVE-2022-20051In ims service, there is a possible unexpected application behavior due to incorrect privilege assignment. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219127; Issue ID: ALPS06219127.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-20051
CVE-2022-25819OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-25819
CVE-2022-25825Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-25825
CVE-2022-26878drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed).5.5https://nvd.nist.gov/vuln/detail/CVE-2022-26878
CVE-2022-0907Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0907
CVE-2022-0908Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0908
CVE-2022-0909Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0909
CVE-2022-0924Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0924
CVE-2022-24090Adobe Photoshop versions 23.1.1 (and earlier) and 22.5.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-24090
CVE-2021-41849An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user's list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-41849
CVE-2022-26966An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-26966
CVE-2022-24574GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_field.isra ().5.5https://nvd.nist.gov/vuln/detail/CVE-2022-24574
CVE-2022-24576GPAC 1.0.1 is affected by Use After Free through MP4Box.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-24576
CVE-2021-25026The Patreon WordPress plugin before 1.8.2 does not sanitise and escape the field "Custom Patreon Page name", which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed5.5https://nvd.nist.gov/vuln/detail/CVE-2021-25026
CVE-2022-24742Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must strictly redirect to login page even browser back button is pressed. Another possibility is to set more strict cache policies for restricted content.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-24742
CVE-2022-27193CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-27193
CVE-2022-0961The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0961
CVE-2022-0968The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0968
CVE-2021-46705A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-46705
CVE-2022-21945A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-21945
CVE-2021-20180A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-20180
CVE-2021-40737Adobe Audition version 14.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-40737
CVE-2021-40741Adobe Audition version 14.4 (and earlier) is affected by an Access of Memory Location After End of Buffer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-40741
CVE-2021-40742Adobe Audition version 14.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-40742
CVE-2021-40750Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-40750
CVE-2021-40762Adobe Character Animator version 4.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-40762
CVE-2021-40767Adobe Character Animator version 4.4 (and earlier) is affected by an Access of Memory Location After End of Buffer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-40767
CVE-2021-40768Adobe Character Animator version 4.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-40768
CVE-2021-40778Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-40778
CVE-2021-40781Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-40781
CVE-2021-40782Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-40782
CVE-2021-40785Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-40785
CVE-2021-40788Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-40788
CVE-2021-40789Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-40789
CVE-2021-40796Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-40796
CVE-2021-42263Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-42263
CVE-2021-42264Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-42264
CVE-2022-22511Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-22511
CVE-2022-24432Persistent cross-site scripting (XSS) in the web interface of ipDIO allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into specific fields. The XSS payload will be executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services).5.4https://nvd.nist.gov/vuln/detail/CVE-2022-24432
CVE-2022-26102Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authorized for that transaction. A successful exploitation could expose information and in worst case manipulate data before the start screen is executed, resulting in limited impact on confidentiality and integrity of the application.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-26102
CVE-2022-25507FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Callsign parameter.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-25507
CVE-2022-0822Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0822
CVE-2022-26874lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-26874
CVE-2022-0928Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0928
CVE-2021-27416An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-27416
CVE-2021-32475ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-32475
CVE-2022-0880Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0880
CVE-2021-45889An issue was discovered in PONTON X/P Messenger before 3.11.2. Several functions are vulnerable to reflected XSS, as demonstrated by private/index.jsp?partners/ShowNonLocalPartners.do?localID= or private/index.jsp or private/index.jsp?database/databaseTab.jsp or private/index.jsp?activation/activationMainTab.jsp or private/index.jsp?communication/serverTab.jsp or private/index.jsp?emailNotification/notificationTab.jsp.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-45889
CVE-2022-0937Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0937
CVE-2022-0341Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0341
CVE-2022-0938Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0938
CVE-2022-0940Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0940
CVE-2022-0941Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0941
CVE-2022-24386Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-24386
CVE-2022-0946Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0946
CVE-2021-24897The Add Subtitle WordPress plugin through 1.1.0 does not sanitise or escape the sub-title field (available only with classic editor) when output in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks5.4https://nvd.nist.gov/vuln/detail/CVE-2021-24897
CVE-2021-24950The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in the insight_customizer_options_import (available to any authenticated user), does not validate user input before passing it to unserialize(), nor sanitise and escape it before outputting it in the response. As a result, it could allow users with a role as low as Subscriber to perform PHP Object Injection, as well as Stored Cross-Site Scripting attacks5.4https://nvd.nist.gov/vuln/detail/CVE-2021-24950
CVE-2021-24958The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF checks in the meks_save_business_selected_account AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any authenticated user, such as subscriber could update the plugin's settings and put Cross-Site Scripting payloads in them5.4https://nvd.nist.gov/vuln/detail/CVE-2021-24958
CVE-2022-0960Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0960
CVE-2022-0962Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0962
CVE-2021-39055IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214534.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-39055
CVE-2022-0945Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0945
CVE-2022-0950Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0950
CVE-2022-0893Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0893
CVE-2022-0894Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0894
CVE-2022-0954Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0954
CVE-2022-0956Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0956
CVE-2022-0957Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0957
CVE-2022-0942Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0942
CVE-2022-0963Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0963
CVE-2022-0964Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0964
CVE-2022-0965Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0965
CVE-2022-0966Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0966
CVE-2022-0967Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0967
CVE-2022-0970Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0970
CVE-2022-27212Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches (and more)' parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-27212
CVE-2022-0911Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0911
CVE-2022-0704Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0704
CVE-2022-0705Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0705
CVE-2021-45787There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-45787
CVE-2021-33853A Cross-Site Scripting (XSS) attack can cause arbitrary code (javascript) to run in a user’s browser while the browser is connected to a trusted website. As the vehicle for the attack, the application targets the users and not the application itself. Additionally, the XSS payload is executed when the user attempts to access any page of the CRM.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-33853
CVE-2019-1551There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).5.3https://nvd.nist.gov/vuln/detail/CVE-2019-1551
CVE-2020-13956Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-13956
CVE-2021-25009The CorreosExpress WordPress plugin through 2.6.0 generates log files which are publicly accessible, and contain sensitive information such as sender/receiver names, phone numbers, physical and email addresses5.3https://nvd.nist.gov/vuln/detail/CVE-2021-25009
CVE-2022-24503Remote Desktop Protocol Client Information Disclosure Vulnerability.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-24503
CVE-2022-24747Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP caches. This issue has been resolved in version 6.4.8.2. There are no known workarounds.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-24747
CVE-2022-25215Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router itself.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-25215
CVE-2022-26103Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-26103
CVE-2022-26104SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-26104
CVE-2022-26847SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-26847
CVE-2021-38910IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID: 209824.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-38910
CVE-2021-39025IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. IBM X-Force 213863.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-39025
CVE-2021-41233Nextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Due to an issue with the Nextcloud Text application, which is by default shipped with Nextcloud Server, an attacker is able to access the folder names of "File Drop". For successful exploitation an attacker requires knowledge of the sharing link. It is recommended that users upgrade their Nextcloud Server to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the Nextcloud Text application in the application settings.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-41233
CVE-2022-0870Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-0870
CVE-2021-32473It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected5.3https://nvd.nist.gov/vuln/detail/CVE-2021-32473
CVE-2022-25839The package url-js before 2.1.0 are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\\\\\\\\\\\\\localhost and http://localhost are the same URL. However, the hostname is not parsed as localhost, and the backslash is reflected as it is.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-25839
CVE-2022-26276An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-26276
CVE-2021-29134The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-29134
CVE-2021-45852An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious attackers can add patients without restriction via add_patient.php.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-45852
CVE-2021-43774A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that obtained access to the administrative web interface of a printer (e.g., by using the default credentials) can download the address book file, which contains the list of users (domain users, FTP users, etc.) stored on the printer, together with their encrypted passwords. The passwords are protected by a weak cipher, such as ROT13, which requires minimal effort to instantly retrieve the original password, giving the attacker a list of valid domain or FTP usernames and passwords.4.9https://nvd.nist.gov/vuln/detail/CVE-2021-43774
CVE-2021-24966The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder4.9https://nvd.nist.gov/vuln/detail/CVE-2021-24966
CVE-2021-38971IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an authorized user to bypass data masking rules and obtain sensitve information. IBM X-Force ID: 212620.4.9https://nvd.nist.gov/vuln/detail/CVE-2021-38971
CVE-2020-36519Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs.)4.9https://nvd.nist.gov/vuln/detail/CVE-2020-36519
CVE-2022-0906Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-0906
CVE-2022-0912Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-0912
CVE-2022-0926File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-0926
CVE-2022-0930File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-0930
CVE-2021-45888An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role Configuration Administrator or Administrator.4.8https://nvd.nist.gov/vuln/detail/CVE-2021-45888
CVE-2021-24895The Cybersoldier WordPress plugin before 1.7.0 does not sanitise and escape the URL settings before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed4.8https://nvd.nist.gov/vuln/detail/CVE-2021-24895
CVE-2021-24995The HTML5 Responsive FAQ WordPress plugin through 2.8.5 does not properly sanitise and escape some of its settings, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed4.8https://nvd.nist.gov/vuln/detail/CVE-2021-24995
CVE-2021-41952Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim's cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS.4.8https://nvd.nist.gov/vuln/detail/CVE-2021-41952
CVE-2022-0659The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed4.8https://nvd.nist.gov/vuln/detail/CVE-2022-0659
CVE-2022-0674The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed4.8https://nvd.nist.gov/vuln/detail/CVE-2022-0674
CVE-2022-0684The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed4.8https://nvd.nist.gov/vuln/detail/CVE-2022-0684
CVE-2022-0700The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed4.8https://nvd.nist.gov/vuln/detail/CVE-2022-0700
CVE-2022-0701The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed4.8https://nvd.nist.gov/vuln/detail/CVE-2022-0701
CVE-2022-0702The Petfinder Listings WordPress plugin through 1.0.18 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed4.8https://nvd.nist.gov/vuln/detail/CVE-2022-0702
CVE-2022-0703The GD Mylist WordPress plugin through 1.1.1 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed4.8https://nvd.nist.gov/vuln/detail/CVE-2022-0703
CVE-2022-27200Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-27200
CVE-2022-25368Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected.4.7https://nvd.nist.gov/vuln/detail/CVE-2022-25368
CVE-2022-24932Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard.4.6https://nvd.nist.gov/vuln/detail/CVE-2022-24932
CVE-2022-25816Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication4.6https://nvd.nist.gov/vuln/detail/CVE-2022-25816
CVE-2022-25820A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password.4.6https://nvd.nist.gov/vuln/detail/CVE-2022-25820
CVE-2021-4002A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.4.4https://nvd.nist.gov/vuln/detail/CVE-2021-4002
CVE-2022-24349An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim’s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel.4.4https://nvd.nist.gov/vuln/detail/CVE-2022-24349
CVE-2022-24917An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.4.4https://nvd.nist.gov/vuln/detail/CVE-2022-24917
CVE-2022-24918An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.4.4https://nvd.nist.gov/vuln/detail/CVE-2022-24918
CVE-2022-24919An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.4.4https://nvd.nist.gov/vuln/detail/CVE-2022-24919
CVE-2022-26355Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP). This issue only occurs if PowerShell was used when configuring FAS to store the registration authority certificate’s private key in the TPM. It does not occur if the TPM was not selected for use or if the FAS administration console was used for configuration.4.4https://nvd.nist.gov/vuln/detail/CVE-2022-26355
CVE-2021-39722In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204585345References: N/A4.4https://nvd.nist.gov/vuln/detail/CVE-2021-39722
CVE-2021-39724In TuningProviderBase::GetTuningTreeSet of tuning_provider_base.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205753190References: N/A4.4https://nvd.nist.gov/vuln/detail/CVE-2021-39724
CVE-2021-29974When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security (which implies that the error should not be override-able.) This issue did not affect the network connections, and they were correctly upgraded to HTTPS automatically. This vulnerability affects Firefox < 90.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-29974
CVE-2021-38508By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-38508
CVE-2021-38509Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-38509
CVE-2021-43538By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-43538
CVE-2021-43546It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-43546
CVE-2022-0414Business Logic Errors in Packagist dolibarr/dolibarr prior to 16.0.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-0414
CVE-2022-23708A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-23708
CVE-2022-23709A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this privilege could not modify alerting connectors. This effectively means that Read users could disable existing alerting rules.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-23709
CVE-2021-24824The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the email address of orders can be retrieved4.3https://nvd.nist.gov/vuln/detail/CVE-2021-24824
CVE-2021-24825The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to display arbitrary files from the filesystem (such as logs, .htaccess etc), as well as perform Local File Inclusion attacks as PHP files will be executed. Please note that such attack is still possible by admin+ in single site blogs by default (but won't be when either the unfiltered_html or file_edit is disallowed)4.3https://nvd.nist.gov/vuln/detail/CVE-2021-24825
CVE-2021-32006This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup files.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-32006
CVE-2018-25031Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.4.3https://nvd.nist.gov/vuln/detail/CVE-2018-25031
CVE-2021-32472Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-32472
CVE-2021-32477The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-32477
CVE-2021-43954The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-43954
CVE-2020-4989IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-4989
CVE-2022-27199A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-27199
CVE-2022-27214A cross-site request forgery (CSRF) vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-27214
CVE-2021-43955The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-43955
CVE-2020-9488Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.13.7https://nvd.nist.gov/vuln/detail/CVE-2020-9488
CVE-2022-21170Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication.3.7https://nvd.nist.gov/vuln/detail/CVE-2022-21170
CVE-2019-11291Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information.3.5https://nvd.nist.gov/vuln/detail/CVE-2019-11291
CVE-2022-24744Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.3.5https://nvd.nist.gov/vuln/detail/CVE-2022-24744
CVE-2020-8908A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.3.3https://nvd.nist.gov/vuln/detail/CVE-2020-8908
CVE-2022-24929Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-24929
CVE-2022-24930An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper permission3.3https://nvd.nist.gov/vuln/detail/CVE-2022-24930
CVE-2022-25817Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-25817
CVE-2022-25823Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.220126741 allows attackers to access user information in log.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-25823
CVE-2022-25824Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-25824
CVE-2022-25826Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log3.3https://nvd.nist.gov/vuln/detail/CVE-2022-25826
CVE-2022-25827Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.22012751 allows attacker to access password information of connected WiFiAp in the log3.3https://nvd.nist.gov/vuln/detail/CVE-2022-25827
CVE-2022-25828Information Exposure vulnerability in Watch Active Plugin prior to version 2.2.07.22012751 allows attacker to access password information of connected WiFiAp in the log3.3https://nvd.nist.gov/vuln/detail/CVE-2022-25828
CVE-2022-25829Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log3.3https://nvd.nist.gov/vuln/detail/CVE-2022-25829
CVE-2022-25830Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the log3.3https://nvd.nist.gov/vuln/detail/CVE-2022-25830
CVE-2021-40766Adobe Character Animator version 4.4 (and earlier versions) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-40766
CVE-2021-40769Adobe Character Animator version 4.4 (and earlier versions) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-40769
CVE-2022-22348IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 220139.2.4https://nvd.nist.gov/vuln/detail/CVE-2022-22348
CVE-2013-3523SQL injection vulnerability in This HTML Is Simple (THIS) before 1.2.4 allows remote to execute arbitrary SQL commands via vectors related to op=page&id= in the URL.https://nvd.nist.gov/vuln/detail/CVE-2013-3523
CVE-2014-9649Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message.https://nvd.nist.gov/vuln/detail/CVE-2014-9649
CVE-2014-9650CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.https://nvd.nist.gov/vuln/detail/CVE-2014-9650
CVE-2022-27195Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their `build.xml` files. These values are stored unencrypted and can be viewed by users with access to the Jenkins controller file system.https://nvd.nist.gov/vuln/detail/CVE-2022-27195
CVE-2022-27196Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions.https://nvd.nist.gov/vuln/detail/CVE-2022-27196
CVE-2022-27197Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views.https://nvd.nist.gov/vuln/detail/CVE-2022-27197
CVE-2022-27198A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.https://nvd.nist.gov/vuln/detail/CVE-2022-27198
CVE-2022-27202Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.https://nvd.nist.gov/vuln/detail/CVE-2022-27202
CVE-2022-27203Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller.https://nvd.nist.gov/vuln/detail/CVE-2022-27203
CVE-2022-27204A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL.https://nvd.nist.gov/vuln/detail/CVE-2022-27204
CVE-2022-27205A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.https://nvd.nist.gov/vuln/detail/CVE-2022-27205
CVE-2022-27206Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.https://nvd.nist.gov/vuln/detail/CVE-2022-27206
CVE-2022-27207Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.https://nvd.nist.gov/vuln/detail/CVE-2022-27207
CVE-2022-27209A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.https://nvd.nist.gov/vuln/detail/CVE-2022-27209
CVE-2022-27211A missing/An incorrect permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.https://nvd.nist.gov/vuln/detail/CVE-2022-27211
CVE-2022-27213Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the Component order configuration values in its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.https://nvd.nist.gov/vuln/detail/CVE-2022-27213
CVE-2022-27215A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.https://nvd.nist.gov/vuln/detail/CVE-2022-27215
CVE-2022-27216Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.https://nvd.nist.gov/vuln/detail/CVE-2022-27216
CVE-2022-27217Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.https://nvd.nist.gov/vuln/detail/CVE-2022-27217
CVE-2022-27218Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.https://nvd.nist.gov/vuln/detail/CVE-2022-27218
CVE-2022-25485CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.https://nvd.nist.gov/vuln/detail/CVE-2022-25485
CVE-2022-25486CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.https://nvd.nist.gov/vuln/detail/CVE-2022-25486
CVE-2022-25487Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php.https://nvd.nist.gov/vuln/detail/CVE-2022-25487
CVE-2022-25488Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php.https://nvd.nist.gov/vuln/detail/CVE-2022-25488
CVE-2022-25489Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "A" parameter in /widgets/debug.php.https://nvd.nist.gov/vuln/detail/CVE-2022-25489
CVE-2022-25490HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php.https://nvd.nist.gov/vuln/detail/CVE-2022-25490
CVE-2022-25491HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php.https://nvd.nist.gov/vuln/detail/CVE-2022-25491
CVE-2022-25492HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php.https://nvd.nist.gov/vuln/detail/CVE-2022-25492
CVE-2022-25493HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php.https://nvd.nist.gov/vuln/detail/CVE-2022-25493
CVE-2022-25494Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via staff_login.php.https://nvd.nist.gov/vuln/detail/CVE-2022-25494
CVE-2022-25495The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file.https://nvd.nist.gov/vuln/detail/CVE-2022-25495
CVE-2022-25497CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.https://nvd.nist.gov/vuln/detail/CVE-2022-25497
CVE-2022-25498CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php.https://nvd.nist.gov/vuln/detail/CVE-2022-25498
CVE-2022-23989In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service.https://nvd.nist.gov/vuln/detail/CVE-2022-23989
CVE-2022-26995Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pptp.html) function via the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-26995
CVE-2022-26996Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoe_username, pppoe_passwd, and pppoe_servicename parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-26996
CVE-2022-26997Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp function via the upnp_ttl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-26997
CVE-2022-26998Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting function via the wps_enrolee_pin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-26998
CVE-2022-26999Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wan_ip_stat, wan_mask_stat, wan_gw_stat, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-26999
CVE-2022-27000Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the h_primary_ntp_server, h_backup_ntp_server, and h_time_zone parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-27000
CVE-2022-27001Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-27001
CVE-2022-27002Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddns?ddns_host parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2022-27002
CVE-2021-45851A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server.https://nvd.nist.gov/vuln/detail/CVE-2021-45851
CVE-2021-39624In Package Manger, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-67862680https://nvd.nist.gov/vuln/detail/CVE-2021-39624
CVE-2021-39667In ih264d_parse_decode_slice of ih264d_parse_slice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-205702093https://nvd.nist.gov/vuln/detail/CVE-2021-39667
CVE-2021-39685In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernelhttps://nvd.nist.gov/vuln/detail/CVE-2021-39685
CVE-2021-39686In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200688826References: Upstream kernelhttps://nvd.nist.gov/vuln/detail/CVE-2021-39686
CVE-2021-39689In multiple functions of odsign_main.cpp, there is a possible way to persist system attack due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206090748https://nvd.nist.gov/vuln/detail/CVE-2021-39689
CVE-2021-39690In setDisplayPadding of WallpaperManagerService.java, there is a possible way to cause a persistent DoS due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-204316511https://nvd.nist.gov/vuln/detail/CVE-2021-39690
CVE-2021-39692In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209611539https://nvd.nist.gov/vuln/detail/CVE-2021-39692
CVE-2021-39693In onUidStateChanged of AppOpsService.java, there is a possible way to access location without a visible indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-208662370https://nvd.nist.gov/vuln/detail/CVE-2021-39693
CVE-2021-39694In parse of RoleParser.java, there is a possible way for default apps to get permissions explicitly denied by the user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-202312327https://nvd.nist.gov/vuln/detail/CVE-2021-39694
CVE-2021-39695In createOrUpdate of BasePermission.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-209607944https://nvd.nist.gov/vuln/detail/CVE-2021-39695
CVE-2021-39697In checkFileUriDestination of DownloadProvider.java, there is a possible way to bypass external storage private directories protection due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-200813547https://nvd.nist.gov/vuln/detail/CVE-2021-39697
CVE-2021-39698In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-185125206References: Upstream kernelhttps://nvd.nist.gov/vuln/detail/CVE-2021-39698
CVE-2021-39701In serviceConnection of ControlsProviderLifecycleManager.kt, there is a possible way to keep service running in foreground without notification or permission due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-212286849https://nvd.nist.gov/vuln/detail/CVE-2021-39701
CVE-2021-39702In onCreate of RequestManageCredentials.java, there is a possible way for a third party app to install certificates without user approval due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-205150380https://nvd.nist.gov/vuln/detail/CVE-2021-39702
CVE-2021-39703In updateState of UsbDeviceManager.java, there is a possible unauthorized access of files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-207057578https://nvd.nist.gov/vuln/detail/CVE-2021-39703
CVE-2021-39704In deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to run foreground service without user notification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209965481https://nvd.nist.gov/vuln/detail/CVE-2021-39704
CVE-2021-39705In getNotificationTag of LegacyVoicemailNotifier.java, there is a possible leak of ICCID due to a permissions bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-186026746https://nvd.nist.gov/vuln/detail/CVE-2021-39705
CVE-2021-39706In onResume of CredentialStorage.java, there is a possible way to cleanup content of credentials storage due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-200164168https://nvd.nist.gov/vuln/detail/CVE-2021-39706
CVE-2021-39707In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-200688991https://nvd.nist.gov/vuln/detail/CVE-2021-39707
CVE-2021-39708In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206128341https://nvd.nist.gov/vuln/detail/CVE-2021-39708
CVE-2021-39709In sendSipAccountsRemovedNotification of SipAccountRegistry.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-208817618https://nvd.nist.gov/vuln/detail/CVE-2021-39709
CVE-2021-39710Product: AndroidVersions: Android kernelAndroid ID: A-202160245References: N/Ahttps://nvd.nist.gov/vuln/detail/CVE-2021-39710
CVE-2021-39711In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154175781References: Upstream kernelhttps://nvd.nist.gov/vuln/detail/CVE-2021-39711
CVE-2021-39712In TBD of TBD, there is a possible user after free vulnerability due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176918884References: N/Ahttps://nvd.nist.gov/vuln/detail/CVE-2021-39712
CVE-2021-39714In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205573273References: Upstream kernelhttps://nvd.nist.gov/vuln/detail/CVE-2021-39714
CVE-2021-39715In __show_regs of process.c, there is a possible leak of kernel memory and addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-178379135References: Upstream kernelhttps://nvd.nist.gov/vuln/detail/CVE-2021-39715
CVE-2021-39717In iaxxx_btp_write_words of iaxxx-btp.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198653629References: N/Ahttps://nvd.nist.gov/vuln/detail/CVE-2021-39717
CVE-2021-39718In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205035540References: N/Ahttps://nvd.nist.gov/vuln/detail/CVE-2021-39718
CVE-2021-39720Product: AndroidVersions: Android kernelAndroid ID: A-207433926References: N/Ahttps://nvd.nist.gov/vuln/detail/CVE-2021-39720
CVE-2021-39721In TBD of TBD, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195726151References: N/Ahttps://nvd.nist.gov/vuln/detail/CVE-2021-39721
CVE-2021-39725In gasket_free_coherent_memory_all of gasket_page_table.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151454974References: N/Ahttps://nvd.nist.gov/vuln/detail/CVE-2021-39725
CVE-2021-39726In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-181782896References: N/Ahttps://nvd.nist.gov/vuln/detail/CVE-2021-39726
CVE-2021-39727In eicPresentationRetrieveEntryValue of acropora/app/identity/libeic/EicPresentation.c, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196388042References: N/Ahttps://nvd.nist.gov/vuln/detail/CVE-2021-39727
CVE-2021-39729In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202006191References: N/Ahttps://nvd.nist.gov/vuln/detail/CVE-2021-39729
CVE-2021-39730In TBD of TBD, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206472503References: N/Ahttps://nvd.nist.gov/vuln/detail/CVE-2021-39730
CVE-2021-39731In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205036834References: N/Ahttps://nvd.nist.gov/vuln/detail/CVE-2021-39731
CVE-2021-39732In copy_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205992503References: N/Ahttps://nvd.nist.gov/vuln/detail/CVE-2021-39732
CVE-2021-39733In amcs_cdev_unlocked_ioctl of audiometrics.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206128522References: N/Ahttps://nvd.nist.gov/vuln/detail/CVE-2021-39733
CVE-2021-39734In sendMessage of OneToOneChatImpl.java (? TBD), there is a possible way to send an RCS message without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208650395References: N/Ahttps://nvd.nist.gov/vuln/detail/CVE-2021-39734
CVE-2021-39735In gasket_alloc_coherent_memory of gasket_page_table.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151455484References: N/Ahttps://nvd.nist.gov/vuln/detail/CVE-2021-39735
CVE-2021-39736In prepare_io_entry and prepare_response of lwis_ioctl.c and lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205995773References: N/Ahttps://nvd.nist.gov/vuln/detail/CVE-2021-39736
CVE-2021-39737Product: AndroidVersions: Android kernelAndroid ID: A-208229524References: N/Ahttps://nvd.nist.gov/vuln/detail/CVE-2021-39737
CVE-2021-39792In usb_gadget_giveback_request of core.c, there is a possible use after free out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161010552References: Upstream kernelhttps://nvd.nist.gov/vuln/detail/CVE-2021-39792
CVE-2021-39793In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210470189References: N/Ahttps://nvd.nist.gov/vuln/detail/CVE-2021-39793
CVE-2021-41987In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must control the SCEP server for a valid certificate. This affects mikrotik-vm-6.46, mikrotik-vm-6.46.8, mikrotik-tile-6.46.8, mikrotik-6.47.9, and mikrotik-6.47.10.https://nvd.nist.gov/vuln/detail/CVE-2021-41987
CVE-2021-45821A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order to get a remote code execution on the remote web server.https://nvd.nist.gov/vuln/detail/CVE-2021-45821
CVE-2022-0811A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.https://nvd.nist.gov/vuln/detail/CVE-2022-0811
CVE-2022-0918A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.https://nvd.nist.gov/vuln/detail/CVE-2022-0918
CVE-2022-0959When run in server mode, pgAdmin 4 allows users to store files on the server under individual storage directories. Files such as SQL scripts may be uploaded through the user interface. The URI to which upload requests are made fails to validate the upload path to prevent path traversal techniques being used to store files outside of the storage directory. A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.https://nvd.nist.gov/vuln/detail/CVE-2022-0959
CVE-2022-0982The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b->buf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-0982
CVE-2022-23234SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext HANA credentials.https://nvd.nist.gov/vuln/detail/CVE-2022-23234
CVE-2022-25246Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system.https://nvd.nist.gov/vuln/detail/CVE-2022-25246
CVE-2022-25247Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-25247
CVE-2022-25248When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) supplies the event log of the specific service.https://nvd.nist.gov/vuln/detail/CVE-2022-25248
CVE-2022-25249When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server..https://nvd.nist.gov/vuln/detail/CVE-2022-25249
CVE-2022-25250When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to shut down a specific service.https://nvd.nist.gov/vuln/detail/CVE-2022-25250
CVE-2022-25251When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to read and modify the affected product’s configuration.https://nvd.nist.gov/vuln/detail/CVE-2022-25251
CVE-2022-25252When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws an exception. Services using said function do not handle the exception. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to crash the affected product.https://nvd.nist.gov/vuln/detail/CVE-2022-25252
CVE-2022-26353A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.https://nvd.nist.gov/vuln/detail/CVE-2022-26353
CVE-2022-26354A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.https://nvd.nist.gov/vuln/detail/CVE-2022-26354
CVE-2022-26660RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted by RunAsSpc, an attacker can recover the credentials that were used.https://nvd.nist.gov/vuln/detail/CVE-2022-26660
CVE-2021-23648The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.https://nvd.nist.gov/vuln/detail/CVE-2021-23648
CVE-2021-45822A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the "n" (POST) parameter. Through this vulnerability, an attacker is capable to execute malicious JavaScript code.https://nvd.nist.gov/vuln/detail/CVE-2021-45822
CVE-2022-21164The package node-lmdb before 0.9.7 are vulnerable to Denial of Service (DoS) when defining a non-invokable ToString value, which will cause a crash during type check.https://nvd.nist.gov/vuln/detail/CVE-2022-21164
CVE-2022-24728CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2022-24728
CVE-2022-24729CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2022-24729
CVE-2022-23610wire-server provides back end services for Wire, an open source messenger. In versions of wire-server prior to the 2022-01-27 release, it was possible to craft DSA Signatures to bypass SAML SSO and impersonate any Wire user with SAML credentials. In teams with SAML, but without SCIM, it was possible to create new accounts with fake SAML credentials. Under certain conditions that can be established by an attacker, an upstream library for parsing, rendering, signing, and validating SAML XML data was accepting public keys as trusted that were provided by the attacker in the signature. As a consequence, the attacker could login as any user in any Wire team with SAML SSO enabled. If SCIM was not enabled, the attacker could also create new users with new SAML NameIDs. In order to exploit this vulnerability, the attacker needs to know the SSO login code (distributed to all team members with SAML credentials and visible in the Team Management app), the SAML EntityID identifying the IdP (a URL not considered sensitive, but usually hard to guess, also visible in Team Management), and the SAML NameID of the user (usually an email address or a nick). The issue has been fixed in wire-server `2022-01-27` and is already deployed on all Wire managed services. On premise instances of wire-server need to be updated to `2022-01-27`, so that their backends are no longer affected. There are currently no known workarounds. More detailed information about how to reproduce the vulnerability and mitigation strategies is available in the GitHub Security Advisory.https://nvd.nist.gov/vuln/detail/CVE-2022-23610
CVE-2022-26293Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php.https://nvd.nist.gov/vuln/detail/CVE-2022-26293
CVE-2022-26295A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user of Online Project Time Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user name field.https://nvd.nist.gov/vuln/detail/CVE-2022-26295
CVE-2021-42219Go-Ethereum v1.10.9 was discovered to contain an issue which allows attackers to cause a denial of service (DoS) via sending an excessive amount of messages to a node. This is caused by missing memory in the component /ethash/algorithm.go.https://nvd.nist.gov/vuln/detail/CVE-2021-42219
CVE-2022-26300EOS v2.1.0 was discovered to contain a heap-buffer-overflow via the function txn_test_gen_plugin.https://nvd.nist.gov/vuln/detail/CVE-2022-26300
CVE-2022-26534FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via a malicious viewchange packet, will cause normal nodes to change view excessively and stop generating blocks.https://nvd.nist.gov/vuln/detail/CVE-2022-26534
CVE-2022-24072The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool.https://nvd.nist.gov/vuln/detail/CVE-2022-24072
CVE-2022-24073The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.https://nvd.nist.gov/vuln/detail/CVE-2022-24073
CVE-2022-24074Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.https://nvd.nist.gov/vuln/detail/CVE-2022-24074
CVE-2022-24075Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.https://nvd.nist.gov/vuln/detail/CVE-2022-24075
CVE-2021-45791Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users.https://nvd.nist.gov/vuln/detail/CVE-2021-45791
CVE-2021-45792Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php.https://nvd.nist.gov/vuln/detail/CVE-2021-45792
CVE-2022-1000Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.https://nvd.nist.gov/vuln/detail/CVE-2022-1000
CVE-2021-23632All versions of package git are vulnerable to Remote Code Execution (RCE) due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands. Steps to Reproduce 1. Create a file named exploit.js with the following content: js var Git = require("git").Git; var repo = new Git("repo-test"); var user_input = "version; date"; repo.git(user_input, function(err, result) { console.log(result); }) 2. In the same directory as exploit.js, run npm install git. 3. Run exploit.js: node exploit.js. You should see the outputs of both the git version and date command-lines. Note that the repo-test Git repository does not need to be present to make this PoC work.https://nvd.nist.gov/vuln/detail/CVE-2021-23632
CVE-2021-44908SailsJS Sails.js <=1.4.0 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules().https://nvd.nist.gov/vuln/detail/CVE-2021-44908
CVE-2021-45793Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained.https://nvd.nist.gov/vuln/detail/CVE-2021-45793
CVE-2021-45794Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained.https://nvd.nist.gov/vuln/detail/CVE-2021-45794
CVE-2022-0748The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed.https://nvd.nist.gov/vuln/detail/CVE-2022-0748
CVE-2022-0749This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter.https://nvd.nist.gov/vuln/detail/CVE-2022-0749
CVE-2022-25760All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If (attacker-controlled) user input is given to the format option of the package's exported constructor function, it is possible for an attacker to execute arbitrary JavaScript code on the host that this package is being run on.https://nvd.nist.gov/vuln/detail/CVE-2022-25760
CVE-2021-44259A vulnerability is in the 'wx.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When an unauthorized user accesses this page directly, it connects to this device as a friend of the device owner.https://nvd.nist.gov/vuln/detail/CVE-2021-44259
CVE-2021-44260A vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information of the manager of router.https://nvd.nist.gov/vuln/detail/CVE-2021-44260
CVE-2021-44261A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device.https://nvd.nist.gov/vuln/detail/CVE-2021-44261
CVE-2021-44262A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device.https://nvd.nist.gov/vuln/detail/CVE-2021-44262
CVE-2022-24761Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled via the front-end proxy to waitress and later behavior. There are two classes of vulnerability that may lead to request smuggling that are addressed by this advisory: The use of Python's `int()` to parse strings into integers, leading to `+10` to be parsed as `10`, or `0x01` to be parsed as `1`, where as the standard specifies that the string should contain only digits or hex digits; and Waitress does not support chunk extensions, however it was discarding them without validating that they did not contain illegal characters. This vulnerability has been patched in Waitress 2.1.1. A workaround is available. When deploying a proxy in front of waitress, turning on any and all functionality to make sure that the request matches the RFC7230 standard. Certain proxy servers may not have this functionality though and users are encouraged to upgrade to the latest version of waitress instead.https://nvd.nist.gov/vuln/detail/CVE-2022-24761
CVE-2020-15591fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution).https://nvd.nist.gov/vuln/detail/CVE-2020-15591
CVE-2021-44906Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).https://nvd.nist.gov/vuln/detail/CVE-2021-44906
CVE-2022-26526Anaconda Anaconda3 through 2021.11.0.0 and Miniconda3 through 11.0.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse file into that directory. (This problem can only happen in a non-default installation. The person who installs the product must specify that it is being installed for all users. Also, the person who installs the product must specify that the system PATH should be changed.)https://nvd.nist.gov/vuln/detail/CVE-2022-26526
CVE-2022-24759`@chainsafe/libp2p-noise` contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. `@chainsafe/libp2p-noise` before 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pose as other peers and get those peers banned. Users should upgrade to version 4.1.2 or 5.0.3 to receive a patch. There are currently no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2022-24759
CVE-2022-25364In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as part of a build. As of 2021.4.2, the built-in build cache is inaccessible-by-default, requiring explicit configuration of its access-control settings before it can be used. (Remote build cache nodes are unaffected as they are inaccessible-by-default.)https://nvd.nist.gov/vuln/detail/CVE-2022-25364
CVE-2022-26503Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-26503
CVE-2022-25949The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow.https://nvd.nist.gov/vuln/detail/CVE-2022-25949
CVE-2022-25969The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.https://nvd.nist.gov/vuln/detail/CVE-2022-25969
CVE-2022-26081The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.https://nvd.nist.gov/vuln/detail/CVE-2022-26081
CVE-2022-26511WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files('current directory type' DLL loading).https://nvd.nist.gov/vuln/detail/CVE-2022-26511
CVE-2021-44907A Denial of Service vulnerability exists in qs up to 6.8.0 due to insufficient sanitization of property in the gs.parse function. The merge() function allows the assignment of properties on an array in the query. For any property being assigned, a value in the array is converted to an object containing these properties. Essentially, this means that the property whose expected type is Array always has to be checked with Array.isArray() by the user. This may not be obvious to the user and can cause unexpected behavior.https://nvd.nist.gov/vuln/detail/CVE-2021-44907
CVE-2021-45040The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route.https://nvd.nist.gov/vuln/detail/CVE-2021-45040
CVE-2021-46107Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features.https://nvd.nist.gov/vuln/detail/CVE-2021-46107
CVE-2022-24770`gradio` is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, `gradio` suffers from Improper Neutralization of Formula Elements in a CSV File. The `gradio` library has a flagging functionality which saves input/output data into a CSV file on the developer's computer. This can allow a user to save arbitrary text into the CSV file, such as commands. If a program like MS Excel opens such a file, then it automatically runs these commands, which could lead to arbitrary commands running on the user's computer. The problem has been patched as of `2.8.11`, which escapes the saved csv with single quotes. As a workaround, avoid opening csv files generated by `gradio` with Excel or similar spreadsheet programs.https://nvd.nist.gov/vuln/detail/CVE-2022-24770
CVE-2022-26500Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2022-26500
CVE-2022-26501Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).https://nvd.nist.gov/vuln/detail/CVE-2022-26501
CVE-2022-26504Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exehttps://nvd.nist.gov/vuln/detail/CVE-2022-26504
CVE-2021-43961Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.https://nvd.nist.gov/vuln/detail/CVE-2021-43961
CVE-2021-44087A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload.https://nvd.nist.gov/vuln/detail/CVE-2021-44087
CVE-2021-44088An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows a remote attacker to bypass authentication via unsanitized login parameters.https://nvd.nist.gov/vuln/detail/CVE-2021-44088
CVE-2022-24302In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.https://nvd.nist.gov/vuln/detail/CVE-2022-24302
CVE-2022-0237Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80.https://nvd.nist.gov/vuln/detail/CVE-2022-0237
CVE-2022-0757Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow an attacker to manipulate the "ANY" and "OR" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129.https://nvd.nist.gov/vuln/detail/CVE-2022-0757
CVE-2022-0758Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker could pass literal values as the test credentials, providing the opportunity for a potential XSS attack. This issue is fixed in Rapid7 Nexpose version 6.6.130.https://nvd.nist.gov/vuln/detail/CVE-2022-0758
CVE-2021-45966An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters.https://nvd.nist.gov/vuln/detail/CVE-2021-45966
CVE-2021-45967An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.https://nvd.nist.gov/vuln/detail/CVE-2021-45967
CVE-2021-45968An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394.https://nvd.nist.gov/vuln/detail/CVE-2021-45968
CVE-2022-27240scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion.https://nvd.nist.gov/vuln/detail/CVE-2022-27240
CVE-2021-45868In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.https://nvd.nist.gov/vuln/detail/CVE-2021-45868
CVE-2022-26965In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-26965
CVE-2022-27191golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b in Go through 1.16.15 and 1.17.x through 1.17.8 allows an attacker to crash a server in certain circumstances involving AddHostKey.https://nvd.nist.gov/vuln/detail/CVE-2022-27191
CVE-2021-22571A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above.https://nvd.nist.gov/vuln/detail/CVE-2021-22571
CVE-2021-45834An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2021-45834
CVE-2021-45835The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of dangerous types to the application through documents.php, which may be used to execute malicious code or lead to code execution.https://nvd.nist.gov/vuln/detail/CVE-2021-45835
CVE-2022-24655A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication.https://nvd.nist.gov/vuln/detail/CVE-2022-24655
CVE-2022-0742Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc.https://nvd.nist.gov/vuln/detail/CVE-2022-0742
CVE-2022-24595Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP (or WebSocket) request to the socket listened by the afb-daemon process. No credentials nor user interactions are required.https://nvd.nist.gov/vuln/detail/CVE-2022-24595
CVE-2022-24771Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2022-24771
CVE-2022-24772Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2022-24772
CVE-2022-24773Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not properly check `DigestInfo` for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2022-24773
CVE-2021-29899IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413.https://nvd.nist.gov/vuln/detail/CVE-2021-29899
CVE-2021-39046IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346.https://nvd.nist.gov/vuln/detail/CVE-2021-39046
CVE-2022-24637Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended "<?php sequence) aren't handled by the PHP interpreter.https://nvd.nist.gov/vuln/detail/CVE-2022-24637
CVE-2020-15388A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files.https://nvd.nist.gov/vuln/detail/CVE-2020-15388
CVE-2020-16232In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be caused when a user loads a maliciously crafted project file.https://nvd.nist.gov/vuln/detail/CVE-2020-16232
CVE-2020-25176Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution.https://nvd.nist.gov/vuln/detail/CVE-2020-25176
CVE-2020-25178ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files.https://nvd.nist.gov/vuln/detail/CVE-2020-25178
CVE-2020-25180Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device.https://nvd.nist.gov/vuln/detail/CVE-2020-25180
CVE-2020-25182Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems.https://nvd.nist.gov/vuln/detail/CVE-2020-25182
CVE-2020-25184Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure.https://nvd.nist.gov/vuln/detail/CVE-2020-25184
CVE-2020-25193By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection.https://nvd.nist.gov/vuln/detail/CVE-2020-25193
CVE-2020-25197A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system.https://nvd.nist.gov/vuln/detail/CVE-2020-25197
CVE-2021-23150Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.31).https://nvd.nist.gov/vuln/detail/CVE-2021-23150
CVE-2021-23209Multiple Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.32).https://nvd.nist.gov/vuln/detail/CVE-2021-23209
CVE-2021-27789The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials.https://nvd.nist.gov/vuln/detail/CVE-2021-27789
CVE-2021-30771An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6, watchOS 7.5, tvOS 14.6. Processing a maliciously crafted font file may lead to arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2021-30771
CVE-2021-44760Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6).https://nvd.nist.gov/vuln/detail/CVE-2021-44760
CVE-2021-4031Syltek application before its 10.22.00 version, does not correctly check that a product ID has a valid payment associated to it. This could allow an attacker to forge a request and bypass the payment system by marking items as payed without any verification.https://nvd.nist.gov/vuln/detail/CVE-2021-4031
CVE-2022-0547OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.https://nvd.nist.gov/vuln/detail/CVE-2022-0547
CVE-2022-1002Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations.https://nvd.nist.gov/vuln/detail/CVE-2022-1002
CVE-2022-1003One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads.https://nvd.nist.gov/vuln/detail/CVE-2022-1003
CVE-2022-1011A flaw use after free in the Linux kernel FUSE filesystem was found in the way user triggers write(). A local user could use this flaw to get some unauthorized access to some data from the FUSE filesystem and as result potentially privilege escalation too.https://nvd.nist.gov/vuln/detail/CVE-2022-1011
CVE-2022-22578A logic issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. A malicious application may be able to gain root privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-22578
CVE-2022-22579An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-22579
CVE-2022-22583A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files.https://nvd.nist.gov/vuln/detail/CVE-2022-22583
CVE-2022-22584A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. Processing a maliciously crafted file may lead to arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-22584
CVE-2022-22585An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access a user's files.https://nvd.nist.gov/vuln/detail/CVE-2022-22585
CVE-2022-22586An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-22586
CVE-2022-22587A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..https://nvd.nist.gov/vuln/detail/CVE-2022-22587
CVE-2022-22588A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 15.2.1 and iPadOS 15.2.1. Processing a maliciously crafted HomeKit accessory name may cause a denial of service.https://nvd.nist.gov/vuln/detail/CVE-2022-22588
CVE-2022-22589A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.https://nvd.nist.gov/vuln/detail/CVE-2022-22589
CVE-2022-22590A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-22590
CVE-2022-22591A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-22591
CVE-2022-22592A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.https://nvd.nist.gov/vuln/detail/CVE-2022-22592
CVE-2022-22593A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-22593
CVE-2022-22594A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information.https://nvd.nist.gov/vuln/detail/CVE-2022-22594
CVE-2022-22596A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-22596
CVE-2022-22597A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-22597
CVE-2022-22598An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 15.4 and iPadOS 15.4. An app may be able to learn information about the current camera view before being granted camera access.https://nvd.nist.gov/vuln/detail/CVE-2022-22598
CVE-2022-22599Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen.https://nvd.nist.gov/vuln/detail/CVE-2022-22599
CVE-2022-22600The issue was addressed with improved permissions logic. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to bypass certain Privacy preferences.https://nvd.nist.gov/vuln/detail/CVE-2022-22600
CVE-2022-22601An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-22601
CVE-2022-22602An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-22602
CVE-2022-22603An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-22603
CVE-2022-22604An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-22604
CVE-2022-22605An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-22605
CVE-2022-22606An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-22606
CVE-2022-22607An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-22607
CVE-2022-22608An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-22608
CVE-2022-22609The issue was addressed with additional permissions checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to read other applications' settings.https://nvd.nist.gov/vuln/detail/CVE-2022-22609
CVE-2022-22611An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-22611
CVE-2022-22612A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to heap corruption.https://nvd.nist.gov/vuln/detail/CVE-2022-22612
CVE-2022-22613An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-22613
CVE-2022-22614A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-22614
CVE-2022-22615A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-22615
CVE-2022-22617A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-22617
CVE-2022-22618This issue was addressed with improved checks. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt.https://nvd.nist.gov/vuln/detail/CVE-2022-22618
CVE-2022-22620A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..https://nvd.nist.gov/vuln/detail/CVE-2022-22620
CVE-2022-22621This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions.https://nvd.nist.gov/vuln/detail/CVE-2022-22621
CVE-2022-22622This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions.https://nvd.nist.gov/vuln/detail/CVE-2022-22622
CVE-2022-22623Multiple issues were addressed by updating to curl version 7.79.1. This issue is fixed in macOS Monterey 12.3. Multiple issues in curl.https://nvd.nist.gov/vuln/detail/CVE-2022-22623
CVE-2022-22625An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.https://nvd.nist.gov/vuln/detail/CVE-2022-22625
CVE-2022-22626An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.https://nvd.nist.gov/vuln/detail/CVE-2022-22626
CVE-2022-22627An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.https://nvd.nist.gov/vuln/detail/CVE-2022-22627
CVE-2022-22631An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-22631
CVE-2022-22632A logic issue was addressed with improved state management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, watchOS 8.5, macOS Monterey 12.3. A malicious application may be able to elevate privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-22632
CVE-2022-22633A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-22633
CVE-2022-22634A buffer overflow was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. A malicious application may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-22634
CVE-2022-22635An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to gain elevated privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-22635
CVE-2022-22636An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-22636
CVE-2022-22638A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service attack.https://nvd.nist.gov/vuln/detail/CVE-2022-22638
CVE-2022-22639A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-22639
CVE-2022-22640A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. An application may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-22640
CVE-2022-22641A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-22641
CVE-2022-22642This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt.https://nvd.nist.gov/vuln/detail/CVE-2022-22642
CVE-2022-22643This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime call without knowing that they have done so.https://nvd.nist.gov/vuln/detail/CVE-2022-22643
CVE-2022-22644A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to access information about a user's contacts.https://nvd.nist.gov/vuln/detail/CVE-2022-22644
CVE-2022-22647This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A person with access to a Mac may be able to bypass Login Window.https://nvd.nist.gov/vuln/detail/CVE-2022-22647
CVE-2022-22648This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to read restricted memory.https://nvd.nist.gov/vuln/detail/CVE-2022-22648
CVE-2022-22650This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application's permissions and access user data.https://nvd.nist.gov/vuln/detail/CVE-2022-22650
CVE-2022-22651An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.3. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.https://nvd.nist.gov/vuln/detail/CVE-2022-22651
CVE-2022-22652The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access may be able to view and modify the carrier account information and settings from the lock screen.https://nvd.nist.gov/vuln/detail/CVE-2022-22652
CVE-2022-22653A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4. A malicious website may be able to access information about the user and their devices.https://nvd.nist.gov/vuln/detail/CVE-2022-22653
CVE-2022-22654A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing.https://nvd.nist.gov/vuln/detail/CVE-2022-22654
CVE-2022-22656An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen.https://nvd.nist.gov/vuln/detail/CVE-2022-22656
CVE-2022-22657A memory initialization issue was addressed with improved memory handling. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-22657
CVE-2022-22659A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An attacker in a privileged network position may be able to leak sensitive user information.https://nvd.nist.gov/vuln/detail/CVE-2022-22659
CVE-2022-22660This issue was addressed with a new entitlement. This issue is fixed in macOS Monterey 12.3. An app may be able to spoof system notifications and UI.https://nvd.nist.gov/vuln/detail/CVE-2022-22660
CVE-2022-22661A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-22661
CVE-2022-22664An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-22664
CVE-2022-22665A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-22665
CVE-2022-22666A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corruption.https://nvd.nist.gov/vuln/detail/CVE-2022-22666
CVE-2022-22667A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-22667
CVE-2022-22669A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-22669
CVE-2022-22670An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. A malicious application may be able to identify what other applications a user has installed.https://nvd.nist.gov/vuln/detail/CVE-2022-22670
CVE-2022-22671An authentication issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to access photos from the lock screen.https://nvd.nist.gov/vuln/detail/CVE-2022-22671
CVE-2022-24091Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file.https://nvd.nist.gov/vuln/detail/CVE-2022-24091
CVE-2022-25602Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7).https://nvd.nist.gov/vuln/detail/CVE-2022-25602
CVE-2022-25603Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5).https://nvd.nist.gov/vuln/detail/CVE-2022-25603
CVE-2022-25604Authenticated (contributor of higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Price Table plugin (versions <= 0.2.2).https://nvd.nist.gov/vuln/detail/CVE-2022-25604
CVE-2022-25605Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url.https://nvd.nist.gov/vuln/detail/CVE-2022-25605
CVE-2022-25607Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727).https://nvd.nist.gov/vuln/detail/CVE-2022-25607
CVE-2022-27243An issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting.https://nvd.nist.gov/vuln/detail/CVE-2022-27243
CVE-2022-27244An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user.https://nvd.nist.gov/vuln/detail/CVE-2022-27244
CVE-2022-27245An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF.https://nvd.nist.gov/vuln/detail/CVE-2022-27245
CVE-2022-27246An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default.https://nvd.nist.gov/vuln/detail/CVE-2022-27246
CVE-2022-25427Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function.https://nvd.nist.gov/vuln/detail/CVE-2022-25427
CVE-2022-25428Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in the saveparentcontrolinfo function.https://nvd.nist.gov/vuln/detail/CVE-2022-25428
CVE-2022-25429Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function.https://nvd.nist.gov/vuln/detail/CVE-2022-25429
CVE-2022-25431Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and V11 parameter in the Formsetqosband function.https://nvd.nist.gov/vuln/detail/CVE-2022-25431
CVE-2022-25433Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the urls parameter in the saveparentcontrolinfo function.https://nvd.nist.gov/vuln/detail/CVE-2022-25433
CVE-2022-25434Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the firewallen parameter in the SetFirewallCfg function.https://nvd.nist.gov/vuln/detail/CVE-2022-25434
CVE-2022-25435Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function.https://nvd.nist.gov/vuln/detail/CVE-2022-25435
CVE-2022-25437Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function.https://nvd.nist.gov/vuln/detail/CVE-2022-25437
CVE-2022-25438Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the SetIPTVCfg function.https://nvd.nist.gov/vuln/detail/CVE-2022-25438
CVE-2022-25439Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function.https://nvd.nist.gov/vuln/detail/CVE-2022-25439
CVE-2022-25440Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function.https://nvd.nist.gov/vuln/detail/CVE-2022-25440
CVE-2022-25441Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function.https://nvd.nist.gov/vuln/detail/CVE-2022-25441
CVE-2022-25445Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function.https://nvd.nist.gov/vuln/detail/CVE-2022-25445
CVE-2022-25446Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedstarttime parameter in the openSchedWifi function.https://nvd.nist.gov/vuln/detail/CVE-2022-25446
CVE-2022-25447Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function.https://nvd.nist.gov/vuln/detail/CVE-2022-25447
CVE-2022-25448Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the day parameter in the openSchedWifi function.https://nvd.nist.gov/vuln/detail/CVE-2022-25448
CVE-2022-25449Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function.https://nvd.nist.gov/vuln/detail/CVE-2022-25449
CVE-2022-25450Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function.https://nvd.nist.gov/vuln/detail/CVE-2022-25450
CVE-2022-25451Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the setstaticroutecfg function.https://nvd.nist.gov/vuln/detail/CVE-2022-25451
CVE-2022-25452Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the URLs parameter in the saveParentControlInfo function.https://nvd.nist.gov/vuln/detail/CVE-2022-25452
CVE-2022-25453Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the saveParentControlInfo function.https://nvd.nist.gov/vuln/detail/CVE-2022-25453
CVE-2022-25454Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the loginpwd parameter in the SetFirewallCfg function.https://nvd.nist.gov/vuln/detail/CVE-2022-25454
CVE-2022-25455Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function.https://nvd.nist.gov/vuln/detail/CVE-2022-25455
CVE-2022-25456Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the security_5g parameter in the WifiBasicSet function.https://nvd.nist.gov/vuln/detail/CVE-2022-25456
CVE-2022-25457Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function.https://nvd.nist.gov/vuln/detail/CVE-2022-25457
CVE-2022-25458Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the cmdinput parameter in the exeCommand function.https://nvd.nist.gov/vuln/detail/CVE-2022-25458
CVE-2022-25459Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the S1 parameter in the SetSysTimeCfg function.https://nvd.nist.gov/vuln/detail/CVE-2022-25459
CVE-2022-25460Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the endip parameter in the SetPptpServerCfg function.https://nvd.nist.gov/vuln/detail/CVE-2022-25460
CVE-2022-25461Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the startip parameter in the SetPptpServerCfg function.https://nvd.nist.gov/vuln/detail/CVE-2022-25461
CVE-2022-27250The UNISOC chipset through 2022-03-15 allows attackers to obtain remote control of a mobile phone, e.g., to obtain sensitive information from text messages or the device's screen, record video of the device's physical environment, or modify data.https://nvd.nist.gov/vuln/detail/CVE-2022-27250
CVE-2022-25389DCN Firewall DCME-520 was discovered to contain an arbitrary file download vulnerability via the path parameter in the file /audit/log/log_management.php.https://nvd.nist.gov/vuln/detail/CVE-2022-25389
CVE-2022-25390DCN Firewall DCME-520 was discovered to contain a remote command execution (RCE) vulnerability via the host parameter in the file /system/tool/ping.php.https://nvd.nist.gov/vuln/detail/CVE-2022-25390
CVE-2022-25578taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.https://nvd.nist.gov/vuln/detail/CVE-2022-25578
CVE-2022-25581Classcms v2.5 and below contains an arbitrary file upload via the component \\class\\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file.https://nvd.nist.gov/vuln/detail/CVE-2022-25581
CVE-2022-26265Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-26265
CVE-2022-26266Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php.https://nvd.nist.gov/vuln/detail/CVE-2022-26266
CVE-2022-26267Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php.https://nvd.nist.gov/vuln/detail/CVE-2022-26267
CVE-2022-27226A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor's defined interval, leading to remote code execution, allowing the threat actor to gain filesystem access. In addition, if the router's default credentials aren't rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction.https://nvd.nist.gov/vuln/detail/CVE-2022-27226
CVE-2022-0991Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9.https://nvd.nist.gov/vuln/detail/CVE-2022-0991
CVE-2022-24126A buffer overflow in the NRSessionSearchResult parser in Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allows remote attackers to execute arbitrary code via matchmaking servers, a different vulnerability than CVE-2021-34170.https://nvd.nist.gov/vuln/detail/CVE-2022-24126
CVE-2022-24125The matchmaking servers of Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allow remote attackers to send arbitrary push requests to clients via a RequestSendMessageToPlayers request. For example, ability to send a push message to hundreds of thousands of machines is only restricted on the client side, and can thus be bypassed with a modified client.https://nvd.nist.gov/vuln/detail/CVE-2022-24125
CVE-2021-44345Beijing Wisdom Vision Technology Industry Co., Ltd One Card Integrated Management System 3.0 is vulnerable to SQL Injection.https://nvd.nist.gov/vuln/detail/CVE-2021-44345
CVE-2022-25464A stored cross-site scripting (XSS) vulnerability in the component /admin/contenttemp of DoraCMS v2.1.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2022-25464
CVE-2022-26246TMS v2.28.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /TMS/admin/setting/mail/createorupdate.https://nvd.nist.gov/vuln/detail/CVE-2022-26246
CVE-2022-26247TMS v2.28.0 contains an insecure permissions vulnerability via the component /TMS/admin/user/Update2. This vulnerability allows attackers to modify the administrator account and password.https://nvd.nist.gov/vuln/detail/CVE-2022-26247
CVE-2022-26555A stored cross-site scripting (XSS) vulnerability in the Add a Button function of Eova v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the button name text box.https://nvd.nist.gov/vuln/detail/CVE-2022-26555
CVE-2022-25462Yafu v2.0 contains a segmentation fault via the component /factor/avx-ecm/vecarith52.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.https://nvd.nist.gov/vuln/detail/CVE-2022-25462
CVE-2020-26007An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.https://nvd.nist.gov/vuln/detail/CVE-2020-26007
CVE-2020-26008The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file.https://nvd.nist.gov/vuln/detail/CVE-2020-26008
CVE-2021-39383DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java.https://nvd.nist.gov/vuln/detail/CVE-2021-39383
CVE-2021-39384DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java.https://nvd.nist.gov/vuln/detail/CVE-2021-39384
CVE-2021-42194The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-42194
CVE-2022-25481ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php.https://nvd.nist.gov/vuln/detail/CVE-2022-25481
CVE-2022-25505Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \\include\\Model\\Category.php.https://nvd.nist.gov/vuln/detail/CVE-2022-25505
CVE-2021-36100Specially crafted string in OTRS system configuration can allow the execution of any system command.https://nvd.nist.gov/vuln/detail/CVE-2021-36100
CVE-2022-0475Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions.https://nvd.nist.gov/vuln/detail/CVE-2022-0475
CVE-2022-1004Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled.https://nvd.nist.gov/vuln/detail/CVE-2022-1004
CVE-2021-45876Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection. The url parameter of the function module downloadAndUpdate is vulnerable to an command Injection. Unfiltered user input is used to generate code which then gets executed when downloading new firmware.https://nvd.nist.gov/vuln/detail/CVE-2021-45876
CVE-2021-45877Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded credential exist in /etc/tomcat8/tomcat-user.xml, which allows attackers to gain authorized access and control the tomcat completely on port 8000 in the tomcat manger page.https://nvd.nist.gov/vuln/detail/CVE-2021-45877
CVE-2021-45878Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by incorrect access control. Lack of access control on the web manger pages allows any user to view and modify information.https://nvd.nist.gov/vuln/detail/CVE-2021-45878
CVE-2022-0415Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.https://nvd.nist.gov/vuln/detail/CVE-2022-0415
CVE-2022-24656HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By putting a common XSS payload in a markdown file, if opened with the app, will execute several times.https://nvd.nist.gov/vuln/detail/CVE-2022-24656
CVE-2022-1035Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV.https://nvd.nist.gov/vuln/detail/CVE-2022-1035
CVE-2022-25570In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder (with the default permission model) can extend his permissions to all other password lists in the same folder.https://nvd.nist.gov/vuln/detail/CVE-2022-25570
CVE-2020-24772In Dreamacro 1.1.0, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. Windows will perform NTLM authentication when opening the SMB share and that request can be relayed (using a tool like responder) for code execution (or captured for hash cracking).https://nvd.nist.gov/vuln/detail/CVE-2020-24772
CVE-2021-45117The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.https://nvd.nist.gov/vuln/detail/CVE-2021-45117
CVE-2022-26494An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a worker name.https://nvd.nist.gov/vuln/detail/CVE-2022-26494
CVE-2022-22394The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node access to the vulnerable server.https://nvd.nist.gov/vuln/detail/CVE-2022-22394
CVE-2022-26960connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.https://nvd.nist.gov/vuln/detail/CVE-2022-26960
CVE-2022-24235A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors.https://nvd.nist.gov/vuln/detail/CVE-2022-24235
CVE-2022-24236An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users' accounts.https://nvd.nist.gov/vuln/detail/CVE-2022-24236
CVE-2022-24237The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands.https://nvd.nist.gov/vuln/detail/CVE-2022-24237
CVE-2022-25766The package ungit before 1.5.20 are vulnerable to Remote Code Execution (RCE) via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values (remote and ref) are passed to the git fetch command. By injecting some git options it was possible to get arbitrary command execution.https://nvd.nist.gov/vuln/detail/CVE-2022-25766
CVE-2021-24905The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPress setup again, gain administrator privileges and execute arbitrary code or display arbitrary content to the users.https://nvd.nist.gov/vuln/detail/CVE-2021-24905
CVE-2021-25019The SEO Plugin by Squirrly SEO WordPress plugin before 11.1.12 does not escape the type parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scriptinghttps://nvd.nist.gov/vuln/detail/CVE-2021-25019
CVE-2022-0229The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable.https://nvd.nist.gov/vuln/detail/CVE-2022-0229
CVE-2022-0364The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attackshttps://nvd.nist.gov/vuln/detail/CVE-2022-0364
CVE-2022-0423The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing any authenticated users, such as subscriber to put Cross-Site Scripting payloads in all pages with a 3d flipbook.https://nvd.nist.gov/vuln/detail/CVE-2022-0423
CVE-2022-0514Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5.https://nvd.nist.gov/vuln/detail/CVE-2022-0514
CVE-2022-0515Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4.https://nvd.nist.gov/vuln/detail/CVE-2022-0515
CVE-2022-0590The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.https://nvd.nist.gov/vuln/detail/CVE-2022-0590
CVE-2022-0591The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated usershttps://nvd.nist.gov/vuln/detail/CVE-2022-0591
CVE-2022-0616The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting customers, which could allow attackers to make a logged in admin delete arbitrary customers via a CSRF attackhttps://nvd.nist.gov/vuln/detail/CVE-2022-0616
CVE-2022-0627The Amelia WordPress plugin before 1.0.47 does not sanitize and escape the code parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.https://nvd.nist.gov/vuln/detail/CVE-2022-0627
CVE-2022-0628The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the _wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.https://nvd.nist.gov/vuln/detail/CVE-2022-0628
CVE-2022-0640The Pricing Table Builder WordPress plugin before 1.1.5 does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.https://nvd.nist.gov/vuln/detail/CVE-2022-0640
CVE-2022-0681The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions via a CSRF attackhttps://nvd.nist.gov/vuln/detail/CVE-2022-0681
CVE-2022-0687The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role.https://nvd.nist.gov/vuln/detail/CVE-2022-0687
CVE-2022-0694The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abc_booking_getSingleCalendar AJAX action (available to both unauthenticated and authenticated users), leading to an unauthenticated SQL injectionhttps://nvd.nist.gov/vuln/detail/CVE-2022-0694
CVE-2022-0739The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injectionhttps://nvd.nist.gov/vuln/detail/CVE-2022-0739
CVE-2022-0747The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injectionhttps://nvd.nist.gov/vuln/detail/CVE-2022-0747
CVE-2022-0760The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injectionhttps://nvd.nist.gov/vuln/detail/CVE-2022-0760
CVE-2022-24766mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While mitmproxy would only see one request, the target server would see multiple requests. A smuggled request is still captured as part of another request's body, but it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless mitmproxy is used to protect an HTTP/1 service, no action is required. The vulnerability has been fixed in mitmproxy 8.0.0 and above. There are currently no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2022-24766
CVE-2022-24775guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2022-24775
CVE-2021-46390An access control issue in the authentication module of Lexar_F35 v1.0.34 allows attackers to access sensitive data and cause a Denial of Service (DoS). An attacker without access to securely protected data on a secure USB flash drive can bypass user authentication without having any information related to the password of the registered user. The secure USB flash drive transmits the password entered by the user to the authentication module in the drive after the user registers a password, and then the input password is compared with the registered password stored in the authentication module. Subsequently, the module returns the comparison result for the authentication decision. Therefore, an attacker can bypass password authentication by analyzing the functions that return the password verification or comparison results and manipulate the authentication result values. Accordingly, even if attackers enter an incorrect password, they can be authenticated as a legitimate user and can therefore exploit functions of the secure USB flash drive by manipulating the authentication result values.https://nvd.nist.gov/vuln/detail/CVE-2021-46390
CVE-2022-23345BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control.https://nvd.nist.gov/vuln/detail/CVE-2022-23345
CVE-2022-23346BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues.https://nvd.nist.gov/vuln/detail/CVE-2022-23346
CVE-2022-23347BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks.https://nvd.nist.gov/vuln/detail/CVE-2022-23347
CVE-2022-23348BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes.https://nvd.nist.gov/vuln/detail/CVE-2022-23348
CVE-2022-23349BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF).https://nvd.nist.gov/vuln/detail/CVE-2022-23349
CVE-2022-23350BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-23350
CVE-2022-23352An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS).https://nvd.nist.gov/vuln/detail/CVE-2022-23352
CVE-2022-26148An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.https://nvd.nist.gov/vuln/detail/CVE-2022-26148
CVE-2021-38745Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page.https://nvd.nist.gov/vuln/detail/CVE-2021-38745
CVE-2021-40662A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL.https://nvd.nist.gov/vuln/detail/CVE-2021-40662
CVE-2022-26174A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to execute arbitrary code via a crafted payload injected into the display fields.https://nvd.nist.gov/vuln/detail/CVE-2022-26174
CVE-2022-26183PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute PNPM commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS.https://nvd.nist.gov/vuln/detail/CVE-2022-26183
CVE-2022-26184Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS.https://nvd.nist.gov/vuln/detail/CVE-2022-26184
CVE-2022-27090Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-27090
CVE-2022-27333idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data.https://nvd.nist.gov/vuln/detail/CVE-2022-27333
CVE-2022-26283Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.https://nvd.nist.gov/vuln/detail/CVE-2022-26283
CVE-2022-26284Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.https://nvd.nist.gov/vuln/detail/CVE-2022-26284
CVE-2022-26285Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.https://nvd.nist.gov/vuln/detail/CVE-2022-26285
CVE-2022-27607Bento4 1.6.0-639 has a heap-based buffer over-read in the AP4_HvccAtom class, a different issue than CVE-2018-14531.https://nvd.nist.gov/vuln/detail/CVE-2022-27607
CVE-2022-0386A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710.https://nvd.nist.gov/vuln/detail/CVE-2022-0386
CVE-2022-0652Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710.https://nvd.nist.gov/vuln/detail/CVE-2022-0652
CVE-2022-1034There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4.https://nvd.nist.gov/vuln/detail/CVE-2022-1034
CVE-2021-45809Multiple versions of GlobalProtect-openconnect are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the `--script=--redacted-- versions of GlobalProtect-openconnect are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the `--script=<script>` parameterhttps://nvd.nist.gov/vuln/detail/CVE-2021-45809
CVE-2021-45810Multiple versions of GlobalProtect-openconnect are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the attack can redirect the entire host's traffic via their own server.https://nvd.nist.gov/vuln/detail/CVE-2021-45810
CVE-2022-0667When the vulnerability is triggered the BIND process will exit. BIND 9.18.0https://nvd.nist.gov/vuln/detail/CVE-2022-0667
CVE-2022-1036Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12.https://nvd.nist.gov/vuln/detail/CVE-2022-1036
CVE-2021-43650WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username during the login process.https://nvd.nist.gov/vuln/detail/CVE-2021-43650
CVE-2022-21718Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue.https://nvd.nist.gov/vuln/detail/CVE-2022-21718
CVE-2022-24764PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly call `pjmedia_sdp_print()` or `pjmedia_sdp_media_print()` should not be affected. A patch is available on the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2022-24764
CVE-2022-24774CycloneDX BOM Repository Server is a bill of materials (BOM) repository server for distributing CycloneDX BOMs. CycloneDX BOM Repository Server before version 2.0.1 has an improper input validation vulnerability leading to path traversal. A malicious user may potentially exploit this vulnerability to create arbitrary directories or a denial of service by deleting arbitrary directories. The vulnerability is resolved in version 2.0.1. The vulnerability is not exploitable with the default configuration with the post and delete methods disabled. This can be configured by modifying the `appsettings.json` file, or alternatively, setting the environment variables `ALLOWEDMETHODS__POST` and `ALLOWEDMETHODS__DELETE` to `false`.https://nvd.nist.gov/vuln/detail/CVE-2022-24774
CVE-2022-25484tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1.https://nvd.nist.gov/vuln/detail/CVE-2022-25484
CVE-2021-41736Faust v2.35.0 was discovered to contain a heap-buffer overflow in the function realPropagate() at propagate.cpp.https://nvd.nist.gov/vuln/detail/CVE-2021-41736
CVE-2022-27228In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2022-27228
CVE-2022-25517MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column parameter in /core/conditions/AbstractWrapper.java.https://nvd.nist.gov/vuln/detail/CVE-2022-25517
CVE-2022-26260Simple-Plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse().https://nvd.nist.gov/vuln/detail/CVE-2022-26260
CVE-2022-1031Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 prior to 5.6.6.https://nvd.nist.gov/vuln/detail/CVE-2022-1031
CVE-2021-33961A Cross Site Scripting (XSS) vulnerabililty exists in enhanced-github v5.0.11 via the file name parameter.https://nvd.nist.gov/vuln/detail/CVE-2021-33961
CVE-2022-26186TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi.https://nvd.nist.gov/vuln/detail/CVE-2022-26186
CVE-2022-26187TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function.https://nvd.nist.gov/vuln/detail/CVE-2022-26187
CVE-2022-26188TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via /setting/NTPSyncWithHost.https://nvd.nist.gov/vuln/detail/CVE-2022-26188
CVE-2022-26189TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the langType parameter in the login interface.https://nvd.nist.gov/vuln/detail/CVE-2022-26189
CVE-2022-25518In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table.https://nvd.nist.gov/vuln/detail/CVE-2022-25518