Security Bulletin 30 Mar 2022

Published on 30 Mar 2022

Updated on 30 Mar 2022

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Criticalvulnerabilities with a base score of 9.0 to 10.0
Highvulnerabilities with a base score of 7.0 to 8.9
Mediumvulnerabilities with a base score of 4.0 to 6.9
Lowvulnerabilities with a base score of 0.1 to 3.9
Nonevulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2018-18805Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-18805
CVE-2019-11838njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-11838
CVE-2019-11839njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size mishandling.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-11839
CVE-2019-12206njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-12206
CVE-2019-12207njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-12207
CVE-2019-12208njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-12208
CVE-2019-13067njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-13067
CVE-2019-11581There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-11581
CVE-2020-27745Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-27745
CVE-2020-14756Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).9.8https://nvd.nist.gov/vuln/detail/CVE-2020-14756
CVE-2021-30498A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other potential consequences.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-30498
CVE-2021-30499A flaw was found in libcaca. A buffer overflow of export.c in function export_troff might lead to memory corruption and other potential consequences.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-30499
CVE-2021-26691In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow9.8https://nvd.nist.gov/vuln/detail/CVE-2021-26691
CVE-2021-30116Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-30116
CVE-2021-30118Kaseya VSA before 9.5.5 allows remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-30118
CVE-2021-38173Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-38173
CVE-2021-26084In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-26084
CVE-2021-23440This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-23440
CVE-2021-39275ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-39275
CVE-2021-37927Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-37927
CVE-2021-42013It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-42013
CVE-2021-43466In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43466
CVE-2021-43572The verify function in the Stark Bank Python ECDSA library (aka starkbank-escada or ecdsa-python) before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43572
CVE-2021-43616The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43616
CVE-2021-44077Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44077
CVE-2021-43527NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \\#7, or PKCS \\#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43527
CVE-2021-44653Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44653
CVE-2021-44655Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability. Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to get admin access on the application.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44655
CVE-2021-45092Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-45092
CVE-2021-44790A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44790
CVE-2021-45459lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-45459
CVE-2021-37706PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-37706
CVE-2022-22817PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used,9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22817
CVE-2021-38697SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted File Upload, that allows attackers to upload files with any file extension which can lead to arbitrary code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-38697
CVE-2022-23614Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23614
CVE-2022-20705Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-20705
CVE-2022-20708Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-20708
CVE-2021-46463njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then().9.8https://nvd.nist.gov/vuln/detail/CVE-2021-46463
CVE-2022-25139njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25139
CVE-2022-25236xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25236
CVE-2022-0559Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0559
CVE-2021-43299Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43299
CVE-2021-43300Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43300
CVE-2021-43301Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43301
CVE-2021-43303Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer, regardless of the 'maxlen' argument supplied9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43303
CVE-2022-0691Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0691
CVE-2022-23608PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23608
CVE-2021-21708In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21708
CVE-2022-24724cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24724
CVE-2022-26495In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26495
CVE-2022-26496In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26496
CVE-2022-26131Power Line Communications PLC4TRUCKS J2497 trailer receivers are susceptible to remote RF induced signals.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26131
CVE-2022-24754PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to `PJSIP_MD5STRLEN` before passing to PJSIP.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24754
CVE-2022-22720Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22720
CVE-2022-22721If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22721
CVE-2022-23943Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23943
CVE-2022-24752SyliusGridBundle is a package of generic data grids for Symfony applications. Prior to versions 1.10.1 and 1.11-rc2, values added at the end of query sorting were passed directly to the database. The maintainers do not know if this could lead to direct SQL injections but took steps to remediate the vulnerability. The issue is fixed in versions 1.10.1 and 1.11-rc2. As a workaround, overwrite the`Sylius\\Component\\Grid\\Sorting\\Sorter.php` class and register it in the container. More information about this workaround is available in the GitHub Security Advisory.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24752
CVE-2022-24755Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, it will skip authorization checks completely. Expired accounts and accounts with expired passwords can still login. This problem will affect users that have PAM enabled. Currently there is no authorization (e.g. check for expired or disabled accounts), but only plain authentication (i.e. check if username and password match). Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 implement the authorization check that was previously missing. The only workaround is to make sure that authentication fails if the user is not authorized.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24755
CVE-2022-25487Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25487
CVE-2022-25488Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25488
CVE-2022-25490HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25490
CVE-2022-25492HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25492
CVE-2022-25494Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via staff_login.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25494
CVE-2022-25495The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25495
CVE-2022-25498CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25498
CVE-2022-26995Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pptp.html) function via the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26995
CVE-2022-26996Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoe_username, pppoe_passwd, and pppoe_servicename parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26996
CVE-2022-26997Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp function via the upnp_ttl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26997
CVE-2022-26998Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting function via the wps_enrolee_pin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26998
CVE-2022-26999Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wan_ip_stat, wan_mask_stat, wan_gw_stat, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26999
CVE-2022-27000Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the h_primary_ntp_server, h_backup_ntp_server, and h_time_zone parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27000
CVE-2022-27001Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27001
CVE-2022-27002Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddns?ddns_host parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27002
CVE-2021-39708In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-2061283419.8https://nvd.nist.gov/vuln/detail/CVE-2021-39708
CVE-2021-39710Product: AndroidVersions: Android kernelAndroid ID: A-202160245References: N/A9.8https://nvd.nist.gov/vuln/detail/CVE-2021-39710
CVE-2021-39720Product: AndroidVersions: Android kernelAndroid ID: A-207433926References: N/A9.8https://nvd.nist.gov/vuln/detail/CVE-2021-39720
CVE-2021-39737Product: AndroidVersions: Android kernelAndroid ID: A-208229524References: N/A9.8https://nvd.nist.gov/vuln/detail/CVE-2021-39737
CVE-2022-0982The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b->buf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0982
CVE-2022-25247Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25247
CVE-2022-25251When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to read and modify the affected product’s configuration.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25251
CVE-2022-26293Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26293
CVE-2022-24074Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24074
CVE-2022-1000Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-1000
CVE-2021-23632All versions of package git are vulnerable to Remote Code Execution (RCE) due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands. Steps to Reproduce 1. Create a file named exploit.js with the following content: js var Git = require("git").Git; var repo = new Git("repo-test"); var user_input = "version; date"; repo.git(user_input, function(err, result) { console.log(result); }) 2. In the same directory as exploit.js, run npm install git. 3. Run exploit.js: node exploit.js. You should see the outputs of both the git version and date command-lines. Note that the repo-test Git repository does not need to be present to make this PoC work.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-23632
CVE-2021-44908SailsJS Sails.js <=1.4.0 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules().9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44908
CVE-2022-0748The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0748
CVE-2022-0749This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0749
CVE-2022-25760All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If (attacker-controlled) user input is given to the format option of the package's exported constructor function, it is possible for an attacker to execute arbitrary JavaScript code on the host that this package is being run on.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25760
CVE-2021-44259A vulnerability is in the 'wx.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When an unauthorized user accesses this page directly, it connects to this device as a friend of the device owner.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44259
CVE-2020-15591fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution).9.8https://nvd.nist.gov/vuln/detail/CVE-2020-15591
CVE-2021-44906Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44906
CVE-2021-45040The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-45040
CVE-2022-26501Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26501
CVE-2021-44087A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44087
CVE-2021-44088An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows a remote attacker to bypass authentication via unsanitized login parameters.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44088
CVE-2022-0757Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow an attacker to manipulate the "ANY" and "OR" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0757
CVE-2021-45966An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-45966
CVE-2021-45967An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-45967
CVE-2022-27240scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27240
CVE-2021-45834An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-45834
CVE-2021-45835The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of dangerous types to the application through documents.php, which may be used to execute malicious code or lead to code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-45835
CVE-2022-24595Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP (or WebSocket) request to the socket listened by the afb-daemon process. No credentials nor user interactions are required.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24595
CVE-2022-24637Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended "<?php sequence) aren't handled by the PHP interpreter.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24637
CVE-2020-16232In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be caused when a user loads a maliciously crafted project file.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-16232
CVE-2022-0547OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0547
CVE-2022-22586An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22586
CVE-2022-22587A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22587
CVE-2022-22623Multiple issues were addressed by updating to curl version 7.79.1. This issue is fixed in macOS Monterey 12.3. Multiple issues in curl.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22623
CVE-2022-22632A logic issue was addressed with improved state management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, watchOS 8.5, macOS Monterey 12.3. A malicious application may be able to elevate privileges.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22632
CVE-2022-22635An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to gain elevated privileges.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22635
CVE-2022-22641A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22641
CVE-2022-22642This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22642
CVE-2022-25427Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25427
CVE-2022-25428Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in the saveparentcontrolinfo function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25428
CVE-2022-25429Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25429
CVE-2022-25431Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and V11 parameter in the Formsetqosband function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25431
CVE-2022-25433Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the urls parameter in the saveparentcontrolinfo function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25433
CVE-2022-25434Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the firewallen parameter in the SetFirewallCfg function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25434
CVE-2022-25435Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25435
CVE-2022-25437Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25437
CVE-2022-25438Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the SetIPTVCfg function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25438
CVE-2022-25439Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25439
CVE-2022-25440Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25440
CVE-2022-25441Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25441
CVE-2022-25445Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25445
CVE-2022-25446Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedstarttime parameter in the openSchedWifi function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25446
CVE-2022-25447Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25447
CVE-2022-25448Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the day parameter in the openSchedWifi function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25448
CVE-2022-25449Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25449
CVE-2022-25450Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25450
CVE-2022-25451Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the setstaticroutecfg function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25451
CVE-2022-25452Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the URLs parameter in the saveParentControlInfo function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25452
CVE-2022-25453Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the saveParentControlInfo function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25453
CVE-2022-25454Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the loginpwd parameter in the SetFirewallCfg function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25454
CVE-2022-25455Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25455
CVE-2022-25456Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the security_5g parameter in the WifiBasicSet function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25456
CVE-2022-25457Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25457
CVE-2022-25458Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the cmdinput parameter in the exeCommand function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25458
CVE-2022-25459Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the S1 parameter in the SetSysTimeCfg function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25459
CVE-2022-25460Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the endip parameter in the SetPptpServerCfg function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25460
CVE-2022-25461Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the startip parameter in the SetPptpServerCfg function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25461
CVE-2022-25390DCN Firewall DCME-520 was discovered to contain a remote command execution (RCE) vulnerability via the host parameter in the file /system/tool/ping.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25390
CVE-2022-25578taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25578
CVE-2022-26265Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26265
CVE-2022-24126A buffer overflow in the NRSessionSearchResult parser in Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allows remote attackers to execute arbitrary code via matchmaking servers, a different vulnerability than CVE-2021-34170.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24126
CVE-2021-39383DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-39383
CVE-2021-39384DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-39384
CVE-2022-25505Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \\include\\Model\\Category.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25505
CVE-2021-45876Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection. The url parameter of the function module downloadAndUpdate is vulnerable to an command Injection. Unfiltered user input is used to generate code which then gets executed when downloading new firmware.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-45876
CVE-2021-45877Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded credential exist in /etc/tomcat8/tomcat-user.xml, which allows attackers to gain authorized access and control the tomcat completely on port 8000 in the tomcat manger page.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-45877
CVE-2022-0694The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abc_booking_getSingleCalendar AJAX action (available to both unauthenticated and authenticated users), leading to an unauthenticated SQL injection9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0694
CVE-2022-0739The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0739
CVE-2022-0747The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0747
CVE-2022-0760The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0760
CVE-2022-24766mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While mitmproxy would only see one request, the target server would see multiple requests. A smuggled request is still captured as part of another request's body, but it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless mitmproxy is used to protect an HTTP/1 service, no action is required. The vulnerability has been fixed in mitmproxy 8.0.0 and above. There are currently no known workarounds.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24766
CVE-2022-26148An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26148
CVE-2022-26174A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to execute arbitrary code via a crafted payload injected into the display fields.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26174
CVE-2022-26184Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26184
CVE-2022-26283Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26283
CVE-2022-26284Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26284
CVE-2022-26285Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26285
CVE-2021-43650WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username during the login process.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43650
CVE-2021-41736Faust v2.35.0 was discovered to contain a heap-buffer overflow in the function realPropagate() at propagate.cpp.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-41736
CVE-2022-27228In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27228
CVE-2022-25517MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column parameter in /core/conditions/AbstractWrapper.java.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25517
CVE-2022-26260Simple-Plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse().9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26260
CVE-2022-26186TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26186
CVE-2022-26187TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26187
CVE-2022-26188TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via /setting/NTPSyncWithHost.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26188
CVE-2022-26189TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the langType parameter in the login interface.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26189
CVE-2021-45756Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are affected by a buffer overflow in blocking_request.cgi.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-45756
CVE-2021-43735CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43735
CVE-2021-43736CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43736
CVE-2021-38278Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the urls parameter in the saveParentControlInfo function.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-38278
CVE-2021-27460Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. This vulnerability may allow a remote, unauthenticated attacker to gain full access to the FactoryTalk AssetCentre main server and all agent machines.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-27460
CVE-2021-27462A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-27462
CVE-2021-27464The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-27464
CVE-2021-27466A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-27466
CVE-2021-27468The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-27468
CVE-2021-27470A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-27470
CVE-2021-27472A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-27472
CVE-2022-0888The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code execution, in versions up to and including 3.3.09.8https://nvd.nist.gov/vuln/detail/CVE-2022-0888
CVE-2022-24292Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24292
CVE-2022-24293Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24293
CVE-2022-25222Money Transfer Management System Version 1.0 allows an unauthenticated user to inject SQL queries in 'admin/maintenance/manage_branch.php' and 'admin/maintenance/manage_fee.php' via the 'id' parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25222
CVE-2022-23880An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23880
CVE-2022-23881ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via danger_key() at zzz_template.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23881
CVE-2022-26289Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/exeCommand.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26289
CVE-2022-26290Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/WriteFacMac.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26290
CVE-2022-26536Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setFixTools.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26536
CVE-2022-27076Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/delAd.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27076
CVE-2022-27077Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadWeiXinPic.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27077
CVE-2022-27078Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27078
CVE-2022-27079Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setPicListItem.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27079
CVE-2022-27080Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setWorkmode.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27080
CVE-2022-27081Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27081
CVE-2022-27082Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetInternetLanInfo.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27082
CVE-2022-27083Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27083
CVE-2021-43700An issue was discovered in ApiManager 1.1. there is sql injection vulnerability that can use in /index.php?act=api&tag=8.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43700
CVE-2021-43084An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tableName parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43084
CVE-2022-26272A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26272
CVE-2022-26301TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\\Manage\\Controller\\ZhuantiController.class.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26301
CVE-2022-0097Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page.9.6https://nvd.nist.gov/vuln/detail/CVE-2022-0097
CVE-2021-34363The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-34363
CVE-2021-30856This issue was addressed by adding a new Remote Login option for opting into Full Disk Access for Secure Shell sessions. This issue is fixed in macOS Big Sur 11.3. A malicious unsandboxed app on a system with Remote Login enabled may bypass Privacy preferences.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-30856
CVE-2021-30925The issue was addressed with improved permissions logic. This issue is fixed in watchOS 8, macOS Big Sur 11.6, iOS 15 and iPadOS 15. A malicious application may be able to bypass Privacy preferences.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-30925
CVE-2021-43845PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an invalid packet size.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-43845
CVE-2021-40525Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassandra based products are also not impacted.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-40525
CVE-2021-3850Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-3850
CVE-2022-21722PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the `master` branch. There are no known workarounds.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-21722
CVE-2022-21723PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-21723
CVE-2022-23806Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-23806
CVE-2021-44521When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-44521
CVE-2021-43302Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause an out-of-bounds read when the filename is shorter than 4 characters.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-43302
CVE-2022-0686Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-0686
CVE-2022-0860Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-0860
CVE-2022-26320The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-26320
CVE-2021-45878Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by incorrect access control. Lack of access control on the web manger pages allows any user to view and modify information.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-45878
CVE-2022-26960connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-26960
CVE-2022-0591The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users9.1https://nvd.nist.gov/vuln/detail/CVE-2022-0591
CVE-2022-22951VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains an OS command injection vulnerability. An authenticated, high privileged malicious actor with network access to the VMware App Control administration interface may be able to execute commands on the server due to improper input validation leading to remote code execution.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-22951
CVE-2021-40438A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.9https://nvd.nist.gov/vuln/detail/CVE-2021-40438
CVE-2021-23732This affects all versions of package docker-cli-js. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arbitrary OS commands on the host system.9https://nvd.nist.gov/vuln/detail/CVE-2021-23732

OTHER VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2018-20545There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-20545
CVE-2018-20548There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-20548
CVE-2018-20549There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-20549
CVE-2019-13734Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-13734
CVE-2019-18288A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with valid authentication at the RMI interface could be able to gain remote code execution through an unsecured file upload. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-18288
CVE-2021-20083Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-20083
CVE-2021-30117SQL injection exists in Kaseya VSA before 9.5.6.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30117
CVE-2021-30121Authenticated local file inclusion in Kaseya VSA < v9.5.68.8https://nvd.nist.gov/vuln/detail/CVE-2021-30121
CVE-2021-29972A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox < 90.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-29972
CVE-2021-42321Microsoft Exchange Server Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2021-42321
CVE-2021-24750The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks8.8https://nvd.nist.gov/vuln/detail/CVE-2021-24750
CVE-2021-44648GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-44648
CVE-2022-21699IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-21699
CVE-2021-43928Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in mail sending and receiving component in Synology Mail Station before 20211105-10315 allows remote authenticated users to execute arbitrary commands via unspecified vectors.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-43928
CVE-2022-0096Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0096
CVE-2022-0098Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0098
CVE-2022-0099Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gesture.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0099
CVE-2022-0100Heap buffer overflow in Media streams API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0100
CVE-2022-0101Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via specific user gesture.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0101
CVE-2022-0102Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0102
CVE-2022-0103Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0103
CVE-2022-0104Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0104
CVE-2022-0105Use after free in PDF Accessibility in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0105
CVE-2022-0106Use after free in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0106
CVE-2022-0107Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0107
CVE-2022-0115Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0115
CVE-2022-0729Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0729
CVE-2022-23176WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. This vulnerability impacts Fireware OS before 12.7.2_U1, 12.x before 12.1.3_U3, and 12.2.x through 12.5.x before 12.5.7_U3.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-23176
CVE-2022-24407In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24407
CVE-2022-24512.NET and Visual Studio Remote Code Execution Vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24512
CVE-2022-25600Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3).8.8https://nvd.nist.gov/vuln/detail/CVE-2022-25600
CVE-2022-27204A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-27204
CVE-2021-45821A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order to get a remote code execution on the remote web server.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-45821
CVE-2022-0811A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0811
CVE-2022-25246Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-25246
CVE-2021-45791Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-45791
CVE-2022-24770`gradio` is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, `gradio` suffers from Improper Neutralization of Formula Elements in a CSV File. The `gradio` library has a flagging functionality which saves input/output data into a CSV file on the developer's computer. This can allow a user to save arbitrary text into the CSV file, such as commands. If a program like MS Excel opens such a file, then it automatically runs these commands, which could lead to arbitrary commands running on the user's computer. The problem has been patched as of `2.8.11`, which escapes the saved csv with single quotes. As a workaround, avoid opening csv files generated by `gradio` with Excel or similar spreadsheet programs.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24770
CVE-2022-26500Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-26500
CVE-2022-26504Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe8.8https://nvd.nist.gov/vuln/detail/CVE-2022-26504
CVE-2020-25197A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-25197
CVE-2022-22590A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-22590
CVE-2022-22620A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..8.8https://nvd.nist.gov/vuln/detail/CVE-2022-22620
CVE-2022-25602Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7).8.8https://nvd.nist.gov/vuln/detail/CVE-2022-25602
CVE-2022-27245An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-27245
CVE-2022-26266Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-26266
CVE-2022-27226A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor's defined interval, leading to remote code execution, allowing the threat actor to gain filesystem access. In addition, if the router's default credentials aren't rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-27226
CVE-2022-24125The matchmaking servers of Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allow remote attackers to send arbitrary push requests to clients via a RequestSendMessageToPlayers request. For example, ability to send a push message to hundreds of thousands of machines is only restricted on the client side, and can thus be bypassed with a modified client.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24125
CVE-2021-36100Specially crafted string in OTRS system configuration can allow the execution of any system command.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-36100
CVE-2022-0415Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0415
CVE-2020-24772In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. Windows will perform NTLM authentication when opening the SMB share and that request can be relayed (using a tool like responder) for code execution (or captured for hash cracking).8.8https://nvd.nist.gov/vuln/detail/CVE-2020-24772
CVE-2022-22394The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node access to the vulnerable server.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-22394
CVE-2022-24235A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24235
CVE-2022-24237The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24237
CVE-2022-25766The package ungit before 1.5.20 are vulnerable to Remote Code Execution (RCE) via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values (remote and ref) are passed to the git fetch command. By injecting some git options it was possible to get arbitrary command execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-25766
CVE-2022-0687The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0687
CVE-2022-23346BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-23346
CVE-2022-23349BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF).8.8https://nvd.nist.gov/vuln/detail/CVE-2022-23349
CVE-2021-40662A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-40662
CVE-2022-26183PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute PNPM commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-26183
CVE-2022-0386A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0386
CVE-2021-43738An issue was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can that can add the administrator account.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-43738
CVE-2021-3748A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-3748
CVE-2022-0981A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0981
CVE-2022-25267Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files).8.8https://nvd.nist.gov/vuln/detail/CVE-2022-25267
CVE-2022-25268Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-25268
CVE-2022-25523TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-25523
CVE-2020-10878Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.8.6https://nvd.nist.gov/vuln/detail/CVE-2020-10878
CVE-2022-21668pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims who use pipenv to install the requirements file to download dependencies from a package index server controlled by the attacker. By embedding malicious code in packages served from their malicious index server, the attacker can trigger arbitrary remote code execution (RCE) on the victims' systems. If an attacker is able to hide a malicious `--index-url` option in a requirements file that a victim installs with pipenv, the attacker can embed arbitrary malicious code in packages served from their malicious index server that will be executed on the victim's host during installation (remote code execution/RCE). When pip installs from a source distribution, any code in the setup.py is executed by the install process. This issue is patched in version 2022.1.8. The GitHub Security Advisory contains more information about this vulnerability.8.6https://nvd.nist.gov/vuln/detail/CVE-2022-21668
CVE-2021-25220BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.8.6https://nvd.nist.gov/vuln/detail/CVE-2021-25220
CVE-2021-27471The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the Connected Components Workbench software. User interaction is required for this exploit to be successful.8.6https://nvd.nist.gov/vuln/detail/CVE-2021-27471
CVE-2021-27475Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited.8.6https://nvd.nist.gov/vuln/detail/CVE-2021-27475
CVE-2016-1572mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.8.4https://nvd.nist.gov/vuln/detail/CVE-2016-1572
CVE-2022-20703Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.8.4https://nvd.nist.gov/vuln/detail/CVE-2022-20703
CVE-2022-0185A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.8.4https://nvd.nist.gov/vuln/detail/CVE-2022-0185
CVE-2020-10543Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.8.2https://nvd.nist.gov/vuln/detail/CVE-2020-10543
CVE-2020-25632A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.8.2https://nvd.nist.gov/vuln/detail/CVE-2020-25632
CVE-2021-20233A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.8.2https://nvd.nist.gov/vuln/detail/CVE-2021-20233
CVE-2021-44224A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).8.2https://nvd.nist.gov/vuln/detail/CVE-2021-44224
CVE-2021-45969An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the CommBuffer+8 location).8.2https://nvd.nist.gov/vuln/detail/CVE-2021-45969
CVE-2021-45970An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the status code saved at the CommBuffer+4 location).8.2https://nvd.nist.gov/vuln/detail/CVE-2021-45970
CVE-2021-45971An issue was discovered in SdHostDriver in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (CommBufferData).8.2https://nvd.nist.gov/vuln/detail/CVE-2021-45971
CVE-2022-24069An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.0 before 05.08.41, 5.1 before 05.16.29, 5.2 before 05.26.29, 5.3 before 05.35.29, 5.4 before 05.43.29, and 5.5 before 05.51.29. An SMM callout vulnerability allows an attacker to hijack the execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.8.2https://nvd.nist.gov/vuln/detail/CVE-2022-24069
CVE-2021-41839An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.8.2https://nvd.nist.gov/vuln/detail/CVE-2021-41839
CVE-2021-41840An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control Sphere.8.2https://nvd.nist.gov/vuln/detail/CVE-2021-41840
CVE-2021-41841An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control Sphere.8.2https://nvd.nist.gov/vuln/detail/CVE-2021-41841
CVE-2021-42060An issue was discovered in Insyde InsydeH2O Kernel 5.0 through 05.08.41, Kernel 5.1 through 05.16.41, Kernel 5.2 before 05.23.22, and Kernel 5.3 before 05.32.22. An Int15ServiceSmm SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.8.2https://nvd.nist.gov/vuln/detail/CVE-2021-42060
CVE-2021-42113An issue was discovered in StorageSecurityCommandDxe in Insyde InsydeH2O with Kernel 5.1 before 05.14.28, Kernel 5.2 before 05.24.28, and Kernel 5.3 before 05.32.25. An SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.8.2https://nvd.nist.gov/vuln/detail/CVE-2021-42113
CVE-2021-43323An issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel 5.5 before 05.51.45, 5.4 before 05.43.45, 5.3 before 05.35.45, 5.2 before 05.26.45, 5.1 before 05.16.45, and 5.0 before 05.08.45. An SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.8.2https://nvd.nist.gov/vuln/detail/CVE-2021-43323
CVE-2021-43615An issue was discovered in HddPassword in Insyde InsydeH2O with kernel 5.1 before 05.16.23, 5.2 before 05.26.23, 5.3 before 05.35.23, 5.4 before 05.43.22, and 5.5 before 05.51.22. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.8.2https://nvd.nist.gov/vuln/detail/CVE-2021-43615
CVE-2022-24031An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.8.2https://nvd.nist.gov/vuln/detail/CVE-2022-24031
CVE-2022-21824Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to.8.2https://nvd.nist.gov/vuln/detail/CVE-2022-21824
CVE-2021-27473Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly referred to as a Zip Slip. A local, authenticated attacker can create a malicious .ccwarc archive file that, when opened by Connected Components Workbench, will allow the attacker to gain the privileges of the software. If the software is running at SYSTEM level, the attacker will gain admin level privileges. User interaction is required for this exploit to be successful.8.2https://nvd.nist.gov/vuln/detail/CVE-2021-27473
CVE-2018-20546There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case.8.1https://nvd.nist.gov/vuln/detail/CVE-2018-20546
CVE-2018-20547There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data.8.1https://nvd.nist.gov/vuln/detail/CVE-2018-20547
CVE-2019-8443The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2019-8443
CVE-2022-23107Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-23107
CVE-2022-20706Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-20706
CVE-2022-0114Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-0114
CVE-2022-24721CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may be able to watch cluster-internal traffic that contains other users' (possibly sensitive) data. By publishing to those channels, a remote user may be able to create/modify/delete other user's data and modify the cluster structure. A fix is available in versions 5.0.11, 6.0.6, and 7.0.6. As a workaround, install a custom `SecurityPolicy` that forbids subscription and publishing to remote, non-Oort, sessions on Oort and Seti channels.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-24721
CVE-2021-41987In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-41987
CVE-2022-23610wire-server provides back end services for Wire, an open source messenger. In versions of wire-server prior to the 2022-01-27 release, it was possible to craft DSA Signatures to bypass SAML SSO and impersonate any Wire user with SAML credentials. In teams with SAML, but without SCIM, it was possible to create new accounts with fake SAML credentials. Under certain conditions that can be established by an attacker, an upstream library for parsing, rendering, signing, and validating SAML XML data was accepting public keys as trusted that were provided by the attacker in the signature. As a consequence, the attacker could login as any user in any Wire team with SAML SSO enabled. If SCIM was not enabled, the attacker could also create new users with new SAML NameIDs. In order to exploit this vulnerability, the attacker needs to know the SSO login code (distributed to all team members with SAML credentials and visible in the Team Management app), the SAML EntityID identifying the IdP (a URL not considered sensitive, but usually hard to guess, also visible in Team Management), and the SAML NameID of the user (usually an email address or a nick). The issue has been fixed in wire-server `2022-01-27` and is already deployed on all Wire managed services. On premise instances of wire-server need to be updated to `2022-01-27`, so that their backends are no longer affected. There are currently no known workarounds. More detailed information about how to reproduce the vulnerability and mitigation strategies is available in the GitHub Security Advisory.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-23610
CVE-2022-25364In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as part of a build. As of 2021.4.2, the built-in build cache is inaccessible-by-default, requiring explicit configuration of its access-control settings before it can be used. (Remote build cache nodes are unaffected as they are inaccessible-by-default.)8.1https://nvd.nist.gov/vuln/detail/CVE-2022-25364
CVE-2022-0229The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-0229
CVE-2022-27607Bento4 1.6.0-639 has a heap-based buffer over-read in the AP4_HvccAtom class, a different issue than CVE-2018-14531.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-27607
CVE-2021-44759Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack. This issue affects Apache Traffic Server 8.0.0 to 8.1.0.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-44759
CVE-2022-27198A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.8https://nvd.nist.gov/vuln/detail/CVE-2022-27198
CVE-2021-24905The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPress setup again, gain administrator privileges and execute arbitrary code or display arbitrary content to the users.8https://nvd.nist.gov/vuln/detail/CVE-2021-24905
CVE-2018-20196There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-20196
CVE-2019-20400The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject code into via a DLL hijacking vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-20400
CVE-2019-20419Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The affected versions are before version 8.5.5, and from version 8.6.0 before 8.7.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-20419
CVE-2020-24346njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-24346
CVE-2021-3410A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3410
CVE-2021-1076NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1076
CVE-2021-20294A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-20294
CVE-2021-33669Under certain conditions, SAP Mobile SDK Certificate Provider allows a local unprivileged attacker to exploit an insecure temporary file storage. For a successful exploitation user interaction from another user is required and could lead to complete impact of confidentiality integrity and availability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-33669
CVE-2021-35448Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local ports to listen for incoming connections.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-35448
CVE-2020-36430libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-36430
CVE-2021-30922Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30922
CVE-2021-30928A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6, watchOS 8, tvOS 15, iOS 14.8 and iPadOS 14.8, iOS 15 and iPadOS 15. Processing a maliciously crafted image may lead to arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30928
CVE-2021-32272An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin located in mp4read.c. It allows an attacker to cause Code Execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32272
CVE-2021-32273An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. It allows an attacker to cause Code Execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32273
CVE-2021-32274An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_synthesis_64 located in sbr_qmf.c. It allows an attacker to cause code Execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32274
CVE-2021-32277An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an attacker to cause code Execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32277
CVE-2021-32278An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32278
CVE-2021-41864prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-41864
CVE-2021-42008The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-42008
CVE-2021-3872vim is vulnerable to Heap-based Buffer Overflow7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3872
CVE-2021-3927vim is vulnerable to Heap-based Buffer Overflow7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3927
CVE-2021-3928vim is vulnerable to Use of Uninitialized Variable7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3928
CVE-2021-43336An Out-of-Bounds Write vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43336
CVE-2021-3974vim is vulnerable to Use After Free7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3974
CVE-2021-3973vim is vulnerable to Heap-based Buffer Overflow7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3973
CVE-2021-4019vim is vulnerable to Heap-based Buffer Overflow7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4019
CVE-2021-3984vim is vulnerable to Heap-based Buffer Overflow7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3984
CVE-2021-4069vim is vulnerable to Use After Free7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4069
CVE-2021-34426A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the "keybase git lfs-config" command on the command-line. In versions prior to 5.6.0, a malicious actor with write access to a user\\'s Git repository could leverage this vulnerability to potentially execute arbitrary Windows commands on a user\\'s local system.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-34426
CVE-2021-43326Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43326
CVE-2021-45078stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-45078
CVE-2021-4136vim is vulnerable to Heap-based Buffer Overflow7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4136
CVE-2021-4173vim is vulnerable to Use After Free7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4173
CVE-2021-45910An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and (to some extent) control over the amount of data that is written.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-45910
CVE-2021-45911An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-45911
CVE-2021-4187vim is vulnerable to Use After Free7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4187
CVE-2021-4192vim is vulnerable to Use After Free7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4192
CVE-2022-0128vim is vulnerable to Out-of-bounds Read7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0128
CVE-2021-44705Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-44705
CVE-2021-44707Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-44707
CVE-2021-45844Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-45844
CVE-2022-23033arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if the entry doesn't have the valid bit set. It is possible to have a valid pagetable entry without the valid bit set when a guest operating system uses set/way cache maintenance instructions. For instance, a guest issuing a set/way cache maintenance instruction, then calling the XENMEM_decrease_reservation hypercall to give back memory pages to Xen, might be able to retain access to those pages even after Xen started reusing them for other purposes.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23033
CVE-2021-34866This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14689.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-34866
CVE-2022-0359Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0359
CVE-2022-0361Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0361
CVE-2022-0368Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0368
CVE-2022-0520Use After Free in NPM radare2.js prior to 5.6.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0520
CVE-2022-0523Expired Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0523
CVE-2022-20701Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-20701
CVE-2022-0554Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0554
CVE-2021-46364A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-46364
CVE-2021-45444In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-45444
CVE-2021-45082An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)7.8https://nvd.nist.gov/vuln/detail/CVE-2021-45082
CVE-2022-0685Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0685
CVE-2022-0676Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0676
CVE-2021-46699A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains a stack based buffer overflow vulnerability while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15061)7.8https://nvd.nist.gov/vuln/detail/CVE-2021-46699
CVE-2019-25058An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-25058
CVE-2022-25636net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25636
CVE-2022-0492A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0492
CVE-2022-0847A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0847
CVE-2021-41848An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It mishandles software updates such that local third-party apps can provide a spoofed software update file that contains an arbitrary shell script and arbitrary ARM binary, where both will be executed as the root user with an SELinux domain named osi. To exploit this vulnerability, a local third-party app needs to have write access to external storage to write the spoofed update at the expected path. The vulnerable system binary (i.e., /system/bin/osi_bin) does not perform any authentication of the update file beyond ensuring that it is encrypted with an AES key (that is hard-coded in the vulnerable system binary). Processes executing with the osi SELinux domain can programmatically perform the following actions: install apps, grant runtime permissions to apps (including permissions with protection levels of dangerous and development), access extensive Personally Identifiable Information (PII) using the programmatically grant permissions, uninstall apps, set the default launcher app to a malicious launcher app that spoofs other apps, set a network proxy to intercept network traffic, unload kernel modules, set the default keyboard to a keyboard that has keylogging functionality, examine notification contents, send text messages, and more. The spoofed update can optionally contain an arbitrary ARM binary that will be locally stored in internal storage and executed at system startup to achieve persistent code execution as the root user with the osi SELinux domain. This ARM binary will continue to execute at startup even if the app that provided the spoofed update is uninstalled.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-41848
CVE-2022-0943Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0943
CVE-2022-25485CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25485
CVE-2022-25486CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25486
CVE-2021-39685In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel7.8https://nvd.nist.gov/vuln/detail/CVE-2021-39685
CVE-2021-39692In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-2096115397.8https://nvd.nist.gov/vuln/detail/CVE-2021-39692
CVE-2021-39693In onUidStateChanged of AppOpsService.java, there is a possible way to access location without a visible indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-2086623707.8https://nvd.nist.gov/vuln/detail/CVE-2021-39693
CVE-2021-39694In parse of RoleParser.java, there is a possible way for default apps to get permissions explicitly denied by the user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-2023123277.8https://nvd.nist.gov/vuln/detail/CVE-2021-39694
CVE-2021-39695In createOrUpdate of BasePermission.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-2096079447.8https://nvd.nist.gov/vuln/detail/CVE-2021-39695
CVE-2021-39697In checkFileUriDestination of DownloadProvider.java, there is a possible way to bypass external storage private directories protection due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-2008135477.8https://nvd.nist.gov/vuln/detail/CVE-2021-39697
CVE-2021-39698In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-185125206References: Upstream kernel7.8https://nvd.nist.gov/vuln/detail/CVE-2021-39698
CVE-2021-39701In serviceConnection of ControlsProviderLifecycleManager.kt, there is a possible way to keep service running in foreground without notification or permission due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-2122868497.8https://nvd.nist.gov/vuln/detail/CVE-2021-39701
CVE-2021-39702In onCreate of RequestManageCredentials.java, there is a possible way for a third party app to install certificates without user approval due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-2051503807.8https://nvd.nist.gov/vuln/detail/CVE-2021-39702
CVE-2021-39703In updateState of UsbDeviceManager.java, there is a possible unauthorized access of files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-2070575787.8https://nvd.nist.gov/vuln/detail/CVE-2021-39703
CVE-2021-39704In deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to run foreground service without user notification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-2099654817.8https://nvd.nist.gov/vuln/detail/CVE-2021-39704
CVE-2021-39706In onResume of CredentialStorage.java, there is a possible way to cleanup content of credentials storage due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-2001641687.8https://nvd.nist.gov/vuln/detail/CVE-2021-39706
CVE-2021-39707In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-2006889917.8https://nvd.nist.gov/vuln/detail/CVE-2021-39707
CVE-2021-39709In sendSipAccountsRemovedNotification of SipAccountRegistry.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-2088176187.8https://nvd.nist.gov/vuln/detail/CVE-2021-39709
CVE-2021-39714In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205573273References: Upstream kernel7.8https://nvd.nist.gov/vuln/detail/CVE-2021-39714
CVE-2021-39732In copy_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205992503References: N/A7.8https://nvd.nist.gov/vuln/detail/CVE-2021-39732
CVE-2021-39734In sendMessage of OneToOneChatImpl.java (? TBD), there is a possible way to send an RCS message without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208650395References: N/A7.8https://nvd.nist.gov/vuln/detail/CVE-2021-39734
CVE-2021-39793In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210470189References: N/A7.8https://nvd.nist.gov/vuln/detail/CVE-2021-39793
CVE-2022-26526Anaconda Anaconda3 through 2021.11.0.0 and Miniconda3 through 11.0.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse file into that directory. (This problem can only happen in a non-default installation. The person who installs the product must specify that it is being installed for all users. Also, the person who installs the product must specify that the system PATH should be changed.)7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26526
CVE-2022-26503Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26503
CVE-2022-25949The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25949
CVE-2022-25969The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25969
CVE-2022-26081The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26081
CVE-2022-26511WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files('current directory type' DLL loading).7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26511
CVE-2022-0237Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0237
CVE-2022-24655A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24655
CVE-2021-30771An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6, watchOS 7.5, tvOS 14.6. Processing a maliciously crafted font file may lead to arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30771
CVE-2022-1011A flaw use after free in the Linux kernel FUSE filesystem was found in the way user triggers write(). A local user could use this flaw to get some unauthorized access to some data from the FUSE filesystem and as result potentially privilege escalation too.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1011
CVE-2022-22578A logic issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. A malicious application may be able to gain root privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22578
CVE-2022-22579An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22579
CVE-2022-22584A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. Processing a maliciously crafted file may lead to arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22584
CVE-2022-22591A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22591
CVE-2022-22593A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22593
CVE-2022-22596A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22596
CVE-2022-22597A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22597
CVE-2022-22601An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22601
CVE-2022-22602An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22602
CVE-2022-22603An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22603
CVE-2022-22604An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22604
CVE-2022-22605An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22605
CVE-2022-22606An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22606
CVE-2022-22607An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22607
CVE-2022-22608An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22608
CVE-2022-22611An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22611
CVE-2022-22612A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to heap corruption.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22612
CVE-2022-22613An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22613
CVE-2022-22614A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22614
CVE-2022-22615A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22615
CVE-2022-22617A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22617
CVE-2022-22618This issue was addressed with improved checks. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22618
CVE-2022-22631An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22631
CVE-2022-22633A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22633
CVE-2022-22634A buffer overflow was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. A malicious application may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22634
CVE-2022-22636An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22636
CVE-2022-22639A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22639
CVE-2022-22640A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. An application may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22640
CVE-2022-22657A memory initialization issue was addressed with improved memory handling. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22657
CVE-2022-22661A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22661
CVE-2022-22664An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22664
CVE-2022-22665A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22665
CVE-2022-22666A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corruption.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22666
CVE-2022-22667A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22667
CVE-2022-22669A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22669
CVE-2022-24091Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24091
CVE-2022-24092Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24092
CVE-2022-27243An issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-27243
CVE-2022-25581Classcms v2.5 and below contains an arbitrary file upload via the component \\class\\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25581
CVE-2020-26007An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-26007
CVE-2020-26008The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-26008
CVE-2022-0652Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0652
CVE-2022-1031Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 prior to 5.6.6.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1031
CVE-2022-27666A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-27666
CVE-2022-1033Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1033
CVE-2021-46064IrfanView 4.59 is vulnerable to buffer overflow via the function at address 0x413c70 (in 32bit version of the binary). The vulnerability triggers when the user opens malicious .tiff image.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-46064
CVE-2021-28277A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-28277
CVE-2021-28278A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-28278
CVE-2022-21821NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted file and locally execute cuobjdump against the file. Such an attack may lead to remote code execution that causes complete denial of service and an impact on data confidentiality and integrity.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-21821
CVE-2020-25647A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.7.6https://nvd.nist.gov/vuln/detail/CVE-2020-25647
CVE-2018-5231The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests to it.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-5231
CVE-2019-3399The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-3399
CVE-2019-11837njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-11837
CVE-2019-8442The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-8442
CVE-2019-14844A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-14844
CVE-2019-18804DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-18804
CVE-2019-20413Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability on the UserPickerBrowser.jspa page. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-20413
CVE-2020-14167The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to impact the application's availability via an Denial of Service (DoS) vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-14167
CVE-2020-13935The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-13935
CVE-2020-14178Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 before 8.12.0.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-14178
CVE-2020-27779A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-27779
CVE-2021-33194golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-33194
CVE-2020-28469This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-28469
CVE-2021-33054SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authentication method. (Only versions after 2.0.5a are affected.)7.5https://nvd.nist.gov/vuln/detail/CVE-2021-33054
CVE-2021-22119Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-22119
CVE-2021-2351Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).7.5https://nvd.nist.gov/vuln/detail/CVE-2021-2351
CVE-2021-29923Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-29923
CVE-2021-39113Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. The affected versions are before version 8.13.9, and from version 8.14.0 before 8.18.0.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-39113
CVE-2021-33582Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-33582
CVE-2021-34798Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-34798
CVE-2021-36160A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).7.5https://nvd.nist.gov/vuln/detail/CVE-2021-36160
CVE-2021-41524While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-41524
CVE-2021-41773A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-41773
CVE-2021-42340The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-42340
CVE-2021-30826A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. In certain situations, the baseband would fail to enable integrity and ciphering protection.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-30826
CVE-2021-41306Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-41306
CVE-2021-41307Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (IDOR) vulnerability in the Workload Pie Chart Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-41307
CVE-2021-45100The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-45100
CVE-2021-4181Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file7.5https://nvd.nist.gov/vuln/detail/CVE-2021-4181
CVE-2021-4182Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file7.5https://nvd.nist.gov/vuln/detail/CVE-2021-4182
CVE-2021-4184Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file7.5https://nvd.nist.gov/vuln/detail/CVE-2021-4184
CVE-2021-4185Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file7.5https://nvd.nist.gov/vuln/detail/CVE-2021-4185
CVE-2021-4190Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file7.5https://nvd.nist.gov/vuln/detail/CVE-2021-4190
CVE-2021-41141PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently held locks. This could result in a system deadlock, which cause a denial of service for the users. No release has yet been made which contains the linked fix commit. All versions up to an including 2.11.1 are affected. Users may need to manually apply the patch.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-41141
CVE-2021-38694SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-38694
CVE-2021-38696SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerability, that allows attackers to access signature files on the application without any authentication.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-38696
CVE-2021-22570Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-22570
CVE-2021-43522An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. A StorageSecurityCommandDxe SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-43522
CVE-2022-23772Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23772
CVE-2022-23773cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23773
CVE-2021-46462njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-46462
CVE-2022-21698client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-21698
CVE-2022-23648containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23648
CVE-2022-24921regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24921
CVE-2022-24713regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24713
CVE-2022-24464.NET and Visual Studio Denial of Service Vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24464
CVE-2020-36518jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-36518
CVE-2022-22719A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-22719
CVE-2022-24756Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory. An attacker that is able to use the PAM Console (i.e. by knowing the shared secret or via the WebUI) can flood the Director with failing login attempts which will eventually lead to an out-of-memory condition in which the Director will not work anymore. Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 contain a Bugfix for this problem. Users who are unable to upgrade may disable PAM authentication as a workaround.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24756
CVE-2022-25491HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25491
CVE-2021-45848Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-45848
CVE-2022-23989In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23989
CVE-2021-45851A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-45851
CVE-2021-39726In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-181782896References: N/A7.5https://nvd.nist.gov/vuln/detail/CVE-2021-39726
CVE-2022-0918A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0918
CVE-2022-25249When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server..7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25249
CVE-2022-25250When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to shut down a specific service.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25250
CVE-2022-25252When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws an exception. Services using said function do not handle the exception. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to crash the affected product.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25252
CVE-2022-26353A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26353
CVE-2022-26660RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted by RunAsSpc, an attacker can recover the credentials that were used.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26660
CVE-2022-21164The package node-lmdb before 0.9.7 are vulnerable to Denial of Service (DoS) when defining a non-invokable ToString value, which will cause a crash during type check.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-21164
CVE-2022-24729CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24729
CVE-2021-42219Go-Ethereum v1.10.9 was discovered to contain an issue which allows attackers to cause a denial of service (DoS) via sending an excessive amount of messages to a node. This is caused by missing memory in the component /ethash/algorithm.go.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-42219
CVE-2022-26300EOS v2.1.0 was discovered to contain a heap-buffer-overflow via the function txn_test_gen_plugin.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26300
CVE-2022-26534FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via a malicious viewchange packet, will cause normal nodes to change view excessively and stop generating blocks.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26534
CVE-2021-45793Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-45793
CVE-2021-45794Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-45794
CVE-2021-44260A vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information of the manager of router.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-44260
CVE-2021-44262A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-44262
CVE-2022-24761Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled via the front-end proxy to waitress and later behavior. There are two classes of vulnerability that may lead to request smuggling that are addressed by this advisory: The use of Python's `int()` to parse strings into integers, leading to `+10` to be parsed as `10`, or `0x01` to be parsed as `1`, where as the standard specifies that the string should contain only digits or hex digits; and Waitress does not support chunk extensions, however it was discarding them without validating that they did not contain illegal characters. This vulnerability has been patched in Waitress 2.1.1. A workaround is available. When deploying a proxy in front of waitress, turning on any and all functionality to make sure that the request matches the RFC7230 standard. Certain proxy servers may not have this functionality though and users are encouraged to upgrade to the latest version of waitress instead.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24761
CVE-2021-44907A Denial of Service vulnerability exists in qs up to 6.8.0 due to insufficient sanitization of property in the gs.parse function. The merge() function allows the assignment of properties on an array in the query. For any property being assigned, a value in the array is converted to an object containing these properties. Essentially, this means that the property whose expected type is Array always has to be checked with Array.isArray() by the user. This may not be obvious to the user and can cause unexpected behavior.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-44907
CVE-2021-46107Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-46107
CVE-2022-21822NVIDIA FLARE contains a vulnerability in the admin interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-21822
CVE-2021-45968An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-45968
CVE-2022-27191golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b in Go through 1.16.15 and 1.17.x through 1.17.8 allows an attacker to crash a server in certain circumstances involving AddHostKey.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27191
CVE-2022-0742Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0742
CVE-2022-24771Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24771
CVE-2022-24772Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24772
CVE-2021-4031Syltek application before its 10.22.00 version, does not correctly check that a product ID has a valid payment associated to it. This could allow an attacker to forge a request and bypass the payment system by marking items as payed without any verification.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-4031
CVE-2022-22585An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access a user's files.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-22585
CVE-2022-22609The issue was addressed with additional permissions checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to read other applications' settings.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-22609
CVE-2022-22643This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime call without knowing that they have done so.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-22643
CVE-2022-22651An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.3. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-22651
CVE-2022-22653A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4. A malicious website may be able to access information about the user and their devices.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-22653
CVE-2022-25389DCN Firewall DCME-520 was discovered to contain an arbitrary file download vulnerability via the path parameter in the file /audit/log/log_management.php.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25389
CVE-2022-26267Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26267
CVE-2021-44345Beijing Wisdom Vision Technology Industry Co., Ltd One Card Integrated Management System 3.0 is vulnerable to SQL Injection.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-44345
CVE-2022-25462Yafu v2.0 contains a segmentation fault via the component /factor/avx-ecm/vecarith52.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25462
CVE-2022-25481ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25481
CVE-2022-24775guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24775
CVE-2022-23345BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23345
CVE-2022-23347BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23347
CVE-2022-23352An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS).7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23352
CVE-2022-27333idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27333
CVE-2022-0667When the vulnerability is triggered the BIND process will exit. BIND 9.18.07.5https://nvd.nist.gov/vuln/detail/CVE-2022-0667
CVE-2022-1036Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-1036
CVE-2022-24764PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly call `pjmedia_sdp_print()` or `pjmedia_sdp_media_print()` should not be affected. A patch is available on the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24764
CVE-2021-45757ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in blocking.cgi, which may cause a denial of service (DoS).7.5https://nvd.nist.gov/vuln/detail/CVE-2021-45757
CVE-2022-0635Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0635
CVE-2021-44040Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-44040
CVE-2021-44139Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF).7.5https://nvd.nist.gov/vuln/detail/CVE-2021-44139
CVE-2021-38772Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-38772
CVE-2022-26243Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow in the setSmartPowerManagement function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26243
CVE-2021-27474Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attacker to modify sensitive data in FactoryTalk AssetCentre.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-27474
CVE-2022-24291Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24291
CVE-2021-28276A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-28276
CVE-2022-0153SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0153
CVE-2021-43091An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-43091
CVE-2020-13817ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.7.4https://nvd.nist.gov/vuln/detail/CVE-2020-13817
CVE-2021-25217In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.7.4https://nvd.nist.gov/vuln/detail/CVE-2021-25217
CVE-2021-44531Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.7.4https://nvd.nist.gov/vuln/detail/CVE-2021-44531
CVE-2022-24759`@chainsafe/libp2p-noise` contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. `@chainsafe/libp2p-noise` before 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pose as other peers and get those peers banned. Users should upgrade to version 4.1.2 or 5.0.3 to receive a patch. There are currently no known workarounds.7.4https://nvd.nist.gov/vuln/detail/CVE-2022-24759
CVE-2021-43804PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming RTCP BYE message contains a reason's length, this declared length is not checked against the actual received packet size, potentially resulting in an out-of-bound read access. This issue affects all users that use PJMEDIA and RTCP. A malicious actor can send a RTCP BYE message with an invalid reason length. Users are advised to upgrade as soon as possible. There are no known workarounds.7.3https://nvd.nist.gov/vuln/detail/CVE-2021-43804
CVE-2022-20707Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.7.3https://nvd.nist.gov/vuln/detail/CVE-2022-20707
CVE-2019-15001The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request.7.2https://nvd.nist.gov/vuln/detail/CVE-2019-15001
CVE-2021-26070Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the `makeRequest` gadget resource. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-26070
CVE-2021-39128Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-39128
CVE-2021-43947Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-43947
CVE-2021-43944This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-43944
CVE-2022-26965In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-26965
CVE-2022-25607Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727).7.2https://nvd.nist.gov/vuln/detail/CVE-2022-25607
CVE-2021-42194The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-42194
CVE-2022-1034There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-1034
CVE-2019-6956An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.7.1https://nvd.nist.gov/vuln/detail/CVE-2019-6956
CVE-2021-1056NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-1056
CVE-2021-4166vim is vulnerable to Out-of-bounds Read7.1https://nvd.nist.gov/vuln/detail/CVE-2021-4166
CVE-2022-0518Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-0518
CVE-2022-0519Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-0519
CVE-2022-0521Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-0521
CVE-2022-0522Access of Memory Location Before Start of Buffer in NPM radare2.js prior to 5.6.2.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-0522
CVE-2021-45083An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler local installation. In the case of an easy-to-guess password, it's trivial to obtain the plaintext string. The settings.yaml file contains secrets such as the hashed default password.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-45083
CVE-2022-0713Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-0713
CVE-2022-0891A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact7.1https://nvd.nist.gov/vuln/detail/CVE-2022-0891
CVE-2022-24073The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-24073
CVE-2022-22625An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-22625
CVE-2022-22626An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-22626
CVE-2022-22627An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-22627
CVE-2022-0991Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-0991
CVE-2020-9484When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.7https://nvd.nist.gov/vuln/detail/CVE-2020-9484
CVE-2021-39686In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200688826References: Upstream kernel7https://nvd.nist.gov/vuln/detail/CVE-2021-39686
CVE-2021-46390An access control issue in the authentication module of Lexar_F35 v1.0.34 allows attackers to access sensitive data and cause a Denial of Service (DoS). An attacker without access to securely protected data on a secure USB flash drive can bypass user authentication without having any information related to the password of the registered user. The secure USB flash drive transmits the password entered by the user to the authentication module in the drive after the user registers a password, and then the input password is compared with the registered password stored in the authentication module. Subsequently, the module returns the comparison result for the authentication decision. Therefore, an attacker can bypass password authentication by analyzing the functions that return the password verification or comparison results and manipulate the authentication result values. Accordingly, even if attackers enter an incorrect password, they can be authenticated as a legitimate user and can therefore exploit functions of the secure USB flash drive by manipulating the authentication result values.6.8https://nvd.nist.gov/vuln/detail/CVE-2021-46390
CVE-2021-38745Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page.6.8https://nvd.nist.gov/vuln/detail/CVE-2021-38745
CVE-2020-27749A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.6.7https://nvd.nist.gov/vuln/detail/CVE-2020-27749
CVE-2021-20225A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-20225
CVE-2021-39689In multiple functions of odsign_main.cpp, there is a possible way to persist system attack due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-2060907486.7https://nvd.nist.gov/vuln/detail/CVE-2021-39689
CVE-2021-39718In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205035540References: N/A6.7https://nvd.nist.gov/vuln/detail/CVE-2021-39718
CVE-2021-39721In TBD of TBD, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195726151References: N/A6.7https://nvd.nist.gov/vuln/detail/CVE-2021-39721
CVE-2021-39725In gasket_free_coherent_memory_all of gasket_page_table.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151454974References: N/A6.7https://nvd.nist.gov/vuln/detail/CVE-2021-39725
CVE-2021-39729In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202006191References: N/A6.7https://nvd.nist.gov/vuln/detail/CVE-2021-39729
CVE-2021-39731In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205036834References: N/A6.7https://nvd.nist.gov/vuln/detail/CVE-2021-39731
CVE-2021-39733In amcs_cdev_unlocked_ioctl of audiometrics.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206128522References: N/A6.7https://nvd.nist.gov/vuln/detail/CVE-2021-39733
CVE-2021-39736In prepare_io_entry and prepare_response of lwis_ioctl.c and lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205995773References: N/A6.7https://nvd.nist.gov/vuln/detail/CVE-2021-39736
CVE-2021-42550In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.6.6https://nvd.nist.gov/vuln/detail/CVE-2021-42550
CVE-2022-0213vim is vulnerable to Heap-based Buffer Overflow6.6https://nvd.nist.gov/vuln/detail/CVE-2022-0213
CVE-2017-18101Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.6.5https://nvd.nist.gov/vuln/detail/CVE-2017-18101
CVE-2019-13617njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call.6.5https://nvd.nist.gov/vuln/detail/CVE-2019-13617
CVE-2019-11587Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF).6.5https://nvd.nist.gov/vuln/detail/CVE-2019-11587
CVE-2019-14998The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance.6.5https://nvd.nist.gov/vuln/detail/CVE-2019-14998
CVE-2019-8451The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.6.5https://nvd.nist.gov/vuln/detail/CVE-2019-8451
CVE-2019-20401Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery (CSRF) vulnerabilities.6.5https://nvd.nist.gov/vuln/detail/CVE-2019-20401
CVE-2019-20410Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and from version 8.0.0 before 8.4.2.6.5https://nvd.nist.gov/vuln/detail/CVE-2019-20410
CVE-2019-20897The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.6.5https://nvd.nist.gov/vuln/detail/CVE-2019-20897
CVE-2020-8927A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-8927
CVE-2020-14177Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Regex-based Denial of Service (DoS) vulnerability in JQL version searching. The affected versions are before version 7.13.16; from version 7.14.0 before 8.5.7; from version 8.6.0 before 8.10.2; and from version 8.11.0 before 8.11.1.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-14177
CVE-2020-14765Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).6.5https://nvd.nist.gov/vuln/detail/CVE-2020-14765
CVE-2020-14769Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).6.5https://nvd.nist.gov/vuln/detail/CVE-2020-14769
CVE-2021-22298There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-22298
CVE-2021-32723Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS). When Prism is used to highlight untrusted (user-given) text, an attacker can craft a string that will take a very very long time to highlight. This problem has been fixed in Prism v1.24. As a workaround, do not use ASCIIDoc or ERB to highlight untrusted text. Other languages are not affected and can be used to highlight untrusted text.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-32723
CVE-2021-39458Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-39458
CVE-2021-41308Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-41308
CVE-2021-22960The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-22960
CVE-2021-22959The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-22959
CVE-2021-41192Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value. This issue only affects installations where the `REDASH_COOKIE_SECRET or REDASH_SECRET_KEY` environment variables have not been explicitly set. This issue does not affect users of the official Redash cloud images, Redash's Digital Ocean marketplace droplets, or the scripts in the `getredash/setup` repository. These instances automatically generate unique secret keys during installation. One can verify whether one's instance is affected by checking the value of the `REDASH_COOKIE_SECRET` environment variable. If it is `c292a0a3aa32397cdb050e233733900f`, should follow the steps to secure the instance, outlined in the GitHub Security Advisory.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-41192
CVE-2021-43797Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-43797
CVE-2022-0108Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0108
CVE-2022-0109Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0109
CVE-2022-0111Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to incorrectly set origin via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0111
CVE-2022-0113Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0113
CVE-2022-0117Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0117
CVE-2022-0120Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data via a malicious website.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0120
CVE-2021-45346A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicous user obtain sensitive information..6.5https://nvd.nist.gov/vuln/detail/CVE-2021-45346
CVE-2021-43941Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-43941
CVE-2022-0577Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0577
CVE-2022-24737HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn‘t distinguish between cookies and hosts they belonged. This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third party website. Users are advised to upgrade. There are no known workarounds.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-24737
CVE-2021-28488Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). Users in the same AMOS authorization group can retrieve managed-network data that was not set to be accessible to the entire group (i.e., was only set to be accessible to a subset of that group).6.5https://nvd.nist.gov/vuln/detail/CVE-2021-28488
CVE-2021-32436An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-32436
CVE-2022-0865Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0865
CVE-2022-27203Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-27203
CVE-2022-27206Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-27206
CVE-2022-27209A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-27209
CVE-2022-27211A missing/An incorrect permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-27211
CVE-2022-27216Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-27216
CVE-2022-27217Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-27217
CVE-2021-39667In ih264d_parse_decode_slice of ih264d_parse_slice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-2057020936.5https://nvd.nist.gov/vuln/detail/CVE-2021-39667
CVE-2022-0959A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0959
CVE-2022-24075Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-24075
CVE-2021-29899IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-29899
CVE-2020-15388A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-15388
CVE-2021-27789The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-27789
CVE-2022-22592A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-22592
CVE-2022-22594A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-22594
CVE-2022-22638A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service attack.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-22638
CVE-2022-22659A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An attacker in a privileged network position may be able to leak sensitive user information.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-22659
CVE-2021-45117The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-45117
CVE-2022-0514Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0514
CVE-2022-0681The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions via a CSRF attack6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0681
CVE-2022-25518In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-25518
CVE-2021-43737An issus was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can modify administrator account's password.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-43737
CVE-2022-22316IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-22316
CVE-2021-39712In TBD of TBD, there is a possible user after free vulnerability due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176918884References: N/A6.4https://nvd.nist.gov/vuln/detail/CVE-2021-39712
CVE-2021-39735In gasket_alloc_coherent_memory of gasket_page_table.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151455484References: N/A6.4https://nvd.nist.gov/vuln/detail/CVE-2021-39735
CVE-2022-0859McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server (restricted to administrators) and to know the SQL server password.6.4https://nvd.nist.gov/vuln/detail/CVE-2022-0859
CVE-2022-21658Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_dir_all` standard library function is vulnerable a race condition enabling symlink following (CWE-363). An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete. Rust 1.0.0 through Rust 1.58.0 is affected by this vulnerability with 1.58.1 containing a patch. Note that the following build targets don't have usable APIs to properly mitigate the attack, and are thus still vulnerable even with a patched toolchain: macOS before version 10.10 (Yosemite) and REDOX. We recommend everyone to update to Rust 1.58.1 as soon as possible, especially people developing programs expected to run in privileged contexts (including system daemons and setuid binaries), as those have the highest risk of being affected by this. Note that adding checks in your codebase before calling remove_dir_all will not mitigate the vulnerability, as they would also be vulnerable to race conditions like remove_dir_all itself. The existing mitigation is working as intended outside of race conditions.6.3https://nvd.nist.gov/vuln/detail/CVE-2022-21658
CVE-2022-21820NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and limited impacts to both data confidentiality and integrity.6.3https://nvd.nist.gov/vuln/detail/CVE-2022-21820
CVE-2017-14594The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2017-14594
CVE-2018-5230The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified.6.1https://nvd.nist.gov/vuln/detail/CVE-2018-5230
CVE-2018-13387The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter as the fix for CVE-2017-18039 was incomplete.6.1https://nvd.nist.gov/vuln/detail/CVE-2018-13387
CVE-2018-5232The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuetype parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2018-5232
CVE-2018-13395Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and before version 7.11.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the epic colour field of an issue while an issue is being moved.6.1https://nvd.nist.gov/vuln/detail/CVE-2018-13395
CVE-2018-13401The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2018-13401
CVE-2018-13402Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2018-13402
CVE-2019-3400The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jql parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2019-3400
CVE-2019-3402The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2019-3402
CVE-2019-11585The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.6.1https://nvd.nist.gov/vuln/detail/CVE-2019-11585
CVE-2019-11589The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2019-11589
CVE-2019-14996The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2019-14996
CVE-2018-18623Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.6.1https://nvd.nist.gov/vuln/detail/CVE-2018-18623
CVE-2020-4022The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a mixed multipart content type.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-4022
CVE-2019-20417NOTE: This candidate is a duplicate of CVE-2019-15011. All CVE users should reference CVE-2019-15011 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.6.1https://nvd.nist.gov/vuln/detail/CVE-2019-20417
CVE-2019-20901The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2019-20901
CVE-2020-36236Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-36236
CVE-2020-36288The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DOM Cross-Site Scripting (XSS) vulnerability caused by parameter pollution.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-36288
CVE-2021-26078The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-26078
CVE-2021-26079The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version 8.13.7, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-26079
CVE-2021-26080EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-26080
CVE-2021-39111The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the handling of supplied content such as from a PDF when pasted into a field such as the description field.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-39111
CVE-2021-41304Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.2.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-41304
CVE-2021-41182jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-41182
CVE-2021-41183jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-41183
CVE-2021-43942Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (XSS) vulnerability in the /rest/collectors/1.0/template/custom endpoint. To exploit this issue, the attacker must trick a user into visiting a malicious website. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-43942
CVE-2022-23598laminas-form is a package for validating and displaying simple and complex forms. When rendering validation error messages via the `formElementErrors()` view helper shipped with laminas-form, many messages will contain the submitted value. However, in laminas-form prior to version 3.1.1, the value was not being escaped for HTML contexts, which could potentially lead to a reflected cross-site scripting attack. Versions 3.1.1 and above contain a patch to mitigate the vulnerability. A workaround is available. One may manually place code at the top of a view script where one calls the `formElementErrors()` view helper. More information about this workaround is available on the GitHub Security Advisory.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-23598
CVE-2022-23395jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting (XSS).6.1https://nvd.nist.gov/vuln/detail/CVE-2022-23395
CVE-2022-23710A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s browser.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-23710
CVE-2022-25601Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4).6.1https://nvd.nist.gov/vuln/detail/CVE-2022-25601
CVE-2022-0161The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0161
CVE-2022-25493HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-25493
CVE-2021-23648The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-23648
CVE-2021-45822A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the "n" (POST) parameter. Through this vulnerability, an attacker is capable to execute malicious JavaScript code.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-45822
CVE-2022-24072The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-24072
CVE-2022-0758Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker could pass literal values as the test credentials, providing the opportunity for a potential XSS attack. This issue is fixed in Rapid7 Nexpose version 6.6.130.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0758
CVE-2022-22589A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-22589
CVE-2022-22652The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access may be able to view and modify the carrier account information and settings from the lock screen.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-22652
CVE-2022-27246An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-27246
CVE-2022-26246TMS v2.28.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /TMS/admin/setting/mail/createorupdate.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-26246
CVE-2022-24656HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By putting a common XSS payload in a markdown file, if opened with the app, will execute several times.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-24656
CVE-2021-25019The SEO Plugin by Squirrly SEO WordPress plugin before 11.1.12 does not escape the type parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting6.1https://nvd.nist.gov/vuln/detail/CVE-2021-25019
CVE-2022-0627The Amelia WordPress plugin before 1.0.47 does not sanitize and escape the code parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0627
CVE-2022-0628The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the _wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0628
CVE-2022-0640The Pricing Table Builder WordPress plugin before 1.1.5 does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0640
CVE-2021-33961A Cross Site Scripting (XSS) vulnerabililty exists in enhanced-github v5.0.11 via the file name parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-33961
CVE-2022-0857A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0857
CVE-2022-0858A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0858
CVE-2022-0889The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the ~/includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web scripts to vulnerable WordPress sites, in versions up to and including 3.3.12.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-0889
CVE-2022-25221Money Transfer Management System Version 1.0 allows an attacker to inject JavaScript code in the URL and then trick a user into visit the link in order to execute JavaScript code.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-25221
CVE-2022-25269Passwork On-Premise Edition before 4.6.13 has multiple XSS issues.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-25269
CVE-2022-1058Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-1058
CVE-2022-25575Multiple cross-site scripting (XSS) vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, password, and verification code text boxes.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-25575
CVE-2022-26263Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-26263
CVE-2021-20323A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-20323
CVE-2017-6024A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause a denial of service condition by sending a series of specific CIP-based commands to the controller.5.9https://nvd.nist.gov/vuln/detail/CVE-2017-6024
CVE-2017-18104The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not be sent because they are not contained within the results of a specified JQL query.5.9https://nvd.nist.gov/vuln/detail/CVE-2017-18104
CVE-2019-7282In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685.5.9https://nvd.nist.gov/vuln/detail/CVE-2019-7282
CVE-2019-1559If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).5.9https://nvd.nist.gov/vuln/detail/CVE-2019-1559
CVE-2020-14168The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle (MITM) vulnerability.5.9https://nvd.nist.gov/vuln/detail/CVE-2020-14168
CVE-2021-32686PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They cause a crash, resulting in a denial of service. These are fixed in version 2.11.1.5.9https://nvd.nist.gov/vuln/detail/CVE-2021-32686
CVE-2021-4160There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb).5.9https://nvd.nist.gov/vuln/detail/CVE-2021-4160
CVE-2022-24302In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-24302
CVE-2022-26247TMS v2.28.0 contains an insecure permissions vulnerability via the component /TMS/admin/user/Update2. This vulnerability allows attackers to modify the administrator account and password.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-26247
CVE-2018-20199A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the ONLY_LONG_SEQUENCE case.5.5https://nvd.nist.gov/vuln/detail/CVE-2018-20199
CVE-2018-20360An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2018-20360
CVE-2019-15142In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file.5.5https://nvd.nist.gov/vuln/detail/CVE-2019-15142
CVE-2019-15143In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.5.5https://nvd.nist.gov/vuln/detail/CVE-2019-15143
CVE-2019-15144In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.5.5https://nvd.nist.gov/vuln/detail/CVE-2019-15144
CVE-2019-15145DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.5.5https://nvd.nist.gov/vuln/detail/CVE-2019-15145
CVE-2020-24347njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-24347
CVE-2020-24348njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-24348
CVE-2020-24349njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-24349
CVE-2020-14760Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).5.5https://nvd.nist.gov/vuln/detail/CVE-2020-14760
CVE-2020-16590A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16590
CVE-2020-16591A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16591
CVE-2020-16599A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16599
CVE-2020-27618The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-27618
CVE-2020-13938Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows5.5https://nvd.nist.gov/vuln/detail/CVE-2020-13938
CVE-2021-0561In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1743026835.5https://nvd.nist.gov/vuln/detail/CVE-2021-0561
CVE-2021-30898An access issue was addressed with additional sandbox restrictions on third party applications. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to access some of the user's Apple ID information, or recent in-app search terms.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30898
CVE-2021-30921A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible onscreen.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30921
CVE-2021-30972This issue was addressed with improved checks. This issue is fixed in Security Update 2022-001 Catalina, macOS Big Sur 11.6.3. A malicious application may be able to bypass certain Privacy preferences.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30972
CVE-2021-39116Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the GIF Image Reader component. The affected versions are before version 8.13.14, and from version 8.14.0 before 8.19.0.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-39116
CVE-2021-32276An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function get_sample() located in output.c. It allows an attacker to cause Denial of Service.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-32276
CVE-2021-4183Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file5.5https://nvd.nist.gov/vuln/detail/CVE-2021-4183
CVE-2021-4193vim is vulnerable to Out-of-bounds Read5.5https://nvd.nist.gov/vuln/detail/CVE-2021-4193
CVE-2021-45958UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-45958
CVE-2022-22844LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-22844
CVE-2022-0156vim is vulnerable to Use After Free5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0156
CVE-2022-0319Out-of-bounds Read in vim/vim prior to 8.2.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0319
CVE-2022-23034A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unmapping of such a mapping can be requested in two steps. The reference count for such a mapping would then mistakenly be decremented twice. Underflow of the counters gets detected, resulting in the triggering of a hypervisor bug check.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-23034
CVE-2022-0561Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0561
CVE-2022-0562Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0562
CVE-2022-0712NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0712
CVE-2022-0714Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0714
CVE-2022-0476Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0476
CVE-2022-0695Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0695
CVE-2021-44962An out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially crafted stl file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-44962
CVE-2021-32434abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-32434
CVE-2021-32435Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-32435
CVE-2022-0907Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0907
CVE-2022-0908Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0908
CVE-2022-0909Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0909
CVE-2022-0924Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0924
CVE-2022-27195Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their `build.xml` files. These values are stored unencrypted and can be viewed by users with access to the Jenkins controller file system.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-27195
CVE-2021-39624In Package Manger, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-678626805.5https://nvd.nist.gov/vuln/detail/CVE-2021-39624
CVE-2021-39690In setDisplayPadding of WallpaperManagerService.java, there is a possible way to cause a persistent DoS due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-2043165115.5https://nvd.nist.gov/vuln/detail/CVE-2021-39690
CVE-2021-39705In getNotificationTag of LegacyVoicemailNotifier.java, there is a possible leak of ICCID due to a permissions bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-1860267465.5https://nvd.nist.gov/vuln/detail/CVE-2021-39705
CVE-2022-23234SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext HANA credentials.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-23234
CVE-2021-45868In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-45868
CVE-2021-22571A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-22571
CVE-2022-22583A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-22583
CVE-2022-22588A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 15.2.1 and iPadOS 15.2.1. Processing a maliciously crafted HomeKit accessory name may cause a denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-22588
CVE-2022-22600The issue was addressed with improved permissions logic. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to bypass certain Privacy preferences.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-22600
CVE-2022-22644A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to access information about a user's contacts.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-22644
CVE-2022-22648This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to read restricted memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-22648
CVE-2022-22650This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application's permissions and access user data.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-22650
CVE-2022-22660This issue was addressed with a new entitlement. This issue is fixed in macOS Monterey 12.3. An app may be able to spoof system notifications and UI.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-22660
CVE-2022-1035Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-1035
CVE-2022-25484tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-25484
CVE-2021-28275A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-28275
CVE-2017-18102The wiki markup component of atlassian-renderer from version 8.0.0 before version 8.0.22 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in nested wiki markup.5.4https://nvd.nist.gov/vuln/detail/CVE-2017-18102
CVE-2018-13403The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard.5.4https://nvd.nist.gov/vuln/detail/CVE-2018-13403
CVE-2018-20232The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting.5.4https://nvd.nist.gov/vuln/detail/CVE-2018-20232
CVE-2018-20239Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. The product is used as a plugin in various Atlassian products where the following are affected: Confluence before version 6.15.2, Crucible before version 4.7.0, Crowd before version 3.4.3, Fisheye before version 4.7.0, Jira before version 7.13.3 and 8.x before 8.1.0.5.4https://nvd.nist.gov/vuln/detail/CVE-2018-20239
CVE-2019-8444The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification.5.4https://nvd.nist.gov/vuln/detail/CVE-2019-8444
CVE-2020-4021Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the XML export view.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-4021
CVE-2019-20414Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in Issue Navigator Basic Search. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.5.4https://nvd.nist.gov/vuln/detail/CVE-2019-20414
CVE-2020-4024The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a vnd.wap.xhtml+xml content type.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-4024
CVE-2020-14173The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-14173
CVE-2020-14184Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-14184
CVE-2021-26082The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a stored cross site scripting vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-26082
CVE-2021-26083Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-26083
CVE-2021-38695SoftVibe SARABAN for INFOMA 1.1 is vulnerable to stored cross-site scripting (XSS) that allows users to store scripts in certain fields (e.g. subject, description) of the document form.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-38695
CVE-2021-24958The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF checks in the meks_save_business_selected_account AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any authenticated user, such as subscriber could update the plugin's settings and put Cross-Site Scripting payloads in them5.4https://nvd.nist.gov/vuln/detail/CVE-2021-24958
CVE-2022-27196Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-27196
CVE-2022-27197Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-27197
CVE-2022-27202Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-27202
CVE-2022-27213Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the Component order configuration values in its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-27213
CVE-2022-25489Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "A" parameter in /widgets/debug.php.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-25489
CVE-2022-24728CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-24728
CVE-2022-26295A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user of Online Project Time Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user name field.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-26295
CVE-2021-44760Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6).5.4https://nvd.nist.gov/vuln/detail/CVE-2021-44760
CVE-2022-1002Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-1002
CVE-2022-25604Authenticated (contributor of higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Price Table plugin (versions <= 0.2.2).5.4https://nvd.nist.gov/vuln/detail/CVE-2022-25604
CVE-2022-25605Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-25605
CVE-2022-26555A stored cross-site scripting (XSS) vulnerability in the Add a Button function of Eova v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the button name text box.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-26555
CVE-2022-0475Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0475
CVE-2022-0364The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0364
CVE-2022-0423The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing any authenticated users, such as subscriber to put Cross-Site Scripting payloads in all pages with a 3d flipbook.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0423
CVE-2022-23350BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-23350
CVE-2022-27090Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-27090
CVE-2022-0750The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnail_width, thumbnail_height, max_image_width, and max_image_height parameters found in the ~/photoswipe-masonry.php file which allows authenticated attackers to inject arbitrary web scripts into galleries created by the plugin and on the PhotoSwipe Options page. This affects versions up to and including 1.2.14.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0750
CVE-2022-0834The Amelia WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the lastName parameter found in the ~/src/Application/Controller/User/Customer/AddCustomerController.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user accesses the booking calendar with the date the attacker has injected the malicious payload into. This affects versions up to and including 1.0.46.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0834
CVE-2022-25608Cross-Site Request Forgery (CSRF) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers to trick authenticated users into unwanted slider duplicate or delete action.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-25608
CVE-2022-25609Stored Cross-Site Scripting (XSS) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers with contributor or higher user role to inject the malicious code.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-25609
CVE-2022-0145Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkcms prior to 5.11.1.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0145
CVE-2021-43659In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-43659
CVE-2021-39491A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . .5.4https://nvd.nist.gov/vuln/detail/CVE-2021-39491
CVE-2022-25582A stored cross-site scripting (XSS) vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-25582
CVE-2022-24643A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-24643
CVE-2022-26197Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Datalist table.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-26197
CVE-2022-23059A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions v2.0.2 through v2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-23059
CVE-2018-13391The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version 7.11.2 allows remote attackers who can access & view an issue to obtain the email address of the reporter and assignee user of an issue despite the configured email visibility setting being set to hidden.5.3https://nvd.nist.gov/vuln/detail/CVE-2018-13391
CVE-2019-3401The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.5.3https://nvd.nist.gov/vuln/detail/CVE-2019-3401
CVE-2019-3403The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.5.3https://nvd.nist.gov/vuln/detail/CVE-2019-3403
CVE-2019-8448The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enumerate usernames via an information disclosure vulnerability.5.3https://nvd.nist.gov/vuln/detail/CVE-2019-8448
CVE-2019-8445Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check.5.3https://nvd.nist.gov/vuln/detail/CVE-2019-8445
CVE-2019-8446The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check.5.3https://nvd.nist.gov/vuln/detail/CVE-2019-8446
CVE-2019-14995The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check.5.3https://nvd.nist.gov/vuln/detail/CVE-2019-14995
CVE-2019-20403The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability.5.3https://nvd.nist.gov/vuln/detail/CVE-2019-20403
CVE-2019-20412The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of the workflow name; Issue Keys; Issue Types; Status Types. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.5.3https://nvd.nist.gov/vuln/detail/CVE-2019-20412
CVE-2019-20899The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1.5.3https://nvd.nist.gov/vuln/detail/CVE-2019-20899
CVE-2020-14181Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-14181
CVE-2020-14179Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-14179
CVE-2020-14185Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-14185
CVE-2020-36235Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view. The affected versions are before version 8.13.2, and from version 8.14.0 before 8.14.1.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-36235
CVE-2020-28500Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-28500
CVE-2020-29453The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-29453
CVE-2021-26069Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in the /rest/api/1.0/issues/{id}/ActionsAndOperations API endpoint. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-26069
CVE-2020-36238The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-36238
CVE-2020-36286The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to publicly visible issue field.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-36286
CVE-2020-36287The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-36287
CVE-2020-36289Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-36289
CVE-2021-28169For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-28169
CVE-2021-26081REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the `/rest/api/latest/user/avatar/temporary` endpoint.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-26081
CVE-2021-39122Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-39122
CVE-2021-39125Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-39125
CVE-2021-39127Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-39127
CVE-2021-21707In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-21707
CVE-2021-39021IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which could facilitate username enumeration. IBM X-Force ID: 213856.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-39021
CVE-2021-44532Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-44532
CVE-2021-44533Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-44533
CVE-2022-0430Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository httpie/httpie prior to 3.1.0.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-0430
CVE-2022-25497CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-25497
CVE-2022-25248When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) supplies the event log of the specific service.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-25248
CVE-2021-44261A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-44261
CVE-2022-24773Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not properly check `DigestInfo` for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-24773
CVE-2020-25193By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-25193
CVE-2022-23348BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-23348
CVE-2022-0396BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-0396
CVE-2022-0862A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a compromised session without knowing the existing user's password. This functionality was removed from the User Interface in ePO 10 and the API has now been disabled. Other protection is in place to reduce the likelihood of this being successful through sending a link to a logged in user.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-0862
CVE-2020-2934Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).5https://nvd.nist.gov/vuln/detail/CVE-2020-2934
CVE-2020-8554Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.5https://nvd.nist.gov/vuln/detail/CVE-2020-8554
CVE-2020-36232The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5.0.0 before 5.0.1 allowed unexpected DNS lookups and requests to arbitrary services as it incorrectly obtained application base url information from the executing http request which could be attacker controlled.5https://nvd.nist.gov/vuln/detail/CVE-2020-36232
CVE-2020-14672Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2020-14672
CVE-2020-14773Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2020-14773
CVE-2020-14776Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2020-14776
CVE-2020-14777Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2020-14777
CVE-2020-14786Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2020-14786
CVE-2020-14790Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2020-14790
CVE-2020-14793Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2020-14793
CVE-2021-39046IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346.4.9https://nvd.nist.gov/vuln/detail/CVE-2021-39046
CVE-2022-1003One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads.4.9https://nvd.nist.gov/vuln/detail/CVE-2022-1003
CVE-2022-0842A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data the attacker would require administrator privileges.4.9https://nvd.nist.gov/vuln/detail/CVE-2022-0842
CVE-2019-8450Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a custom field.4.8https://nvd.nist.gov/vuln/detail/CVE-2019-8450
CVE-2020-4025The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a rdf content type.4.8https://nvd.nist.gov/vuln/detail/CVE-2020-4025
CVE-2019-20900Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module. The affected versions are before version 8.7.0.4.8https://nvd.nist.gov/vuln/detail/CVE-2019-20900
CVE-2020-36234Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.4.8https://nvd.nist.gov/vuln/detail/CVE-2020-36234
CVE-2021-24343The iFlyChat WordPress plugin before 4.7.0 does not sanitise its APP ID setting before outputting it back in the page, leading to an authenticated Stored Cross-Site Scripting issue4.8https://nvd.nist.gov/vuln/detail/CVE-2021-24343
CVE-2021-39112Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from version 8.14.0 before 8.17.1, and from version 8.18.0 before 8.18.1.4.8https://nvd.nist.gov/vuln/detail/CVE-2021-39112
CVE-2022-20704Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-20704
CVE-2022-27207Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-27207
CVE-2021-45792Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php.4.8https://nvd.nist.gov/vuln/detail/CVE-2021-45792
CVE-2021-23150Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.31).4.8https://nvd.nist.gov/vuln/detail/CVE-2021-23150
CVE-2021-23209Multiple Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.32).4.8https://nvd.nist.gov/vuln/detail/CVE-2021-23209
CVE-2022-25603Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5).4.8https://nvd.nist.gov/vuln/detail/CVE-2022-25603
CVE-2022-27244An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-27244
CVE-2022-25464A stored cross-site scripting (XSS) vulnerability in the component /admin/contenttemp of DoraCMS v2.1.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-25464
CVE-2022-26494An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a worker name.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-26494
CVE-2022-0590The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-0590
CVE-2022-0955Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/data-hub prior to 1.2.4.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-0955
CVE-2022-25574A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-25574
CVE-2018-13400Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.4.7https://nvd.nist.gov/vuln/detail/CVE-2018-13400
CVE-2019-20100The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.2, and from version 7.1.0 before version 7.1.3. The vulnerable plugin is used by Atlassian Jira Server and Data Center before version 8.7.0. An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present.4.7https://nvd.nist.gov/vuln/detail/CVE-2019-20100
CVE-2022-23035Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time this cleanup gets invoked, the cleanup attempt may be scheduled to be retried. When multiple interrupts are involved, this scheduling of a retry may get erroneously skipped. At the same time pointers may get cleared (resulting in a de-reference of NULL) and freed (resulting in a use-after-free), while other code would continue to assume them to be valid.4.6https://nvd.nist.gov/vuln/detail/CVE-2022-23035
CVE-2022-22621This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions.4.6https://nvd.nist.gov/vuln/detail/CVE-2022-22621
CVE-2022-22622This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions.4.6https://nvd.nist.gov/vuln/detail/CVE-2022-22622
CVE-2022-22647This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A person with access to a Mac may be able to bypass Login Window.4.6https://nvd.nist.gov/vuln/detail/CVE-2022-22647
CVE-2022-22671An authentication issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to access photos from the lock screen.4.6https://nvd.nist.gov/vuln/detail/CVE-2022-22671
CVE-2022-25576Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts.4.5https://nvd.nist.gov/vuln/detail/CVE-2022-25576
CVE-2022-24349An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim’s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel.4.4https://nvd.nist.gov/vuln/detail/CVE-2022-24349
CVE-2022-24917An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.4.4https://nvd.nist.gov/vuln/detail/CVE-2022-24917
CVE-2022-24918An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.4.4https://nvd.nist.gov/vuln/detail/CVE-2022-24918
CVE-2022-24919An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.4.4https://nvd.nist.gov/vuln/detail/CVE-2022-24919
CVE-2021-39711In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154175781References: Upstream kernel4.4https://nvd.nist.gov/vuln/detail/CVE-2021-39711
CVE-2021-39715In __show_regs of process.c, there is a possible leak of kernel memory and addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-178379135References: Upstream kernel4.4https://nvd.nist.gov/vuln/detail/CVE-2021-39715
CVE-2021-39717In iaxxx_btp_write_words of iaxxx-btp.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198653629References: N/A4.4https://nvd.nist.gov/vuln/detail/CVE-2021-39717
CVE-2021-39730In TBD of TBD, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206472503References: N/A4.4https://nvd.nist.gov/vuln/detail/CVE-2021-39730
CVE-2019-11586The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability.4.3https://nvd.nist.gov/vuln/detail/CVE-2019-11586
CVE-2019-11588The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability.4.3https://nvd.nist.gov/vuln/detail/CVE-2019-11588
CVE-2019-8447The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability.4.3https://nvd.nist.gov/vuln/detail/CVE-2019-8447
CVE-2019-14997The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN.4.3https://nvd.nist.gov/vuln/detail/CVE-2019-14997
CVE-2019-15013The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue status from a project via a missing authorisation check.4.3https://nvd.nist.gov/vuln/detail/CVE-2019-15013
CVE-2019-20106Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug.4.3https://nvd.nist.gov/vuln/detail/CVE-2019-20106
CVE-2019-20404The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability.4.3https://nvd.nist.gov/vuln/detail/CVE-2019-20404
CVE-2019-20405The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability.4.3https://nvd.nist.gov/vuln/detail/CVE-2019-20405
CVE-2019-20098The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present.4.3https://nvd.nist.gov/vuln/detail/CVE-2019-20098
CVE-2019-20099The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present.4.3https://nvd.nist.gov/vuln/detail/CVE-2019-20099
CVE-2019-20407The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they do not have access to through an missing authorisation check.4.3https://nvd.nist.gov/vuln/detail/CVE-2019-20407
CVE-2019-20411Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.4.3https://nvd.nist.gov/vuln/detail/CVE-2019-20411
CVE-2019-20415Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0.4.3https://nvd.nist.gov/vuln/detail/CVE-2019-20415
CVE-2020-4029The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to enumerate project names via an improper authorization vulnerability.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-4029
CVE-2020-14174Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, from version 8.6.0 before 8.9.2, and from version 8.10.0 before 8.10.1.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-14174
CVE-2020-36231Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-36231
CVE-2020-29451Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Disclosure vulnerability in the Jira Projects plugin report page. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.14.1.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-29451
CVE-2021-26075The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an information disclosure vulnerability in the error message when presented with an invalid filename.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-26075
CVE-2021-39121Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint. The affected versions are before version 8.5.18, from version 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-39121
CVE-2021-41313Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.20.1.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-41313
CVE-2021-24668The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack4.3https://nvd.nist.gov/vuln/detail/CVE-2021-24668
CVE-2022-0110Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-0110
CVE-2022-0112Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-0112
CVE-2022-0116Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-0116
CVE-2022-0118Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-0118
CVE-2022-27205A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-27205
CVE-2022-27215A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-27215
CVE-2022-27218Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-27218
CVE-2021-43961Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-43961
CVE-2022-22654A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-22654
CVE-2022-1004Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-1004
CVE-2022-0515Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-0515
CVE-2022-0616The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting customers, which could allow attackers to make a logged in admin delete arbitrary customers via a CSRF attack4.3https://nvd.nist.gov/vuln/detail/CVE-2022-0616
CVE-2021-4180An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4180
CVE-2022-25223Money Transfer Management System Version 1.0 allows an authenticated user to inject SQL queries in 'mtms/admin/?page=transaction/view_details' via the 'id' parameter.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-25223
CVE-2022-25041OpenEMR v6.0.0 was discovered to contain an incorrect access control issue.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-25041
CVE-2022-25266Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files).4.3https://nvd.nist.gov/vuln/detail/CVE-2022-25266
CVE-2022-23242TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash. Knowledge of the crash event and the TeamViewer ID as well as either possession of the pre-crash connection password or local authenticated access to the machine would have allowed to establish a remote connection by reusing the not properly deleted connection password.4.2https://nvd.nist.gov/vuln/detail/CVE-2022-23242
CVE-2018-13404The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability.4.1https://nvd.nist.gov/vuln/detail/CVE-2018-13404
CVE-2021-39727In eicPresentationRetrieveEntryValue of acropora/app/identity/libeic/EicPresentation.c, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196388042References: N/A4.1https://nvd.nist.gov/vuln/detail/CVE-2021-39727
CVE-2021-39792In usb_gadget_giveback_request of core.c, there is a possible use after free out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161010552References: Upstream kernel4.1https://nvd.nist.gov/vuln/detail/CVE-2021-39792
CVE-2022-0861A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. The impact is limited to some access to confidential information and some ability to alter data.3.8https://nvd.nist.gov/vuln/detail/CVE-2022-0861
CVE-2021-26076The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the middle attack to learn which mode a user is editing in due to the cookie not being set with a secure attribute if Jira was configured to use https.3.7https://nvd.nist.gov/vuln/detail/CVE-2021-26076
CVE-2021-26071The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery (CSRF) vulnerability.3.5https://nvd.nist.gov/vuln/detail/CVE-2021-26071
CVE-2021-34428For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.3.5https://nvd.nist.gov/vuln/detail/CVE-2021-34428
CVE-2022-24236An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users' accounts.3.5https://nvd.nist.gov/vuln/detail/CVE-2022-24236
CVE-2022-0158vim is vulnerable to Heap-based Buffer Overflow3.3https://nvd.nist.gov/vuln/detail/CVE-2022-0158
CVE-2022-22598An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 15.4 and iPadOS 15.4. An app may be able to learn information about the current camera view before being granted camera access.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-22598
CVE-2022-22656An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-22656
CVE-2022-22670An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. A malicious application may be able to identify what other applications a user has installed.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-22670
CVE-2022-26354A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.3.2https://nvd.nist.gov/vuln/detail/CVE-2022-26354
CVE-2015-8481Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference.3.1https://nvd.nist.gov/vuln/detail/CVE-2015-8481
CVE-2020-8562As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actual connection. If a non-standard DNS server returns different non-cached responses, a user may be able to bypass the proxy IP restriction and access private networks on the control plane.3.1https://nvd.nist.gov/vuln/detail/CVE-2020-8562
CVE-2022-22599Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen.2.4https://nvd.nist.gov/vuln/detail/CVE-2022-22599
CVE-2020-14791Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).2.2https://nvd.nist.gov/vuln/detail/CVE-2020-14791
CVE-2022-21718Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue.https://nvd.nist.gov/vuln/detail/CVE-2022-21718
CVE-2022-24774CycloneDX BOM Repository Server is a bill of materials (BOM) repository server for distributing CycloneDX BOMs. CycloneDX BOM Repository Server before version 2.0.1 has an improper input validation vulnerability leading to path traversal. A malicious user may potentially exploit this vulnerability to create arbitrary directories or a denial of service by deleting arbitrary directories. The vulnerability is resolved in version 2.0.1. The vulnerability is not exploitable with the default configuration with the post and delete methods disabled. This can be configured by modifying the `appsettings.json` file, or alternatively, setting the environment variables `ALLOWEDMETHODS__POST` and `ALLOWEDMETHODS__DELETE` to `false`.https://nvd.nist.gov/vuln/detail/CVE-2022-24774
CVE-2021-27418GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTML encoding of user-supplied strings.https://nvd.nist.gov/vuln/detail/CVE-2021-27418
CVE-2021-27420GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels.https://nvd.nist.gov/vuln/detail/CVE-2021-27420
CVE-2021-27422GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication.https://nvd.nist.gov/vuln/detail/CVE-2021-27422
CVE-2021-27424GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information.https://nvd.nist.gov/vuln/detail/CVE-2021-27424
CVE-2021-27426GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user.https://nvd.nist.gov/vuln/detail/CVE-2021-27426
CVE-2021-27428GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without appropriate privileges. The weakness is assessed, and mitigation is implemented in firmware Version 8.10.https://nvd.nist.gov/vuln/detail/CVE-2021-27428
CVE-2021-27430GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR.https://nvd.nist.gov/vuln/detail/CVE-2021-27430
CVE-2021-27456Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control.https://nvd.nist.gov/vuln/detail/CVE-2021-27456
CVE-2021-27476A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier.https://nvd.nist.gov/vuln/detail/CVE-2021-27476
CVE-2021-3589An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.https://nvd.nist.gov/vuln/detail/CVE-2021-3589
CVE-2021-3618ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.https://nvd.nist.gov/vuln/detail/CVE-2021-3618
CVE-2021-4148A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service (DOS) problem.https://nvd.nist.gov/vuln/detail/CVE-2021-4148
CVE-2021-4149A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem.https://nvd.nist.gov/vuln/detail/CVE-2021-4149
CVE-2021-4150A use-after-free flaw was found in the add_partition in block/partitions/core.c in the Linux kernel. A local attacker with user privileges could cause a denial of service on the system. The issue results from the lack of code cleanup when device_add call fails when adding a partition to the disk.https://nvd.nist.gov/vuln/detail/CVE-2021-4150
CVE-2021-4156An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws.https://nvd.nist.gov/vuln/detail/CVE-2021-4156
CVE-2021-4197An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.https://nvd.nist.gov/vuln/detail/CVE-2021-4197
CVE-2021-4219A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.https://nvd.nist.gov/vuln/detail/CVE-2021-4219
CVE-2022-0854A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.https://nvd.nist.gov/vuln/detail/CVE-2022-0854
CVE-2022-0996A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.https://nvd.nist.gov/vuln/detail/CVE-2022-0996
CVE-2022-1030Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has access, can execute commands on the local system.https://nvd.nist.gov/vuln/detail/CVE-2022-1030
CVE-2022-22952VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. A malicious actor with administrative access to the VMware App Control administration interface may be able to execute code on the Windows instance where AppC Server is installed by uploading a specially crafted file.https://nvd.nist.gov/vuln/detail/CVE-2022-22952
CVE-2022-24730Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.3.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal bug, compounded by an improper access control bug, allowing a malicious user with read-only repository access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user who has been granted `get` access for a repository containing a Helm chart can craft an API request to the `/api/v1/repositories/{repo_url}/appdetails` endpoint to leak the contents of out-of-bounds files from the repo-server. The malicious payload would reference an out-of-bounds file, and the contents of that file would be returned as part of the response. Contents from a non-YAML file may be returned as part of an error message. The attacker would have to know or guess the location of the target file. Sensitive files which could be leaked include files from other Applications' source repositories or any secrets which have been mounted as files on the repo-server. This vulnerability is patched in Argo CD versions 2.1.11, 2.2.6, and 2.3.0. The patches prevent path traversal and limit access to users who either A) have been granted Application `create` privileges or B) have been granted Application `get` privileges and are requesting details for a `repo_url` that has already been used for the given Application. There are currently no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2022-24730
CVE-2022-24731Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerability, allowing a malicious user with read/write access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user who has been granted `create` or `update` access to Applications can leak the contents of any text file on the repo-server. By crafting a malicious Helm chart and using it in an Application, the attacker can retrieve the sensitive file's contents either as part of the generated manifests or in an error message. The attacker would have to know or guess the location of the target file. Sensitive files which could be leaked include files from another Application's source repositories or any secrets which have been mounted as files on the repo-server. This vulnerability is patched in Argo CD versions 2.1.11, 2.2.6, and 2.3.0. The problem can be mitigated by avoiding storing secrets in git, avoiding mounting secrets as files on the repo-server, avoiding decrypting secrets into files on the repo-server, and carefully limiting who can `create` or `update` Applications.https://nvd.nist.gov/vuln/detail/CVE-2022-24731
CVE-2022-24757The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter Server version 1.15.4 contains a patch for this issue. There are currently no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2022-24757
CVE-2020-20093The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0.10.116 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages.https://nvd.nist.gov/vuln/detail/CVE-2020-20093
CVE-2020-20094Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messageshttps://nvd.nist.gov/vuln/detail/CVE-2020-20094
CVE-2020-20095iMessage (Messages app) iOS 12.4 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages.https://nvd.nist.gov/vuln/detail/CVE-2020-20095
CVE-2020-20096Whatsapp iOS 2.19.80 and prior and Android 2.19.222 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages.https://nvd.nist.gov/vuln/detail/CVE-2020-20096
CVE-2021-44226Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\\Razer\\Synapse3\\Service\\bin even if %PROGRAMDATA%\\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there.https://nvd.nist.gov/vuln/detail/CVE-2021-44226
CVE-2022-22819NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers (ROM version 1B) have a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker to achieve non-persistent code execution via a crafted unsigned update.https://nvd.nist.gov/vuln/detail/CVE-2022-22819
CVE-2022-24768Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All unpatched versions of Argo CD starting with 1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. Versions starting with 0.8.0 and 0.5.0 contain limited versions of this issue. To perform exploits, an authorized Argo CD user must have push access to an Application's source git or Helm repository or `sync` and `override` access to an Application. Once a user has that access, different exploitation levels are possible depending on their other RBAC privileges. A patch for this vulnerability has been released in Argo CD versions 2.3.2, 2.2.8, and 2.1.14. Some mitigation measures are available but do not serve as a substitute for upgrading. To avoid privilege escalation, limit who has push access to Application source repositories or `sync` + `override` access to Applications; and limit which repositories are available in projects where users have `update` access to Applications. To avoid unauthorized resource inspection/tampering, limit who has `delete`, `get`, or `action` access to Applications.https://nvd.nist.gov/vuln/detail/CVE-2022-24768
CVE-2022-24934wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry.https://nvd.nist.gov/vuln/detail/CVE-2022-24934
CVE-2022-27192The Reporting module in Aseco Lietuva document management system DVS Avilys before 2022-03-10 allows unauthorized file download. An unauthenticated attacker can impersonate an administrator by reading administrative files.https://nvd.nist.gov/vuln/detail/CVE-2022-27192
CVE-2022-27254The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626.https://nvd.nist.gov/vuln/detail/CVE-2022-27254
CVE-2021-31326D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi.https://nvd.nist.gov/vuln/detail/CVE-2021-31326
CVE-2022-27811GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename.https://nvd.nist.gov/vuln/detail/CVE-2022-27811
CVE-2022-27820OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server.https://nvd.nist.gov/vuln/detail/CVE-2022-27820
CVE-2022-0315Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0.https://nvd.nist.gov/vuln/detail/CVE-2022-0315
CVE-2022-1061Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8.https://nvd.nist.gov/vuln/detail/CVE-2022-1061
CVE-2022-1052Heap Buffer Overflow in iterate_chained_fixups in GitHub repository radareorg/radare2 prior to 5.6.6.https://nvd.nist.gov/vuln/detail/CVE-2022-1052
CVE-2022-0550Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0.https://nvd.nist.gov/vuln/detail/CVE-2022-0550
CVE-2022-0551Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0.https://nvd.nist.gov/vuln/detail/CVE-2022-0551
CVE-2022-26629An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen Security Feature function due to insufficient permissions and privileges, which allows a malicious attacker bypass the lock screen function.https://nvd.nist.gov/vuln/detail/CVE-2022-26629
CVE-2022-25568MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.https://nvd.nist.gov/vuln/detail/CVE-2022-25568
CVE-2021-43085An Insecure Permissions vulnerability exists in the OpenSSL Project 3.0 due to an error in the implementation of the CMAC_Final() function.https://nvd.nist.gov/vuln/detail/CVE-2021-43085
CVE-2021-43666A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.https://nvd.nist.gov/vuln/detail/CVE-2021-43666
CVE-2022-22374The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may be subject to downgrade attack which may affect its ability to operate its host. IBM X-Force ID: 221442.https://nvd.nist.gov/vuln/detail/CVE-2022-22374
CVE-2022-24769Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting.https://nvd.nist.gov/vuln/detail/CVE-2022-24769
CVE-2022-24776Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2022-24776
CVE-2022-24781Geon is a board game based on solving questions about the Pythagorean Theorem. Malicious users can obtain the uuid from other users, spoof that uuid through the browser console and become co-owners of the target session. This issue is patched in version 1.1.0. No known workaround exists.https://nvd.nist.gov/vuln/detail/CVE-2022-24781
CVE-2022-24782Discourse is an open source discussion platform. Versions 2.8.2 and prior in the `stable` branch, 2.9.0.beta3 and prior in the `beta` branch, and 2.9.0.beta3 and prior in the `tests-passed` branch are vulnerable to a data leak. Users can request an export of their own activity. Sometimes, due to category settings, they may have category membership for a secure category. The name of this secure category is shown to the user in the export. The same thing occurs when the user's post has been moved to a secure category. A patch for this issue is available in the `main` branch of Discourse's GitHub repository and is anticipated to be part of future releases.https://nvd.nist.gov/vuln/detail/CVE-2022-24782
CVE-2022-25571Bluedon Information Security Technologies Co.,Ltd Internet Access Detector v1.0 was discovered to contain an information leak which allows attackers to access the contents of the password file via unspecified vectors.https://nvd.nist.gov/vuln/detail/CVE-2022-25571
CVE-2022-26249Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack.https://nvd.nist.gov/vuln/detail/CVE-2022-26249
CVE-2022-26279EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata.https://nvd.nist.gov/vuln/detail/CVE-2022-26279
CVE-2022-22687Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.https://nvd.nist.gov/vuln/detail/CVE-2022-22687
CVE-2022-22688Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors.https://nvd.nist.gov/vuln/detail/CVE-2022-22688
CVE-2018-25032zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.https://nvd.nist.gov/vuln/detail/CVE-2018-25032
CVE-2021-44751A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most modern Android OS, dialer application will require user interaction, however, some older Android OS may not need user interaction.https://nvd.nist.gov/vuln/detail/CVE-2021-44751
CVE-2022-1040An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.https://nvd.nist.gov/vuln/detail/CVE-2022-1040
CVE-2022-1064SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1.https://nvd.nist.gov/vuln/detail/CVE-2022-1064
CVE-2022-27227In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.https://nvd.nist.gov/vuln/detail/CVE-2022-27227
CVE-2020-21554A File Deletion vulnerability exists in TinyShop 3.1.1 in the back_list parameter in controllers\\admin.php, which could let a malicious user delete any file such as install.lock to reinstall cms.https://nvd.nist.gov/vuln/detail/CVE-2020-21554
CVE-2021-43090An XML External Entity (XXE) vulnerability exists in all versions of soa-model (as of 11.01/2021) in the WSDLParser function.https://nvd.nist.gov/vuln/detail/CVE-2021-43090
CVE-2021-46426phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.https://nvd.nist.gov/vuln/detail/CVE-2021-46426
CVE-2022-24777grpc-swift is the Swift language implementation of gRPC, a remote procedure call (RPC) framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This is due to incorrect logic when handling GOAWAY frames. The attack is low-effort: it takes very little resources to construct and send the required sequence of frames. The impact on availability is high as the server will crash, dropping all in flight connections and requests. This issue is fixed in version 1.7.2. There are currently no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2022-24777
CVE-2022-25577ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system are able to read and modify the data.https://nvd.nist.gov/vuln/detail/CVE-2022-25577
CVE-2021-43636Two Buffer Overflow vulnerabilities exists in T10 V2_Firmware V4.1.8cu.5207_B20210320 in the http_request_parse function when processing host data in the HTTP request process.https://nvd.nist.gov/vuln/detail/CVE-2021-43636
CVE-2022-24778The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. The imgcrypt function `CheckAuthorization` is supposed to check whether the current used is authorized to access an encrypted image and prevent the user from running an image that another user previously decrypted on the same system. In versions prior to 1.1.4, a failure occurs when an image with a ManifestList is used and the architecture of the local host is not the first one in the ManifestList. Only the first architecture in the list was tested, which may not have its layers available locally since it could not be run on the host architecture. Therefore, the verdict on unavailable layers was that the image could be run anticipating that image run failure would occur later due to the layers not being available. However, this verdict to allow the image to run enabled other architectures in the ManifestList to run an image without providing keys if that image had previously been decrypted. A patch has been applied to imgcrypt 1.1.4. Workarounds may include usage of different namespaces for each remote user.https://nvd.nist.gov/vuln/detail/CVE-2022-24778
CVE-2022-27881engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge can prevent exploitation.https://nvd.nist.gov/vuln/detail/CVE-2022-27881
CVE-2022-27882slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation.https://nvd.nist.gov/vuln/detail/CVE-2022-27882
CVE-2021-20290An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability.https://nvd.nist.gov/vuln/detail/CVE-2021-20290
CVE-2021-22100In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that (accidentally or maliciously) causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to cause an inability for anyone to push or manage apps.https://nvd.nist.gov/vuln/detail/CVE-2021-22100
CVE-2021-26620An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s passwords.https://nvd.nist.gov/vuln/detail/CVE-2021-26620
CVE-2021-26621An Buffer Overflow vulnerability leading to remote code execution was discovered in MEX01. Remote attackers can use this vulnerability by using the property that the target program copies parameter values to memory through the strcpy() function.https://nvd.nist.gov/vuln/detail/CVE-2021-26621
CVE-2021-26622An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-26622
CVE-2021-35254SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future.https://nvd.nist.gov/vuln/detail/CVE-2021-35254
CVE-2021-3422The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerability impacts Splunk Enterprise versions before 7.3.9, 8.0 versions before 8.0.9, and 8.1 versions before 8.1.3. It does not impact Universal Forwarders. When Splunk forwarding is secured using TLS or a Token, the attack requires compromising the certificate or token, or both. Implementation of either or both reduces the severity to Medium.https://nvd.nist.gov/vuln/detail/CVE-2021-3422
CVE-2021-3567A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this flaw to bypass screen-locking applications that leverage Caribou as an input mechanism. The highest threat from this vulnerability is to system availability.https://nvd.nist.gov/vuln/detail/CVE-2021-3567
CVE-2021-3582A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_CMD_CREATE_MR" command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability.https://nvd.nist.gov/vuln/detail/CVE-2021-3582
CVE-2021-3814It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure.https://nvd.nist.gov/vuln/detail/CVE-2021-3814
CVE-2021-3933An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.https://nvd.nist.gov/vuln/detail/CVE-2021-3933
CVE-2021-3941In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.https://nvd.nist.gov/vuln/detail/CVE-2021-3941
CVE-2021-44462This vulnerability can be exploited by parsing maliciously crafted project files with Horner Automation Cscape EnvisionRV v4.50.3.1 and prior. The issues result from the lack of proper validation of user-supplied data, which can result in reads and writes past the end of allocated data structures. User interaction is required to exploit this vulnerability as an attacker must trick a valid user to open a malicious HMI project file.https://nvd.nist.gov/vuln/detail/CVE-2021-44462
CVE-2021-44477GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project/template file.https://nvd.nist.gov/vuln/detail/CVE-2021-44477
CVE-2021-44768Delta Electronics CNCSoft (Version 1.01.30) and prior) is vulnerable to an out-of-bounds read while processing a specific project file, which may allow an attacker to disclose information.https://nvd.nist.gov/vuln/detail/CVE-2021-44768
CVE-2021-4147A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.https://nvd.nist.gov/vuln/detail/CVE-2021-4147
CVE-2021-4157An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system.https://nvd.nist.gov/vuln/detail/CVE-2021-4157
CVE-2021-4202A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem.https://nvd.nist.gov/vuln/detail/CVE-2021-4202
CVE-2021-4203A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.https://nvd.nist.gov/vuln/detail/CVE-2021-4203
CVE-2022-0322A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).https://nvd.nist.gov/vuln/detail/CVE-2022-0322
CVE-2022-0330A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.https://nvd.nist.gov/vuln/detail/CVE-2022-0330
CVE-2022-0435A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.https://nvd.nist.gov/vuln/detail/CVE-2022-0435
CVE-2022-0494A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.https://nvd.nist.gov/vuln/detail/CVE-2022-0494
CVE-2022-0500A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.https://nvd.nist.gov/vuln/detail/CVE-2022-0500
CVE-2022-0759A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubeclient ends up accepting any certificate (it wrongly returns VERIFY_NONE). Ruby applications that leverage kubeclient to parse kubeconfig files are susceptible to Man-in-the-middle attacks (MITM).https://nvd.nist.gov/vuln/detail/CVE-2022-0759
CVE-2022-0897A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the `driver->nwfilters` mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the `driver->nwfilters` object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt’s API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).https://nvd.nist.gov/vuln/detail/CVE-2022-0897
CVE-2022-0983An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.https://nvd.nist.gov/vuln/detail/CVE-2022-0983
CVE-2022-0988Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product.https://nvd.nist.gov/vuln/detail/CVE-2022-0988
CVE-2022-0995An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.https://nvd.nist.gov/vuln/detail/CVE-2022-0995
CVE-2022-1049A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.https://nvd.nist.gov/vuln/detail/CVE-2022-1049
CVE-2022-25590SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application.https://nvd.nist.gov/vuln/detail/CVE-2022-25590
CVE-2022-25606Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories.https://nvd.nist.gov/vuln/detail/CVE-2022-25606
CVE-2022-25610Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit.https://nvd.nist.gov/vuln/detail/CVE-2022-25610
CVE-2022-25611Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][].https://nvd.nist.gov/vuln/detail/CVE-2022-25611
CVE-2022-25612Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact].https://nvd.nist.gov/vuln/detail/CVE-2022-25612
CVE-2022-26573Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters.https://nvd.nist.gov/vuln/detail/CVE-2022-26573
CVE-2022-27884Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-27884
CVE-2022-27885Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters.https://nvd.nist.gov/vuln/detail/CVE-2022-27885
CVE-2022-27886Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-27886
CVE-2022-27887Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-27887
CVE-2022-27906Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To access the vulnerable code path, the attacker has to know one of the configured Odette IDs of the OFTP2 server. An attacker can upload files to the server outside of the intended upload directory.https://nvd.nist.gov/vuln/detail/CVE-2022-27906
CVE-2022-27919Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API.https://nvd.nist.gov/vuln/detail/CVE-2022-27919
CVE-2022-27920libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0.https://nvd.nist.gov/vuln/detail/CVE-2022-27920
CVE-2021-44905Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD Smart Lock as of 12-13-2022 allows a remote attacker to disable the lock via an unauthenticated edit to the lock name.https://nvd.nist.gov/vuln/detail/CVE-2021-44905
CVE-2022-26659Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users.https://nvd.nist.gov/vuln/detail/CVE-2022-26659
CVE-2021-44683The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window). This could be exploited by tricking users into supplying sensitive information such as credentials, because the address bar would display a legitimate URL, but content would be hosted on the attacker's web site.https://nvd.nist.gov/vuln/detail/CVE-2021-44683
CVE-2022-24783Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This vulnerability does not affect users of Deno Deploy. The vulnerability has been patched in Deno 1.20.3. There is no workaround. All users are recommended to upgrade to 1.20.3 immediately.https://nvd.nist.gov/vuln/detail/CVE-2022-24783
CVE-2022-24784Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncover the entire hash. The hash is not present in the response, however the presence or absence of a result confirms if the character is in the right position. The API has throttling enabled by default, making this a time intensive task. Both the REST API and the users endpoint need to be enabled, as they are disabled by default. The issue has been fixed in versions 3.2.39 and above, and 3.3.2 and above.https://nvd.nist.gov/vuln/detail/CVE-2022-24784
CVE-2021-40904The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session by a user with the role of administrator.https://nvd.nist.gov/vuln/detail/CVE-2021-40904
CVE-2021-40905The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session of a user with administrator role.https://nvd.nist.gov/vuln/detail/CVE-2021-40905
CVE-2021-40906CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts) or to steal the session cookies of a user who has previously authenticated via a man in the middle. Successful exploitation requires access to the web service resource without authentication.https://nvd.nist.gov/vuln/detail/CVE-2021-40906
CVE-2022-22274A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall.https://nvd.nist.gov/vuln/detail/CVE-2022-22274
CVE-2022-22995The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2022-22995
CVE-2022-1071User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2.https://nvd.nist.gov/vuln/detail/CVE-2022-1071
CVE-2022-27938stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw.https://nvd.nist.gov/vuln/detail/CVE-2022-27938
CVE-2022-27939tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.https://nvd.nist.gov/vuln/detail/CVE-2022-27939
CVE-2022-27940tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c.https://nvd.nist.gov/vuln/detail/CVE-2022-27940
CVE-2022-27941tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c.https://nvd.nist.gov/vuln/detail/CVE-2022-27941
CVE-2022-27942tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c.https://nvd.nist.gov/vuln/detail/CVE-2022-27942
CVE-2022-27943libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.https://nvd.nist.gov/vuln/detail/CVE-2022-27943
CVE-2022-27945NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi.https://nvd.nist.gov/vuln/detail/CVE-2022-27945
CVE-2022-27946NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi.https://nvd.nist.gov/vuln/detail/CVE-2022-27946
CVE-2022-27947NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-27947
CVE-2022-26198Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field.https://nvd.nist.gov/vuln/detail/CVE-2022-26198
CVE-2022-26205Marky commit 3686565726c65756e was discovered to contain a remote code execution (RCE) vulnerability via the Display text fields. This vulnerability allows attackers to execute arbitrary code via injection of a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2022-26205
CVE-2022-1106use after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2.https://nvd.nist.gov/vuln/detail/CVE-2022-1106
CVE-2022-26245Falcon-plus v0.3 was discovered to contain a SQL injection vulnerability via the parameter grpName in /config/service/host.go.https://nvd.nist.gov/vuln/detail/CVE-2022-26245
CVE-2022-26252aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH key(id_rsa).https://nvd.nist.gov/vuln/detail/CVE-2022-26252
CVE-2022-26254WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names.https://nvd.nist.gov/vuln/detail/CVE-2022-26254
CVE-2021-44127In DLink DAP-1360 F1 firmware version <=v6.10 in the "webupg" binary, an attacker can use the "file" parameter to execute arbitrary system commands when the parameter is "name=deleteFile" after being authorized.https://nvd.nist.gov/vuln/detail/CVE-2021-44127
CVE-2022-26255Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column.https://nvd.nist.gov/vuln/detail/CVE-2022-26255
CVE-2022-26258D-Link DIR-820L 1.05B03 was discovered to contain a remote command execution (RCE) vulnerability via the Device Name parameter in /lan.asp.https://nvd.nist.gov/vuln/detail/CVE-2022-26258
CVE-2021-26598ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token).https://nvd.nist.gov/vuln/detail/CVE-2021-26598
CVE-2021-26599ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection.https://nvd.nist.gov/vuln/detail/CVE-2021-26599
CVE-2021-26600ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==).https://nvd.nist.gov/vuln/detail/CVE-2021-26600
CVE-2021-26601ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal.https://nvd.nist.gov/vuln/detail/CVE-2021-26601
CVE-2021-44208OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat.https://nvd.nist.gov/vuln/detail/CVE-2021-44208
CVE-2021-44209OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO.https://nvd.nist.gov/vuln/detail/CVE-2021-44209
CVE-2021-44210OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data.https://nvd.nist.gov/vuln/detail/CVE-2021-44210
CVE-2021-44211OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature.https://nvd.nist.gov/vuln/detail/CVE-2021-44211
CVE-2022-26259A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows attackers to cause a Denial of Service (DoS) via a crafted RSTP request.https://nvd.nist.gov/vuln/detail/CVE-2022-26259
CVE-2022-26268Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php.https://nvd.nist.gov/vuln/detail/CVE-2022-26268
CVE-2022-2627174cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \\index\\controller\\Download.php.https://nvd.nist.gov/vuln/detail/CVE-2022-26271
CVE-2021-44212OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\\t substring.https://nvd.nist.gov/vuln/detail/CVE-2021-44212
CVE-2021-44213OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message.https://nvd.nist.gov/vuln/detail/CVE-2021-44213
CVE-2021-44617A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated.https://nvd.nist.gov/vuln/detail/CVE-2021-44617
CVE-2021-45490The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation.https://nvd.nist.gov/vuln/detail/CVE-2021-45490
CVE-2021-454913CX System through 2022-03-17 stores cleartext passwords in a database.https://nvd.nist.gov/vuln/detail/CVE-2021-45491
CVE-2022-24303Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.https://nvd.nist.gov/vuln/detail/CVE-2022-24303
CVE-2022-26273EyouCMS v1.5.4 was discovered to lack parameter filtering in \\user\\controller\\shop.php, leading to payment logic vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2022-26273
CVE-2022-27950In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition.https://nvd.nist.gov/vuln/detail/CVE-2022-27950
CVE-2022-25757In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the body_schema validation in the request-validation plugin. For example, `{"string_payload":"bad","string_payload":"good"}` can be used to hide the "bad" input. Systems satisfy three conditions below are affected by this attack: 1. use body_schema validation in the request-validation plugin 2. upstream application uses a special JSON library that chooses the first occurred value, like jsoniter or gojay 3. upstream application does not validate the input anymore. The fix in APISIX is to re-encode the validated JSON input back into the request body at the side of APISIX. Improper Input Validation vulnerability in __COMPONENT__ of Apache APISIX allows an attacker to __IMPACT__. This issue affects Apache APISIX Apache APISIX version 2.12.1 and prior versions.https://nvd.nist.gov/vuln/detail/CVE-2022-25757
CVE-2021-46433In fenom 2.12.1 and before, there is a way in fenom/src/Fenom/Template.php function getTemplateCode()to bypass sandbox to execute arbitrary PHP code when disable_native_funcs is true.https://nvd.nist.gov/vuln/detail/CVE-2021-46433
CVE-2022-23882TuziCMS 2.0.6 is affected by SQL injection in \\App\\Manage\\Controller\\BannerController.class.php.https://nvd.nist.gov/vuln/detail/CVE-2022-23882
CVE-2021-43725There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter.https://nvd.nist.gov/vuln/detail/CVE-2021-43725
CVE-2022-0342An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.https://nvd.nist.gov/vuln/detail/CVE-2022-0342
CVE-2022-23884Mojang Bedrock Dedicated Server 1.18.2 is affected by an integer overflow leading to a bound check bypass caused by PurchaseReceiptPacket::_read (packet deserializer).https://nvd.nist.gov/vuln/detail/CVE-2022-23884
CVE-2021-43721Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload : <video src=x onerror=(function(){require('child_process').exec('calc');})();>https://nvd.nist.gov/vuln/detail/CVE-2021-43721
CVE-2021-44103Vertical Privilege Escalation in KONGA 0.14.9 allows attackers to higher privilege users to full administration access. The attack vector is a crafted condition, as demonstrated by the /api/user/{ID} at ADMIN parameter.https://nvd.nist.gov/vuln/detail/CVE-2021-44103
CVE-2021-44124Hiby Music Hiby OS R3 Pro 1.5 and 1.6 is vulnerable to Directory Traversal. The HTTP Server does not have enough input data sanitization when shown data from SD Card, an attacker can navigate through the device's File System over HTTP.https://nvd.nist.gov/vuln/detail/CVE-2021-44124
CVE-2015-10002A vulnerability classified as problematic has been found in Kiddoware Kids Place. This affects the Home Button Protection. A repeated pressing of the button causes a local denial of service. It is recommended to upgrade the affected component.https://nvd.nist.gov/vuln/detail/CVE-2015-10002
CVE-2018-25030A vulnerability classified as problematic has been found in Mirmay Secure Private Browser and File Manager up to 2.5. Affected is the Auto Lock. A race condition leads to a local authentication bypass. The exploit has been disclosed to the public and may be used.https://nvd.nist.gov/vuln/detail/CVE-2018-25030
CVE-2021-24746The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable 'More' icon" option is enabled (which is the default setting), leading to a Reflected Cross-Site Scripting issue.https://nvd.nist.gov/vuln/detail/CVE-2021-24746
CVE-2021-24962The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2021-24962
CVE-2021-24978The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wp_ajax_nopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete is a map one. As a result, unauthenticated user can delete arbitrary posts from the bloghttps://nvd.nist.gov/vuln/detail/CVE-2021-24978
CVE-2021-25012The Pz-LinkCard WordPress plugin through 2.4.4.4 does not sanitise and escape multiple parameters before outputting them back in admin dashboard pages, leading to Reflected Cross-Site Scripting issueshttps://nvd.nist.gov/vuln/detail/CVE-2021-25012
CVE-2021-25064The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection.https://nvd.nist.gov/vuln/detail/CVE-2021-25064
CVE-2021-25068The Sync WooCommerce Product feed to Google Shopping WordPress plugin through 1.2.4 uses the 'feed_id' POST parameter which is not properly sanitized for use in a SQL statement, leading to a SQL injection vulnerability in the admin dashboardhttps://nvd.nist.gov/vuln/detail/CVE-2021-25068
CVE-2021-25070The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issuehttps://nvd.nist.gov/vuln/detail/CVE-2021-25070
CVE-2021-25071The WordPress plugin through 2.0.1 does not sanitise and escape the translation parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scriptinghttps://nvd.nist.gov/vuln/detail/CVE-2021-25071
CVE-2022-0388The Interactive Medical Drawing of Human Body WordPress plugin through 1.0 does not sanitise and escape the Link field, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.https://nvd.nist.gov/vuln/detail/CVE-2022-0388
CVE-2022-0397The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 does not sanitise and escape the key parameter before outputting it back in the wishlist_quickview AJAX action's response (available to any authenticated user), leading to a Reflected Cross-Site Scriptinghttps://nvd.nist.gov/vuln/detail/CVE-2022-0397
CVE-2022-0450The Menu Image, Icons made easy WordPress plugin before 3.0.8 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any authenticate users, such as subscriber can update the settings or arbitrary menu and put Cross-Site Scripting payloads in them which will be triggered in the related menu in the frontendhttps://nvd.nist.gov/vuln/detail/CVE-2022-0450
CVE-2022-0479The Popup Builder WordPress plugin before 4.1.1 does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard, leading to a SQL injection, which could also be used to perform Reflected Cross-Site Scripting attack against a logged in admin opening a malicious linkhttps://nvd.nist.gov/vuln/detail/CVE-2022-0479
CVE-2022-0493The String locator WordPress plugin before 2.5.0 does not properly validate the path of the files to be searched, allowing high privilege users such as admin to query arbitrary files on the web server via a path traversal vector. Furthermore, due to a flaw in the search, allowing a pattern to be provided, which will be used to output the relevant matches from the matching file, all content of the file can be disclosed.https://nvd.nist.gov/vuln/detail/CVE-2022-0493
CVE-2022-0499The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones.https://nvd.nist.gov/vuln/detail/CVE-2022-0499
CVE-2022-0595The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issuehttps://nvd.nist.gov/vuln/detail/CVE-2022-0595
CVE-2022-0599The Mapping Multiple URLs Redirect Same Page WordPress plugin through 5.8 does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.https://nvd.nist.gov/vuln/detail/CVE-2022-0599
CVE-2022-0600The Conference Scheduler WordPress plugin before 2.4.3 does not sanitize and escape the tab parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting.https://nvd.nist.gov/vuln/detail/CVE-2022-0600
CVE-2022-0619The Database Peek WordPress plugin through 1.2 does not sanitize and escape the match parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.https://nvd.nist.gov/vuln/detail/CVE-2022-0619
CVE-2022-0620The Delete Old Orders WordPress plugin through 0.2 does not sanitize and escape the date parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.https://nvd.nist.gov/vuln/detail/CVE-2022-0620
CVE-2022-0621The dTabs WordPress plugin through 1.4 does not sanitize and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.https://nvd.nist.gov/vuln/detail/CVE-2022-0621
CVE-2022-0641The Popup Like box WordPress plugin before 3.6.1 does not sanitize and escape the ays_fb_tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.https://nvd.nist.gov/vuln/detail/CVE-2022-0641
CVE-2022-0643The Bank Mellat WordPress plugin through 1.3.7 does not sanitize and escape the orderId parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.https://nvd.nist.gov/vuln/detail/CVE-2022-0643
CVE-2022-0647The Bulk Creator WordPress plugin through 1.0.1 does not sanitize and escape the post_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.https://nvd.nist.gov/vuln/detail/CVE-2022-0647
CVE-2022-0679The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path parameter before it is passed into a call to require() via the narnoo_distributor_lib_request AJAX action (available to both unauthenticated and authenticated users) which results in the disclosure of arbitrary files as the content of the file is then displayed in the response as JSON data. This could also lead to RCE with various tricks but depends on the underlying system and it's configuration.https://nvd.nist.gov/vuln/detail/CVE-2022-0679
CVE-2022-0680The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing unauthenticated users to update the plz_configuration_tracker_enable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issuehttps://nvd.nist.gov/vuln/detail/CVE-2022-0680
CVE-2022-0720The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it.https://nvd.nist.gov/vuln/detail/CVE-2022-0720
CVE-2022-0770The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in some files, and write debug data such as user's cookies in a publicly accessible file if a specific parameter is used when requesting them. Combining those two issues, an attacker could gain access to a logged in admin cookies by making them open a malicious link or pagehttps://nvd.nist.gov/vuln/detail/CVE-2022-0770
CVE-2022-0784The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injectionhttps://nvd.nist.gov/vuln/detail/CVE-2022-0784
CVE-2022-0787The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injectionshttps://nvd.nist.gov/vuln/detail/CVE-2022-0787
CVE-2022-0818The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin.https://nvd.nist.gov/vuln/detail/CVE-2022-0818
CVE-2022-0833The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file generated by the plugin in order to disclose the final backup filename, which can then be fetched by the attacker to download the backup of the plugin's DB datahttps://nvd.nist.gov/vuln/detail/CVE-2022-0833
CVE-2022-0846The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated usershttps://nvd.nist.gov/vuln/detail/CVE-2022-0846
CVE-2021-39876In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups.https://nvd.nist.gov/vuln/detail/CVE-2021-39876
CVE-2021-4191An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API.https://nvd.nist.gov/vuln/detail/CVE-2021-4191
CVE-2022-0123An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL certificates for some of external CI services which makes it possible to perform MitM attacks on connections to these external services.https://nvd.nist.gov/vuln/detail/CVE-2022-0123
CVE-2022-0136A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature.https://nvd.nist.gov/vuln/detail/CVE-2022-0136
CVE-2022-0249A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked.https://nvd.nist.gov/vuln/detail/CVE-2022-0249
CVE-2022-0283An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the request to the attacker specified URL.https://nvd.nist.gov/vuln/detail/CVE-2022-0283
CVE-2022-0344An issue has been discovered in GitLab affecting all versions starting from 10.0 before 14.5.4, all versions starting from 10.1 before 14.6.4, all versions starting from 10.2 before 14.7.1. Private project paths can be disclosed to unauthorized users via system notes when an Issue is closed via a Merge Request and later moved to a public projecthttps://nvd.nist.gov/vuln/detail/CVE-2022-0344
CVE-2022-0371An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. GitLab search may allow authenticated users to search other users by their respective private emails even if a user set their email to private.https://nvd.nist.gov/vuln/detail/CVE-2022-0371
CVE-2022-0427Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeoverhttps://nvd.nist.gov/vuln/detail/CVE-2022-0427
CVE-2022-0488An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. It was possible to trigger a timeout on a page with markdown by using a specific amount of block-quotes.https://nvd.nist.gov/vuln/detail/CVE-2022-0488
CVE-2022-0549An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain conditions, GitLab REST API may allow unprivileged users to add other users to groups even if that is not possible to do through the Web UI.https://nvd.nist.gov/vuln/detail/CVE-2022-0549
CVE-2022-0735An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands.https://nvd.nist.gov/vuln/detail/CVE-2022-0735
CVE-2022-0738An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions.https://nvd.nist.gov/vuln/detail/CVE-2022-0738
CVE-2022-0751Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an attacker to create Snippets with misleading content which could trick unsuspecting users into executing arbitrary commandshttps://nvd.nist.gov/vuln/detail/CVE-2022-0751
CVE-2022-1056Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.https://nvd.nist.gov/vuln/detail/CVE-2022-1056
CVE-2022-26980Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO.https://nvd.nist.gov/vuln/detail/CVE-2022-26980
CVE-2022-27658Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks.https://nvd.nist.gov/vuln/detail/CVE-2022-27658
CVE-2010-10001A vulnerability, which was classified as problematic, was found in Shemes GrabIt up to 1.7.2 Beta 4. This affects the component NZB Date Parser. The manipulation of the argument date with the input 1000000000000000 as part of a NZB File leads to a denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.https://nvd.nist.gov/vuln/detail/CVE-2010-10001
CVE-2022-26278Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function.https://nvd.nist.gov/vuln/detail/CVE-2022-26278
CVE-2021-43097A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction.javawhich could let a malicoius user execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2021-43097
CVE-2021-43098A File Upload vulnerability exists in bbs v5.3 via QuestionManageAction.java in a getType function.https://nvd.nist.gov/vuln/detail/CVE-2021-43098
CVE-2021-43099An Archive Extraction (AKA "Zip Slip) vulnerability exists in bbs 5.3 in the UpgradeNow function in UpgradeManageAction.java, which unzips the arbitrary upladed zip file without checking filenames. The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe).https://nvd.nist.gov/vuln/detail/CVE-2021-43099
CVE-2021-43100A File Upload vulnerability exists in bbs 5.3 is via TopicManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2021-43100
CVE-2021-43101A File Upload vulnerability exists in bbs 5.3 is via MembershipCardManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2021-43101
CVE-2021-43102A File Upload vulnerability exists in bbs 5.3 is via HelpManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2021-43102
CVE-2021-43103A File Upload vulnerability exists in bbs 5.3 is via ForumManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2021-43103
CVE-2022-24789C1 CMS is an open-source, .NET based Content Management System (CMS). Versions prior to 6.12 allow an authenticated user to exploit Server Side Request Forgery (SSRF) by causing the server to make arbitrary GET requests to other servers in the local network or on localhost. The attacker may also truncate arbitrary files to zero size (effectively delete them) leading to denial of service (DoS) or altering application logic. The authenticated user may unknowingly perform the actions by visiting a specially crafted site. Patched in C1 CMS v6.12, no known workarounds exist.https://nvd.nist.gov/vuln/detail/CVE-2022-24789
CVE-2022-26280Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.https://nvd.nist.gov/vuln/detail/CVE-2022-26280
CVE-2022-26291lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted Irz file.https://nvd.nist.gov/vuln/detail/CVE-2022-26291
CVE-2021-43105A vulnerability in the bailiwick checking function in Technitium DNS Server <= v7.0 exists that allows specific malicious users to inject `NS` records of any domain (even TLDs) into the cache and conduct a DNS cache poisoning attack.https://nvd.nist.gov/vuln/detail/CVE-2021-43105
CVE-2022-26296BOOM: The Berkeley Out-of-Order RISC-V Processor commit d77c2c3 was discovered to allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.https://nvd.nist.gov/vuln/detail/CVE-2022-26296
CVE-2022-26639TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-26639
CVE-2022-26640TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-26640
CVE-2022-26641TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the httpRemotePort parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-26641
CVE-2022-26642TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-26642
CVE-2021-44581An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter.https://nvd.nist.gov/vuln/detail/CVE-2021-44581
CVE-2021-45865A File Upload vulnerability exists in Sourcecodester Student Attendance Manageent System 1.0 via the file upload functionality.https://nvd.nist.gov/vuln/detail/CVE-2021-45865
CVE-2021-45866A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Student Attendance Management System 1.0 via the couse filed in index.php.https://nvd.nist.gov/vuln/detail/CVE-2021-45866
CVE-2022-0331An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older.https://nvd.nist.gov/vuln/detail/CVE-2022-0331
CVE-2022-25521UNNO v03.11.00 was discovered to contain access control issue.https://nvd.nist.gov/vuln/detail/CVE-2022-25521
CVE-2022-26269Suzuki Connect v1.0.15 allows attackers to tamper with displayed messages via spoofed CAN messages.https://nvd.nist.gov/vuln/detail/CVE-2022-26269
CVE-2022-23937In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenario.https://nvd.nist.gov/vuln/detail/CVE-2022-23937
CVE-2022-24956An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based blind, time-based blind, and potentially stacked queries. The vulnerability allows a remote authenticated attacker to dump the underlying database.https://nvd.nist.gov/vuln/detail/CVE-2022-24956
CVE-2022-24957DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will be attacked.https://nvd.nist.gov/vuln/detail/CVE-2022-24957
CVE-2022-25420NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This vulnerability allows attackers to execute arbitrary code via a crafted HTTP request.https://nvd.nist.gov/vuln/detail/CVE-2022-25420
CVE-2022-1073A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as critical. An attack leads to privilege escalation. The attack can be launched remotely.https://nvd.nist.gov/vuln/detail/CVE-2022-1073
CVE-2022-1074A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified as problematic. Using the input HTML Injection in the WiFi settings of the dashboard leads to html injection.https://nvd.nist.gov/vuln/detail/CVE-2022-1074
CVE-2022-1075A vulnerability was found in College Website Management System 1.0 and classified as problematic. Affected by this issue is the file /cwms/classes/Master.php?f=save_contact of the component Contact Handler. The manipulation leads to persistent cross site scripting. The attack may be launched remotely and requires authentication.https://nvd.nist.gov/vuln/detail/CVE-2022-1075
CVE-2022-1076A vulnerability was found in Automatic Question Paper Generator System 1.0. It has been classified as problematic. This affects the file /aqpg/users/login.php of the component My Account Page. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely.https://nvd.nist.gov/vuln/detail/CVE-2022-1076
CVE-2022-1077A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication.https://nvd.nist.gov/vuln/detail/CVE-2022-1077
CVE-2022-1078A vulnerability was found in SourceCodester College Website Management System 1.0. It has been classified as critical. Affected is the file /cwms/admin/?page=articles/view_article/. The manipulation of the argument id with the input ' and (select * from(select(sleep(10)))Avx) and 'abc' = 'abc with an unknown input leads to sql injection. It is possible to launch the attack remotely and without authentication.https://nvd.nist.gov/vuln/detail/CVE-2022-1078
CVE-2022-1079A vulnerability classified as problematic has been found in SourceCodester One Church Management System. Affected are multiple files and parameters which are prone to to cross site scripting. It is possible to launch the attack remotely.https://nvd.nist.gov/vuln/detail/CVE-2022-1079
CVE-2022-1080A vulnerability was found in SourceCodester One Church Management System 1.0. It has been declared as critical. This vulnerability affects code of the file attendancy.php as the manipulation of the argument search2 leads to sql injection. The attack can be initiated remotely.https://nvd.nist.gov/vuln/detail/CVE-2022-1080
CVE-2022-1081A vulnerability was found in SourceCodester Microfinance Management System 1.0. It has been declared as problematic. This vulnerability affects the file /mims/app/addcustomerHandler.php. The manipulation of the argument first_name, middle_name, and surname leads to cross site scripting. The attack can be initiated remotely.https://nvd.nist.gov/vuln/detail/CVE-2022-1081
CVE-2022-1082A vulnerability was found in SourceCodester Microfinance Management System 1.0. It has been rated as critical. This issue affects the file /mims/login.php of the Login Page. The manipulation of the argument username/password with the input '||1=1# leads to sql injection. The attack may be initiated remotely.https://nvd.nist.gov/vuln/detail/CVE-2022-1082
CVE-2022-1083A vulnerability classified as critical has been found in Microfinance Management System. The manipulation of arguments like customer_type_number/account_number/account_status_number/account_type_number with the input ' and (select * from(select(sleep(10)))Avx) and 'abc' = 'abc leads to sql injection in multiple files. It is possible to launch the attack remotely.https://nvd.nist.gov/vuln/detail/CVE-2022-1083
CVE-2022-1084A vulnerability classified as critical was found in SourceCodester One Church Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /one_church/userregister.php. The manipulation leads to authentication bypass. The attack can be launched remotely.https://nvd.nist.gov/vuln/detail/CVE-2022-1084
CVE-2022-1085A vulnerability was found in CLTPHP up to 6.0. It has been declared as problematic. Affected by this vulnerability is the POST Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.https://nvd.nist.gov/vuln/detail/CVE-2022-1085
CVE-2022-1086A vulnerability was found in DolphinPHP up to 1.5.0 and classified as problematic. Affected by this issue is the User Management Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.https://nvd.nist.gov/vuln/detail/CVE-2022-1086
CVE-2022-1087A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The manipulation of the field Title with script tags leads to persistent cross site scripting. The attack may be initiated remotely and requires an authentication. A simple POC has been disclosed to the public and may be used.https://nvd.nist.gov/vuln/detail/CVE-2022-1087
CVE-2021-46743In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way to use the PHP-JWT library unsafely, but might not be considered a vulnerability in the library itself.https://nvd.nist.gov/vuln/detail/CVE-2021-46743
CVE-2022-1032Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6.https://nvd.nist.gov/vuln/detail/CVE-2022-1032
CVE-2022-23901A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc.https://nvd.nist.gov/vuln/detail/CVE-2022-23901
CVE-2022-23903A Cross Site Scripting (XSS) vulnerability exists in pearadmin pear-admin-think <=5.0.6, which allows a login account to access arbitrary functions and cause stored XSS through a fake User-Agent.https://nvd.nist.gov/vuln/detail/CVE-2022-23903
CVE-2022-28133Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create BitBucket Server consumers.https://nvd.nist.gov/vuln/detail/CVE-2022-28133
CVE-2022-28134Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers.https://nvd.nist.gov/vuln/detail/CVE-2022-28134
CVE-2022-28135Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.https://nvd.nist.gov/vuln/detail/CVE-2022-28135
CVE-2022-28136A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.https://nvd.nist.gov/vuln/detail/CVE-2022-28136
CVE-2022-28137A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.https://nvd.nist.gov/vuln/detail/CVE-2022-28137
CVE-2022-28138A cross-site request forgery (CSRF) vulnerability in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credential.https://nvd.nist.gov/vuln/detail/CVE-2022-28138
CVE-2022-28139A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.https://nvd.nist.gov/vuln/detail/CVE-2022-28139
CVE-2022-28140Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.https://nvd.nist.gov/vuln/detail/CVE-2022-28140
CVE-2022-28141Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.https://nvd.nist.gov/vuln/detail/CVE-2022-28141
CVE-2022-28142Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally for the Jenkins controller JVM when configured to ignore SSL/TLS issues.https://nvd.nist.gov/vuln/detail/CVE-2022-28142
CVE-2022-28143A cross-site request forgery (CSRF) vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters.https://nvd.nist.gov/vuln/detail/CVE-2022-28143
CVE-2022-28144Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters.https://nvd.nist.gov/vuln/detail/CVE-2022-28144
CVE-2022-28145Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting (XSS) exploitable by attackers with Item/Configure permission or otherwise able to control report contents.https://nvd.nist.gov/vuln/detail/CVE-2022-28145
CVE-2022-28146Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller by specifying an input folder on the Jenkins controller as a parameter to its build steps.https://nvd.nist.gov/vuln/detail/CVE-2022-28146
CVE-2022-28147A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.https://nvd.nist.gov/vuln/detail/CVE-2022-28147
CVE-2022-28148The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers.https://nvd.nist.gov/vuln/detail/CVE-2022-28148
CVE-2022-28149Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.https://nvd.nist.gov/vuln/detail/CVE-2022-28149
CVE-2022-28150A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job.https://nvd.nist.gov/vuln/detail/CVE-2022-28150
CVE-2022-28151A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job.https://nvd.nist.gov/vuln/detail/CVE-2022-28151
CVE-2022-28152A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job.https://nvd.nist.gov/vuln/detail/CVE-2022-28152
CVE-2022-28153Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sites to monitor in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.https://nvd.nist.gov/vuln/detail/CVE-2022-28153
CVE-2022-28154Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.https://nvd.nist.gov/vuln/detail/CVE-2022-28154
CVE-2022-28155Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.https://nvd.nist.gov/vuln/detail/CVE-2022-28155
CVE-2022-28156Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to copy arbitrary files and directories from the Jenkins controller to the agent workspace.https://nvd.nist.gov/vuln/detail/CVE-2022-28156
CVE-2022-28157Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller via FTP to an attacker-specified FTP server.https://nvd.nist.gov/vuln/detail/CVE-2022-28157
CVE-2022-28158A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.https://nvd.nist.gov/vuln/detail/CVE-2022-28158
CVE-2022-28159Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.https://nvd.nist.gov/vuln/detail/CVE-2022-28159
CVE-2022-28160Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins controller.https://nvd.nist.gov/vuln/detail/CVE-2022-28160
CVE-2021-22572On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other local users on unix-like systems. We recommend upgrading past commit https://github.com/google/data-transfer-project/pull/969https://nvd.nist.gov/vuln/detail/CVE-2021-22572
CVE-2022-1055A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5https://nvd.nist.gov/vuln/detail/CVE-2022-1055
CVE-2021-43701CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters.https://nvd.nist.gov/vuln/detail/CVE-2021-43701
CVE-2021-44081A buffer overflow vulnerability exists in the AMF of open5gs 2.1.4. When the length of MSIN in Supi exceeds 24 characters, it leads to AMF denial of service.https://nvd.nist.gov/vuln/detail/CVE-2021-44081
CVE-2022-0343A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user (typically a developer) manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2https://nvd.nist.gov/vuln/detail/CVE-2022-0343
CVE-2022-0923Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.https://nvd.nist.gov/vuln/detail/CVE-2022-0923
CVE-2022-1050Guest driver might execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.https://nvd.nist.gov/vuln/detail/CVE-2022-1050
CVE-2022-22934An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data.https://nvd.nist.gov/vuln/detail/CVE-2022-22934
CVE-2022-22935An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master.https://nvd.nist.gov/vuln/detail/CVE-2022-22935
CVE-2022-22936An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios.https://nvd.nist.gov/vuln/detail/CVE-2022-22936
CVE-2022-22941An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid, allowing configured users to target any of the minions connected to the syndic with their configured commands. This requires a syndic master combined with publisher_acl configured on the Master-of-Masters, allowing users specified in the publisher_acl to bypass permissions, publishing authorized commands to any configured minion.https://nvd.nist.gov/vuln/detail/CVE-2022-22941
CVE-2022-25347Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system.https://nvd.nist.gov/vuln/detail/CVE-2022-25347
CVE-2022-25880Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_hierarchyHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.https://nvd.nist.gov/vuln/detail/CVE-2022-25880
CVE-2022-25980Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.https://nvd.nist.gov/vuln/detail/CVE-2022-25980
CVE-2022-26013Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.https://nvd.nist.gov/vuln/detail/CVE-2022-26013
CVE-2022-26059Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.https://nvd.nist.gov/vuln/detail/CVE-2022-26059
CVE-2022-26065Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetLatestDemandNode and GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.https://nvd.nist.gov/vuln/detail/CVE-2022-26065
CVE-2022-26069Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.https://nvd.nist.gov/vuln/detail/CVE-2022-26069
CVE-2022-26338Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_hierarchyHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.https://nvd.nist.gov/vuln/detail/CVE-2022-26338
CVE-2022-26349Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.https://nvd.nist.gov/vuln/detail/CVE-2022-26349
CVE-2022-26514Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.https://nvd.nist.gov/vuln/detail/CVE-2022-26514
CVE-2022-26666Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialogECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.https://nvd.nist.gov/vuln/detail/CVE-2022-26666
CVE-2022-26667Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.https://nvd.nist.gov/vuln/detail/CVE-2022-26667
CVE-2022-26836Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.https://nvd.nist.gov/vuln/detail/CVE-2022-26836
CVE-2022-26839Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files.https://nvd.nist.gov/vuln/detail/CVE-2022-26839
CVE-2022-26887Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.https://nvd.nist.gov/vuln/detail/CVE-2022-26887
CVE-2022-27175Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.https://nvd.nist.gov/vuln/detail/CVE-2022-27175
CVE-2021-42970Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter.https://nvd.nist.gov/vuln/detail/CVE-2021-42970
CVE-2021-43109An SQL Injection vulnerability exits in PuneethReddyHC online-shopping-system as of 11/01/2021 via the p parameter in product.php.https://nvd.nist.gov/vuln/detail/CVE-2021-43109
CVE-2021-43110An Access Conrol vulnerability exists in PuneethReddyHC online-shopping-system as of 11/01/2021 in add_products.https://nvd.nist.gov/vuln/detail/CVE-2021-43110
CVE-2022-1122A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.https://nvd.nist.gov/vuln/detail/CVE-2022-1122
CVE-2022-22948The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.https://nvd.nist.gov/vuln/detail/CVE-2022-22948
CVE-2021-42911A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2021-42911
CVE-2021-43118A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious user execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2021-43118
CVE-2022-26871An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-26871
CVE-2021-44082textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request.https://nvd.nist.gov/vuln/detail/CVE-2021-44082