Security Bulletin 15 Jun 2022

Published on 15 Jun 2022

Updated on 15 Jun 2022

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Critical vulnerabilities with a base score of 9.0 to 10.0
High vulnerabilities with a base score of 7.0 to 8.9
Medium vulnerabilities with a base score of 4.0 to 6.9
Low vulnerabilities with a base score of 0.1 to 3.9
None vulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2022-30292 Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a certain sq_reservestack call. 10 https://nvd.nist.gov/vuln/detail/CVE-2022-30292
CVE-2019-1003029 A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. 9.9 https://nvd.nist.gov/vuln/detail/CVE-2019-1003029
CVE-2019-5138 An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability. 9.9 https://nvd.nist.gov/vuln/detail/CVE-2019-5138
CVE-2017-2921 An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An attacker needs to send a specially crafted websocket packet over network to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-2921
CVE-2017-2922 An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to achieve remote code execution. An attacker needs to send a specially crafted websocket packet over the network to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-2922
CVE-2018-1000007 libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2018-1000007
CVE-2017-1000353 Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-1000353
CVE-2018-1000861 A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2018-1000861
CVE-2019-9169 In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-9169
CVE-2019-5019 A heap-based overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro R1 (7,0,2018,1113). While parsing Document Summary Property Set stream, the getSummaryInformation function is incorrectly checking the correlation between size and the number of properties in PropertySet packets, causing an out-of-bounds write that leads to heap corruption and consequent code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-5019
CVE-2019-5021 Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-5021
CVE-2016-1000027 Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2016-1000027
CVE-2020-7645 All versions of chrome-launcher allow execution of arbitrary commands, by controlling the $HOME environment variable in Linux operating systems. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7645
CVE-2021-26084 In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26084
CVE-2021-39275 ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39275
CVE-2021-41303 Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41303
CVE-2021-42013 It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42013
CVE-2020-27304 The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27304
CVE-2022-22822 addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22822
CVE-2022-22823 build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22823
CVE-2022-22824 defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22824
CVE-2022-23852 Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23852
CVE-2022-23990 Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23990
CVE-2022-25235 xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25235
CVE-2022-25236 xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25236
CVE-2022-25315 In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25315
CVE-2021-45809 GlobalProtect-openconnect versions prior to 1.4.3 are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the `--script=--redacted--otect-openconnect versions prior to 1.4.3 are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the `--script=<script>` parameter 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45809
CVE-2022-28346 An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28346
CVE-2022-0142 The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0142
CVE-2022-0540 A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0540
CVE-2021-46790 ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46790
CVE-2022-29155 In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29155
CVE-2022-0836 The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0836
CVE-2022-30599 A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30599
CVE-2022-30600 A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30600
CVE-2022-22978 In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22978
CVE-2022-29186 Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rundeck community and rundeck-enterprise docker images contained a pre-generated SSH keypair. If the id_rsa.pub public key of the keypair was copied to authorized_keys files on remote host, those hosts would allow access to anyone with the exposed private credentials. This misconfiguration only impacts Rundeck Docker instances of PagerDuty® Process Automation On Prem (formerly Rundeck) version 4.0 and earlier, not Debian, RPM or .WAR. Additionally, the id_rsa.pub file would have to be copied from the Docker image filesystem contents without overwriting it and used to configure SSH access on a host. A patch on Rundeck's `main` branch has removed the pre-generated SSH key pair, but it does not remove exposed keys that have been configured. To patch, users must run a script on hosts in their environment to search for exposed keys and rotate them. Two workarounds are available: Do not use any pre-existing public key file from the rundeck docker images to allow SSH access by adding it to authorized_keys files and, if you have copied the public key file included in the docker image, remove it from any authorized_keys files. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29186
CVE-2013-10003 A vulnerability classified as critical has been found in Telecommunication Software SAMwin Contact Center Suite 5.1. This affects the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the database handler. The manipulation leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2013-10003
CVE-2013-10004 A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1. This vulnerability affects the function passwordScramble in the library SAMwinLIBVB.dll of the component Password Handler. Incorrect implementation of a hashing function leads to predictable authentication possibilities. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2013-10004
CVE-2022-29337 C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6. This vulnerability allows attackers to execute arbitrary commands via a crafted HTTP request. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29337
CVE-2022-23775 TrueStack Direct Connect 1.4.7 has Incorrect Access Control. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23775
CVE-2021-33016 An attacker can gain full access (read/write/delete) to sensitive folders due to hard-coded credentials on KUKA KR C4 control software for versions prior to 8.7 or any product running KSS. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33016
CVE-2022-30495 In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation) 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30495
CVE-2022-26775 An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26775
CVE-2022-26776 This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An attacker may be able to cause unexpected application termination or arbitrary code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26776
CVE-2022-29632 An arbitrary file upload vulnerability in the component /course/api/upload/pic of Roncoo Education v9.0.0 allows attackers to execute arbitrary code via a crafted file. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29632
CVE-2022-29633 An access control issue in Linglong v1.0 allows attackers to access the background of the application via a crafted cookie. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29633
CVE-2022-1927 Buffer Over-read in GitHub repository vim/vim prior to 8.2. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1927
CVE-2022-1556 The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1556
CVE-2022-31003 Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\\0` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution. Version 1.13.8 contains a patch for this issue. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31003
CVE-2022-31013 Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function `this.authProvider.verifyAccessKey` is an async function, as the code is not using `await` to wait for the verification result. Every time the function responds back with success, along with an unhandled exception if the token is invalid. A patch is available in version 2.6.0. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31013
CVE-2022-29875 A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29875
CVE-2019-12349 An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dl_sendsms.php via the id parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-12349
CVE-2019-12350 An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-12350
CVE-2019-12351 An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing comma. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-12351
CVE-2020-28246 A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-28246
CVE-2021-26633 SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoard can cause information leakage and privilege escalation. This vulnerabilities can be exploited by manipulating a variable with a desired value and inserting and arbitrary file. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26633
CVE-2021-26634 SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. Attackers can use these vulnerabilities to perform attacks such as stealing server management rights using a web shell. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26634
CVE-2021-34079 OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34079
CVE-2021-34080 OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34080
CVE-2021-34082 OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers to execute arbitrary commands via the fix function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34082
CVE-2021-34084 OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34084
CVE-2021-42872 TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42872
CVE-2021-44095 A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44095
CVE-2021-44096 EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profile_action - update_user. This allows a remote attacker to compromise Application SQL database. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44096
CVE-2021-44097 EGavilan Media Contact-Form-With-Messages-Entry-Management 1.0 is vulnerable to SQL Injection via Addmessage.php. This allows a remote attacker to compromise Application SQL database. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44097
CVE-2021-44098 EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Injection via /expense_action.php. This allows a remote attacker to compromise Application SQL database. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44098
CVE-2022-1660 The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary code. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1660
CVE-2022-24239 ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24239
CVE-2022-24240 ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24240
CVE-2022-25237 Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API endpoints. This can lead to remote code execution by abusing the privileged API actions. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25237
CVE-2022-28605 LinkPlay Sound Bar v1.0 allows attackers to escalate privileges via a hardcoded password for the SSL certificate. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28605
CVE-2022-28945 An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted ZIP file. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28945
CVE-2022-29659 Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29659
CVE-2022-29712 LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29712
CVE-2022-29730 USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the device. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29730
CVE-2022-29776 Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29776
CVE-2022-29777 Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29777
CVE-2022-30324 HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30324
CVE-2022-30352 phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "auth_user" parameter in index.php script. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30352
CVE-2022-30423 Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30423
CVE-2022-30470 In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30470
CVE-2022-30478 Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable to SQL Injection in \\search_product.php via the keyword parameters. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30478
CVE-2022-30481 Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Injection in categorywise-menu.php via the catid parameters. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30481
CVE-2022-30490 Badminton Center Management System V1.0 is vulnerable to SQL Injection via parameter 'id' in /bcms/admin/court_rentals/update_status.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30490
CVE-2022-30506 An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30506
CVE-2022-30510 School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/daily_collection_report.php:59. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30510
CVE-2022-30511 School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/view_details.php:4. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30511
CVE-2022-30512 School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/payment_history.php:31. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30512
CVE-2022-30521 The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users easily. The attackers can exploit the vulnerability to carry out arbitrary code by means of sending a specially constructed payload to port 49152. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30521
CVE-2022-30797 Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30797
CVE-2022-30808 elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30808
CVE-2022-30809 elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30809
CVE-2022-30810 elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30810
CVE-2022-30813 elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30813
CVE-2022-30814 elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30814
CVE-2022-30815 elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar= 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30815
CVE-2022-30816 elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30816
CVE-2022-30817 Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection via /SimpleBusTicket/index.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30817
CVE-2022-31327 Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=products&id=. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31327
CVE-2022-31328 Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering/admin/products/index.php?view=edit&id=. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31328
CVE-2022-31329 Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection via /ordering/admin/orders/loaddata.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31329
CVE-2022-31335 Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?view=edit&id=. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31335
CVE-2022-31336 Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/loaddata.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31336
CVE-2022-31337 Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/category/index.php?view=edit&id=. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31337
CVE-2022-31338 Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31338
CVE-2022-31340 Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/table_edit_ajax.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31340
CVE-2022-31343 Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/view_details&id=. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31343
CVE-2022-31344 Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_booking. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31344
CVE-2022-31345 Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=user/manage_user&id=. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31345
CVE-2022-31346 Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_service. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31346
CVE-2022-31347 Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31347
CVE-2022-31348 Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/bookings/update_status.php?id=. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31348
CVE-2022-31350 Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31350
CVE-2022-31351 Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manage_price.php?id=. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31351
CVE-2022-31352 Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manage_service.php?id=. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31352
CVE-2022-31353 Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_service.php?id=. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31353
CVE-2022-31354 Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=get_vehicle_service. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31354
CVE-2022-31799 Bottle before 0.12.20 mishandles errors during early request binding. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31799
CVE-2022-31946 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_team. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31946
CVE-2022-31948 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_report. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31948
CVE-2022-31951 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_respondent_type. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31951
CVE-2022-31952 Rescue Dispatch Management System v1.0 is vulnerable to SQL injection via /rdms/classes/Master.php?f=delete_incident. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31952
CVE-2022-31953 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/view_report.php?id=. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31953
CVE-2022-31956 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/manage_report.php?id=. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31956
CVE-2022-31957 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/teams/view_team.php?id=. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31957
CVE-2022-31959 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/teams/manage_team.php?id=. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31959
CVE-2022-31961 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/manage_incident.php?id=. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31961
CVE-2022-31962 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/view_incident.php?id=. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31962
CVE-2022-31964 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/respondent_types/view_respondent_type.php?id=. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31964
CVE-2022-31965 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/respondent_types/manage_respondent_type.php?id=. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31965
CVE-2022-31969 ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=user/manage_user&id=. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31969
CVE-2022-31976 Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31976
CVE-2022-31977 Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31977
CVE-2022-31978 Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_inquiry. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31978
CVE-2022-32002 Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/manage_court.php?id=. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32002
CVE-2022-31989 Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=user/manage_user&id=. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31989
CVE-2022-31990 Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_product. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31990
CVE-2022-31991 Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_court. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31991
CVE-2022-31993 Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_service. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31993
CVE-2022-32020 Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via ip/car-rental-management-system/admin/ajax.php?action=save_settings. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32020
CVE-2021-45981 NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45981
CVE-2021-45983 NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45983
CVE-2022-29704 BrowsBox CMS v4.0 was discovered to contain a SQL injection vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29704
CVE-2022-32019 Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=save_car. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32019
CVE-2021-42875 TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42875
CVE-2022-26869 Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26869
CVE-2022-29084 Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29084
CVE-2022-30234 A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30234
CVE-2022-30235 A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30235
CVE-2022-32269 In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript\: URIs in local HTTP error pages (displayed by Internet Explorer core). This leads to arbitrary code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32269
CVE-2022-32270 In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder (DLL planting could also occur). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32270
CVE-2021-42884 TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42884
CVE-2021-42885 TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42885
CVE-2021-42887 In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42887
CVE-2021-42888 TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42888
CVE-2021-42890 TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42890
CVE-2022-26134 In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26134
CVE-2022-31768 IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31768
CVE-2022-32511 jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32511
CVE-2022-30927 A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable "id" parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30927
CVE-2022-31279 Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution (RCE) via an unserialized pop chain in __destruct in Illuminate\\Broadcasting\\PendingBroadcast.php and __call in Faker\\Generator.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31279
CVE-2020-36533 A vulnerability was found in Klapp App and classified as problematic. This issue affects some unknown processing of the JSON Web Token Handler. The manipulation leads to weak authentication. The attack may be initiated remotely. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-36533
CVE-2020-36539 A vulnerability was found in Lógico y Creativo 1.0 and classified as critical. This issue affects some unknown processing. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-36539
CVE-2020-36540 A vulnerability, which was classified as critical, was found in Neetai Tech. Affected is an unknown function of the file /product.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-36540
CVE-2020-36541 A vulnerability was found in Demokratian. It has been rated as critical. Affected by this issue is some unknown functionality of the file basicos_php/genera_select.php. The manipulation of the argument id_provincia with the input leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-36541
CVE-2020-36542 A vulnerability classified as critical has been found in Demokratian. This affects an unknown part of the file install/install3.php. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-36542
CVE-2022-30722 Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30722
CVE-2022-30909 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the CMD parameter at /goform/aspForm. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30909
CVE-2022-30910 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the GO parameter at /goform/aspForm. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30910
CVE-2022-30912 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateWanParams parameter at /goform/aspForm. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30912
CVE-2022-30913 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the ipqos_set_bandwidth parameter at /goform/aspForm. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30913
CVE-2022-30914 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateMacClone parameter at /goform/aspForm. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30914
CVE-2022-30915 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateSnat parameter at /goform/aspForm. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30915
CVE-2022-30916 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnetDebug parameter at /goform/aspForm. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30916
CVE-2022-30917 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddWlanMacList parameter at /goform/aspForm. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30917
CVE-2022-30918 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnet parameter at /goform/aspForm. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30918
CVE-2022-30919 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID_5G parameter at /goform/aspForm. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30919
CVE-2022-30920 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID parameter at /goform/aspForm. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30920
CVE-2022-30921 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetMobileAPInfoById parameter at /goform/aspForm. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30921
CVE-2022-30922 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditWlanMacList parameter at /goform/aspForm. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30922
CVE-2022-30923 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTimingtimeWifiAndLed parameter at /goform/aspForm. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30923
CVE-2022-30924 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetAPWifiorLedInfoById parameter at /goform/aspForm. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30924
CVE-2022-30925 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddMacList parameter at /goform/aspForm. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30925
CVE-2022-30926 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditMacList parameter at /goform/aspForm. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30926
CVE-2022-30308 In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30308
CVE-2022-30309 In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30309
CVE-2022-30311 In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30311
CVE-2022-32271 In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary local files. 9.6 https://nvd.nist.gov/vuln/detail/CVE-2022-32271
CVE-2019-5016 An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory read, resulting in a denial of service or remote information disclosure. An unauthenticated attacker can send a crafted packet on the local network to trigger this vulnerability. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2019-5016
CVE-2021-45079 In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-45079
CVE-2022-23066 In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Calculation which is caused by improper implementation of sdiv instruction. This can lead to the wrong execution path, resulting in huge loss in specific cases. For example, the result of a sdiv instruction may decide whether to transfer tokens or not. The vulnerability affects both integrity and may cause serious availability problems. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-23066
CVE-2021-42646 XML External Entity (XXE) vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Manager 5.7.0, 5.9.0, and 5.10.0; and WSO2 Identity Server 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0. Allows attackers to gain read access to sensitive information or cause a denial of service via crafted GET requests. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-42646
CVE-2013-10002 A vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1. It has been rated as critical. Affected by this issue is the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the credential handler. Authentication is possible with hard-coded credentials. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2013-10002
CVE-2021-27779 VersionVault Express exposes sensitive information that an attacker can use to impersonate the server or eavesdrop on communications with the server. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-27779
CVE-2022-20797 A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system. This vulnerability is due to insufficient user input validation by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting arbitrary commands in the web-based management interface. A successful exploit could allow the attacker to make configuration changes on the affected device or cause certain services to restart unexpectedly. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-20797
CVE-2022-31945 Rescue Dispatch Management System v1.0 is vulnerable to Delete any file via /rdms/classes/Master.php?f=delete_img. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-31945
CVE-2021-33473 An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-33473
CVE-2022-25361 WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to delete arbitrary files from a limited set of directories on the system. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25361
CVE-2022-30710 Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-30710
CVE-2022-30711 Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-30711
CVE-2022-30712 Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-30712
CVE-2022-30713 Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-30713
CVE-2021-40438 A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. 9 https://nvd.nist.gov/vuln/detail/CVE-2021-40438

OTHER VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2017-2827 An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-2827
CVE-2017-2916 An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-2916
CVE-2017-2917 An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-2917
CVE-2017-2923 An exploitable heap based buffer overflow vulnerability exists in the 'read_biff_next_record function' of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-2923
CVE-2017-2924 An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-2924
CVE-2018-1999001 A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. If Jenkins is started without this file present, it will revert to the legacy defaults of granting administrator access to anonymous users. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2018-1999001
CVE-2018-20545 There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2018-20545
CVE-2019-1003005 A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-1003005
CVE-2019-5032 An exploitable out-of-bounds read vulnerability exists in the LabelSst record parser of Aspose Aspose.Cells 19.1.0 library. A specially crafted XLS file can cause an out-of-bounds read, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-5032
CVE-2019-10384 Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-10384
CVE-2019-5130 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-5130
CVE-2019-5131 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-5131
CVE-2019-5145 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-5145
CVE-2020-7246 A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7246
CVE-2019-5187 An exploitable out-of-bounds write vulnerability exists in the TIFreadstripdata function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted TIFF file file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-5187
CVE-2019-5136 An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-5136
CVE-2019-5140 An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-5140
CVE-2019-5141 An exploitable command injection vulnerability exists in the iw_webs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-5141
CVE-2019-5143 An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-5143
CVE-2019-5153 An exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-5153
CVE-2019-5162 An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-5162
CVE-2021-21480 SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). An attacker can intercept a request to the server, inject malicious JSP code in the request and forward to server. When this dashboard is opened by users having at least SAP_XMII Developer role, malicious content in the dashboard gets executed, leading to remote code execution in the server, which allows privilege escalation. The malicious JSP code can contain certain OS commands, through which an attacker can read sensitive files in the server, modify files or even delete contents in the server thus compromising the confidentiality, integrity and availability of the server hosting the SAP MII application. Also, an attacker authenticated as a developer can use the application to upload and execute a file which will permit them to execute operating systems commands completely compromising the server hosting the application. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21480
CVE-2020-36403 HTSlib through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse and vcf_read). 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-36403
CVE-2021-43559 A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43559
CVE-2021-44227 In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44227
CVE-2021-45960 In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45960
CVE-2022-22825 lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22825
CVE-2022-22826 nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22826
CVE-2022-22827 storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22827
CVE-2021-44520 In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44520
CVE-2022-24857 django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication can be bypassed. Users are affected if they have activated both django-mfa3 (< 0.5.0) and django.contrib.admin and have not taken any other measures to prevent users from accessing the admin login view. The issue has been fixed in django-mfa3 0.5.0. It is possible to work around the issue by overwriting the admin login route, e.g. by adding the following URL definition *before* the admin routes: url('admin/login/', lambda request: redirect(settings.LOGIN_URL) 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24857
CVE-2021-44519 In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44519
CVE-2021-42192 Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42192
CVE-2020-16231 The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX207, MX213, MX220, MC206, MC212, MC220, and MH230 hardware controllers, and affected end-of-life controller include MC205, MC210, MH212, ME203, CS200, MP213, MP226, MPC240, MPC265, MPC270, MPC293, MPE270, and CPC210 hardware controllers. Security Level 0 is set at default from the manufacturer, which could allow an unauthenticated remote attacker to gain access to the password hashes. Security Level 4 is susceptible if an authenticated remote attacker or an unauthenticated person with physical access to the device reads and decrypts the password to conduct further attacks. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-16231
CVE-2014-125001 A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file /cardo/api of the Cardo-Updater. Unauthenticated remote code execution with root permissions is possible. Firewalling or disabling the service is recommended. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2014-125001
CVE-2022-27305 Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27305
CVE-2021-33014 An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33014
CVE-2022-1261 Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) is vulnerable to a condition where a low privileged user allowed to connect to the OPC server to use the functions of the IPersisFile to execute operating system processes with system-level privileges. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1261
CVE-2022-31265 The replay feature in the client in Wargaming World of Warships 0.11.4 allows remote attackers to execute code when a user launches a replay from an untrusted source. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31265
CVE-2022-30584 Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30584
CVE-2022-1611 The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1611
CVE-2021-3555 A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote code execution. This issue affects: Eufy Indoor 2K Indoor Camera 2.0.9.3 version and prior versions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3555
CVE-2022-1808 Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1808
CVE-2022-24848 DHIS2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability affects the `/api/programs/orgUnits?programs=` API endpoint in DHIS2 versions prior to 2.36.10.1 and 2.37.6.1. The system is vulnerable to attack only from users that are logged in to DHIS2, and there is no known way of exploiting the vulnerability without first being logged in as a DHIS2 user. The vulnerability is not exposed to a non-malicious user and requires a conscious attack to be exploited. A successful exploit of this vulnerability could allow the malicious user to read, edit and delete data in the DHIS2 instance's database. Security patches are now available for DHIS2 versions 2.36.10.1 and 2.37.6.1. One may apply mitigations at the web proxy level as a workaround. More information about these mitigations is available in the GitHub Security Advisory. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24848
CVE-2020-20971 Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-20971
CVE-2021-32546 Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker (registered user) can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that configuration can contain an option such as sshCommand, which is executed when a master branch is a remote branch (using an ssh:// URI). The remote branch can also be configured by editing the Git configuration file. One can create a new file in a new repository, using the GUI, with "\\" as its name, and then rename this file to .git/config with the custom configuration content (and then save it). 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32546
CVE-2021-34078 lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project's package.json file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34078
CVE-2021-34081 OS Command Injection vulnerability in bbultman gitsome through 0.2.3 allows attackers to execute arbitrary commands via a crafted tag name of the target git repository. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34081
CVE-2022-22767 Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22767
CVE-2022-28799 The TikTok application before 23.8.4 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28799
CVE-2022-29624 An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29624
CVE-2022-29647 An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29647
CVE-2022-29725 An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29725
CVE-2022-29735 Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29735
CVE-2022-30425 Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. This vulnerability is exploited via a crafted POST request. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30425
CVE-2022-30819 In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "photos_edit.php" file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30819
CVE-2022-30820 In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_edit.php" file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30820
CVE-2022-30821 In Wedding Management System v1.0, the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of "package_edit.php" file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30821
CVE-2022-30822 In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_profile.php" file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30822
CVE-2021-45982 NetScout nGeniusONE 6.3.2 allows Arbitrary File Upload by a privileged user. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45982
CVE-2022-31462 Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31462
CVE-2022-30232 A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30232
CVE-2022-30238 A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30238
CVE-2022-26493 Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider in certain non-default configurations allow a malicious user to login as any chosen user. The vulnerability is mitigated by the module's default settings which require the options "Either sign SAML assertions" and "x509 certificate". This issue affects: Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider 8.x version 8.x-2.24 and prior versions; 7.x version 7.x-2.57 and prior versions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26493
CVE-2022-32291 In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname (for a DLL file) in a RAM file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32291
CVE-2021-41932 A blind SQL injection vulnerability in search form in TeamMate+ Audit version 28.0.19.0 allows any authenticated user to create malicious SQL injections, which can result in complete database compromise, gaining information about other users, unauthorized access to audit data etc. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41932
CVE-2022-21745 In WIFI Firmware, there is a possible memory corruption due to a use after free. This could lead to remote escalation of privilege, when devices are connecting to the attacker-controllable Wi-Fi hotspot, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468872; Issue ID: ALPS06468872. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21745
CVE-2022-30469 In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in `/?module=fileman&section=get&page=grid` leads to SQL injection. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30469
CVE-2019-9971 PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z (aka postrotate-command) option to tcpdump can be unsafe when used in conjunction with sudo. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-9971
CVE-2019-9972 PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shift><enter>" mishandling. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-9972
CVE-2020-36529 A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-36529
CVE-2020-36530 A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated remotely. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-36530
CVE-2020-36531 A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-36531
CVE-2020-36535 A vulnerability classified as critical has been found in MINMAX. This affects an unknown part of the file /newsDia.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-36535
CVE-2020-36536 A vulnerability was found in Brandbugle. It has been rated as critical. Affected by this issue is some unknown functionality of the file /main.php. The manipulation leads to sql injection. The attack may be launched remotely. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-36536
CVE-2020-36537 A vulnerability was found in Everywhere CMS. It has been classified as critical. Affected is an unknown function. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-36537
CVE-2020-36538 A vulnerability was found in Eatan CMS. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The attack can be launched remotely. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-36538
CVE-2017-20017 A vulnerability, which was classified as critical, has been found in The Next Generation of Genealogy Sitebuilding up to 11.1.0. This issue affects some unknown processing of the file /timeline2.php. The manipulation of the argument primaryID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.1.1 is able to address this issue. It is recommended to upgrade the affected component. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-20017
CVE-2019-13933 A vulnerability has been identified in SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants), SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2019-13933
CVE-2022-1797 A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2022-1797
CVE-2022-30034 Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2022-30034
CVE-2021-44719 Docker Desktop 4.3.0 has Incorrect Access Control. 8.4 https://nvd.nist.gov/vuln/detail/CVE-2021-44719
CVE-2022-30127 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30128. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30127
CVE-2022-30128 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30127. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30128
CVE-2022-30236 A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-30236
CVE-2017-2914 An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs network connectivity to the device to trigger this vulnerability. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2017-2914
CVE-2018-1000194 A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2018-1000194
CVE-2018-20546 There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2018-20546
CVE-2019-1003049 Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2019-1003049
CVE-2019-5018 An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2019-5018
CVE-2022-23639 crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was always the same as `Atomic{I,U}64`. However, the alignment of `{i,u}64` on a 32-bit target can be smaller than `Atomic{I,U}64`. This can cause unaligned memory accesses and data race. Crates using `fetch_*` methods with `AtomicCell<{i,u}64>` are affected by this issue. 32-bit targets without `Atomic{I,U}64` and 64-bit targets are not affected by this issue. This has been fixed in crossbeam-utils 0.8.7. There are currently no known workarounds. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-23639
CVE-2022-24801 Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. Users who may be affected use Twisted Web's HTTP 1.1 server and/or proxy and also pass requests through a different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a different parser, so it is not affected. The issue has been addressed in Twisted 22.4.0rc1. Two workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by upgrading them; or filter malformed requests by other means, such as configuration of an upstream proxy. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24801
CVE-2022-0141 The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0141
CVE-2021-25745 A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25745
CVE-2022-1669 A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any "Address" value and it would be copied to a second variable with a "strcpy" vulnerable function without checking its length. Because of this, it is possible to send a long address value to overflow the process stack, controlling the function return address. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1669
CVE-2022-22576 An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-22576
CVE-2022-1931 Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1931
CVE-2021-34083 Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved from google to a shell command, potentially exposing the server to RCE. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-34083
CVE-2022-27778 A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-27778
CVE-2022-1987 Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1987
CVE-2017-2915 An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point reachable by the device to trigger this vulnerability. 8 https://nvd.nist.gov/vuln/detail/CVE-2017-2915
CVE-2022-26867 PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file. 8 https://nvd.nist.gov/vuln/detail/CVE-2022-26867
CVE-2017-2823 A use-after-free vulnerability exists in the .ISO parsing functionality of PowerISO 6.8. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .ISO file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-2823
CVE-2017-2920 An memory corruption vulnerability exists in the .SVG parsing functionality of Computerinsel Photoline 20.02. A specially crafted .SVG file can cause a vulnerability resulting in memory corruption, which can potentially lead to arbitrary code execution. An attacker can send a specific .SVG file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-2920
CVE-2017-2897 An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-2897
CVE-2017-2919 An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-2919
CVE-2017-2899 An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.tif' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-2899
CVE-2017-2900 An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.png' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-2900
CVE-2017-2901 An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-2901
CVE-2017-2902 An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-2902
CVE-2017-2903 An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-2903
CVE-2017-2904 An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.hdr' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-2904
CVE-2017-2905 An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-2905
CVE-2017-2906 An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-2906
CVE-2017-2907 An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-2907
CVE-2017-2908 An exploitable integer overflow exists in the thumbnail functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to render the thumbnail for the file while in the File->Open dialog. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-2908
CVE-2017-2918 An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-2918
CVE-2019-5015 A local privilege escalation vulnerability exists in the Mac OS X version of Pixar Renderman 22.3.0's Install Helper helper tool. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine for a successful exploit. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-5015
CVE-2019-10934 A vulnerability has been identified in TIA Portal V14 (All versions), TIA Portal V15 (All versions < V15.1 Update 7), TIA Portal V16 (All versions), TIA Portal V17 (All versions < V17 Update 4). Changing the contents of a configuration file could allow an attacker to execute arbitrary code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system. No user interaction is required. At the time of advisory publication no public exploitation of this security vulnerability was known. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-10934
CVE-2020-26664 A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-26664
CVE-2021-41103 containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41103
CVE-2021-46143 In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46143
CVE-2021-4034 A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4034
CVE-2021-44000 A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44000
CVE-2021-44016 A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15110) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44016
CVE-2021-44018 A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44018
CVE-2022-0847 A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0847
CVE-2022-21124 Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25234. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21124
CVE-2022-28893 The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28893
CVE-2022-22187 An Improper Privilege Management vulnerability in the Windows Installer framework used in the Juniper Networks Juniper Identity Management Service (JIMS) allows an unprivileged user to trigger a repair operation. Running a repair operation, in turn, will trigger a number of file operations in the %TEMP% folder of the user triggering the repair. Some of these operations will be performed from a SYSTEM context (started via the Windows Installer service), including the execution of temporary files. An attacker may be able to provide malicious binaries to the Windows Installer, which will be executed with high privilege, leading to a local privilege escalation. This issue affects Juniper Networks Juniper Identity Management Service (JIMS) versions prior to 1.4.0. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22187
CVE-2022-24287 A vulnerability has been identified in SIMATIC PCS 7 V9.0 and earlier (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1 UC01), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Upd4), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 8). An authenticated attacker could escape the WinCC Kiosk Mode by opening the printer dialog in the affected application in case no printer is installed. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24287
CVE-2022-26531 Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26531
CVE-2022-26532 A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26532
CVE-2021-3717 A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3717
CVE-2022-22672 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious application may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22672
CVE-2022-22675 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22675
CVE-2022-26702 A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26702
CVE-2022-26704 A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26704
CVE-2022-26714 A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26714
CVE-2022-26715 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26715
CVE-2022-26718 An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26718
CVE-2022-26756 An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26756
CVE-2022-26757 A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26757
CVE-2022-26761 A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26761
CVE-2022-26763 An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26763
CVE-2022-26768 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26768
CVE-2022-26769 A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26769
CVE-2022-26770 An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26770
CVE-2022-29637 An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows attackers to execute arbitrary commands via a crafted Zip file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29637
CVE-2022-28394 EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Please note that this was reported on an EOL version of the product, and users are advised to upgrade to the latest supported version (5.x). 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28394
CVE-2022-30700 An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30700
CVE-2022-30701 An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30701
CVE-2022-1897 Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1897
CVE-2022-1934 Use After Free in GitHub repository mruby/mruby prior to 3.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1934
CVE-2022-1942 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1942
CVE-2022-31011 TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access. Only users using TiDB 5.3.0 are affected by this vulnerability. TiDB version 5.3.1 contains a patch for this issue. Other mitigation strategies include turning off Security Enhanced Mode (SEM), disabling local login for non-root accounts, and ensuring that the same IP cannot be logged in as root and normal user at the same time. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31011
CVE-2021-26635 In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26635
CVE-2021-42195 An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function handleEditText() located in swfdump.c. It allows an attacker to cause code Execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42195
CVE-2021-42197 An issue was discovered in swftools through 20201222 through a memory leak in the swftools when swfdump is used. It allows an attacker to cause code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42197
CVE-2021-42199 An issue was discovered in swftools through 20201222. A heap buffer overflow exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42199
CVE-2021-42201 An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetD64() located in rfxswf.c. It allows an attacker to cause code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42201
CVE-2021-42203 An issue was discovered in swftools through 20201222. A heap-use-after-free exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42203
CVE-2021-42204 An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42204
CVE-2022-1215 A format string vulnerability was found in libinput 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1215
CVE-2022-1419 The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1419
CVE-2022-1652 Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1652
CVE-2022-1786 A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1786
CVE-2022-1968 Use After Free in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1968
CVE-2022-27184 The affected product is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27184
CVE-2022-28690 The affected product is vulnerable to an out-of-bounds write via uninitialized pointer, which may allow an attacker to execute arbitrary code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28690
CVE-2022-28702 Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28702
CVE-2022-29483 Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29483
CVE-2022-29488 The affected product is vulnerable to an out-of-bounds read via uninitialized pointer, which may allow an attacker to execute arbitrary code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29488
CVE-2022-29692 Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulnerability via the hook function. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29692
CVE-2022-30540 The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30540
CVE-2022-31500 In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31500
CVE-2022-31782 ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31782
CVE-2022-32200 libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32200
CVE-2022-22557 PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22557
CVE-2022-26868 Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26868
CVE-2022-32250 net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32250
CVE-2022-29594 eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29594
CVE-2022-30726 Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30726
CVE-2022-30744 DLL hijacking vulnerability in KiesWrapper in Samsung Kies prior to version 2.6.4.22043_1 allows attacker to execute arbitrary code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30744
CVE-2021-46816 Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46816
CVE-2021-46817 Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46817
CVE-2021-46818 Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46818
CVE-2019-5024 A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in full administrator access to the underlying operating system. An attacker can connect to the device via USB port with a keyboard or other HID device to trigger this vulnerability. 7.6 https://nvd.nist.gov/vuln/detail/CVE-2019-5024
CVE-2017-9946 A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sensitive information from the device. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2017-9946
CVE-2017-2898 An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series of packets to trigger this vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2017-2898
CVE-2017-2909 An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2017-2909
CVE-2017-17740 contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2017-17740
CVE-2018-1999002 A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-1999002
CVE-2019-6568 A vulnerability has been identified in RFID 181EIP, SIMATIC CP 1604, SIMATIC CP 1616, SIMATIC CP 343-1 Advanced, SIMATIC CP 443-1, SIMATIC CP 443-1 Advanced, SIMATIC CP 443-1 OPC UA, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F, SIMATIC IPC DiagMonitor, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600 family, SIMATIC RF600R family, SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP (incl. SIPLUS variants), SIMOCODE pro V PN (incl. SIPLUS variants), SINAMICS G130 V4.6 Control Unit, SINAMICS G130 V4.7 Control Unit, SINAMICS G130 V4.7 SP1 Control Unit, SINAMICS G130 V4.8 Control Unit, SINAMICS G130 V5.1 Control Unit, SINAMICS G130 V5.1 SP1 Control Unit, SINAMICS G150 V4.6 Control Unit, SINAMICS G150 V4.7 Control Unit, SINAMICS G150 V4.7 SP1 Control Unit, SINAMICS G150 V4.8 Control Unit, SINAMICS G150 V5.1 Control Unit, SINAMICS G150 V5.1 SP1 Control Unit, SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S150 V4.6 Control Unit, SINAMICS S150 V4.7 Control Unit, SINAMICS S150 V4.7 SP1 Control Unit, SINAMICS S150 V4.8 Control Unit, SINAMICS S150 V5.1 Control Unit, SINAMICS S150 V5.1 SP1 Control Unit, SINAMICS S210 V5.1 Control Unit, SINAMICS S210 V5.1 SP1 Control Unit, SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SIPLUS NET CP 343-1 Advanced, SIPLUS NET CP 443-1, SIPLUS NET CP 443-1 Advanced, SITOP Manager, SITOP PSU8600, SITOP UPS1600 (incl. SIPLUS variants), TIM 1531 IRC (incl. SIPLUS NET variants). The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-6568
CVE-2019-0227 A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-0227
CVE-2019-13565 An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-13565
CVE-2019-5137 The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-5137
CVE-2019-5148 An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-5148
CVE-2019-19300 A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), KTK ATE530S (All versions), SIDOOR ATD430W (All versions), SIDOOR ATE530S COATED (All versions), SIDOOR ATE531S (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET200AL IM157-1 PN (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 MF HF (All versions), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC MICRO-DRIVE PDC (All versions), SIMATIC PN/MF Coupler (All versions), SIMATIC PN/PN Coupler (incl. SIPLUS NET variants) (All versions >= V4.2), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0), SIMATIC S7-1500 Software Controller (All versions < V2.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINAMICS S/G Control Unit w. PROFINET (All versions). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-19300
CVE-2020-11579 An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11579
CVE-2021-33737 A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 Advanced (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS variants) (All versions), SIPLUS NET CP 443-1 Advanced (All versions). Sending a specially crafted packet to port 102/tcp of an affected device could cause a denial of service condition. A restart is needed to restore normal operations. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33737
CVE-2021-34798 Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-34798
CVE-2021-41092 Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41092
CVE-2021-42697 Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42697
CVE-2021-23727 This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23727
CVE-2022-21676 Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package starting from version `4.0.0`, including those who uses depending packages like `socket.io`. Versions prior to `4.0.0` are not impacted. A fix has been released for each major branch, namely `4.1.2` for the `4.x.x` branch, `5.2.1` for the `5.x.x` branch, and `6.1.1` for the `6.x.x` branch. There is no known workaround except upgrading to a safe version. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21676
CVE-2021-39293 In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39293
CVE-2022-21698 client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21698
CVE-2022-25314 In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25314
CVE-2022-0725 A flaw was found in KeePass. The vulnerability occurs due to logging the plain text passwords in the system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0725
CVE-2022-0778 The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0778
CVE-2022-25622 A vulnerability has been identified in SIMATIC CFU DIQ (All versions), SIMATIC CFU PA (All versions), SIMATIC ET200AL IM157-1 PN (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 MF HF (All versions), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC PN/MF Coupler (All versions), SIMATIC PN/PN Coupler (All versions >= 4.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.10), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX (All versions), SIMIT Simulation Platform (All versions), SINAMICS G110M (All versions), SINAMICS G115D (All versions), SINAMICS G120 (incl. SIPLUS variants) (All versions), SINAMICS G130 (All versions), SINAMICS G150 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions), SINAMICS S150 (All versions), SINAMICS S210 (All versions), SIPLUS HCS4200 CIM4210 (All versions), SIPLUS HCS4200 CIM4210C (All versions), SIPLUS HCS4300 CIM4310 (All versions), SIPLUS NET PN/PN Coupler (All versions >= 4.2). The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25622
CVE-2022-27241 A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.11), Mendix Applications using Mendix 9 (V9.6) (All versions). Applications built with an affected system publicly expose the internal project structure. This could allow an unauthenticated remote attacker to read confidential information. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27241
CVE-2021-32040 It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS attack. This vulnerability affects MongoDB versions prior to 5.0.4, 4.4.11, 4.2.16. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32040
CVE-2021-46789 Configuration defects in the secure OS module. Successful exploitation of this vulnerability can affect availability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46789
CVE-2022-29793 There is a configuration defect in the activation lock of mobile phones.Successful exploitation of this vulnerability may affect application availability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29793
CVE-2022-29222 Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wouldn't reject it. This issue affects users that are using Client certificates only. The connection itself is still secure. The Certificate provided by clients can't be trusted when using a Pion DTLS server prior to version 2.1.5. Users should upgrade to version 2.1.5 to receive a patch. There are currently no known workarounds. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29222
CVE-2022-31261 An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know the unique SAML callback ID of the configured identity source. A remote attacker can send a request crafted with an XXE payload to invoke a malicious DTD hosted on a system that they control. This results in reading local files that the application has access to. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31261
CVE-2021-3629 A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3629
CVE-2021-32966 Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32966
CVE-2021-32997 The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and 3500/22M Firmware, Part No. 288055-01 versions 5.05 and prior) utilize a weak encryption algorithm for storage and transmission of sensitive data, which may allow an attacker to more easily obtain credentials used for access. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32997
CVE-2022-1678 An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1678
CVE-2022-30427 In ginadmin through 05-10-2022 the incoming path value is not filtered, resulting in directory traversal. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30427
CVE-2022-30428 In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30428
CVE-2022-26701 A race condition was addressed with improved locking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26701
CVE-2022-25878 The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions 2. by parsing/loading .proto files 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25878
CVE-2022-1589 The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1589
CVE-2022-23082 In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23082
CVE-2022-31002 Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a patch for this issue. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31002
CVE-2022-31001 Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this issue. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31001
CVE-2022-31005 Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a workaround, disable FileMiddleware and serve via a Content Delivery Network. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31005
CVE-2020-26184 Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate Validation vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-26184
CVE-2020-26185 Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-26185
CVE-2022-29098 Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29098
CVE-2022-29169 BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and prior to 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service (ReDoS) attacks. By using specific a RegularExpression, an attacker can cause denial of service for the bbb-html5 service. The useragent library performs checking of device by parsing the input of User-Agent header and lets it go through lookupUserAgent() (alias of useragent.lookup() ). This function handles input by regexing and attackers can abuse that by providing some ReDos payload using `SmartWatch`. The maintainers removed `htmlclient/useragent` from versions 2.3.19, 2.4.7, and 2.5.0-beta.2. As a workaround, disable NginX forwarding the requests to the handler according to the directions in the GitHub Security Advisory. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29169
CVE-2021-33254 An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33254
CVE-2021-33615 RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33615
CVE-2021-40186 The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40186
CVE-2021-43306 An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43306
CVE-2021-43307 An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43307
CVE-2021-43308 An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43308
CVE-2022-1661 The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1661
CVE-2022-1929 An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1929
CVE-2022-1949 An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1949
CVE-2022-24241 ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24241
CVE-2022-24581 ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24581
CVE-2022-26975 Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26975
CVE-2022-27775 An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27775
CVE-2022-27780 The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27780
CVE-2022-27781 libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27781
CVE-2022-27782 libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27782
CVE-2022-29693 Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29693
CVE-2022-29694 Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ram_free. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29694
CVE-2022-29695 Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine initialization. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29695
CVE-2022-29729 Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29729
CVE-2022-30496 SQL injection in Logon Page of IDCE MV's application, version 1.0, allows an attacker to inject SQL payloads in the user field, connecting to a database to access enterprise's private and sensitive information. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30496
CVE-2022-31004 CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were called in production, it is possible that it would write the plaintext key to disk. A patch is not available as of time of publication but is anticipated as a "hot fix" for version 1.1.1 and for the 2.x branch. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31004
CVE-2022-31018 Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the `Form#bindFromRequest` method on a JSON request body or the `Form#bind` method directly on a JSON value. If the JSON data being bound to the form contains a deeply-nested JSON object or array, the form binding implementation may consume all available heap space and cause an `OutOfMemoryError`. If executing on the default dispatcher and `akka.jvm-exit-on-fatal-error` is enabled—as it is by default—then this can crash the application process. `Form.bindFromRequest` is vulnerable when using any body parser that produces a type of `AnyContent` or `JsValue` in Scala, or one that can produce a `JsonNode` in Java. This includes Play's default body parser. This vulnerability been patched in version 2.8.16. There is now a global limit on the depth of a JSON object that can be parsed, which can be configured by the user if necessary. As a workaround, applications that do not need to parse a request body of type `application/json` can switch from the default body parser to another body parser that supports only the specific type of body they expect. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31018
CVE-2022-31023 Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by configuring its `DefaultHttpErrorHandler` to do so based on the application mode. In its Scala API Play also provides a static object `DefaultHttpErrorHandler` that is configured to always show verbose errors. This is used as a default value in some Play APIs, so it is possible to inadvertently use this version in production. It is also possible to improperly configure the `DefaultHttpErrorHandler` object instance as the injected error handler. Both of these situations could result in verbose errors displaying to users in a production application, which could expose sensitive information from the application. In particular, the constructor for `CORSFilter` and `apply` method for `CORSActionBuilder` use the static object `DefaultHttpErrorHandler` as a default value. This is patched in Play Framework 2.8.16. The `DefaultHttpErrorHandler` object has been changed to use the prod-mode behavior, and `DevHttpErrorHandler` has been introduced for the dev-mode behavior. A workaround is available. When constructing a `CORSFilter` or `CORSActionBuilder`, ensure that a properly-configured error handler is passed. Generally this should be done by using the `HttpErrorHandler` instance provided through dependency injection or through Play's `BuiltInComponents`. Ensure that the application is not using the `DefaultHttpErrorHandler` static object in any code that may be run in production. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31023
CVE-2021-42877 TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42877
CVE-2022-22556 Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the Denial of Service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22556
CVE-2022-30237 A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30237
CVE-2021-42886 TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42886
CVE-2021-42889 In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42889
CVE-2021-42891 In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42891
CVE-2021-42893 In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42893
CVE-2021-39947 In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39947
CVE-2022-21757 In WIFI Firmware, there is a possible system crash due to a missing count check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468894; Issue ID: ALPS06468894. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21757
CVE-2022-23712 A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23712
CVE-2022-22396 Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are not printed. IBM X-Force ID: 222231. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22396
CVE-2022-32275 Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32275
CVE-2022-30587 Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30587
CVE-2022-29631 Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequest#set and `jodd.http.HttpRequest#send. These vulnerabilities allow attackers to execute Server-Side Request Forgery (SSRF) via a crafted TCP payload. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29631
CVE-2021-37589 Virtua Cobranca before 12R allows SQL Injection on the login page. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37589
CVE-2022-29564 Jamf Private Access before 2022-05-16 has Incorrect Access Control, in which an unauthorized user can reach a system in the internal infrastructure, aka WND-44801. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29564
CVE-2022-31028 MinIO is a multi-cloud object storage solution. Starting with version RELEASE.2019-09-25T18-25-51Z and ending with version RELEASE.2022-06-02T02-11-04Z, MinIO is vulnerable to an unending go-routine buildup while keeping connections established due to HTTP clients not closing the connections. Public-facing MinIO deployments are most affected. Users should upgrade to RELEASE.2022-06-02T02-11-04Z to receive a patch. One possible workaround is to use a reverse proxy to limit the number of connections being attempted in front of MinIO, and actively rejecting connections from such malicious clients. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31028
CVE-2022-1708 A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1708
CVE-2022-30717 Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30717
CVE-2022-30732 Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via onActivityResult. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30732
CVE-2022-30735 Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the access_token without permission. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30735
CVE-2022-30746 Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30746
CVE-2022-21211 This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with type-check. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21211
CVE-2022-31460 Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2022-31460
CVE-2019-10086 In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2019-10086
CVE-2019-5142 An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various authenticated requests to trigger this vulnerability. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2019-5142
CVE-2019-5165 An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2019-5165
CVE-2021-43944 This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-43944
CVE-2022-26151 Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-26151
CVE-2022-23050 ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-23050
CVE-2022-31007 eLabFTW is an electronic lab notebook manager for research teams. Prior to version 4.3.0, a vulnerability allows an authenticated user with an administrator role in a team to assign itself system administrator privileges within the application, or create a new system administrator account. The issue has been corrected in eLabFTW version 4.3.0. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A system administrator account can manage all accounts, teams and edit system-wide settings within the application. The impact is not deemed as high, as it requires the attacker to have access to an administrator account. Regular user accounts cannot exploit this to gain admin rights. A workaround for one if the issues is removing the ability of administrators to create accounts. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-31007
CVE-2021-44080 A Command Injection vulnerability in httpd web server (setup.cgi) in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connection_type parameter of the statussupport_diagnostic_tracing.json endpoint. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-44080
CVE-2022-30794 Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductetails.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-30794
CVE-2022-30795 Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductimage.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-30795
CVE-2022-30798 Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/viewreport.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-30798
CVE-2022-30799 Online Ordering System v1.0 by oretnom23 has SQL injection via store/orderpage.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-30799
CVE-2022-30818 Wedding Management System v1.0 is vulnerable to SQL injection via /Wedding-Management/admin/blog_events_edit.php?id=31. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-30818
CVE-2022-30823 Wedding Management System v1.0 is vulnerable to SQL Injection via \\admin\\blog_events_edit.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-30823
CVE-2022-30825 Wedding Management System v1.0 is vulnerable to SQL Injection via \\admin\\client_edit.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-30825
CVE-2022-30826 Wedding Management System v1.0 is vulnerable to SQL Injection via admin\\client_assign.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-30826
CVE-2022-30827 Wedding Management System v1.0 is vulnerable to SQL Injection via \\admin\\package_edit.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-30827
CVE-2022-30828 Wedding Management System v1.0 is vulnerable to SQL Injection via \\admin\\photos_edit.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-30828
CVE-2022-30829 Wedding Management System v1.0 is vulnerable to SQL Injection via \\admin\\users_edit.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-30829
CVE-2022-30830 Wedding Management System v1.0 is vulnerable to SQL Injection via \\admin\\feature_edit.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-30830
CVE-2022-30831 Wedding Management System v1.0 is vulnerable to SQL Injection via Wedding-Management/wedding_details.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-30831
CVE-2022-30832 Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_assign.php?booking=31&user_id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-30832
CVE-2022-30833 Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_edit.php?booking=31&user_id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-30833
CVE-2022-30834 Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_manage_account_details.php?booking_id=31&user_id= 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-30834
CVE-2022-30835 Wedding Management System v1.0 is vulnerable to SQL Injection. via /Wedding-Management/admin/budget.php?booking_id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-30835
CVE-2022-30836 Wedding Management System v1.0 is vulnerable to SQL Injection. via Wedding-Management/admin/select.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-30836
CVE-2022-31339 Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/login.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-31339
CVE-2022-31970 ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/manage_response&id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-31970
CVE-2022-31971 ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/view_response&id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-31971
CVE-2022-31974 Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-31974
CVE-2022-31975 Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_user&id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-31975
CVE-2022-31980 Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manage_team&id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-31980
CVE-2022-31981 Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/view_team&id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-31981
CVE-2022-31982 Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request&id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-31982
CVE-2022-31983 Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/manage_request&id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-31983
CVE-2022-31984 Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/take_action.php?id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-31984
CVE-2022-31996 Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=sales/manage_sale&id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-31996
CVE-2022-31998 Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/view_details&id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-31998
CVE-2022-32000 Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/manage_service_transaction&id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-32000
CVE-2022-32001 Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/view_product.php?id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-32001
CVE-2022-32003 Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/view_court.php?id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-32003
CVE-2022-32004 Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/manage_product.php?id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-32004
CVE-2022-32005 Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/services/manage_service.php?id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-32005
CVE-2022-32006 Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/services/view_service.php?id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-32006
CVE-2022-31985 Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports/daily_sales_report&date=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-31985
CVE-2022-31986 Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports/daily_court_rental_report&date=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-31986
CVE-2022-31988 Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=reports/daily_services_report&date=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-31988
CVE-2022-31992 Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=court_rentals/view_court_rental&id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-31992
CVE-2022-31994 Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=sales/view_details&id. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-31994
CVE-2022-32007 Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/company/index.php?view=edit&id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-32007
CVE-2022-32008 Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/vacancy/index.php?view=edit&id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-32008
CVE-2022-32010 Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/user/index.php?view=edit&id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-32010
CVE-2022-32011 Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/applicants/index.php?view=view&id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-32011
CVE-2022-32012 Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/employee/index.php?view=edit&id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-32012
CVE-2022-32013 Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/category/index.php?view=edit&id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-32013
CVE-2022-32014 Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=byfunction. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-32014
CVE-2022-32015 Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=category&search=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-32015
CVE-2022-32016 Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bycompany. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-32016
CVE-2022-32017 Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bytitle. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-32017
CVE-2022-32018 Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=hiring&search=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-32018
CVE-2022-32021 Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_movement.php?id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-32021
CVE-2022-32022 Car Rental Management System v1.0 is vulnerable to SQL Injection via /ip/car-rental-management-system/admin/ajax.php?action=login. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-32022
CVE-2022-32024 Car Rental Management System v1.0 is vulnerable to SQL Injection via car-rental-management-system/booking.php?car_id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-32024
CVE-2022-32025 Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/view_car.php?id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-32025
CVE-2022-32026 Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_booking.php?id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-32026
CVE-2022-32027 Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/index.php?page=manage_car&id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-32027
CVE-2022-32028 Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php?id=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-32028
CVE-2022-32268 StarWind SAN and NAS v0.2 build 1914 allow remote code execution. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-32268
CVE-2022-30860 FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-30860
CVE-2022-30586 Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-30586
CVE-2019-5139 An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2019-5139
CVE-2021-25746 A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25746
CVE-2021-26362 A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call which results in mapping sensitive System Management Network (SMN) registers leading to a loss of integrity and availability. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-26362
CVE-2022-22977 VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-22977
CVE-2022-21827 An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-21827
CVE-2022-26697 An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26697
CVE-2022-26698 An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26698
CVE-2022-30687 Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-30687
CVE-2022-20806 Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-20806
CVE-2022-31463 Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-31463
CVE-2022-1944 When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows users with the Developer role to open terminals on other Developers' running jobs 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1944
CVE-2022-1734 A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-1734
CVE-2022-29855 Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29855
CVE-2022-0004 Hardware debug modes and processor INIT setting that allow override of locks for some Intel(R) Processors in Intel(R) Boot Guard and Intel(R) TXT may allow an unauthenticated user to potentially enable escalation of privilege via physical access. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0004
CVE-2022-29854 A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29854
CVE-2022-21951 A Missing Encryption of Sensitive Data vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21951
CVE-2022-30784 A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30784
CVE-2022-30786 A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30786
CVE-2022-30788 A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30788
CVE-2022-30789 A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30789
CVE-2022-1789 With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1789
CVE-2022-30783 An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-30783
CVE-2022-30785 A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-30785
CVE-2022-30787 An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-30787
CVE-2022-26691 A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26691
CVE-2022-29085 Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-29085
CVE-2022-21750 In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521283; Issue ID: ALPS06521283. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-21750
CVE-2022-21751 In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06511132; Issue ID: ALPS06511132. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-21751
CVE-2022-21752 In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06493873; Issue ID: ALPS06493873. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-21752
CVE-2022-21753 In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06493873; Issue ID: ALPS06493899. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-21753
CVE-2022-21754 In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06535953; Issue ID: ALPS06535953. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-21754
CVE-2022-21758 In ccu, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06439600; Issue ID: ALPS06439600. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-21758
CVE-2022-21759 In power service, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419106; Issue ID: ALPS06419077. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-21759
CVE-2017-9287 servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2017-9287
CVE-2018-6356 Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to. On Windows, any file accessible to the Jenkins master process could be downloaded. On other operating systems, any file within the Jenkins home directory accessible to the Jenkins master process could be downloaded. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2018-6356
CVE-2018-4843 A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC NET CP 343-1 Standard (incl. SIPLUS NET variants) (All versions), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC NET CP 443-1 Standard (incl. SIPLUS NET variants) (All versions), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V1.7.0), SIMATIC S7-1500 Software Controller (incl. F) (All versions < V1.7.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.16), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.1), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINUMERIK 828D (All versions < V4.7 SP6 HF1), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a Denial-of-Service condition of the requesting system. The security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. Successful exploitation requires no user interaction or privileges and impacts the availability of core functionality of the affected device. A manual restart is required to recover the system. At the time of advisory publication no public exploitation of this security vulnerability is known. Siemens provides mitigations to resolve the security issue. PROFIBUS interfaces are not affected. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2018-4843
CVE-2019-3799 Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-3799
CVE-2019-5014 An exploitable improper access control vulnerability exists in the bluetooth low energy functionality of Winco Fireworks FireFly FW-1007 V2.0. An attacker can connect to the device to trigger this vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-5014
CVE-2019-3738 RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-3738
CVE-2019-3739 RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-3739
CVE-2021-40085 An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40085
CVE-2021-33716 A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions < V1.1). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33716
CVE-2021-43332 In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43332
CVE-2021-43941 Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43941
CVE-2022-25313 In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25313
CVE-2021-37209 A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions), RUGGEDCOM ROS RSG2300 (All versions), RUGGEDCOM ROS RSG2300P (All versions), RUGGEDCOM ROS RSG2488 (All versions), RUGGEDCOM ROS RSG907R (All versions), RUGGEDCOM ROS RSG908C (All versions), RUGGEDCOM ROS RSG909R (All versions), RUGGEDCOM ROS RSG910C (All versions), RUGGEDCOM ROS RSG920P (All versions), RUGGEDCOM ROS RSL910 (All versions), RUGGEDCOM ROS RST2228 (All versions), RUGGEDCOM ROS RST2228P (All versions), RUGGEDCOM ROS RST916C (All versions), RUGGEDCOM ROS RST916P (All versions), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37209
CVE-2021-3733 There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3733
CVE-2022-1348 A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1348
CVE-2022-28875 A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28875
CVE-2022-22662 A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22662
CVE-2022-30585 The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to view sensitive information. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30585
CVE-2022-20807 Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-20807
CVE-2022-1583 The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to occur. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1583
CVE-2022-22361 IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22361
CVE-2022-1947 Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1947
CVE-2022-1285 Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1285
CVE-2022-29232 BigBlueButton is an open source web conferencing system. Starting with version 2.2 and prior to versions 2.3.9 and 2.4-beta-1, an attacker can circumvent access controls to obtain the content of public chat messages from different meetings on the server. The attacker must be a participant in a meeting on the server. BigBlueButton versions 2.3.9 and 2.4-beta-1 contain a patch for this issue. There are currently no known workarounds. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29232
CVE-2022-27776 A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27776
CVE-2022-29788 libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mobi file. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29788
CVE-2022-30804 elitecms v1.01 is vulnerable to Delete any file via /admin/delete_image.php?file=. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30804
CVE-2022-31342 Online Car Wash Booking System v1.0 is vulnerable to Delete any file via /ocwbs/classes/Master.php?f=delete_img. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31342
CVE-2022-31796 libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31796
CVE-2022-31966 ChatBot App with Suggestion v1.0 is vulnerable to Delete any file via /simple_chat_bot/classes/Master.php?f=delete_img. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31966
CVE-2022-31973 Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=delete_img. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31973
CVE-2022-1982 Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1982
CVE-2022-26944 Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table. NOTE: this issue exists because of an incomplete fix for CVE-2020-10997. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26944
CVE-2022-29597 Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to Local File Inclusion (LFI). Any authenticated user has the ability to reference internal system files within requests made to the RRSWeb/maint/ShowDocument/ShowDocument.aspx page. The server will successfully respond with the file contents of the internal system file requested. This ability could allow for adversaries to extract sensitive data and/or files from the underlying file system, gain knowledge about the internal workings of the system, or access source code of the application. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29597
CVE-2022-31024 richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fix for this issue. There are currently no known workarounds available. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31024
CVE-2022-31459 Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31459
CVE-2022-31461 Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31461
CVE-2022-30233 A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30233
CVE-2022-29767 adbyby v2.7 allows external users to make connections via port 8118. This can cause a program logic error and lead to a Denial of Service (DoS) via high CPU usage due to a large number of connections. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29767
CVE-2022-29773 An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29773
CVE-2022-1935 Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token to misuse it from any location even when IP address restrictions were configured 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1935
CVE-2022-1936 Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP address restrictions were configured 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1936
CVE-2022-29617 Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29617
CVE-2022-28478 SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The "Remove file" functionality inside the "Log files management" menu does not sanitize user input allowing attackers with admin privileges to delete arbitrary files on the remote system. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28478
CVE-2020-36528 A vulnerability, which was classified as critical, was found in Platinum Mobile 1.0.4.850. Affected is /MobileHandler.ashx which leads to broken access control. The attack requires authentication. Upgrading to version 1.0.4.851 is able to address this issue. It is recommended to upgrade the affected component. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36528
CVE-2020-36532 A vulnerability has been found in Klapp App and classified as problematic. This vulnerability affects unknown code of the component Authorization. The manipulation leads to information disclosure (Credentials). The attack can be initiated remotely. It is recommended to upgrade the affected app. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36532
CVE-2020-36534 A vulnerability was found in easyii CMS. It has been classified as problematic. Affected is an unknown function of the file /admin/sign/out. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36534
CVE-2022-1422 The Discy WordPress theme before 5.2 does not check for CSRF tokens in the AJAX action discy_reset_options, allowing an attacker to trick an admin into resetting the site settings back to defaults. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1422
CVE-2022-1424 The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1424
CVE-2022-21499 KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21499
CVE-2022-21504 The code in UEK6 U3 was missing an appropiate file descriptor count to be missing. This resulted in a use count error that allowed a file descriptor to a socket to be closed and freed while it was still in use by another portion of the kernel. An attack with local access can operate on the socket, and cause a denial of service. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21504
CVE-2021-41089 Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2021-41089
CVE-2021-41091 Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2021-41091
CVE-2022-1462 An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2022-1462
CVE-2018-8032 Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2018-8032
CVE-2019-13038 mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-13038
CVE-2021-43331 In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-43331
CVE-2021-43558 A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-43558
CVE-2021-45818 SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to HTTP response splitting. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-45818
CVE-2021-25086 The Advanced Page Visit Counter WordPress plugin before 6.1.2 does not sanitise and escape some input before outputting it in an admin dashboard page, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admins viewing it 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25086
CVE-2022-29710 A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-29710
CVE-2022-29091 Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-29091
CVE-2021-28508 This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak IPsec sensitive data in clear text in CVP to other authorized users, which could cause IPsec traffic to be decrypted or modified by other authorized users on the device. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-28508
CVE-2021-28509 This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MACsec sensitive data in clear text in CVP to other authorized users, which could cause MACsec traffic to be decrypted or modified by other authorized users on the device. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-28509
CVE-2022-31648 Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint. The issue is fixed for versions 8.0.x in TPS-5233, for versions 7.3.x in TPS-5324, and for versions 7.2.x in TPS-5235. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-31648
CVE-2022-1009 The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin to upload a malicious configuration file 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1009
CVE-2022-1527 The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1527
CVE-2022-1528 The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.9 does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1528
CVE-2022-1582 The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1582
CVE-2022-29258 XWiki Platform Filter UI provides a generic user interface to convert from a XWiki Filter input stream to an output stream with settings for each stream. Starting with versions 6.0-milestone-2 and 5.4.4 and prior to versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3, XWiki Platform Filter UI contains a possible cross-site scripting vector in the `Filter.FilterStreamDescriptorForm` wiki page related to pretty much all the form fields printed in the home page of the application. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest workaround is to edit the wiki page `Filter.FilterStreamDescriptorForm` (with wiki editor) according to the instructions in the GitHub Security Advisory. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-29258
CVE-2022-23237 E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host header injection attacks that could allow an attacker to redirect users to malicious websites. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-23237
CVE-2022-24238 ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24238
CVE-2022-26972 Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26972
CVE-2022-26974 Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Lack of input sanitization in the upload mechanism leads to reflected XSS. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26974
CVE-2022-26977 Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26977
CVE-2022-26978 Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leading to reflected XSS. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26978
CVE-2022-29540 resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints, 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-29540
CVE-2022-29598 Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to an reflected Cross-Site Scripting (XSS) vulnerability via RRSWeb/maint/ShowDocument/ShowDocument.aspx . 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-29598
CVE-2022-29653 OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-29653
CVE-2022-29711 LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-29711
CVE-2022-29732 Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-29732
CVE-2022-30349 siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS). 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-30349
CVE-2022-30513 School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-30513
CVE-2022-30514 School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-30514
CVE-2022-29718 Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-29718
CVE-2022-1988 Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1988
CVE-2021-42245 FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tags and content sections. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-42245
CVE-2022-31493 LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-31493
CVE-2022-31492 Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-31492
CVE-2022-31498 LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-31498
CVE-2022-31494 LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-31494
CVE-2022-31495 LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-31495
CVE-2022-1241 The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1241
CVE-2022-1597 The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1597
CVE-2017-2911 An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2017-2911
CVE-2017-2912 An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2017-2912
CVE-2017-2913 An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2017-2913
CVE-2021-36221 Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-36221
CVE-2022-24769 Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-24769
CVE-2021-3597 A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-3597
CVE-2022-29245 SSH.NET is a Secure Shell (SSH) library for .NET. In versions 2020.0.0 and 2020.0.1, during an `X25519` key exchange, the client’s private key is generated with `System.Random`. `System.Random` is not a cryptographically secure random number generator, it must therefore not be used for cryptographic purposes. When establishing an SSH connection to a remote host, during the X25519 key exchange, the private key is generated with a weak random number generator whose seed can be brute forced. This allows an attacker who is able to eavesdrop on the communications to decrypt them. Version 2020.0.2 contains a patch for this issue. As a workaround, one may disable support for `curve25519-sha256` and `curve25519-sha256@libssh.org` key exchange algorithms. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-29245
CVE-2022-31015 Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call. This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed. This issue has been fixed in Waitress 2.1.2 by no longer allowing the WSGI thread to close the socket. Instead, that is always delegated to the main thread. There is no work-around for this issue. However, users using waitress behind a reverse proxy server are less likely to have issues if the reverse proxy always reads the full response. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-31015
CVE-2022-26491 An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-26491
CVE-2022-29733 Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-29733
CVE-2022-27774 An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2022-27774
CVE-2022-30277 BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). 5.7 https://nvd.nist.gov/vuln/detail/CVE-2022-30277
CVE-2019-5011 An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2019-5011
CVE-2019-5020 An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1. A specially crafted binary file can cause a negative value to be read to satisfy an assert, resulting in Denial of Service. An attacker can create a malicious binary to trigger this vulnerability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2019-5020
CVE-2020-27842 There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27842
CVE-2020-9014 In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows local users to cause a denial of service (BSOD) via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406, or 0x9C40240A. \\Device\\EMPNSAUIO and \\DosDevices\\EMPNSAU are similarly affected. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-9014
CVE-2020-9453 In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. (0x9C402402 has only a NULL pointer dereference.) This affects \\Device\\EMPMPAUIO and \\DosDevices\\EMPMPAU. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-9453
CVE-2021-33910 basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33910
CVE-2022-0854 A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0854
CVE-2022-1475 An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1475
CVE-2022-22616 This issue was addressed with improved checks. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22616
CVE-2022-22663 This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-004 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.6. A malicious application may bypass Gatekeeper checks. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22663
CVE-2022-22674 An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22674
CVE-2022-22676 An event handler validation issue in the XPC Services API was addressed by removing the service. This issue is fixed in macOS Monterey 12.2. An application may be able to delete files for which it does not have permission. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22676
CVE-2022-26766 A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26766
CVE-2022-26767 The issue was addressed with additional permissions checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26767
CVE-2022-30973 We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30973
CVE-2022-31022 Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP (bleve/http) handlers for exposing the access to the indexes. For instance, the CreateIndexHandler (`http/index_create.go`) and DeleteIndexHandler (`http/index_delete.go`) enable an attacker to create a bleve index (directory structure) anywhere where the user running the server has the write permissions and to delete recursively any directory owned by the same user account. Users who have used the bleve/http package for exposing access to bleve index without the explicit handling for the Role Based Access Controls(RBAC) of the index assets would be impacted by this issue. There is no patch for this issue because the http package is purely intended to be used for demonstration purposes. Bleve was never designed handle the RBACs, nor it was ever advertised to be used in that way. The collaborators of this project have decided to stay away from adding any authentication or authorization to bleve project at the moment. The bleve/http package is mainly for demonstration purposes and it lacks exhaustive validation of the user inputs as well as any authentication and authorization measures. It is recommended to not use bleve/http in production use cases. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31022
CVE-2021-42196 An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function traits_parse() located in abc.c. It allows an attacker to cause Denial of Service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42196
CVE-2021-42198 An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause Denial of Service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42198
CVE-2021-42200 An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function main() located in swfdump.c. It allows an attacker to cause Denial of Service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42200
CVE-2021-42202 An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_DeleteFilter() located in swffilter.c. It allows an attacker to cause Denial of Service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42202
CVE-2021-43512 An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43512
CVE-2022-1943 A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1943
CVE-2022-29779 Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29779
CVE-2022-29780 Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29780
CVE-2022-30503 Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30503
CVE-2022-31783 Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31783
CVE-2022-32201 In libjpeg 1.63, there is a NULL pointer dereference in Component::SubXOf in component.hpp. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32201
CVE-2022-32202 In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32202
CVE-2022-26866 Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26866
CVE-2022-21748 In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06511030; Issue ID: ALPS06511030. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21748
CVE-2022-21749 In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06511058; Issue ID: ALPS06511058. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21749
CVE-2022-28224 Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28224
CVE-2022-30727 Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30727
CVE-2022-30731 Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30731
CVE-2022-30745 Improper access control vulnerability in Quick Share prior to version 13.1.2.4 allows attacker to access internal files in Quick Share. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30745
CVE-2022-30747 PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30747
CVE-2022-30748 Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30748
CVE-2018-1999005 A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2018-1999005
CVE-2018-1999007 A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in another user's browser when that other user views HTTP 404 error pages while Stapler debug mode is enabled. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2018-1999007
CVE-2019-1003050 The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2019-1003050
CVE-2022-30596 A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-30596
CVE-2022-20802 A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-20802
CVE-2022-1928 Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1928
CVE-2022-0642 The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0642
CVE-2022-1562 The Enable SVG WordPress plugin before 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1562
CVE-2022-24967 Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting (XSS). 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24967
CVE-2022-26976 Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-26976
CVE-2022-29628 A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page parameter. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-29628
CVE-2022-29648 A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-29648
CVE-2022-29734 A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-29734
CVE-2022-30999 FriendsofFlarum (FoF) Upload is an extension that handles file uploads intelligently for your forum. If FoF Upload prior to version 1.2.3 is configured to allow the uploading of SVG files ('image/svg+xml'), navigating directly to an SVG file URI could execute arbitrary Javascript code decided by an attacker. This Javascript code could include the execution of HTTP web requests to Flarum, or any other web service. This could allow data to be leaked by an authenticated Flarum user, or, possibly, for data to be modified maliciously. This issue has been patched with v1.2.3, which now sanitizes uploaded SVG files. As a workaround, remove the ability for users to upload SVG files through FoF Upload. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-30999
CVE-2021-38221 bbs-go <= 3.3.0 including Custom Edition is vulnerable to stored XSS. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-38221
CVE-2022-26497 BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the "Share room access" dialog if the victim has shared access to the particular room with the attacker previously. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-26497
CVE-2022-30429 Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also be present in all intermediate versions. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-30429
CVE-2022-29770 XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-29770
CVE-2022-1940 A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1940
CVE-2022-28051 The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-28051
CVE-2020-36523 A vulnerability was found in PlantUML 6.43. It has been declared as problematic. Affected by this vulnerability is the component Database Information Macro. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-36523
CVE-2020-36524 A vulnerability was found in Refined Toolkit. It has been rated as problematic. Affected by this issue is some unknown functionality of the component UI-Image/UI-Button. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-36524
CVE-2020-36525 A vulnerability classified as problematic has been found in Linking. This affects an unknown part of the component New Windows Macro. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-36525
CVE-2020-36526 A vulnerability classified as problematic was found in Countdown Timer. This vulnerability affects unknown code of the component Macro Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-36526
CVE-2020-36527 A vulnerability, which was classified as problematic, has been found in Server Status. This issue affects some unknown processing of the component HTTP Status/SMTP Status. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-36527
CVE-2022-1997 Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1997
CVE-2017-9947 A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2017-9947
CVE-2018-1000067 An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2018-1000067
CVE-2018-1000068 An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2018-1000068
CVE-2019-5017 An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can craft and send a packet containing an opcode that will trigger the kernel module to return several addresses. One of which can be used to calculate the dynamic base address of the module for further exploitation. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2019-5017
CVE-2021-26085 Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-26085
CVE-2021-22925 curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-22925
CVE-2021-43560 A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-43560
CVE-2022-0140 The Visual Form Builder WordPress plugin before 3.0.8 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-0140
CVE-2022-1328 Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-1328
CVE-2021-3503 A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-3503
CVE-2022-30597 A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30597
CVE-2021-27780 The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-27780
CVE-2022-1893 Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository polonel/trudesk prior to 1.2.3. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-1893
CVE-2022-29235 BigBlueButton is an open source web conferencing system. Starting in version 2.2 and up to versions 2.3.18 and 2.4-rc-6, an attacker who is able to obtain the meeting identifier for a meeting on a server can find information related to an external video being shared, like the current timestamp and play/pause. The problem has been patched in versions 2.3.18 and 2.4-rc-6 by modifying the stream to send the data only for users in the meeting. There are currently no known workarounds. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-29235
CVE-2022-26971 Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. This upload can be executed without authentication. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-26971
CVE-2022-26973 Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-26973
CVE-2022-27779 libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-27779
CVE-2022-32265 qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-32265
CVE-2022-29784 PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-29784
CVE-2022-31025 Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the `stable` branch and 2.9.0beta5 on the `beta` and `tests-passed` branches, inviting users on sites that use single sign-on could bypass the `must_approve_users` check and invites by staff are always approved automatically. The issue is patched in Discourse version 2.8.4 on the `stable` branch and version `2.9.0.beta5` on the `beta` and `tests-passed` branches. As a workaround, disable invites or increase `min_trust_level_to_allow_invite` to reduce the attack surface to more trusted users. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-31025
CVE-2022-30709 Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30709
CVE-2022-30715 Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30715
CVE-2022-30716 Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30716
CVE-2022-30719 Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30719
CVE-2022-30720 Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30720
CVE-2022-30721 Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30721
CVE-2022-30733 Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30733
CVE-2022-30734 Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30734
CVE-2022-30736 Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30736
CVE-2022-30737 Implicit Intent hijacking vulnerability in Samsung Account prior to version 13.2.00.6 allows attackers to get email ID. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30737
CVE-2022-30743 Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30743
CVE-2019-13057 An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.) 4.9 https://nvd.nist.gov/vuln/detail/CVE-2019-13057
CVE-2022-1926 Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-1926
CVE-2021-33504 Couchbase Server before 7.1.0 has Incorrect Access Control. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-33504
CVE-2019-10383 A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2019-10383
CVE-2022-20765 A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to affected web applications. A successful exploit could allow the attacker to rewrite web page content, access sensitive information stored in the applications, and alter data by submitting forms. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20765
CVE-2021-27781 The Master operator may be able to embed script tag in HTML with alert pop-up display cookie. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27781
CVE-2022-0376 The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0376
CVE-2022-1275 The BannerMan WordPress plugin through 0.2.4 does not sanitize or escape its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed (such as in multisite) 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1275
CVE-2022-1294 The IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1294
CVE-2022-1299 The Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1299
CVE-2022-1387 The No Future Posts WordPress plugin through 1.4 does not escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1387
CVE-2022-1395 The Easy FAQ with Expanding Text WordPress plugin through 3.2.8.3.1 does not sanitise and escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks when unfiltered_html is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1395
CVE-2022-1456 The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1456
CVE-2022-1542 The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1542
CVE-2022-1564 The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1564
CVE-2022-1566 The Quotes llama WordPress plugin through 0.7 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1566
CVE-2022-1568 The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1568
CVE-2022-1643 The Birthdays Widget WordPress plugin through 1.7.18 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1643
CVE-2022-1644 The Call&Book Mobile Bar WordPress plugin through 1.2.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1644
CVE-2022-1645 The Amazon Link WordPress plugin through 3.2.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1645
CVE-2022-1646 The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1646
CVE-2021-27778 HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. An attacker could exploit this vulnerability to execute a malicious script to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27778
CVE-2021-27914 A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27914
CVE-2021-36866 Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at WordPress. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36866
CVE-2022-30482 Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable to Cross Site Scripting (XSS) in \\admin\\add_cata.php via the ctg_name parameters. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30482
CVE-2022-1979 A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been declared as problematic. This vulnerability affects p=contact. The manipulation of the Message textbox with the input --redacted-- leads to cross site scripting. The attack can be initiated remotely but requires authentication. Exploit details have been disclosed to the public 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1979
CVE-2022-1980 A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been rated as problematic. This issue affects the file /admin/?page=system_info/contact_info. The manipulation of the textbox Telephone with the input --redacted-- leads to cross site scripting. The attack may be initiated remotely but requires authentication. Exploit details have been disclosed to the public 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1980
CVE-2022-30861 FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30861
CVE-2022-30863 FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30863
CVE-2022-28479 SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the "Role management" menu and then trigger the payload by loading the "Users management" menu 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28479
CVE-2022-1991 A vulnerability classified as problematic has been found in Fast Food Ordering System 1.0. Affected is the file Master.php of the Master List. The manipulation of the argument Description with the input leads to cross site scripting. It is possible to launch the attack remotely but it requires authentication. Exploit details have been disclosed to the public. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1991
CVE-2017-14159 slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2017-14159
CVE-2022-26690 Description: A race condition was addressed with additional validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to modify protected parts of the file system. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26690
CVE-2022-26764 A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26764
CVE-2022-26765 A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26765
CVE-2020-6220 BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. Exploit is possible only when the bttoken in victim’s session is active. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2020-6220
CVE-2022-29082 Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could allow remote attackers to spoof certificates. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2022-29082
CVE-2022-1716 Keep My Notes v1.80.147 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2022-1716
CVE-2022-30729 Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2022-30729
CVE-2022-30730 Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2022-30730
CVE-2021-20317 A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-20317
CVE-2022-0494 A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0494
CVE-2022-26688 An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-26688
CVE-2022-23236 E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-23236
CVE-2022-21746 In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479698; Issue ID: ALPS06479698. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-21746
CVE-2022-21747 In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478078; Issue ID: ALPS06478078. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-21747
CVE-2022-21755 In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06545464; Issue ID: ALPS06545464. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-21755
CVE-2022-21756 In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06535950; Issue ID: ALPS06535950. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-21756
CVE-2022-21760 In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479562; Issue ID: ALPS06479562. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-21760
CVE-2022-21761 In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479532; Issue ID: ALPS06479532. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-21761
CVE-2022-21762 In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06477946; Issue ID: ALPS06477946. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-21762
CVE-2018-1000192 A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all installed plugins. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2018-1000192
CVE-2018-1000193 A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and cannot be deleted via the UI. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2018-1000193
CVE-2018-1000195 A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful (200) or not. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2018-1000195
CVE-2018-1999003 A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Queue.java that allows attackers with Overall/Read permission to cancel queued builds. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2018-1999003
CVE-2018-1999004 A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2018-1999004
CVE-2022-30598 A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30598
CVE-2022-1203 The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-1203
CVE-2022-29243 Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4, missing input-size validation of new session names allows users to create app passwords with long names. These long names are then loaded into memory on usage, resulting in impacted performance. Versions 22.2.7 and 23.0.4 contain a fix for this issue. There are currently no known workarounds available. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-29243
CVE-2022-31000 solidus_backend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery (CSRF) vulnerability. The vulnerability allows attackers to change the state of an order's adjustments if they hold its number, and the execution happens on a store administrator's computer. Users should upgrade to solidus_backend 3.1.6, 3.0.6, or 2.11.16 to receive a patch. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-31000
CVE-2022-26905 Microsoft Edge (Chromium-based) Spoofing Vulnerability. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-26905
CVE-2022-29233 BigBlueButton is an open source web conferencing system. In BigBlueButton starting with 2.2 but before 2.3.18 and 2.4-rc-1, an attacker can circumvent access controls to gain access to all breakout rooms of the meeting they are in. The permission checks rely on knowledge of internal ids rather than on verification of the role of the user. Versions 2.3.18 and 2.4-rc-1 contain a patch for this issue. There are currently no known workarounds. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-29233
CVE-2022-29234 BigBlueButton is an open source web conferencing system. Starting in version 2.2 and up to versions 2.3.18 and 2.4.1, an attacker could send messages to a locked chat within a grace period of 5s after the lock setting was enacted. The attacker needs to be a participant in the meeting. Versions 2.3.18 and 2.4.1 contain a patch for this issue. There are currently no known workarounds. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-29234
CVE-2022-29236 BigBlueButton is an open source web conferencing system. Starting in version 2.2 and up to versions 2.3.18 and 2.4-rc-6, an attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previously introduced grace period. The attacker must be a meeting participant. The problem has been patched in versions 2.3.18 and 2.4-rc-6. There are currently no known workarounds. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-29236
CVE-2021-36890 Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-36890
CVE-2022-29627 An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-29627
CVE-2022-29731 An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-29731
CVE-2022-30115 Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30115
CVE-2021-42892 In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-42892
CVE-2022-1821 An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-1821
CVE-2022-30723 Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30723
CVE-2022-30724 Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30724
CVE-2022-30725 Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30725
CVE-2022-30738 Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30738
CVE-2022-30739 Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get an user email or phone number with a normal level permission. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30739
CVE-2022-30740 Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30740
CVE-2022-1421 The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-1421
CVE-2021-22924 libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate. 3.7 https://nvd.nist.gov/vuln/detail/CVE-2021-22924
CVE-2020-4008 The installer of the macOS Sensor for VMware Carbon Black Cloud (prior to 3.5.1) handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which a macOS sensor is going to be installed, may overwrite a limited number of files with output from the sensor installation. 3.6 https://nvd.nist.gov/vuln/detail/CVE-2020-4008
CVE-2022-32296 The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-32296
CVE-2022-28794 Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-28794
CVE-2022-30714 Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30714
CVE-2022-30728 Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30728
CVE-2022-30741 Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30741
CVE-2022-30742 Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permissio to get sim card information through device log. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30742
CVE-2020-13353 When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. 3.2 https://nvd.nist.gov/vuln/detail/CVE-2020-13353
CVE-2021-35576 Vulnerability in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Oracle Net to compromise Oracle Database Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Enterprise Edition Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). 2.7 https://nvd.nist.gov/vuln/detail/CVE-2021-35576
CVE-2022-1783 An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers to add new members to a project within their group, through the REST API, even after their group owner enabled a setting to prevent members from being added to projects within that group. 2.7 https://nvd.nist.gov/vuln/detail/CVE-2022-1783
CVE-2022-1966 A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue. https://nvd.nist.gov/vuln/detail/CVE-2022-1966
CVE-2022-27438 Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check. https://nvd.nist.gov/vuln/detail/CVE-2022-27438
CVE-2022-2022 Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7. https://nvd.nist.gov/vuln/detail/CVE-2022-2022
CVE-2021-35530 A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0 2.1.0; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. https://nvd.nist.gov/vuln/detail/CVE-2021-35530
CVE-2021-35531 Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. https://nvd.nist.gov/vuln/detail/CVE-2021-35531
CVE-2021-35532 A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. https://nvd.nist.gov/vuln/detail/CVE-2021-35532
CVE-2022-30466 joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authentication Bypass by Capture-replay. https://nvd.nist.gov/vuln/detail/CVE-2022-30466
CVE-2022-31470 An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content. https://nvd.nist.gov/vuln/detail/CVE-2022-31470
CVE-2022-24065 The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection. https://nvd.nist.gov/vuln/detail/CVE-2022-24065
CVE-2019-25062 A vulnerability was found in Sricam IP CCTV Camera and classified as critical. This issue affects some unknown processing of the component Device Viewer. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. https://nvd.nist.gov/vuln/detail/CVE-2019-25062
CVE-2019-25063 A vulnerability was found in Sricam IP CCTV Camera. It has been classified as critical. Affected is an unknown function of the component Device Viewer. The manipulation leads to memory corruption. Local access is required to approach this attack. https://nvd.nist.gov/vuln/detail/CVE-2019-25063
CVE-2020-36543 A vulnerability, which was classified as critical, was found in SialWeb CMS. This affects an unknown part of the file /about.php. The manipulation of the argument Id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. https://nvd.nist.gov/vuln/detail/CVE-2020-36543
CVE-2020-36544 A vulnerability has been found in SialWeb CMS and classified as problematic. This vulnerability affects unknown code of the component Search Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. https://nvd.nist.gov/vuln/detail/CVE-2020-36544
CVE-2022-1703 Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack. https://nvd.nist.gov/vuln/detail/CVE-2022-1703
CVE-2022-21122 The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript's Function constructor. https://nvd.nist.gov/vuln/detail/CVE-2022-21122
CVE-2022-0779 The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads https://nvd.nist.gov/vuln/detail/CVE-2022-0779
CVE-2022-0788 The WP Fundraising Donation and Crowdfunding Platform WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users https://nvd.nist.gov/vuln/detail/CVE-2022-0788
CVE-2022-1005 The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters https://nvd.nist.gov/vuln/detail/CVE-2022-1005
CVE-2022-1394 The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed https://nvd.nist.gov/vuln/detail/CVE-2022-1394
CVE-2022-1469 The FiboSearch WordPress plugin before 1.17.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed https://nvd.nist.gov/vuln/detail/CVE-2022-1469
CVE-2022-1506 The WP Born Babies WordPress plugin through 1.0 does not sanitise and escape some of its fields, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks https://nvd.nist.gov/vuln/detail/CVE-2022-1506
CVE-2022-1541 The Video Slider WordPress plugin before 1.4.8 does not sanitize or escape some of its video settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed https://nvd.nist.gov/vuln/detail/CVE-2022-1541
CVE-2022-1569 The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed https://nvd.nist.gov/vuln/detail/CVE-2022-1569
CVE-2022-1570 The Files Download Delay WordPress plugin before 1.0.7 does not have authorisation and CSRF checks when reseting its settings, which could allow any authenticated users, such as subscriber to perform such action. https://nvd.nist.gov/vuln/detail/CVE-2022-1570
CVE-2022-1577 The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails to themselves, which contain more details. Or disable the automatic backup schedule https://nvd.nist.gov/vuln/detail/CVE-2022-1577
CVE-2022-1598 The WPQA Builder WordPress plugin before 5.4 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site. https://nvd.nist.gov/vuln/detail/CVE-2022-1598
CVE-2022-1647 The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. https://nvd.nist.gov/vuln/detail/CVE-2022-1647
CVE-2022-1673 The WooCommerce Green Wallet Gateway WordPress plugin before 1.0.2 does not escape the error_envision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-1673
CVE-2022-1683 The amtyThumb WordPress plugin through 4.2.0 does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user (and not just Author+ like the original advisory mention) due to the fact that they can execute shortcodes via an AJAX action https://nvd.nist.gov/vuln/detail/CVE-2022-1683
CVE-2022-1684 The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users such as admin https://nvd.nist.gov/vuln/detail/CVE-2022-1684
CVE-2022-1685 The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection https://nvd.nist.gov/vuln/detail/CVE-2022-1685
CVE-2022-1686 The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection https://nvd.nist.gov/vuln/detail/CVE-2022-1686
CVE-2022-1687 The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection https://nvd.nist.gov/vuln/detail/CVE-2022-1687
CVE-2022-1688 The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections https://nvd.nist.gov/vuln/detail/CVE-2022-1688
CVE-2022-1689 The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection https://nvd.nist.gov/vuln/detail/CVE-2022-1689
CVE-2022-1690 The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection https://nvd.nist.gov/vuln/detail/CVE-2022-1690
CVE-2022-1691 The Realty Workstation WordPress plugin through 1.0.6 does not sanitise and escape the trans_edit parameter before using it in a SQL statement when an agent edit a transaction, leading to an SQL injection https://nvd.nist.gov/vuln/detail/CVE-2022-1691
CVE-2022-1692 The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack https://nvd.nist.gov/vuln/detail/CVE-2022-1692
CVE-2022-1695 The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form. https://nvd.nist.gov/vuln/detail/CVE-2022-1695
CVE-2022-1709 The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF checks in place when deleting comments (either all, spam, or pending), allowing attackers to make a logged in admin delete comments via a CSRF attack https://nvd.nist.gov/vuln/detail/CVE-2022-1709
CVE-2022-1712 The LiveSync for WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack https://nvd.nist.gov/vuln/detail/CVE-2022-1712
CVE-2022-31497 LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS. https://nvd.nist.gov/vuln/detail/CVE-2022-31497
CVE-2022-1996 Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0. https://nvd.nist.gov/vuln/detail/CVE-2022-1996
CVE-2022-30552 Das U-Boot 2022.01 has a Buffer Overflow. https://nvd.nist.gov/vuln/detail/CVE-2022-30552
CVE-2022-30790 Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552. https://nvd.nist.gov/vuln/detail/CVE-2022-30790
CVE-2020-14125 A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by out-of-bound read/write and can be exploited by attackers to make denial of service. https://nvd.nist.gov/vuln/detail/CVE-2020-14125
CVE-2021-36710 ToaruOS 1.99.2 is affected by incorrect access control via the kernel. Improper MMU management and having a low GDT address allows it to be mapped in userland. A call gate can then be written to escalate to CPL 0. https://nvd.nist.gov/vuln/detail/CVE-2021-36710
CVE-2022-24296 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications. https://nvd.nist.gov/vuln/detail/CVE-2022-24296
CVE-2022-28382 An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode (Electronic Codebook, aka ECB), an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB mode. This operation mode of block ciphers (e.g., AES) always encrypts identical plaintext data, in this case blocks of 16 bytes, to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion, within ECB, can leak sensitive information even in encrypted data. Thus, the use of the ECB operation mode can put the confidentiality of specific information at risk, even in an encrypted form. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650. https://nvd.nist.gov/vuln/detail/CVE-2022-28382
CVE-2022-28383 An issue was discovered in certain Verbatim drives through 2022-03-31. Due to insufficient firmware validation, an attacker can store malicious firmware code for the USB-to-SATA bridge controller on the USB drive (e.g., by leveraging physical access during the supply chain). This code is then executed. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650. https://nvd.nist.gov/vuln/detail/CVE-2022-28383
CVE-2022-28384 An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they allow an offline brute-force attack for determining the correct passcode, and thus gaining unauthorized access to the stored encrypted data. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0. https://nvd.nist.gov/vuln/detail/CVE-2022-28384
CVE-2022-28385 An issue was discovered in certain Verbatim drives through 2022-03-31. Due to missing integrity checks, an attacker can manipulate the content of the emulated CD-ROM drive (containing the Windows and macOS client software). The content of this emulated CD-ROM drive is stored as an ISO-9660 image in the hidden sectors of the USB drive, that can only be accessed using special IOCTL commands, or when installing the drive in an external disk enclosure. By manipulating this ISO-9660 image or replacing it with another one, an attacker is able to store malicious software on the emulated CD-ROM drive. This software may get executed by an unsuspecting victim when using the device. For example, an attacker with temporary physical access during the supply chain could program a modified ISO-9660 image on a device that always accepts an attacker-controlled password for unlocking the device. If the attacker later on gains access to the used USB drive, he can simply decrypt all contained user data. Storing arbitrary other malicious software is also possible. This affects Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 and Fingerprint Secure Portable Hard Drive Part Number #53650. https://nvd.nist.gov/vuln/detail/CVE-2022-28385
CVE-2022-28387 An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they can be unlocked by an attacker who can then gain unauthorized access to the stored data. The attacker can simply use an undocumented IOCTL command that retrieves the correct password. This affects Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 and Fingerprint Secure Portable Hard Drive Part Number #53650. https://nvd.nist.gov/vuln/detail/CVE-2022-28387
CVE-2022-30899 A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/part_categories. https://nvd.nist.gov/vuln/detail/CVE-2022-30899
CVE-2022-31325 There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php. https://nvd.nist.gov/vuln/detail/CVE-2022-31325
CVE-2022-32273 As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server. https://nvd.nist.gov/vuln/detail/CVE-2022-32273
CVE-2022-28386 An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout (e.g., requiring a reformat of the drive after 20 failed unlock attempts) does not work as specified. More than 20 attempts may be made. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0. https://nvd.nist.gov/vuln/detail/CVE-2022-28386
CVE-2022-30875 Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page. https://nvd.nist.gov/vuln/detail/CVE-2022-30875
CVE-2021-40589 ZAngband zangband-data 2.7.5 is affected by an integer underflow vulnerability in src/tk/plat.c through the variable fileheader.bfOffBits. https://nvd.nist.gov/vuln/detail/CVE-2021-40589
CVE-2021-40592 GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file. https://nvd.nist.gov/vuln/detail/CVE-2021-40592
CVE-2022-30877 The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2. https://nvd.nist.gov/vuln/detail/CVE-2022-30877
CVE-2022-30882 pyanxdns package in PyPI version 0.2 is vulnerable to code execution backdoor. The impact is: execute arbitrary code (remote). When installing the pyanxdns package of version 0.2, the request package will be installed. https://nvd.nist.gov/vuln/detail/CVE-2022-30882
CVE-2022-31313 api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor in the request package. https://nvd.nist.gov/vuln/detail/CVE-2022-31313
CVE-2022-29013 A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request. https://nvd.nist.gov/vuln/detail/CVE-2022-29013
CVE-2022-29014 A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files. https://nvd.nist.gov/vuln/detail/CVE-2022-29014
CVE-2022-31496 LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access. https://nvd.nist.gov/vuln/detail/CVE-2022-31496
CVE-2022-24840 django-s3file is a lightweight file upload input for Django and Amazon S3 . In versions prior to 5.5.1 it was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. If the `AWS_LOCATION` setting was set, traversal was limited to that location only. The issue was discovered by the maintainer. There were no reports of the vulnerability being known to or exploited by a third party, prior to the release of the patch. The vulnerability has been fixed in version 5.5.1 and above. There is no feasible workaround. We must urge all users to immediately updated to a patched version. https://nvd.nist.gov/vuln/detail/CVE-2022-24840
CVE-2022-25804 An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Insecure permissions for the serverconfig registry key (under JavaSoft\\Prefs\\de\\igel\\rm\\config in HKEY_LOCAL_MACHINE\\SOFTWARE) allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the UMS superuser. https://nvd.nist.gov/vuln/detail/CVE-2022-25804
CVE-2022-25805 An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. The transmission of cleartext LDAP bind credentials by the cmd_mgt_load_mgt_tree command allows an attacker (who can intercept or inspect traffic between an authenticated UMS client and server) to compromise those LDAP bind credentials. https://nvd.nist.gov/vuln/detail/CVE-2022-25805
CVE-2022-25806 An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key. https://nvd.nist.gov/vuln/detail/CVE-2022-25806
CVE-2022-25807 An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key. https://nvd.nist.gov/vuln/detail/CVE-2022-25807
CVE-2022-30075 In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation. https://nvd.nist.gov/vuln/detail/CVE-2022-30075
CVE-2022-31649 ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer. https://nvd.nist.gov/vuln/detail/CVE-2022-31649
CVE-2022-32195 Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL. https://nvd.nist.gov/vuln/detail/CVE-2022-32195
CVE-2022-24896 Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this vulnerability to retrieve the name of a tracker they cannot access as well as the name of the fields used in reports. https://nvd.nist.gov/vuln/detail/CVE-2022-24896
CVE-2022-29254 silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as completed without payment being taken. This is mitigated by the fact that most payment gateways hide this information from users, however some issuing banks offer flawed 3DSecure implementations that may inadvertently expose this data. The following versions have been patched to fix this issue: `2.5.2`, `3.0.2`, `3.1.4`, and `3.2.1`. There are no known workarounds for this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-29254
CVE-2022-29255 Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address (including side effects) could be evaluated twice. This may result in incorrect outcomes for contracts. This issue has been addressed in v0.3.4. https://nvd.nist.gov/vuln/detail/CVE-2022-29255
CVE-2021-40610 Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background management. https://nvd.nist.gov/vuln/detail/CVE-2021-40610
CVE-2021-40668 The Android application HTTP File Server (Version 1.4.1) by 'slowscript' is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write. https://nvd.nist.gov/vuln/detail/CVE-2021-40668
CVE-2022-31019 Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: `curl -d "array[_0][0][array][_0][0][array]$(for f in $(seq 1100); do echo -n '[_0][0][array]'; done)[string][_0]=hello%20world" http://localhost:8080/foo`. The issue is unbounded, attacker controlled stack growth which will at some point lead to a stack overflow and a process crash. This issue has been fixed in version 4.61.1. https://nvd.nist.gov/vuln/detail/CVE-2022-31019
CVE-2022-31026 Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers. https://nvd.nist.gov/vuln/detail/CVE-2022-31026
CVE-2022-31027 OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowed_idps configuration trait of CILogonOAuthenticator is documented to be a list of domains that indicate the institutions whose users are authorized to access this JupyterHub. This authorization is validated by ensuring that the *email* field provided to us by CILogon has a *domain* that matches one of the domains listed in `allowed_idps`.If `allowed_idps` contains `berkeley.edu`, you might expect only users with valid current credentials provided by University of California, Berkeley to be able to access the JupyterHub. However, CILogonOAuthenticator does *not* verify which provider is used by the user to login, only the email address provided. So a user can login with a GitHub account that has email set to `<something>@berkeley.edu`, and that will be treated exactly the same as someone logging in using the UC Berkeley official Identity Provider. The patch fixing this issue makes a *breaking change* in how `allowed_idps` is interpreted. It's no longer a list of domains, but configuration representing the `EntityID` of the IdPs that are allowed, picked from the [list maintained by CILogon](https://cilogon.org/idplist/). Users are advised to upgrade. https://nvd.nist.gov/vuln/detail/CVE-2022-31027
CVE-2022-31030 containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing processes via an "exec" facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used. https://nvd.nist.gov/vuln/detail/CVE-2022-31030
CVE-2022-31386 A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter. https://nvd.nist.gov/vuln/detail/CVE-2022-31386
CVE-2022-31390 Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php. https://nvd.nist.gov/vuln/detail/CVE-2022-31390
CVE-2022-31393 Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php. https://nvd.nist.gov/vuln/detail/CVE-2022-31393
CVE-2022-31827 MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function performFetchRequest at HTTPFetcher.php. https://nvd.nist.gov/vuln/detail/CVE-2022-31827
CVE-2022-31830 Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the init function at ImageCapture.class.php. https://nvd.nist.gov/vuln/detail/CVE-2022-31830
CVE-2021-40961 CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '. https://nvd.nist.gov/vuln/detail/CVE-2021-40961
CVE-2022-1998 A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system. https://nvd.nist.gov/vuln/detail/CVE-2022-1998
CVE-2022-23138 ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack. https://nvd.nist.gov/vuln/detail/CVE-2022-23138
CVE-2022-2035 A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim's browser. https://nvd.nist.gov/vuln/detail/CVE-2022-2035
CVE-2022-32272 OPSWAT MetaDefender Core (MDCore) before 5.1.2 has incorrect access control, resulting in privilege escalation. https://nvd.nist.gov/vuln/detail/CVE-2022-32272
CVE-2022-0823 An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack. https://nvd.nist.gov/vuln/detail/CVE-2022-0823
CVE-2022-24969 bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-24969
CVE-2022-2000 Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. https://nvd.nist.gov/vuln/detail/CVE-2022-2000
CVE-2022-2016 Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1. https://nvd.nist.gov/vuln/detail/CVE-2022-2016
CVE-2022-2017 A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pms/admin/visits/view_visit.php of the component Visit Handler. The manipulation of the argument id with the input leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. https://nvd.nist.gov/vuln/detail/CVE-2022-2017
CVE-2022-2018 A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Affected is an unknown function of the file /admin/?page=inmates/view_inmate of the component Inmate Handler. The manipulation of the argument id with the input leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. https://nvd.nist.gov/vuln/detail/CVE-2022-2018
CVE-2022-2019 A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php?f=save of the component New User Creation. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. https://nvd.nist.gov/vuln/detail/CVE-2022-2019
CVE-2022-2020 A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input <img src="" onerror="alert(1)"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. https://nvd.nist.gov/vuln/detail/CVE-2022-2020
CVE-2022-30760 An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by changing the student ID parameter in the HTTP POST request to the FrontControllerSS endpoint. https://nvd.nist.gov/vuln/detail/CVE-2022-30760
CVE-2022-31031 PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue. https://nvd.nist.gov/vuln/detail/CVE-2022-31031
CVE-2022-31214 A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo. https://nvd.nist.gov/vuln/detail/CVE-2022-31214
CVE-2016-15002 A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This affects an unknown part of the component Cookie Handler. The manipulation of the argument HasServerEdit/IsAdmin leads to privilege escalation. It is possible to initiate the attack remotely. https://nvd.nist.gov/vuln/detail/CVE-2016-15002
CVE-2019-25064 A vulnerability was found in CoreHR Core Portal up to 27.0.7. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. Upgrading to version 27.0.8 is able to address this issue. It is recommended to upgrade the affected component. https://nvd.nist.gov/vuln/detail/CVE-2019-25064
CVE-2019-25065 A vulnerability was found in OpenNetAdmin 18.1.1. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. https://nvd.nist.gov/vuln/detail/CVE-2019-25065
CVE-2019-25066 A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.32 is able to address this issue. The name of the patch is 7aa146b724e0e20cfee2c71ca78fafbf53a8767c. It is recommended to upgrade the affected component. https://nvd.nist.gov/vuln/detail/CVE-2019-25066
CVE-2019-25067 A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. https://nvd.nist.gov/vuln/detail/CVE-2019-25067
CVE-2019-25068 A vulnerability classified as critical was found in Axios Italia Axios RE 1.7.0/7.0.0. This vulnerability affects unknown code of the file REDefault.aspx of the component Connection Handler. The manipulation of the argument DBIDX leads to privilege escalation. The attack can be initiated remotely. https://nvd.nist.gov/vuln/detail/CVE-2019-25068
CVE-2019-25069 A vulnerability, which was classified as problematic, has been found in Axios Italia Axios RE 1.7.0/7.0.0. This issue affects some unknown processing of the component Error Message Handler. The manipulation leads to information disclosure (ASP.NET). The attack may be initiated remotely. https://nvd.nist.gov/vuln/detail/CVE-2019-25069
CVE-2021-27786 Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and server to see if the request is allowed. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information when the Access-Control-Allow-Credentials is enabled. https://nvd.nist.gov/vuln/detail/CVE-2021-27786
CVE-2022-1986 OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9. https://nvd.nist.gov/vuln/detail/CVE-2022-1986
CVE-2022-1992 Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. https://nvd.nist.gov/vuln/detail/CVE-2022-1992
CVE-2022-1993 Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. https://nvd.nist.gov/vuln/detail/CVE-2022-1993
CVE-2022-25151 Within the Service Desk module of the ITarian platform (SAAS and on-premise), a remote attacker can obtain sensitive information, caused by the failure to set the HTTP Only flag. A remote attacker could exploit this vulnerability to gain access to the management interface by using this vulnerability in combination with a successful Cross-Site Scripting attack on a user. https://nvd.nist.gov/vuln/detail/CVE-2022-25151
CVE-2022-25152 The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures. It is possible to require a mandatory approval process. Due to a vulnerability in the approval process, present in any version prior to 6.35.37347.20040, a malicious actor (with a valid session token) can create a procedure, bypass approval, and execute the procedure. This results in the ability for any user with a valid session token to perform arbitrary code execution and full system take-over on all agents. https://nvd.nist.gov/vuln/detail/CVE-2022-25152
CVE-2022-25153 The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Due to this setting, a malicious actor with low privileges access to a system can escalate his privileges to SYSTEM abusing an insecure openssl.conf lookup. https://nvd.nist.gov/vuln/detail/CVE-2022-25153
CVE-2022-26362 x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited. https://nvd.nist.gov/vuln/detail/CVE-2022-26362
CVE-2022-26363 x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe. https://nvd.nist.gov/vuln/detail/CVE-2022-26363
CVE-2022-26364 x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe. https://nvd.nist.gov/vuln/detail/CVE-2022-26364
CVE-2022-26377 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions. https://nvd.nist.gov/vuln/detail/CVE-2022-26377
CVE-2022-28330 Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module. https://nvd.nist.gov/vuln/detail/CVE-2022-28330
CVE-2022-28614 The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. https://nvd.nist.gov/vuln/detail/CVE-2022-28614
CVE-2022-28615 Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. https://nvd.nist.gov/vuln/detail/CVE-2022-28615
CVE-2022-29404 In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. https://nvd.nist.gov/vuln/detail/CVE-2022-29404
CVE-2022-2014 Code Injection in GitHub repository jgraph/drawio prior to 19.0.2. https://nvd.nist.gov/vuln/detail/CVE-2022-2014
CVE-2022-2015 Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2. https://nvd.nist.gov/vuln/detail/CVE-2022-2015
CVE-2022-2026 Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0. https://nvd.nist.gov/vuln/detail/CVE-2022-2026
CVE-2022-2027 Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0. https://nvd.nist.gov/vuln/detail/CVE-2022-2027
CVE-2022-2028 Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0. https://nvd.nist.gov/vuln/detail/CVE-2022-2028
CVE-2022-2029 Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0. https://nvd.nist.gov/vuln/detail/CVE-2022-2029
CVE-2022-2036 Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. https://nvd.nist.gov/vuln/detail/CVE-2022-2036
CVE-2022-2037 Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0. https://nvd.nist.gov/vuln/detail/CVE-2022-2037
CVE-2022-30522 If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. https://nvd.nist.gov/vuln/detail/CVE-2022-30522
CVE-2022-30556 Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. https://nvd.nist.gov/vuln/detail/CVE-2022-30556
CVE-2022-31038 Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes `DisplayName` prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users' display names for malicious characters. https://nvd.nist.gov/vuln/detail/CVE-2022-31038
CVE-2022-31813 Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. https://nvd.nist.gov/vuln/detail/CVE-2022-31813
CVE-2022-24876 GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Kanban is a GLPI view to display Projects, Tickets, Changes or Problems on a task board. In versions prior to 10.0.1 a user can exploit a cross site scripting vulnerability in Kanban by injecting HTML code in its user name. Users are advised to upgrade. There are no known workarounds for this issue. https://nvd.nist.gov/vuln/detail/CVE-2022-24876
CVE-2022-29224 Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold� (prevent removal) upstream hosts obtained via service discovery until configured active health checking fails. If an attacker controls an upstream host and also controls service discovery of that host (via DNS, the EDS API, etc.), an attacker can crash Envoy by forcing removal of the host from service discovery, and then failing the gRPC health check request. This will crash Envoy via a null pointer dereference. Users are advised to upgrade to resolve this vulnerability. Users unable to upgrade may disable gRPC health checking and/or replace it with a different health checking type as a mitigation. https://nvd.nist.gov/vuln/detail/CVE-2022-29224
CVE-2022-30898 A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password. https://nvd.nist.gov/vuln/detail/CVE-2022-30898
CVE-2022-29225 Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an intermediate buffer before overwriting the body in the decode/encodeBody. This may allow an attacker to zip bomb the decompressor by sending a small highly compressed payload. Maliciously constructed zip files may exhaust system memory and cause a denial of service. Users are advised to upgrade. Users unable to upgrade may consider disabling decompression. https://nvd.nist.gov/vuln/detail/CVE-2022-29225
CVE-2022-29226 Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mechanism for validating access tokens, so by design when the HMAC signed cookie is missing a full authentication flow should be triggered. However, the current implementation assumes that access tokens are always validated thus allowing access in the presence of any access token attached to the request. Users are advised to upgrade. There is no known workaround for this issue. https://nvd.nist.gov/vuln/detail/CVE-2022-29226
CVE-2022-29227 Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the request Envoy sends a local reply when the redirect headers are processed, the downstream state indicates that the downstream stream is not complete. On sending the local reply, Envoy will attempt to reset the upstream stream, but as it is actually complete, and deleted, this result in a use-after-free. Users are advised to upgrade. Users unable to upgrade are advised to disable internal redirects if crashes are observed. https://nvd.nist.gov/vuln/detail/CVE-2022-29227
CVE-2022-29228 Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions. continueDecoding() shouldn’t ever be called from filters after a local reply has been sent. Users are advised to upgrade. There are no known workarounds for this issue. https://nvd.nist.gov/vuln/detail/CVE-2022-29228
CVE-2022-29250 GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to version 10.0.1 it is possible to add extra information by SQL injection on search pages. In order to exploit this vulnerability a user must be logged in. https://nvd.nist.gov/vuln/detail/CVE-2022-29250
CVE-2022-31033 The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to 2.8.5 the Authorization header is leaked after a redirect to a different port on the same site. Users are advised to upgrade to Mechanize v2.8.5 or later. There are no known workarounds for this issue. https://nvd.nist.gov/vuln/detail/CVE-2022-31033
CVE-2022-31051 semantic-release is an open source npm package for automated version management and package publishing. In affected versions secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that are excluded from uri encoding by `encodeURI`. Occurrence is further limited to execution contexts where push access to the related repository is not available without modifying the repository url to inject credentials. Users are advised to upgrade. Users unable to upgrade should ensure that secrets that do not contain characters that are excluded from encoding with `encodeURI` when included in a URL are already masked properly. https://nvd.nist.gov/vuln/detail/CVE-2022-31051
CVE-2022-30702 Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected machine. https://nvd.nist.gov/vuln/detail/CVE-2022-30702
CVE-2022-30703 Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for privilege escalation. https://nvd.nist.gov/vuln/detail/CVE-2022-30703
CVE-2022-31045 Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an Istio ingress Gateway exposed to external traffic. This vulnerability has been resolved in versions 1.12.8, 1.13.5, and 1.14.1. Users are advised to upgrade. There are no known workarounds for this issue. https://nvd.nist.gov/vuln/detail/CVE-2022-31045
CVE-2017-20018 A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component Installer. The manipulation leads to privilege escalation. It is possible to launch the attack remotely. https://nvd.nist.gov/vuln/detail/CVE-2017-20018
CVE-2017-20019 A vulnerability classified as problematic was found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this vulnerability is an unknown functionality of the component Config Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. https://nvd.nist.gov/vuln/detail/CVE-2017-20019
CVE-2017-20020 A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. https://nvd.nist.gov/vuln/detail/CVE-2017-20020
CVE-2017-20021 A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. https://nvd.nist.gov/vuln/detail/CVE-2017-20021
CVE-2017-20022 A vulnerability has been found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. https://nvd.nist.gov/vuln/detail/CVE-2017-20022
CVE-2017-20023 A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privilege escalation. The attack may be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. https://nvd.nist.gov/vuln/detail/CVE-2017-20023
CVE-2017-20024 A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. https://nvd.nist.gov/vuln/detail/CVE-2017-20024
CVE-2017-20025 A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipulation leads to privilege escalation. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. https://nvd.nist.gov/vuln/detail/CVE-2017-20025
CVE-2017-20026 A vulnerability has been found in HumHub up to 1.0.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting (Reflected). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component. https://nvd.nist.gov/vuln/detail/CVE-2017-20026
CVE-2017-20027 A vulnerability was found in HumHub up to 1.0.1 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting (DOM). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component. https://nvd.nist.gov/vuln/detail/CVE-2017-20027
CVE-2017-20028 A vulnerability was found in HumHub 0.20.1/1.0.0-beta.3. It has been classified as critical. This affects an unknown part. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. It is recommended to upgrade the affected component. https://nvd.nist.gov/vuln/detail/CVE-2017-20028
CVE-2022-31042 Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward the `Cookie` header on. Prior to this fix, only cookies that were managed by our cookie middleware would be safely removed, and any `Cookie` header manually added to the initial request would not be stripped. We now always strip it, and allow the cookie middleware to re-add any cookies that it deems should be there. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach to use your own redirect middleware, rather than ours. If you do not require or expect redirects to be followed, one should simply disable redirects all together. https://nvd.nist.gov/vuln/detail/CVE-2022-31042
CVE-2022-31043 Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Authorization` header on. This is much the same as to how we don't forward on the header if the host changes. Prior to this fix, `https` to `http` downgrades did not result in the `Authorization` header being removed, only changes to the host. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach which would be to use their own redirect middleware. Alternately users may simply disable redirects all together if redirects are not expected or required. https://nvd.nist.gov/vuln/detail/CVE-2022-31043
CVE-2017-20029 A vulnerability was found in PHPList 3.2.6 and classified as critical. This issue affects some unknown processing of the file /lists/index.php of the component Edit Subscription. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. https://nvd.nist.gov/vuln/detail/CVE-2017-20029
CVE-2017-20030 A vulnerability was found in PHPList 3.2.6. It has been classified as critical. Affected is an unknown function of the file /lists/admin/ of the component Sending Campain. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. https://nvd.nist.gov/vuln/detail/CVE-2017-20030
CVE-2017-20031 A vulnerability was found in PHPList 3.2.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument sortby with the input password leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. https://nvd.nist.gov/vuln/detail/CVE-2017-20031
CVE-2017-20032 A vulnerability was found in PHPList 3.2.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Subscription. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. https://nvd.nist.gov/vuln/detail/CVE-2017-20032
CVE-2017-20033 A vulnerability classified as problematic has been found in PHPList 3.2.6. This affects an unknown part of the file /lists/admin/. The manipulation of the argument page with the input send\\'\\";>--redacted-- leads to cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component https://nvd.nist.gov/vuln/detail/CVE-2017-20033
CVE-2017-20034 A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting (Persistent). The attack can be initiated remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. https://nvd.nist.gov/vuln/detail/CVE-2017-20034
CVE-2017-20035 A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting (Persistent). The attack may be initiated remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. https://nvd.nist.gov/vuln/detail/CVE-2017-20035
CVE-2017-20036 A vulnerability, which was classified as problematic, was found in PHPList 3.2.6. Affected is an unknown function of the file /lists/admin/ of the component Bounce Rule. The manipulation leads to cross site scripting (Persistent). It is possible to launch the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. https://nvd.nist.gov/vuln/detail/CVE-2017-20036
CVE-2021-42811 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SafeNet KeySecure allows an authenticated user to read arbitrary files from the underlying system on which the product is deployed. https://nvd.nist.gov/vuln/detail/CVE-2021-42811
CVE-2022-32563 An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, the admin credentials provided to the Admin REST API are ignored, resulting in privilege escalation for unauthenticated users. The Public REST API is not impacted by this issue. A workaround is to replace X.509 certificate based authentication with Username and Password authentication inside the bootstrap configuration. https://nvd.nist.gov/vuln/detail/CVE-2022-32563
CVE-2021-44117 A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4. https://nvd.nist.gov/vuln/detail/CVE-2021-44117
CVE-2021-44582 A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1.0, which allows a remote malicious user to gain elevated privileges to the Admin role via any URL. https://nvd.nist.gov/vuln/detail/CVE-2021-44582
CVE-2022-27502 RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM. https://nvd.nist.gov/vuln/detail/CVE-2022-27502
CVE-2022-31788 IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID= pathname. https://nvd.nist.gov/vuln/detail/CVE-2022-31788
CVE-2022-32978 There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan. https://nvd.nist.gov/vuln/detail/CVE-2022-32978
CVE-2022-22426 IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could exploit this vulnerability to bypass authentication and gain unauthorized access to the Spectrum Copy Data Management catalog which contains metadata. IBM X-Force ID: 223718. https://nvd.nist.gov/vuln/detail/CVE-2022-22426
CVE-2022-22479 IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 225887. https://nvd.nist.gov/vuln/detail/CVE-2022-22479
CVE-2022-30610 IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 227363. https://nvd.nist.gov/vuln/detail/CVE-2022-30610
CVE-2022-30611 IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using some fields of the form in the portal UI to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 227364. https://nvd.nist.gov/vuln/detail/CVE-2022-30611
CVE-2022-31769 IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow a remote attacker to view product configuration information stored in PostgreSQL, which could be used in further attacks against the system. IBM X-Force ID: 228219. https://nvd.nist.gov/vuln/detail/CVE-2022-31769
CVE-2022-29948 Due to an insecure design, the Lepin EP-KP001 flash drive through KP001_V19 is vulnerable to an authentication bypass attack that enables an attacker to gain access to the stored encrypted data. Normally, the encrypted disk partition with this data is unlocked by entering the correct passcode (6 to 14 digits) via the keypad and pressing the Unlock button. This authentication is performed by an unknown microcontroller. By replacing this microcontroller on a target device with one from an attacker-controlled Lepin EP-KP001 whose passcode is known, it is possible to successfully unlock the target device and read the stored data in cleartext. https://nvd.nist.gov/vuln/detail/CVE-2022-29948
CVE-2022-31402 ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php. https://nvd.nist.gov/vuln/detail/CVE-2022-31402
CVE-2018-17240 There is a memory dump vulnerability on Netwave IP camera devices at //proc/kcore that allows an unauthenticated attacker to exfiltrate sensitive information from the network configuration (e.g., username and password). https://nvd.nist.gov/vuln/detail/CVE-2018-17240
CVE-2022-31282 Bento4 MP4Dump v1.2 was discovered to contain a segmentation violation via an unknown address at /Source/C++/Core/Ap4DataBuffer.cpp:175. https://nvd.nist.gov/vuln/detail/CVE-2022-31282
CVE-2022-31285 An issue was discovered in Bento4 1.2. The allocator is out of memory in /Source/C++/Core/Ap4Array.h. https://nvd.nist.gov/vuln/detail/CVE-2022-31285
CVE-2022-31287 An issue was discovered in Bento4 v1.2. There is an allocation size request error in /Ap4RtpAtom.cpp. https://nvd.nist.gov/vuln/detail/CVE-2022-31287
CVE-2022-2042 Use After Free in GitHub repository vim/vim prior to 8.2. https://nvd.nist.gov/vuln/detail/CVE-2022-2042
CVE-2022-24278 The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file. https://nvd.nist.gov/vuln/detail/CVE-2022-24278
CVE-2022-24429 The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file. https://nvd.nist.gov/vuln/detail/CVE-2022-24429
CVE-2022-25845 The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode). https://nvd.nist.gov/vuln/detail/CVE-2022-25845
CVE-2022-25851 The package jpeg-js before 0.4.4 are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return. https://nvd.nist.gov/vuln/detail/CVE-2022-25851
CVE-2022-25863 The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible when passing input in both webpack (MDX files in src/pages or MDX file imported as a component in frontend / React code) and data mode (querying MDX nodes via GraphQL). Workaround: If an older version of gatsby-plugin-mdx must be used, input passed into the plugin should be sanitized ahead of processing. https://nvd.nist.gov/vuln/detail/CVE-2022-25863
CVE-2022-29092 Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system. https://nvd.nist.gov/vuln/detail/CVE-2022-29092
CVE-2022-29093 Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system. https://nvd.nist.gov/vuln/detail/CVE-2022-29093
CVE-2022-29094 Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files on the system. https://nvd.nist.gov/vuln/detail/CVE-2022-29094
CVE-2022-29095 Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system. https://nvd.nist.gov/vuln/detail/CVE-2022-29095
CVE-2022-32981 An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. https://nvd.nist.gov/vuln/detail/CVE-2022-32981
CVE-2021-41754 dynamicMarkt <= 3.10 is affected by SQL injection in the parent parameter of index.php. https://nvd.nist.gov/vuln/detail/CVE-2021-41754
CVE-2021-41755 dynamicMarkt <= 3.10 is affected by SQL injection in the kat1 parameter of index.php. https://nvd.nist.gov/vuln/detail/CVE-2021-41755
CVE-2021-41756 dynamicMarkt <= 3.10 is affected by SQL injection in the kat parameter of index.php. https://nvd.nist.gov/vuln/detail/CVE-2021-41756
CVE-2017-20037 A vulnerability has been found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument c leads to privilege escalation. The attack can be launched remotely. https://nvd.nist.gov/vuln/detail/CVE-2017-20037
CVE-2017-20038 A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this issue is some unknown functionality of the file card_scan_decoder.php. The manipulation of the argument No/door leads to privilege escalation. The attack may be launched remotely. https://nvd.nist.gov/vuln/detail/CVE-2017-20038
CVE-2017-20039 A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been classified as very critical. This affects an unknown part. The manipulation leads to weak authentication. It is possible to initiate the attack remotely. https://nvd.nist.gov/vuln/detail/CVE-2017-20039
CVE-2017-20040 A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been declared as problematic. This vulnerability affects unknown code of the component Password Storage. The manipulation leads to weak encryption. Attacking locally is a requirement. https://nvd.nist.gov/vuln/detail/CVE-2017-20040
CVE-2021-41502 An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute. https://nvd.nist.gov/vuln/detail/CVE-2021-41502
CVE-2021-41738 ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands. https://nvd.nist.gov/vuln/detail/CVE-2021-41738
CVE-2021-44266 GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter. https://nvd.nist.gov/vuln/detail/CVE-2021-44266
CVE-2022-30780 Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers. https://nvd.nist.gov/vuln/detail/CVE-2022-30780
CVE-2018-25034 A vulnerability, which was classified as problematic, has been found in Thomson TCW710 ST5D.10.05. This issue affects some unknown processing of the file /goform/wlanPrimaryNetwork. The manipulation of the argument ServiceSetIdentifier with the input >--redacted-- as part of POST Request leads to cross site scripting (Persistent). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used https://nvd.nist.gov/vuln/detail/CVE-2018-25034
CVE-2018-25035 A vulnerability, which was classified as problematic, was found in Thomson TCW710 ST5D.10.05. Affected is an unknown function of the file /goform/RGFirewallEL. The manipulation of the argument EmailAddress/SmtpServerName with the input >--redacted-- as part of POST Request leads to cross site scripting (Persistent). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used https://nvd.nist.gov/vuln/detail/CVE-2018-25035
CVE-2018-25036 A vulnerability has been found in Thomson TCW710 ST5D.10.05 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /goform/RgTime. The manipulation of the argument TimeServer1/TimeServer2/TimeServer3 with the input >--redacted-- as part of POST Request leads to cross site scripting (Persistent). The attack can be launched remotely. The exploit has been disclosed to the public and may be used https://nvd.nist.gov/vuln/detail/CVE-2018-25036
CVE-2018-25037 A vulnerability was found in Thomson TCW710 ST5D.10.05 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/RgDdns. The manipulation of the argument DdnsHostName with the input >--redacted-- as part of POST Request leads to cross site scripting (Persistent). The attack may be launched remotely. The exploit has been disclosed to the public and may be used https://nvd.nist.gov/vuln/detail/CVE-2018-25037
CVE-2018-25038 A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been classified as problematic. This affects an unknown part of the file /goform/RgDhcp. The manipulation of the argument PppUserName with the input >--redacted-- as part of POST Request leads to cross site scripting (Persistent). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used https://nvd.nist.gov/vuln/detail/CVE-2018-25038
CVE-2018-25039 A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been declared as problematic. This vulnerability affects unknown code of the file /goform/RgUrlBlock.asp. The manipulation of the argument BasicParentalNewKeyword with the input >--redacted-- as part of POST Request leads to cross site scripting (Persistent). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used https://nvd.nist.gov/vuln/detail/CVE-2018-25039
CVE-2021-41749 In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-41749
CVE-2021-41750 A cross-site scripting (XSS) vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName parameter containing an arbitrary filename with the intended content-type to be rendered in the user's browser as the extension. https://nvd.nist.gov/vuln/detail/CVE-2021-41750
CVE-2021-41641 Deno <=1.14.0 file sandbox does not handle symbolic links correctly. When running Deno with specific write access, the Deno.symlink method can be used to gain access to any directory. https://nvd.nist.gov/vuln/detail/CVE-2021-41641
CVE-2022-2054 Command Injection in GitHub repository nuitka/nuitka prior to 0.9. https://nvd.nist.gov/vuln/detail/CVE-2022-2054
CVE-2022-2013 In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space. https://nvd.nist.gov/vuln/detail/CVE-2022-2013
CVE-2022-26041 Directory traversal vulnerability in RCCMD 4.26 and earlier allows a remote authenticated attacker with an administrative privilege to read or alter an arbitrary file on the server via unspecified vectors. https://nvd.nist.gov/vuln/detail/CVE-2022-26041
CVE-2022-26834 Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default. https://nvd.nist.gov/vuln/detail/CVE-2022-26834
CVE-2022-27174 Cross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and earlier allows a remote unauthenticated attacker to hijack the authentication of the administrator and delete a blog article or a category via a specially crafted page. https://nvd.nist.gov/vuln/detail/CVE-2022-27174
CVE-2022-27231 Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product. https://nvd.nist.gov/vuln/detail/CVE-2022-27231
CVE-2022-28704 Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings. https://nvd.nist.gov/vuln/detail/CVE-2022-28704
CVE-2022-29525 Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation. https://nvd.nist.gov/vuln/detail/CVE-2022-29525
CVE-2022-29894 Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege. https://nvd.nist.gov/vuln/detail/CVE-2022-29894
CVE-2017-20041 A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been classified as critical. Affected is an unknown function of the component HTML Handler. The manipulation of the argument title leads to improper restriction of rendered ui layers (URL). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. https://nvd.nist.gov/vuln/detail/CVE-2017-20041
CVE-2017-20042 A vulnerability has been found in Navetti PricePoint 4.6.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection (Blind). The attack can be launched remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component. https://nvd.nist.gov/vuln/detail/CVE-2017-20042
CVE-2017-20043 A vulnerability was found in Navetti PricePoint 4.6.0.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting (Persistent). The attack may be launched remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component. https://nvd.nist.gov/vuln/detail/CVE-2017-20043
CVE-2017-20044 A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been classified as problematic. This affects an unknown part. The manipulation leads to basic cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component. https://nvd.nist.gov/vuln/detail/CVE-2017-20044
CVE-2017-20045 A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component. https://nvd.nist.gov/vuln/detail/CVE-2017-20045
CVE-2021-37404 There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher. https://nvd.nist.gov/vuln/detail/CVE-2021-37404
CVE-2022-32739 When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number. https://nvd.nist.gov/vuln/detail/CVE-2022-32739
CVE-2022-32740 A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances. https://nvd.nist.gov/vuln/detail/CVE-2022-32740
CVE-2022-32741 Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time. https://nvd.nist.gov/vuln/detail/CVE-2022-32741
CVE-2022-2060 Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0. https://nvd.nist.gov/vuln/detail/CVE-2022-2060
CVE-2022-2061 Heap-based Buffer Overflow in GitHub repository hpjansson/chafa prior to 1.12.0. https://nvd.nist.gov/vuln/detail/CVE-2022-2061
CVE-2022-2062 Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository nocodb/nocodb prior to 0.91.7+. https://nvd.nist.gov/vuln/detail/CVE-2022-2062
CVE-2022-2063 Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+. https://nvd.nist.gov/vuln/detail/CVE-2022-2063
CVE-2022-2064 Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+. https://nvd.nist.gov/vuln/detail/CVE-2022-2064
CVE-2022-31040 Open Forms is an application for creating and publishing smart forms. Prior to versions 1.0.9 and 1.1.1, the cookie consent page in Open Forms contains an open redirect by injecting a `referer` querystring parameter and failing to validate the value. A malicious actor is able to redirect users to a website under their control, opening them up for phishing attacks. The redirect is initiated by the open forms backend which is a legimate page, making it less obvious to end users they are being redirected to a malicious website. Versions 1.0.9 and 1.1.1 contain patches for this issue. There are no known workarounds avaialble. https://nvd.nist.gov/vuln/detail/CVE-2022-31040
CVE-2021-25116 The Enqueue Anything WordPress plugin through 1.0.1 does not have authorisation and CSRF checks in the remove_asset AJAX action, and does not ensure that the item to be deleted is actually an asset. As a result, low privilege users such as subscriber could delete arbitrary assets, as well as put arbitrary posts in the trash. https://nvd.nist.gov/vuln/detail/CVE-2021-25116
CVE-2021-40902 flatCore-CMS version 2.0.8 is affected by Cross Site Scripting (XSS) in the "Create New Page" option through the index page. https://nvd.nist.gov/vuln/detail/CVE-2021-40902
CVE-2022-0626 The Advanced Admin Search WordPress plugin through 1.1.2 does not sanitize and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting. https://nvd.nist.gov/vuln/detail/CVE-2022-0626
CVE-2022-0745 The Like Button Rating WordPress plugin before 2.6.45 allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and body https://nvd.nist.gov/vuln/detail/CVE-2022-0745
CVE-2022-0786 The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users https://nvd.nist.gov/vuln/detail/CVE-2022-0786
CVE-2022-0827 The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users https://nvd.nist.gov/vuln/detail/CVE-2022-0827
CVE-2022-0863 The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution. https://nvd.nist.gov/vuln/detail/CVE-2022-0863
CVE-2022-0885 The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments. https://nvd.nist.gov/vuln/detail/CVE-2022-0885
CVE-2022-1202 The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-1202
CVE-2022-1208 The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web scripts with HTML encoding that is reflected back on the page. This affects versions up to, and including, 2.3.2. Please note this issue was partially fixed in version 2.3.2 then subsequently fully patched in version 2.3.3. https://nvd.nist.gov/vuln/detail/CVE-2022-1208
CVE-2022-1335 The Slideshow CK WordPress plugin before 1.4.10 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed https://nvd.nist.gov/vuln/detail/CVE-2022-1335
CVE-2022-1336 The Carousel CK WordPress plugin through 1.1.0 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed https://nvd.nist.gov/vuln/detail/CVE-2022-1336
CVE-2022-1412 The Log WP_Mail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords. https://nvd.nist.gov/vuln/detail/CVE-2022-1412
CVE-2022-1532 Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting https://nvd.nist.gov/vuln/detail/CVE-2022-1532
CVE-2022-1549 The WP Athletics WordPress plugin through 1.1.7 does not sanitize parameters before storing them in the database, nor does it escape the values when outputting them back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-1549
CVE-2022-1594 The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL https://nvd.nist.gov/vuln/detail/CVE-2022-1594
CVE-2022-1595 The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request https://nvd.nist.gov/vuln/detail/CVE-2022-1595
CVE-2022-1604 The MailerLite WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting https://nvd.nist.gov/vuln/detail/CVE-2022-1604
CVE-2022-1605 The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users https://nvd.nist.gov/vuln/detail/CVE-2022-1605
CVE-2022-1608 The OnePress Social Locker WordPress plugin through 5.6.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack https://nvd.nist.gov/vuln/detail/CVE-2022-1608
CVE-2022-1612 The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack https://nvd.nist.gov/vuln/detail/CVE-2022-1612
CVE-2022-1624 The Latest Tweets Widget WordPress plugin through 1.1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack https://nvd.nist.gov/vuln/detail/CVE-2022-1624
CVE-2022-1656 Vulnerable versions of the JupiterX Theme (<=2.0.6) allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterx_api_ajax_ actions registered by the JupiterX Core Plugin (<=2.0.6). This includes the ability to deactivate arbitrary plugins as well as update the theme’s API key. https://nvd.nist.gov/vuln/detail/CVE-2022-1656
CVE-2022-1694 The Useful Banner Manager WordPress plugin through 1.6.1 does not perform CSRF checks on POST requests to its admin page, allowing an attacker to trick a logged in admin to add, modify or delete banners from the plugin by submitting a form. https://nvd.nist.gov/vuln/detail/CVE-2022-1694
CVE-2022-1707 The Google Tag Manager for WordPress plugin for WordPress is vulnerable to reflected Cross-Site Scripting via the s parameter due to the site search populating into the data layer of sites with insufficient sanitization in versions up to an including 1.15. The affected file is ~/public/frontend.php and this could be exploited by unauthenticated attackers. https://nvd.nist.gov/vuln/detail/CVE-2022-1707
CVE-2022-1710 The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. https://nvd.nist.gov/vuln/detail/CVE-2022-1710
CVE-2022-1724 The Simple Membership WordPress plugin before 4.1.1 does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting https://nvd.nist.gov/vuln/detail/CVE-2022-1724
CVE-2022-1756 The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below. https://nvd.nist.gov/vuln/detail/CVE-2022-1756
CVE-2022-1758 The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS as well as RCE when custom code is added via the plugin settings. https://nvd.nist.gov/vuln/detail/CVE-2022-1758
CVE-2022-1759 The RB Internal Links WordPress plugin through 2.0.16 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, as well as perform Stored Cross-Site Scripting attacks due to the lack of sanitisation and escaping https://nvd.nist.gov/vuln/detail/CVE-2022-1759
CVE-2022-1761 The Peter’s Collaboration E-mails WordPress plugin through 2.2.0 is vulnerable to CSRF due to missing nonce checks. This allows the change of its settings, which can be used to lower the required user level, change texts, the used email address and more. https://nvd.nist.gov/vuln/detail/CVE-2022-1761
CVE-2022-1762 The iQ Block Country WordPress plugin through 1.2.13 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers. https://nvd.nist.gov/vuln/detail/CVE-2022-1762
CVE-2022-1763 Due to missing checks the Static Page eXtended WordPress plugin through 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the lack of escaping in some of the settings https://nvd.nist.gov/vuln/detail/CVE-2022-1763
CVE-2022-1764 The WP-chgFontSize WordPress plugin through 1.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping https://nvd.nist.gov/vuln/detail/CVE-2022-1764
CVE-2022-1765 The Hot Linked Image Cacher WordPress plugin through 1.16 is vulnerable to CSRF. This can be used to store / cache images from external domains on the server, which could lead to legal risks (due to copyright violations or licensing rules). https://nvd.nist.gov/vuln/detail/CVE-2022-1765
CVE-2022-1772 The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing the booby-trapped payload and taking over their account. https://nvd.nist.gov/vuln/detail/CVE-2022-1772
CVE-2022-1773 The WP Athletics WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting https://nvd.nist.gov/vuln/detail/CVE-2022-1773
CVE-2022-1777 The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload arbitrary HTML files as well as delete all files or arbitrary ones. https://nvd.nist.gov/vuln/detail/CVE-2022-1777
CVE-2022-1779 The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and delete specific posts, categories and attachments at once. https://nvd.nist.gov/vuln/detail/CVE-2022-1779
CVE-2022-1780 The LaTeX for WordPress plugin through 3.4.10 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack which could also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping https://nvd.nist.gov/vuln/detail/CVE-2022-1780
CVE-2022-1781 The postTabs WordPress plugin through 2.10.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping https://nvd.nist.gov/vuln/detail/CVE-2022-1781
CVE-2022-1787 The Sideblog WordPress plugin through 6.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping https://nvd.nist.gov/vuln/detail/CVE-2022-1787
CVE-2022-1788 Due to missing checks the Change Uploaded File Permissions WordPress plugin through 4.0.0 is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made readable for everyone due to this. https://nvd.nist.gov/vuln/detail/CVE-2022-1788
CVE-2022-1790 The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack https://nvd.nist.gov/vuln/detail/CVE-2022-1790
CVE-2022-1791 The One Click Plugin Updater WordPress plugin through 2.4.14 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available updates and the related check. https://nvd.nist.gov/vuln/detail/CVE-2022-1791
CVE-2022-1792 The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and leading to Stored XSS due to the lack of sanitisation and escaping in some of them https://nvd.nist.gov/vuln/detail/CVE-2022-1792
CVE-2022-1793 The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public https://nvd.nist.gov/vuln/detail/CVE-2022-1793
CVE-2022-1800 The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-1800
CVE-2022-1814 The WP Admin Style WordPress plugin through 0.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed https://nvd.nist.gov/vuln/detail/CVE-2022-1814
CVE-2022-1822 The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. https://nvd.nist.gov/vuln/detail/CVE-2022-1822
CVE-2022-1900 The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. https://nvd.nist.gov/vuln/detail/CVE-2022-1900
CVE-2022-1918 The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing nonce validation on the plugin_toolbar_comparte page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. https://nvd.nist.gov/vuln/detail/CVE-2022-1918
CVE-2022-1985 The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on the 'frameid' parameter found in the ~/src/Package/views/shortcode-iframe.php file. https://nvd.nist.gov/vuln/detail/CVE-2022-1985
CVE-2022-2065 Cross-site Scripting (XSS) - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06. https://nvd.nist.gov/vuln/detail/CVE-2022-2065
CVE-2022-2066 Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.06. https://nvd.nist.gov/vuln/detail/CVE-2022-2066
CVE-2022-2067 SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0. https://nvd.nist.gov/vuln/detail/CVE-2022-2067
CVE-2022-31041 Open Forms is an application for creating and publishing smart forms. Open Forms supports file uploads as one of the form field types. These fields can be configured to allow only certain file extensions to be uploaded by end users (e.g. only PDF / Excel / ...). The input validation of uploaded files is insufficient in versions prior to 1.0.9 and 1.1.1. Users could alter or strip file extensions to bypass this validation. This results in files being uploaded to the server that are of a different file type than indicated by the file name extension. These files may be downloaded (manually or automatically) by staff and/or other applications for further processing. Malicious files can therefore find their way into internal/trusted networks. Versions 1.0.9 and 1.1.1 contain patches for this issue. As a workaround, an API gateway or intrusion detection solution in front of open-forms may be able to scan for and block malicious content before it reaches the Open Forms application. https://nvd.nist.gov/vuln/detail/CVE-2022-31041
CVE-2022-31398 A cross-site scripting (XSS) vulnerability in /staff/tools/custom-fields of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field. https://nvd.nist.gov/vuln/detail/CVE-2022-31398
CVE-2022-31400 A cross-site scripting (XSS) vulnerability in /staff/setup/email-addresses of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field. https://nvd.nist.gov/vuln/detail/CVE-2022-31400
CVE-2022-0209 The Mitsol Social Post Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.10 due to insufficient input sanitization and output escaping on the application id parameters. This makes it possible for authenticated (admin+) attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html is disabled. https://nvd.nist.gov/vuln/detail/CVE-2022-0209
CVE-2022-1654 Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abb_uninstall_template" (both) and "jupiterx_core_cp_uninstall_template" (JupiterX Core Only) AJAX actions https://nvd.nist.gov/vuln/detail/CVE-2022-1654
CVE-2022-1657 Vulnerable versions of the Jupiter (<= 6.10.1) and JupiterX (<= 2.0.6) Themes allow logged-in users, including subscriber-level users, to perform Path Traversal and Local File inclusion. In the JupiterX theme, the jupiterx_cp_load_pane_action AJAX action present in the lib/admin/control-panel/control-panel.php file calls the load_control_panel_pane function. It is possible to use this action to include any local PHP file via the slug parameter. The Jupiter theme has a nearly identical vulnerability which can be exploited via the mka_cp_load_pane_action AJAX action present in the framework/admin/control-panel/logic/functions.php file, which calls the mka_cp_load_pane_action function. https://nvd.nist.gov/vuln/detail/CVE-2022-1657
CVE-2022-1658 Vulnerable versions of the Jupiter Theme (<= 6.10.1) allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abb_remove_plugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, any logged-in user can delete any installed plugin on the site. https://nvd.nist.gov/vuln/detail/CVE-2022-1658
CVE-2022-1659 Vulnerable versions of the JupiterX Core (<= 2.0.6) plugin register an AJAX action jupiterx_conditional_manager which can be used to call any function in the includes/condition/class-condition-manager.php file by sending the desired function to call in the sub_action parameter. This can be used to view site configuration and logged-in users, modify post conditions, or perform a denial of service attack. https://nvd.nist.gov/vuln/detail/CVE-2022-1659
CVE-2022-1749 The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1. https://nvd.nist.gov/vuln/detail/CVE-2022-1749
CVE-2022-1750 The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ popup_title' parameter in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with admin level capabilities and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This issue mostly affects sites where unfiltered_html has been disabled for administrators and on multi-site installations where unfiltered_html is disabled for administrators. https://nvd.nist.gov/vuln/detail/CVE-2022-1750
CVE-2022-1768 The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to, and including, 9.3.2. Please note that this is separate from CVE-2022-1453 & CVE-2022-1505. https://nvd.nist.gov/vuln/detail/CVE-2022-1768
CVE-2022-1820 The Keep Backup Daily plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘t’ parameter in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. https://nvd.nist.gov/vuln/detail/CVE-2022-1820
CVE-2022-1961 The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the `gtm4wp-options[scroller-contentid]` parameter found in the `~/public/frontend.php` file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. https://nvd.nist.gov/vuln/detail/CVE-2022-1961
CVE-2022-1969 The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the admin_update_data() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via forged request granted they can trick a site administrator into performing an action such as clicking on a link. https://nvd.nist.gov/vuln/detail/CVE-2022-1969
CVE-2022-24077 Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection. https://nvd.nist.gov/vuln/detail/CVE-2022-24077
CVE-2022-29244 npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=<name>`). Anyone who has run `npm pack` or `npm publish` inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published files into the npm registry they did not intend to include. Users should upgrade to the latest, patched version of npm v8.11.0, run: npm i -g npm@latest . Node.js versions v16.15.1, v17.19.1, and v18.3.0 include the patched v8.11.0 version of npm. https://nvd.nist.gov/vuln/detail/CVE-2022-29244
CVE-2022-30310 In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. https://nvd.nist.gov/vuln/detail/CVE-2022-30310
CVE-2021-46814 The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability. https://nvd.nist.gov/vuln/detail/CVE-2021-46814
CVE-2022-31751 The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability may affect system availability. https://nvd.nist.gov/vuln/detail/CVE-2022-31751
CVE-2022-31755 The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability. https://nvd.nist.gov/vuln/detail/CVE-2022-31755
CVE-2022-31756 The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data confidentiality. https://nvd.nist.gov/vuln/detail/CVE-2022-31756
CVE-2022-31758 The kernel module has the race condition vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. https://nvd.nist.gov/vuln/detail/CVE-2022-31758
CVE-2022-31759 AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability. https://nvd.nist.gov/vuln/detail/CVE-2022-31759
CVE-2022-31762 The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege escalation. https://nvd.nist.gov/vuln/detail/CVE-2022-31762
CVE-2022-31763 The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitation of this vulnerability may affect system availability. https://nvd.nist.gov/vuln/detail/CVE-2022-31763
CVE-2021-46811 HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information. https://nvd.nist.gov/vuln/detail/CVE-2021-46811
CVE-2021-46812 The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this vulnerability may affect data integrity. https://nvd.nist.gov/vuln/detail/CVE-2021-46812
CVE-2021-46813 Vulnerability of residual files not being deleted after an update in the ChinaDRM module. Successful exploitation of this vulnerability may affect availability. https://nvd.nist.gov/vuln/detail/CVE-2021-46813
CVE-2021-46815 Configuration defects in the secure OS module. Successful exploitation of this vulnerability can affect availability. https://nvd.nist.gov/vuln/detail/CVE-2021-46815
CVE-2022-31055 kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark them as `public: false` and use `kctf chal debug port-forward` to connect. https://nvd.nist.gov/vuln/detail/CVE-2022-31055
CVE-2022-31752 Missing authorization vulnerability in the system components. Successful exploitation of this vulnerability will affect confidentiality. https://nvd.nist.gov/vuln/detail/CVE-2022-31752
CVE-2022-31753 The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability. https://nvd.nist.gov/vuln/detail/CVE-2022-31753
CVE-2022-31754 Logical defects in code implementation in some products. Successful exploitation of this vulnerability may affect the availability of some features. https://nvd.nist.gov/vuln/detail/CVE-2022-31754
CVE-2022-31757 The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality. https://nvd.nist.gov/vuln/detail/CVE-2022-31757
CVE-2022-31760 Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality. https://nvd.nist.gov/vuln/detail/CVE-2022-31760
CVE-2022-31761 Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality. https://nvd.nist.gov/vuln/detail/CVE-2022-31761
CVE-2022-23167 Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is UNAUTHENTICATED. https://nvd.nist.gov/vuln/detail/CVE-2022-23167
CVE-2022-23168 The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin'-- https://nvd.nist.gov/vuln/detail/CVE-2022-23168
CVE-2022-23169 attacker needs to craft a SQL payload. the vulnerable parameter is "agentid" must be authenticated to the admin panel. https://nvd.nist.gov/vuln/detail/CVE-2022-23169
CVE-2022-28217 Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system’s Availability by causing system to crash. https://nvd.nist.gov/vuln/detail/CVE-2022-28217
CVE-2022-29455 DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions. https://nvd.nist.gov/vuln/detail/CVE-2022-29455
CVE-2021-40036 The bone voice ID TA has a memory overwrite vulnerability. Successful exploitation of this vulnerability may result in malicious code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-40036
CVE-2021-40604 A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically. In some cases an exploitation is possible by an unauthenticated user. https://nvd.nist.gov/vuln/detail/CVE-2021-40604
CVE-2021-41663 A cross-site scripting (XSS) vulnerability exists in Mini CMS V1.11. The vulnerability exists in the article upload: post-edit.php page. https://nvd.nist.gov/vuln/detail/CVE-2021-41663
CVE-2022-33174 Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. This bypasses an active session authorization check. This can be then used to fetch the values of protected sys.passwd and sys.su.name fields that contain the username and password in cleartext. https://nvd.nist.gov/vuln/detail/CVE-2022-33174
CVE-2022-33175 Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/get_param.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrators. The session id can then be reused to act as the administrator, allowing reading of the cleartext password, or reconfiguring the device. https://nvd.nist.gov/vuln/detail/CVE-2022-33175
CVE-2022-22259 There is an improper authentication vulnerability in FLMG-10 10.0.1.0(H100SP22C00). Successful exploitation of this vulnerability may lead to a control of the victim device. https://nvd.nist.gov/vuln/detail/CVE-2022-22259
CVE-2022-29797 There is a buffer overflow vulnerability in CV81-WDM FW 01.70.49.29.46. Successful exploitation of this vulnerability may lead to privilege escalation. https://nvd.nist.gov/vuln/detail/CVE-2022-29797
CVE-2022-29798 There is a denial of service vulnerability in CV81-WDM FW versions 01.70.49.29.46. Successful exploitation could cause denial of service. https://nvd.nist.gov/vuln/detail/CVE-2022-29798
CVE-2022-31053 Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid ?-signatures. Such an attack would allow an attacker to create a token with any access level. The version 2 of the specification mandates a different algorithm than gamma signatures and as such is not affected by this vulnerability. The Biscuit implementations in Rust, Haskell, Go, Java and Javascript all have published versions following the v2 specification. There are no known workarounds for this issue. https://nvd.nist.gov/vuln/detail/CVE-2022-31053
CVE-2022-31054 Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several `HandleRoute` endpoints make use of the deprecated `ioutil.ReadAll()`. `ioutil.ReadAll()` reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server will be able to crash it and cause denial of service. A patch for this vulnerability has been released in Argo Events version 1.7.1. https://nvd.nist.gov/vuln/detail/CVE-2022-31054
CVE-2022-29247 Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`. https://nvd.nist.gov/vuln/detail/CVE-2022-29247
CVE-2022-32193 Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. https://nvd.nist.gov/vuln/detail/CVE-2022-32193
CVE-2022-32558 An issue was discovered in Couchbase Server before 7.0.4. Sample bucket loading may leak internal user passwords during a failure. https://nvd.nist.gov/vuln/detail/CVE-2022-32558
CVE-2022-32560 An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings. https://nvd.nist.gov/vuln/detail/CVE-2022-32560
CVE-2022-32564 An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie. https://nvd.nist.gov/vuln/detail/CVE-2022-32564
CVE-2022-29257 Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. This kind of attack would require significant privileges in a potential victim's own auto updating infrastructure and the ease of that attack entirely depends on the potential victim's infrastructure security. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. There are no known workarounds. https://nvd.nist.gov/vuln/detail/CVE-2022-29257
CVE-2022-32278 XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. https://nvd.nist.gov/vuln/detail/CVE-2022-32278
CVE-2021-41661 Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell. https://nvd.nist.gov/vuln/detail/CVE-2021-41661
CVE-2021-41662 The South Gate Inn Online Reservation System v1.0 contains an SQL injection vulnerability that can be chained with a malicious PHP file upload, which is caused by improper file handling in the editImg function. This vulnerability leads to remote code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-41662
CVE-2022-32192 Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. https://nvd.nist.gov/vuln/detail/CVE-2022-32192
CVE-2022-32562 An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission. https://nvd.nist.gov/vuln/detail/CVE-2022-32562
CVE-2022-32565 An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids. https://nvd.nist.gov/vuln/detail/CVE-2022-32565
CVE-2022-31415 Online Fire Reporting System v1.0 was discovered to contain a SQL injection vulnerability via the GET parameter in /report/list.php. https://nvd.nist.gov/vuln/detail/CVE-2022-31415
CVE-2022-31446 Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac. https://nvd.nist.gov/vuln/detail/CVE-2022-31446
CVE-2022-31447 An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file. https://nvd.nist.gov/vuln/detail/CVE-2022-31447
CVE-2022-25167 Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol. https://nvd.nist.gov/vuln/detail/CVE-2022-25167
CVE-2022-2077 A vulnerability was found in Microsoft O365 and classified as critical. This issue affects the Conditional Access Policy which leads to improper access controls. By default the policy is not verified for every request. The attack may be initiated remotely. Exploit details have been disclosed to the public. It is recommended to change the configuration settings. NOTE: Vendor claims that pre-requisites are very high, the feature works as intended, and that configuration settings might mitigate the issue. https://nvd.nist.gov/vuln/detail/CVE-2022-2077
CVE-2022-26302 Heap-based buffer overflow exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. https://nvd.nist.gov/vuln/detail/CVE-2022-26302
CVE-2022-27176 Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using 'File Sanitization Option'), and RevoWorks Desktop 2.1.84 and prior versions (when using 'File Sanitization Option'), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment. https://nvd.nist.gov/vuln/detail/CVE-2022-27176
CVE-2022-29482 'Mobaoku-Auction&Flea Market' App for iOS versions prior to 5.5.16 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack. https://nvd.nist.gov/vuln/detail/CVE-2022-29482
CVE-2022-29485 Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors. https://nvd.nist.gov/vuln/detail/CVE-2022-29485
CVE-2022-29506 Out-of-bounds read vulnerability exist in the simulator module contained in the graphic editor 'V-SFT' v6.1.3.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. https://nvd.nist.gov/vuln/detail/CVE-2022-29506
CVE-2022-29509 Directory traversal vulnerability in T&D Data Server (Japanese Edition) Ver.2.22 and earlier, T&D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors. https://nvd.nist.gov/vuln/detail/CVE-2022-29509
CVE-2022-29522 Use after free vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. https://nvd.nist.gov/vuln/detail/CVE-2022-29522
CVE-2022-29524 Out-of-bounds write vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. https://nvd.nist.gov/vuln/detail/CVE-2022-29524
CVE-2022-29925 Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. https://nvd.nist.gov/vuln/detail/CVE-2022-29925
CVE-2022-2079 Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7+. https://nvd.nist.gov/vuln/detail/CVE-2022-2079
CVE-2021-30281 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking https://nvd.nist.gov/vuln/detail/CVE-2021-30281
CVE-2021-30327 Buffer overflow in sahara protocol while processing commands leads to overwrite of secure configuration data in Snapdragon Mobile, Snapdragon Compute, Snapdragon Auto, Snapdragon IOT, Snapdragon Connectivity, Snapdragon Voice & Music https://nvd.nist.gov/vuln/detail/CVE-2021-30327
CVE-2021-30334 Possible use after free due to lack of null check of DRM file status after file structure is freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2021-30334
CVE-2021-30338 Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Compute https://nvd.nist.gov/vuln/detail/CVE-2021-30338
CVE-2021-30339 Reading PRNG output may lead to improper key generation due to lack of buffer validation in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking https://nvd.nist.gov/vuln/detail/CVE-2021-30339
CVE-2021-30340 Reachable assertion due to improper validation of coreset in PDCCH configuration in SA mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2021-30340
CVE-2021-30341 Improper buffer size validation of DSM packet received can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2021-30341
CVE-2021-30342 Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2021-30342
CVE-2021-30343 Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2021-30343
CVE-2021-30344 Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2021-30344
CVE-2021-30345 RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking https://nvd.nist.gov/vuln/detail/CVE-2021-30345
CVE-2021-30346 RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking https://nvd.nist.gov/vuln/detail/CVE-2021-30346
CVE-2021-30347 Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2021-30347
CVE-2021-30349 Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking https://nvd.nist.gov/vuln/detail/CVE-2021-30349
CVE-2021-30350 Lack of MBN header size verification against input buffer can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2021-30350
CVE-2021-35070 RPM secure Stream can access any secure resource due to improper SMMU configuration and can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2021-35070
CVE-2021-35071 Possible buffer over read due to lack of size validation while copying data from DBR buffer to RX buffer and can lead to Denial of Service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking https://nvd.nist.gov/vuln/detail/CVE-2021-35071
CVE-2021-35072 Possible buffer overflow due to improper validation of array index while processing external DIAG command in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2021-35072
CVE-2021-35073 Possible assertion due to improper validation of rank restriction field in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2021-35073
CVE-2021-35076 Possible null pointer dereference due to improper validation of RRC connection reconfiguration message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2021-35076
CVE-2021-35078 Possible memory leak due to improper validation of certificate chain length while parsing server certificate chain in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2021-35078
CVE-2021-35079 Improper validation of permissions for third party application accessing Telephony service API can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2021-35079
CVE-2021-35080 Disabled SMMU from secure side while RPM is assigned a secure stream can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2021-35080
CVE-2021-35081 Possible buffer overflow due to improper validation of SSID length received from beacon or probe response during an IBSS session in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music https://nvd.nist.gov/vuln/detail/CVE-2021-35081
CVE-2021-35082 Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC security mode command packet has been received in Snapdragon Industrial IOT https://nvd.nist.gov/vuln/detail/CVE-2021-35082
CVE-2021-35083 Possible out of bound read due to improper validation of certificate chain in SSL or Internet key exchange in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2021-35083
CVE-2021-35084 Possible out of bound read due to lack of length check of data length for a DIAG event in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music https://nvd.nist.gov/vuln/detail/CVE-2021-35084
CVE-2021-35085 Possible buffer overflow due to lack of buffer length check during management frame Rx handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2021-35085
CVE-2021-35086 Possible buffer over read due to improper validation of SIB type when processing a NR system Information message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2021-35086
CVE-2021-35087 Possible null pointer access due to improper validation of system information message to be processed in Snapdragon Industrial IOT, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2021-35087
CVE-2021-35090 Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2021-35090
CVE-2021-35091 Possible out of bounds read due to improper typecasting while handling page fault for global memory in Snapdragon Connectivity, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2021-35091
CVE-2021-35092 Processing DCB/AVB algorithm with an invalid queue index from IOCTL request could lead to arbitrary address modification in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music https://nvd.nist.gov/vuln/detail/CVE-2021-35092
CVE-2021-35094 Improper verification of timeout-based authentication in identity credential can lead to invalid authorization in HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2021-35094
CVE-2021-35095 Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register with same label in Snapdragon Connectivity, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2021-35095
CVE-2021-35096 Improper memory allocation during counter check DLM handling can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2021-35096
CVE-2021-35098 Improper validation of session id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2021-35098
CVE-2021-35100 Possible buffer over read due to improper calculation of string length while parsing Id3 tag in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2021-35100
CVE-2021-35101 Improper handling of writes to virtual GICR control can lead to assertion failure in the hypervisor in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2021-35101
CVE-2021-35102 Possible buffer overflow due to lack of validation for the length of NAI string read from EFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2021-35102
CVE-2021-35104 Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking https://nvd.nist.gov/vuln/detail/CVE-2021-35104
CVE-2021-35111 Improper validation of tag id while RRC sending tag id to MAC can lead to TOCTOU race condition in Snapdragon Connectivity, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2021-35111
CVE-2021-35112 A user with user level permission can access graphics protected region due to improper access control in register configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2021-35112
CVE-2021-35114 Improper buffer initialization on the backend driver can lead to buffer overflow in Snapdragon Auto https://nvd.nist.gov/vuln/detail/CVE-2021-35114
CVE-2021-35116 APK can load a crafted model into the CDSP which can lead to a compromise of CDSP and other APK`s data executing there in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2021-35116
CVE-2021-35118 An out-of-bounds write can occur due to an incorrect input check in the camera driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2021-35118
CVE-2021-35119 Potential out of Bounds read in FIPS event processing due to improper validation of the length from the firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2021-35119
CVE-2021-35120 Improper handling between export and release functions on the same handle from client can lead to use after free in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2021-35120
CVE-2021-35121 An array index is improperly used to lock and unlock a mutex which can lead to a Use After Free condition In the Synx driver in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2021-35121
CVE-2021-35123 Buffer copy in GATT multi notification due to improper length check for the data coming over-the-air in Snapdragon Connectivity, Snapdragon Industrial IOT https://nvd.nist.gov/vuln/detail/CVE-2021-35123
CVE-2021-35126 Memory corruption in DSP service due to improper validation of input parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2021-35126
CVE-2021-35129 Memory corruption in BT controller due to improper length check while processing vendor specific commands in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking https://nvd.nist.gov/vuln/detail/CVE-2021-35129
CVE-2021-35130 Memory corruption in graphics support layer due to use after free condition in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2021-35130
CVE-2021-37182 A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.) (All versions < V6.5), SCALANCE XM416-4C (All versions < V6.5), SCALANCE XM416-4C (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 1x230V (All versions < V6.5), SCALANCE XR524-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 24V (All versions < V6.5), SCALANCE XR524-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 2x230V (All versions < V6.5), SCALANCE XR524-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 1x230V (All versions < V6.5), SCALANCE XR526-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 24V (All versions < V6.5), SCALANCE XR526-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 2x230V (All versions < V6.5), SCALANCE XR526-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR528-6M (All versions < V6.5), SCALANCE XR528-6M (2HR2) (All versions < V6.5), SCALANCE XR528-6M (2HR2, L3 int.) (All versions < V6.5), SCALANCE XR528-6M (L3 int.) (All versions < V6.5), SCALANCE XR552-12M (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2, L3 int.) (All versions < V6.5). The OSPF protocol implementation in affected devices fails to verify the checksum and length fields in the OSPF LS Update messages. An unauthenticated remote attacker could exploit this vulnerability to cause interruptions in the network by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device. https://nvd.nist.gov/vuln/detail/CVE-2021-37182
CVE-2021-40616 thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required. https://nvd.nist.gov/vuln/detail/CVE-2021-40616
CVE-2021-40649 In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the HttpOnly flag set. https://nvd.nist.gov/vuln/detail/CVE-2021-40649
CVE-2021-40650 In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the secure flag set. https://nvd.nist.gov/vuln/detail/CVE-2021-40650
CVE-2022-22057 Use after free in graphics fence due to a race condition while closing fence file descriptor and destroy graphics timeline simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2022-22057
CVE-2022-22064 Possible buffer over read due to lack of size validation while unpacking frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2022-22064
CVE-2022-22065 Out of bound read in WLAN HOST due to improper length check can lead to DOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2022-22065
CVE-2022-22068 kernel event may contain unexpected content which is not generated by NPU software in asynchronous execution mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2022-22068
CVE-2022-22071 Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music https://nvd.nist.gov/vuln/detail/CVE-2022-22071
CVE-2022-22072 Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music https://nvd.nist.gov/vuln/detail/CVE-2022-22072
CVE-2022-22082 Memory corruption due to possible buffer overflow while parsing DSF header with corrupted channel count in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2022-22082
CVE-2022-22083 Denial of service due to memory corruption while extracting ape header from clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2022-22083
CVE-2022-22084 Memory corruption when extracting qcp audio file due to lack of check on data length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2022-22084
CVE-2022-22085 Memory corruption in video due to buffer overflow while reading the dts file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2022-22085
CVE-2022-22086 Memory corruption in video due to double free while parsing 3gp clip with invalid meta data atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2022-22086
CVE-2022-22087 memory corruption in video due to buffer overflow while parsing mkv clip with no codechecker in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables https://nvd.nist.gov/vuln/detail/CVE-2022-22087
CVE-2022-22090 Memory corruption in audio due to use after free while managing buffers from internal cache in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile https://nvd.nist.gov/vuln/detail/CVE-2022-22090
CVE-2022-22103 Memory corruption in multimedia driver due to double free while processing data from user in Snapdragon Auto https://nvd.nist.gov/vuln/detail/CVE-2022-22103
CVE-2022-25651 Memory corruption in bluetooth host due to integer overflow while processing BT HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music https://nvd.nist.gov/vuln/detail/CVE-2022-25651
CVE-2022-26476 A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). An unauthenticated attacker could log into the component Shared HIS used in Spectrum Power systems by using an account with default credentials. A successful exploitation could allow the attacker to access the component Shared HIS with administrative privileges. https://nvd.nist.gov/vuln/detail/CVE-2022-26476
CVE-2022-27219 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors. https://nvd.nist.gov/vuln/detail/CVE-2022-27219
CVE-2022-27220 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors. https://nvd.nist.gov/vuln/detail/CVE-2022-27220
CVE-2022-27221 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack. https://nvd.nist.gov/vuln/detail/CVE-2022-27221
CVE-2022-29034 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS) attacks. https://nvd.nist.gov/vuln/detail/CVE-2022-29034
CVE-2022-30228 A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not apply cross-origin resource sharing (CORS) restrictions for critical operations. In case an attacker tricks a legitimate user into accessing a special resource a malicious request could be executed. https://nvd.nist.gov/vuln/detail/CVE-2022-30228
CVE-2022-30229 A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change data of an user, such as credentials, in case that user's id is known. https://nvd.nist.gov/vuln/detail/CVE-2022-30229
CVE-2022-30230 A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to create a new user with administrative permissions. https://nvd.nist.gov/vuln/detail/CVE-2022-30230
CVE-2022-30231 A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software discloses password hashes of other users upon request. This could allow an authenticated user to retrieve another users password hash. https://nvd.nist.gov/vuln/detail/CVE-2022-30231
CVE-2022-30937 A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint. This could allow an attacker to crash the affected application leading to a denial of service condition. https://nvd.nist.gov/vuln/detail/CVE-2022-30937
CVE-2022-31465 A vulnerability has been identified in Xpedition Designer (All versions < VX.2.11). The affected application assigns improper access rights to the service executable. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. https://nvd.nist.gov/vuln/detail/CVE-2022-31465
CVE-2022-31619 A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions). Java EE Server Manager HTML Adaptor in Teamcenter consists of default hardcoded credentials. Access to the application allows a user to perform a series of actions that could potentially lead to remote code execution with elevated permissions. https://nvd.nist.gov/vuln/detail/CVE-2022-31619
CVE-2022-32145 A vulnerability has been identified in Teamcenter Active Workspace V5.2 (All versions < V5.2.9), Teamcenter Active Workspace V6.0 (All versions < V6.0.3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious code by tricking users into accessing a malicious link. https://nvd.nist.gov/vuln/detail/CVE-2022-32145
CVE-2022-32251 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and gain the privileges of an administrative user. https://nvd.nist.gov/vuln/detail/CVE-2022-32251
CVE-2022-32252 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an attacker. https://nvd.nist.gov/vuln/detail/CVE-2022-32252
CVE-2022-32253 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Due to improper input validation, the OpenSSL certificate's password could be printed to a file reachable by an attacker. https://nvd.nist.gov/vuln/detail/CVE-2022-32253
CVE-2022-32254 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker. https://nvd.nist.gov/vuln/detail/CVE-2022-32254
CVE-2022-32255 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information. https://nvd.nist.gov/vuln/detail/CVE-2022-32255
CVE-2022-32256 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information. https://nvd.nist.gov/vuln/detail/CVE-2022-32256
CVE-2022-32258 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure. https://nvd.nist.gov/vuln/detail/CVE-2022-32258
CVE-2022-32259 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration. https://nvd.nist.gov/vuln/detail/CVE-2022-32259
CVE-2022-32260 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios. https://nvd.nist.gov/vuln/detail/CVE-2022-32260
CVE-2022-32261 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application. https://nvd.nist.gov/vuln/detail/CVE-2022-32261
CVE-2022-32262 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2022-32262
CVE-2022-32285 A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). The affected module is vulnerable to XML External Entity (XXE) attacks due to insufficient input sanitation. This may allow an attacker to disclose confidential data under certain circumstances. https://nvd.nist.gov/vuln/detail/CVE-2022-32285
CVE-2022-32286 A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). In certain configurations SAML module is vulnerable to Cross Site Scripting (XSS) attacks due to insufficient error message sanitation. This could allow an attacker to execute malicious code by tricking users into accessing a malicious link. https://nvd.nist.gov/vuln/detail/CVE-2022-32286
CVE-2021-40633 A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file. https://nvd.nist.gov/vuln/detail/CVE-2021-40633
CVE-2021-40658 Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”. https://nvd.nist.gov/vuln/detail/CVE-2021-40658
CVE-2021-40678 In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batch_manager&mode=unit. https://nvd.nist.gov/vuln/detail/CVE-2021-40678
CVE-2022-31273 An issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smpidp allows attackers to perform a brute-force attack via a crafted session_id cookie. https://nvd.nist.gov/vuln/detail/CVE-2022-31273
CVE-2021-40660 An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can be exploited to launching a denial of service (DoS) attack. https://nvd.nist.gov/vuln/detail/CVE-2021-40660
CVE-2022-27889 The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0. This issue affects: Palantir Foundry Multipass versions prior to 3.647.0. https://nvd.nist.gov/vuln/detail/CVE-2022-27889
CVE-2022-31308 A vulnerability in live_mfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function. https://nvd.nist.gov/vuln/detail/CVE-2022-31308
CVE-2022-31309 A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function. https://nvd.nist.gov/vuln/detail/CVE-2022-31309
CVE-2022-31311 An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request. https://nvd.nist.gov/vuln/detail/CVE-2022-31311
CVE-2022-31845 A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. https://nvd.nist.gov/vuln/detail/CVE-2022-31845
CVE-2022-31846 A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. https://nvd.nist.gov/vuln/detail/CVE-2022-31846
CVE-2022-31847 A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request. https://nvd.nist.gov/vuln/detail/CVE-2022-31847
CVE-2022-32336 Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/view_menu.php?id=. https://nvd.nist.gov/vuln/detail/CVE-2022-32336
CVE-2022-30931 Employee Leaves Management System (ELMS) V 2.1 is vulnerable to Cross Site Request Forgery (CSRF) via /myprofile.php. https://nvd.nist.gov/vuln/detail/CVE-2022-30931
CVE-2022-32328 Fast Food Ordering System v1.0 is vulnerable to Delete any file. via /ffos/classes/Master.php?f=delete_img. https://nvd.nist.gov/vuln/detail/CVE-2022-32328
CVE-2022-32330 Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=delete_menu. https://nvd.nist.gov/vuln/detail/CVE-2022-32330
CVE-2022-32331 Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/categories/view_category.php?id=. https://nvd.nist.gov/vuln/detail/CVE-2022-32331
CVE-2022-32332 Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=delete_category. https://nvd.nist.gov/vuln/detail/CVE-2022-32332
CVE-2022-32333 Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/sales/receipt.php?id=. https://nvd.nist.gov/vuln/detail/CVE-2022-32333
CVE-2022-32334 Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/categories/manage_category.php?id=. https://nvd.nist.gov/vuln/detail/CVE-2022-32334
CVE-2022-32335 Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/manage_menu.php?id=. https://nvd.nist.gov/vuln/detail/CVE-2022-32335
CVE-2022-32338 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/doctors/manage_doctor.php?id=. https://nvd.nist.gov/vuln/detail/CVE-2022-32338
CVE-2022-32339 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/doctors/view_doctor.php?id=. https://nvd.nist.gov/vuln/detail/CVE-2022-32339
CVE-2022-32340 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/?page=patients/view_patient&id=. https://nvd.nist.gov/vuln/detail/CVE-2022-32340
CVE-2022-32341 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/?page=user/manage_user&id=. https://nvd.nist.gov/vuln/detail/CVE-2022-32341
CVE-2022-32342 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/room_types/view_room_type.php?id=. https://nvd.nist.gov/vuln/detail/CVE-2022-32342
CVE-2022-32343 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via hprms/admin/room_types/manage_room_type.php?id=. https://nvd.nist.gov/vuln/detail/CVE-2022-32343
CVE-2022-32344 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient. https://nvd.nist.gov/vuln/detail/CVE-2022-32344
CVE-2022-32345 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/rooms/manage_room.php?id=. https://nvd.nist.gov/vuln/detail/CVE-2022-32345
CVE-2022-32346 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/rooms/view_room.php?id=. https://nvd.nist.gov/vuln/detail/CVE-2022-32346
CVE-2022-32347 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_room. https://nvd.nist.gov/vuln/detail/CVE-2022-32347
CVE-2022-32348 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_doctor. https://nvd.nist.gov/vuln/detail/CVE-2022-32348
CVE-2022-32349 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient_history. https://nvd.nist.gov/vuln/detail/CVE-2022-32349
CVE-2022-32350 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_room_type. https://nvd.nist.gov/vuln/detail/CVE-2022-32350
CVE-2022-32351 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_message. https://nvd.nist.gov/vuln/detail/CVE-2022-32351
CVE-2022-32352 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient_admission. https://nvd.nist.gov/vuln/detail/CVE-2022-32352
CVE-2021-42675 Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-42675
CVE-2022-27668 Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability. https://nvd.nist.gov/vuln/detail/CVE-2022-27668
CVE-2022-29612 SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application. https://nvd.nist.gov/vuln/detail/CVE-2022-29612
CVE-2022-30930 Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF). https://nvd.nist.gov/vuln/detail/CVE-2022-30930
CVE-2022-31289 https://ossindex.sonatype.org/ Sonatype Nexus Repository Manager OSS 3.37.3-02 is affected by: Incorrect Access Control. The impact is: Authentication Bypass (remote). The component is: Admin Panel. The attack vector is: With the help of response manipulation Attacker can bypass the login panel and view the dashboard menus, No user interaction is required. ¶¶ 1. Go to https://nexus.e-goi.com 2. Click on the Sign In button. 3. Enter the password as admin:admin. 4. Intercept the request in Burp Suite. 5. Capture the Response of the Request. 6. Change the Status Code from 403 Forbidden to 200 OK. 7. You will see the dashboard which provides the admin access. https://nvd.nist.gov/vuln/detail/CVE-2022-31289
CVE-2022-31403 ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/pages/ajax.render.php. https://nvd.nist.gov/vuln/detail/CVE-2022-31403
CVE-2022-32337 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/patients/manage_patient.php?id=. https://nvd.nist.gov/vuln/detail/CVE-2022-32337
CVE-2022-32557 An issue was discovered in Couchbase Server before 7.0.4. The Index Service does not enforce authentication for TCP/TLS servers. https://nvd.nist.gov/vuln/detail/CVE-2022-32557
CVE-2022-32559 An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics. https://nvd.nist.gov/vuln/detail/CVE-2022-32559
CVE-2022-32561 An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network. https://nvd.nist.gov/vuln/detail/CVE-2022-32561
CVE-2022-29238 Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents of hidden directories, not accessing individual hidden files or files in hidden directories (i.e. hidden files were 'hidden' but not 'inaccessible'). This could lead to notebook configurations allowing authenticated access to files that may reasonably be expected to be disallowed. Because fully authenticated requests are required, this is of relatively low impact. But if a server's root directory contains sensitive files whose only protection from the server is being hidden (e.g. `~/.ssh` while serving $HOME), then any authenticated requests could access files if their names are guessable. Such contexts also necessarily have full access to the server and therefore execution permissions, which also generally grants access to all the same files. So this does not generally result in any privilege escalation or increase in information access, only an additional, unintended means by which the files could be accessed. Version 6.4.12 contains a patch for this issue. There are currently no known workarounds. https://nvd.nist.gov/vuln/detail/CVE-2022-29238
CVE-2022-30903 Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management. https://nvd.nist.gov/vuln/detail/CVE-2022-30903
CVE-2022-32364 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/manage_product&id=. https://nvd.nist.gov/vuln/detail/CVE-2022-32364
CVE-2022-32365 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/manage_field.php?id=. https://nvd.nist.gov/vuln/detail/CVE-2022-32365
CVE-2022-32366 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/view_field.php?id=. https://nvd.nist.gov/vuln/detail/CVE-2022-32366
CVE-2022-32367 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=inquiries/view_inquiry&id=. https://nvd.nist.gov/vuln/detail/CVE-2022-32367
CVE-2022-29614 SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability. https://nvd.nist.gov/vuln/detail/CVE-2022-29614
CVE-2022-29615 SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with version 1.x. https://nvd.nist.gov/vuln/detail/CVE-2022-29615
CVE-2022-29618 Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. https://nvd.nist.gov/vuln/detail/CVE-2022-29618
CVE-2022-31589 Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted. https://nvd.nist.gov/vuln/detail/CVE-2022-31589
CVE-2022-31590 SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system. https://nvd.nist.gov/vuln/detail/CVE-2022-31590
CVE-2022-31594 A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system. https://nvd.nist.gov/vuln/detail/CVE-2022-31594
CVE-2022-31595 SAP Financial Consolidation - version 1010,?does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. https://nvd.nist.gov/vuln/detail/CVE-2022-31595
CVE-2022-32235 When a user opens manipulated AutoCAD (.dwg, TeighaTranslator.exe) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. https://nvd.nist.gov/vuln/detail/CVE-2022-32235
CVE-2022-31059 Discourse Calendar is a calendar plugin for Discourse, an open-source messaging app. Prior to version 1.0.1, parsing and rendering of Event names can be susceptible to cross-site scripting (XSS) attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Content Security Policy. This issue is patched in version 1.0.1 of the Discourse Calendar plugin. As a workaround, ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks. https://nvd.nist.gov/vuln/detail/CVE-2022-31059
CVE-2022-32236 When a user opens manipulated Windows Bitmap (.bmp, 2d.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. https://nvd.nist.gov/vuln/detail/CVE-2022-32236
CVE-2022-32237 When a user opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. https://nvd.nist.gov/vuln/detail/CVE-2022-32237
CVE-2022-32238 When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. https://nvd.nist.gov/vuln/detail/CVE-2022-32238
CVE-2022-32239 When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. https://nvd.nist.gov/vuln/detail/CVE-2022-32239
CVE-2022-29241 Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of `root_dir` that contains the starting user's home directory, then the underlying REST API can be used to leak the access token assigned at start time by guessing/brute forcing the PID of the jupyter server. While this requires an authenticated user session, this URL can be used from a cross-site scripting payload or from a hooked or otherwise compromised browser to leak this access token to a malicious third party. This token can be used along with the REST API to interact with Jupyter services/notebooks such as modifying or overwriting critical files, such as .bashrc or .ssh/authorized_keys, allowing a malicious user to read potentially sensitive data and possibly gain control of the impacted system. This issue is patched in version 1.17.1. https://nvd.nist.gov/vuln/detail/CVE-2022-29241
CVE-2022-31046 TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details of database tables they already have access to. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users. https://nvd.nist.gov/vuln/detail/CVE-2022-31046
CVE-2022-31047 TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem. https://nvd.nist.gov/vuln/detail/CVE-2022-31047
CVE-2022-31048 TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. TYPO3 versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem. https://nvd.nist.gov/vuln/detail/CVE-2022-31048
CVE-2022-31049 TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem. https://nvd.nist.gov/vuln/detail/CVE-2022-31049
CVE-2022-31050 TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolonged without any limit. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem. https://nvd.nist.gov/vuln/detail/CVE-2022-31050
CVE-2022-31060 Discourse is an open-source discussion platform. Prior to version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches of Discourse. As a workaround, one may disable banners. https://nvd.nist.gov/vuln/detail/CVE-2022-31060
CVE-2022-32353 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_field_order.php?id=. https://nvd.nist.gov/vuln/detail/CVE-2022-32353
CVE-2022-32354 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=user/manage_user&id=. https://nvd.nist.gov/vuln/detail/CVE-2022-32354
CVE-2022-32355 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/view_product&id=. https://nvd.nist.gov/vuln/detail/CVE-2022-32355
CVE-2022-32358 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_inquiry. https://nvd.nist.gov/vuln/detail/CVE-2022-32358
CVE-2022-32359 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_category. https://nvd.nist.gov/vuln/detail/CVE-2022-32359
CVE-2022-32362 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_category.php?id=. https://nvd.nist.gov/vuln/detail/CVE-2022-32362
CVE-2022-32363 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/view_category.php?id=. https://nvd.nist.gov/vuln/detail/CVE-2022-32363
CVE-2022-31066 EdgeX Foundry is an open source project for building a common open framework for Internet of Things edge computing. Prior to version 2.1.1, the /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to be kept in the EdgeX secret store and require authentication to access. This vulnerability bypasses the access controls on message bus credentials when running in security-enabled mode. (No credentials are required when running in security-disabled mode.) As a result, attackers could intercept data or inject fake data into the EdgeX message bus. Users should upgrade to EdgeXFoundry Kamakura release (2.2.0) or to the June 2022 EdgeXFoundry LTS Jakarta release (2.1.1) to receive a patch. More information about which go modules, docker containers, and snaps contain patches is available in the GitHub Security Advisory. There are currently no known workarounds for this issue. https://nvd.nist.gov/vuln/detail/CVE-2022-31066
CVE-2022-32230 Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot. https://nvd.nist.gov/vuln/detail/CVE-2022-32230
CVE-2022-32240 When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. https://nvd.nist.gov/vuln/detail/CVE-2022-32240
CVE-2022-32241 When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. https://nvd.nist.gov/vuln/detail/CVE-2022-32241
CVE-2022-32242 When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. https://nvd.nist.gov/vuln/detail/CVE-2022-32242
CVE-2022-32243 When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. https://nvd.nist.gov/vuln/detail/CVE-2022-32243