Security Bulletin 10 Aug 2022

Published on 10 Aug 2022

Updated on 10 Aug 2022

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Criticalvulnerabilities with a base score of 9.0 to 10.0
Highvulnerabilities with a base score of 7.0 to 8.9
Mediumvulnerabilities with a base score of 4.0 to 6.9
Lowvulnerabilities with a base score of 0.1 to 3.9
Nonevulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2021-1388A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator MSO installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint. An attacker could exploit this vulnerability by sending a crafted request to the affected API. A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller APIC devices.10https://nvd.nist.gov/vuln/detail/CVE-2021-1388
CVE-2021-29475HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker can receive arbitrary files from the file system when exporting a note to PDF. Since the code injection has to take place as note content, therefore this exploit requires the attackers ability to modify a note. This will affect all instances, which have pdf export enabled. This issue has been fixed by https://github.com/hedgedoc and is available in version 1.5.0. Starting the CodiMD HedgeDoc instance in config.json can mitigate this issue for those who cannot upgrade. This exploit works because while PhantomJS doesn’t actually render the `file: ` references to the PDF file itself, it still uses them internally, and exfiltration is possible, and easy through JavaScript rendering. The impact is pretty bad, as the attacker is able to read the CodiMD HedgeDoc `config.json` file as well any other files on the filesystem. Even though the suggested Docker deploy option doesn’t have many interesting files itself, the `config.json` still often contains sensitive information, database credentials, and maybe OAuth secrets among other things.10https://nvd.nist.gov/vuln/detail/CVE-2021-29475
CVE-2021-44228Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 along with 2.12.2, 2.12.3, and 2.3.1 , this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.10https://nvd.nist.gov/vuln/detail/CVE-2021-44228
CVE-2021-41556sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read in the core interpreter that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as File System functions has been disabled. An attacker might abuse this bug to target for example Cloud services that allow customization via SquirrelScripts, or distribute malware through video games that embed a Squirrel Engine.10https://nvd.nist.gov/vuln/detail/CVE-2021-41556
CVE-2022-2595Improper Authorization in GitHub repository kromitgmbhtitra prior to 0.79.1.10https://nvd.nist.gov/vuln/detail/CVE-2022-2595
CVE-2021-43779GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server’s underlying operating system using command injection abuse of functionality. There is no workaround for this issue and users are advised to upgrade or to disable the addressing plugin.9.9https://nvd.nist.gov/vuln/detail/CVE-2021-43779
CVE-2015-8391The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service CPU consumption or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.9.8https://nvd.nist.gov/vuln/detail/CVE-2015-8391
CVE-2020-8158Prototype pollution vulnerability in the TypeORM package 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-8158
CVE-2020-15254Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The destructor of the `bounded` channel reconstructs `Vec` from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity when `Vec::from_iter` has allocated different sizes with the number of iterator elements. This has been fixed in crossbeam-channel 0.4.4.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-15254
CVE-2020-7561A CWE-284: Improper Access Control vulnerability exists in Easergy T300 with firmware 2.7 and older that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7561
CVE-2020-28926ReadyMedia aka MiniDLNA before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy memmove.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-28926
CVE-2020-26201Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System rlx-linux level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-26201
CVE-2020-27730In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-27730
CVE-2020-29563An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-29563
CVE-2021-1301Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-1301
CVE-2021-1142Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-1142
CVE-2021-1459A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device. Cisco has not released software updates that address this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-1459
CVE-2021-1472Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-1472
CVE-2021-1473Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-1473
CVE-2020-27240An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-27240
CVE-2020-27241An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-27241
CVE-2021-29462The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp libupnp appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This can be mitigated by using DNS revolvers which block DNS-rebinding attacks. The vulnerability is fixed in version 1.14.6 and later.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-29462
CVE-2021-0254A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service (DoS) condition, or leading to remote code execution (RCE). Continued receipt and processing of these packets will sustain the partial DoS. The overlayd daemon handles Overlay OAM packets, such as ping and traceroute, sent to the overlay. The service runs as root by default and listens for UDP connections on port 4789. This issue results from improper buffer size validation, which can lead to a buffer overflow. Unauthenticated attackers can send specially crafted packets to trigger this vulnerability, resulting in possible remote code execution. overlayd runs by default in MX Series, ACX Series, and QFX Series platforms. The SRX Series does not support VXLAN and is therefore not vulnerable to this issue. Other platforms are also vulnerable if a Virtual Extensible LAN (VXLAN) overlay network is configured. This issue affects Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S9 17.3 versions prior to 17.3R3-S11 17.4 versions prior to 17.4R2-S13, 17.4R3-S4 18.1 versions prior to 18.1R3-S12 18.2 versions prior to 18.2R2-S8, 18.2R3-S7 18.3 versions prior to 18.3R3-S4 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7 19.1 versions prior to 19.1R2-S2, 19.1R3-S4 19.2 versions prior to 19.2R1-S6, 19.2R3-S2 19.3 versions prior to 19.3R3-S1 19.4 versions prior to 19.4R2-S4, 19.4R3-S1 20.1 versions prior to 20.1R2-S1, 20.1R3 20.2 versions prior to 20.2R2, 20.2R2-S1, 20.2R3 20.3 versions prior to 20.3R1-S1.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-0254
CVE-2021-1468Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-1468
CVE-2021-20204A heap memory corruption problem use after free can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbitrary code execution or privilege escalation depending on input skills of attacker.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-20204
CVE-2018-25011A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16 .9.8https://nvd.nist.gov/vuln/detail/CVE-2018-25011
CVE-2018-25014A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-25014
CVE-2021-20236A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-20236
CVE-2021-32619Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are dynamically imported through `import` or `new Worker` might have been able to bypass network and file system permission checks when statically importing other modules. The vulnerability has been patched in Deno release 1.10.2.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-32619
CVE-2021-0276A stack-based Buffer Overflow vulnerability in Juniper Networks SBR Carrier with EAP Extensible Authentication Protocol authentication configured, allows an attacker sending specific packets causing the radius daemon to crash resulting with a Denial of Service (DoS) or leading to remote code execution (RCE). By continuously sending these specific packets, an attacker can repeatedly crash the radius daemon, causing a sustained Denial of Service (DoS). This issue affects Juniper Networks SBR Carrier: 8.4.1 versions prior to 8.4.1R19 8.5.0 versions prior to 8.5.0R10 8.6.0 versions prior to 8.6.0R4.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-0276
CVE-2021-38297Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-38297
CVE-2021-423384MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt services by upload and execution of arbitrary files.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-42338
CVE-2021-42128An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-42128
CVE-2021-4119bookstack is vulnerable to Improper Access Control9.8https://nvd.nist.gov/vuln/detail/CVE-2021-4119
CVE-2021-44548An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44548
CVE-2021-44530An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53 and earlier Log4J CVE-2021-44228 allows a malicious actor to control the application.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44530
CVE-2021-43355Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypass the client-side checks. An attacker with knowledge of the service user could circumvent the client-side control and login with service privileges.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43355
CVE-2022-28219Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-28219
CVE-2021-3897An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 FPC2 and Lenovo System Management Module SMM firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-3897
CVE-2022-29078The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template compilation .9.8https://nvd.nist.gov/vuln/detail/CVE-2022-29078
CVE-2022-35405Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)9.8https://nvd.nist.gov/vuln/detail/CVE-2022-35405
CVE-2022-34169The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34169
CVE-2022-26136A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26136
CVE-2022-26138The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabled systemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26138
CVE-2022-36446software apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36446
CVE-2022-35869This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 b2022030114 . Authentication is not required to exploit this vulnerability. The specific flaw exists within com.inductiveautomation.ignition.gateway.web.pages. The issue results from the lack of proper authentication prior to access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17211.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-35869
CVE-2022-34577A vulnerability in adm.cgi of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34577
CVE-2022-29958JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory address and a blob of machine code. The logic that is downloaded to the PLC is not cryptographically authenticated, allowing an attacker to execute arbitrary machine code on the PLC’s CPU module in the context of the runtime. In the case of the PC10G-CPU, and likely for other CPU modules of the TOYOPUC family, a processor without MPU or MMU is used and this no memory protection or privilege-separation capabilities are available, giving an attacker full control over the CPU.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-29958
CVE-2022-31206The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software which compiles IEC 61131-3 conformant POU code to native machine code for execution by the PLC’s runtime. The resulting machine code is executed by a runtime, typically controlled by a real-time operating system. The logic that is downloaded to the PLC does not seem to be cryptographically authenticated, allowing an attacker to manipulate transmitted object code to the PLC and execute arbitrary machine code on the processor of the PLC’s CPU module in the context of the runtime. In the case of at least the NJ series, an RTOS and hardware combination is used that would potentially allow for memory protection and privilege separation and thus limit the impact of code execution. However, it was not confirmed whether these sufficiently segment the runtime from the rest of the RTOS.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-31206
CVE-2022-31207The Omron SYSMAC Cx product family PLCs CS series, CJ series, and CP series through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS (9600) TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. This protocol has authentication flaws as reported in FSCT-2022-0057. Control logic is downloaded to PLC volatile memory using the FINS Program Area Read and Program Area Write commands or to non-volatile memory using other commands from where it can be loaded into volatile memory for execution. The logic that is loaded into and executed from the user program area exists in compiled object code form. Upon execution, these object codes are first passed to a dedicated ASIC that determines whether the object code is to be executed by the ASIC or the microprocessor. In the former case, the object code is interpreted by the ASIC whereas in the latter case the object code is passed to the microprocessor for object code interpretation by a ROM interpreter. In the abnormal case where the object code cannot be handled by either, an abnormal condition is triggered and the PLC is halted. The logic that is downloaded to the PLC does not seem to be cryptographically authenticated, thus allowing an attacker to manipulate transmitted object code to the PLC and either execute arbitrary object code commands on the ASIC or on the microprocessor interpreter.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-31207
CVE-2022-23100OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter e.g., through an email attachment .9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23100
CVE-2022-24405OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24405
CVE-2022-36950In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36950
CVE-2022-36951In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may compromise the host by exploiting an incorrectly patched vulnerability. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36951
CVE-2022-36952In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36952
CVE-2022-36986An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36986
CVE-2022-31627In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-31627
CVE-2022-22683Buffer copy without checking size of input ’Classic Buffer Overflow’ vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22683
CVE-2022-27612Buffer copy without checking size of input ’Classic Buffer Overflow’ vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands via unspecified vectors.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27612
CVE-2021-22640An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-22640
CVE-2021-22644Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-22644
CVE-2021-22646The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-22646
CVE-2021-22648Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-22648
CVE-2021-22650An attacker may use TWinSoft and a malicious source project file TPG to extract files on machine executing Ovarro TWinSoft, which could lead to code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-22650
CVE-2022-30315Honeywell Experion PKS Safety Manager SM and FSC through 2022-05-06 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0053, there is a Honeywell Experion PKS Safety Manager insufficient logic security controls issue. The affected components are characterized as: Honeywell FSC runtime (FSC-CPU, QPP), Honeywell Safety Builder. The potential impact is: Remote Code Execution, Denial of Service. The Honeywell Experion PKS Safety Manager family of safety controllers utilize the unauthenticated Safety Builder protocol (FSCT-2022-0051) for engineering purposes, including downloading projects and control logic to the controller. Control logic is downloaded to the controller on a block-by-block basis. The logic that is downloaded consists of FLD code compiled to native machine code for the CPU module (which applies to both the Safety Manager and FSC families). Since this logic does not seem to be cryptographically authenticated, it allows an attacker capable of triggering a logic download to execute arbitrary machine code on the controller’s CPU module in the context of the runtime. While the researchers could not verify this in detail, the researchers believe that the microprocessor underpinning the FSC and Safety Manager CPU modules is incapable of offering memory protection or privilege separation capabilities which would give an attacker full control of the CPU module. There is no authentication on control logic downloaded to the controller. Memory protection and privilege separation capabilities for the runtime are possibly lacking. The researchers confirmed the issues in question on Safety Manager R145.1 and R152.2 but suspect the issue affects all FSC and SM controllers and associated Safety Builder versions regardless of software or firmware revision. An attacker who can communicate with a Safety Manager controller via the Safety Builder protocol can execute arbitrary code without restrictions on the CPU module, allowing for covert manipulation of control operations and implanting capabilities similar to the TRITON malware (MITRE ATT&CK software ID S1009). A mitigating factor with regards to some, but not all, of the above functionality is that these require the Safety Manager physical keyswitch to be in the right position.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-30315
CVE-2016-4991Input passed to the Pdf function is shell escaped and passed to child_process.exec during PDF rendering. However, the shell escape does not properly encode all special characters, namely, semicolon and curly braces. This can be abused to achieve command execution. This problem affects nodepdf 1.3.0.9.8https://nvd.nist.gov/vuln/detail/CVE-2016-4991
CVE-2022-2564Prototype Pollution in GitHub repository automattic mongoose prior to 6.4.6.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-2564
CVE-2022-34555TP-LINK TL-R473G 2.0.1 Build 220529 Rel.65574n was discovered to contain a remote code execution vulnerability which is exploited via a crafted packet.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34555
CVE-2022-34558WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34558
CVE-2022-1799Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-1799
CVE-2022-1277Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-1277
CVE-2022-2578A vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1.0. This issue affects some unknown processing of the file php_action createUser.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-2578
CVE-2022-22280Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22280
CVE-2022-34496Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the file upload feature.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34496
CVE-2022-34531DedeCMS v5.7.95 was discovered to contain a remote code execution RCE vulnerability via the component mytag_ main.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34531
CVE-2022-27255In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27255
CVE-2022-1950The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection9.8https://nvd.nist.gov/vuln/detail/CVE-2022-1950
CVE-2022-2317The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-2317
CVE-2022-26437In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831 Issue ID: WSAP00103831. 9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26437
CVE-2022-31179Shescape is a simple shell escape package for JavaScript. Versions prior to 1.5.8 were found to be subject to code injection on windows. This impacts users that use Shescape (any API function) to escape arguments for cmd.exe on Windows An attacker can omit all arguments following their input by including a line feed character in the payload. This bug has been patched in (v1.5.8) which you can upgrade too now. No further changes are required. Alternatively, line feed characters can be stripped out manually or the user input can be made the last argument (this only limits the impact).9.8https://nvd.nist.gov/vuln/detail/CVE-2022-31179
CVE-2022-31180Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient escaping of white space when interpolating output. This issue only impacts users that use the `escape` or `escapeAll` functions with the `interpolation` option set to `true`. The result is that if an attacker can include whitespace in their input they can: 1. Invoke shell-specific behaviour through shell-specific special characters inserted directly after whitespace. 2. Invoke shell-specific behaviour through shell-specific special characters inserted or appearing after line terminating characters. 3. Invoke arbitrary commands by inserting a line feed character. 4. Invoke arbitrary commands by inserting a carriage return character. Behaviour number 1 has been patched in [v1.5.7] which you can upgrade too now. No further changes are required. Behaviour number 2, 3, and 4 have been patched in [v1.5.8] which you can upgrade too now. No further changes are required. The best workaround is to avoid having to use the `interpolation: true` option - in most cases using an alternative is possible. Alternatively, users may strip all whitespace from user input. 9.8https://nvd.nist.gov/vuln/detail/CVE-2022-31180
CVE-2022-31181PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP’s Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-31181
CVE-2022-31183fs2 is a compositional, streaming I O library for Scala. When establishing a server-mode `TLSSocket` using `fs2-io` on Node.js, the parameter is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. `fs2-io` running on Node.js. The JVM TLS implementation is completely independent. 2. `TLSSocket`s in server-mode. Client-mode `TLSSocket`s are implemented via a different API. 3. mTLS as enabled via a code in `TLSParameters`. The default setting is `false` for server-mode `TLSSocket`s. It was introduced with the initial Node.js implementation of fs2-io in 3.1.0. A patch is released in v3.2.11. If verification fails, a SSLException is raised. If using an unpatched version on Node.js, do not use a server-mode TLSSocket with requestCert is true code to establish a mTLS connection.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-31183
CVE-2022-31188CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade. There are no known workarounds for this issue.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-31188
CVE-2022-34945Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getproductreport.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34945
CVE-2022-34946Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getexpproduct.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34946
CVE-2022-34947Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editcategory.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34947
CVE-2022-34948Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editbrand.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34948
CVE-2022-34949Pharmacy Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the email or password parameter at login.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34949
CVE-2022-34950Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editproduct.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34950
CVE-2022-34951Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getsalereport.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34951
CVE-2022-34952Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edituser.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34952
CVE-2022-34953Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getOrderReport.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34953
CVE-2022-34954Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at invoiceprint.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34954
CVE-2022-34955Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_topusers.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34955
CVE-2022-34956Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_groups.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34956
CVE-2022-35422Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the qid parameter at update.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-35422
CVE-2020-28423This affects all versions of package monorepo-build.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-28423
CVE-2020-28424This affects all versions of package s3-kilatstorage.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-28424
CVE-2020-28425This affects all versions of package curljs.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-28425
CVE-2020-28433This affects all versions of package node-latex-pdf.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-28433
CVE-2020-28434This affects all versions of package gitblame. The injection point is located in line 15 in lib gitblame.js.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-28434
CVE-2020-28437This affects all versions of package heroku-env. The injection point is located in lib get.js which is required by index.js.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-28437
CVE-2020-28451This affects the package image-tiler before 2.0.2.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-28451
CVE-2020-28453This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib ocr.js.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-28453
CVE-2020-7795The package get-npm-package-version before 1.0.7 are vulnerable to Command Injection via main function in index.js.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7795
CVE-2022-34613Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34613
CVE-2022-35223EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserialization vulnerability, allowing an unauthenticated remote attacker to execute arbitrary code, manipulate system command or interrupt service.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-35223
CVE-2022-35925BookWyrm is a social network for tracking reading. Versions prior to 0.4.5 were found to lack rate limiting on authentication views which allows brute-force attacks. This issue has been patched in version 0.4.5. Admins with existing instances will need to update their `nginx.conf` file that was created when the instance was set up. Users are advised to upgrade. Users unable to upgrade may update their nginx.conf files with the changes manually.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-35925
CVE-2022-34943Laravel v5.1 was discovered to contain a remote code execution RCE vulnerability via the component ChanceGenerator in __call.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34943
CVE-2022-32292In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-32292
CVE-2022-2272This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server 3.0.4. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the login endpoint. When parsing the username element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17331. 9.8https://nvd.nist.gov/vuln/detail/CVE-2022-2272
CVE-2022-35865This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16709. 9.8https://nvd.nist.gov/vuln/detail/CVE-2022-35865
CVE-2022-2643A vulnerability has been found in SourceCodester Online Admission System and classified as critical. This vulnerability affects unknown code of the component Parameter Handler. The manipulation of the argument shift leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this entry is VDB-205564.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-2643
CVE-2022-2644A vulnerability was found in SourceCodester Online Admission System and classified as critical. This issue affects some unknown processing of the component GET Parameter Handler. The manipulation of the argument eid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-205565 was assigned to this vulnerability. 9.8https://nvd.nist.gov/vuln/detail/CVE-2022-2644
CVE-2022-2648A vulnerability was found in SourceCodester Multi Language Hotel Management Software. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument room_id leads to SQL injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205595. 9.8https://nvd.nist.gov/vuln/detail/CVE-2022-2648
CVE-2022-32964OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-32964
CVE-2022-32965OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-32965
CVE-2022-21178An os command injection vulnerability exists in the confsrv ucloud_add_new_node functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-21178
CVE-2022-22140An os command injection vulnerability exists in the confsrv ucloud_add_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22140
CVE-2022-22144A hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. During system startup this functionality is always called, leading to a known root password. An attacker does not have to do anything to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22144
CVE-2022-23103A stack-based buffer overflow vulnerability exists in the confsrv confctl_set_app_language functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23103
CVE-2022-23399A stack-based buffer overflow vulnerability exists in the confsrv set_port_fwd_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23399
CVE-2022-23918A stack-based buffer overflow vulnerability exists in the confsrv set_mf_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability leverages the ethAddr field within the protobuf message to cause a buffer overflow.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23918
CVE-2022-23919A stack-based buffer overflow vulnerability exists in the confsrv set_mf_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. This vulnerability leverages the name field within the protobuf message to cause a buffer overflow.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23919
CVE-2022-24005A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This vulnerability represents all occurrences of the buffer overflow vulnerability within the ap_steer binary.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24005
CVE-2022-24006A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This vulnerability represents all occurrences of the buffer overflow vulnerability within the arpbrocast binary.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24006
CVE-2022-24007A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This vulnerability represents all occurrences of the buffer overflow vulnerability within the cfm binary.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24007
CVE-2022-24008A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This vulnerability represents all occurrences of the buffer overflow vulnerability within the confcli binary.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24008
CVE-2022-24009A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This vulnerability represents all occurrences of the buffer overflow vulnerability within the confsrv binary.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24009
CVE-2022-24010A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This vulnerability represents all occurrences of the buffer overflow vulnerability within the cwmpd binary.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24010
CVE-2022-24011A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This vulnerability represents all occurrences of the buffer overflow vulnerability within the device_list binary.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24011
CVE-2022-24012A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This vulnerability represents all occurrences of the buffer overflow vulnerability within the fota binary.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24012
CVE-2022-24013A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This vulnerability represents all occurrences of the buffer overflow vulnerability within the gpio_ctrl binary.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24013
CVE-2022-24014A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This vulnerability represents all occurrences of the buffer overflow vulnerability within the logserver binary.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24014
CVE-2022-24015A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This vulnerability represents all occurrences of the buffer overflow vulnerability within the log_upload binary.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24015
CVE-2022-24016A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This vulnerability represents all occurrences of the buffer overflow vulnerability within the mesh_status_check binary.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24016
CVE-2022-24017A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This vulnerability represents all occurrences of the buffer overflow vulnerability within the miniupnpd binary.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24017
CVE-2022-24018A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This vulnerability represents all occurrences of the buffer overflow vulnerability within the multiWAN binary.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24018
CVE-2022-24019A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This vulnerability represents all occurrences of the buffer overflow vulnerability within the netctrl binary.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24019
CVE-2022-24020A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This vulnerability represents all occurrences of the buffer overflow vulnerability within the network_check binary.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24020
CVE-2022-24021A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This vulnerability represents all occurrences of the buffer overflow vulnerability within the online_process binary.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24021
CVE-2022-24022A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This vulnerability represents all occurrences of the buffer overflow vulnerability within the pannn binary.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24022
CVE-2022-24024A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This vulnerability represents all occurrences of the buffer overflow vulnerability within the rtk_ate binary.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24024
CVE-2022-24025A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This vulnerability represents all occurrences of the buffer overflow vulnerability within the sntp binary.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24025
CVE-2022-24026A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This vulnerability represents all occurrences of the buffer overflow vulnerability within the telnet_ate_monitor binary.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24026
CVE-2022-24027A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This vulnerability represents all occurrences of the buffer overflow vulnerability within the libcommon.so binary.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24027
CVE-2022-24028A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This vulnerability represents all occurrences of the buffer overflow vulnerability within the libcommonprod.so binary.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24028
CVE-2022-24029A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability. This vulnerability represents all occurrences of the buffer overflow vulnerability within the rp-pppoe.so binary.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24029
CVE-2022-25996A stack-based buffer overflow vulnerability exists in the confsrv addTimeGroup functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25996
CVE-2022-26009A stack-based buffer overflow vulnerability exists in the confsrv ucloud_set_node_location functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26009
CVE-2022-26342A buffer overflow vulnerability exists in the confsrv ucloud_set_node_location functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26342
CVE-2022-26346A denial of service vulnerability exists in the ucloud_del_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26346
CVE-2022-27178A denial of service vulnerability exists in the confctl_set_wan_cfg functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. 9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27178
CVE-2022-28664A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The `freshtomato-mips` has a vulnerable URL-decoding feature that can lead to memory corruption.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-28664
CVE-2022-28665A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. The `freshtomato-arm` has a vulnerable URL-decoding feature that can lead to memory corruption. 9.8https://nvd.nist.gov/vuln/detail/CVE-2022-28665
CVE-2022-30133Windows Point-to-Point Protocol PPP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35744.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-30133
CVE-2022-34715Windows Network File System Remote Code Execution Vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34715
CVE-2021-20195A flaw was found in keycloak in versions before 13.0.0. A Self Stored XSS attack vector escalating to a complete account takeover is possible due to user-supplied data fields not being properly encoded and Javascript code being used to process the data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.9.6https://nvd.nist.gov/vuln/detail/CVE-2021-20195
CVE-2021-44458Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim’s browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the Lens user.9.6https://nvd.nist.gov/vuln/detail/CVE-2021-44458
CVE-2022-1853Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.9.6https://nvd.nist.gov/vuln/detail/CVE-2022-1853
CVE-2022-33649Microsoft Edge Chromium-based Security Feature Bypass Vulnerability.9.6https://nvd.nist.gov/vuln/detail/CVE-2022-33649
CVE-2021-0268An Improper Neutralization of CRLF Sequences in HTTP Headers (’HTTP Response Splitting’) weakness in J-web of Juniper Networks Junos OS leads to buffer overflows, segment faults, or other impacts, which allows an attacker to modify the integrity of the device and exfiltration information from the device without authentication. The weakness can be exploited to facilitate cross-site scripting (XSS), cookie manipulation (modifying session cookies, stealing cookies) and more. This weakness can also be exploited by directing a user to a seemingly legitimate link from the affected site. The attacker requires no special access or permissions to the device to carry out such attacks. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R3-S11 18.2 versions prior to 18.2R3-S5 18.3 versions prior to 18.3R2-S4, 18.3R3-S3 18.4 versions prior to 18.4R2-S5, 18.4R3-S3 19.1 versions prior to 19.1R2-S2, 19.1R3-S2 19.2 versions prior to 19.2R1-S5, 19.2R2 19.3 versions prior to 19.3R3 19.4 versions prior to 19.4R1-S3, 19.4R2, 19.4R3 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.1R1.9.3https://nvd.nist.gov/vuln/detail/CVE-2021-0268
CVE-2022-2010Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.9.3https://nvd.nist.gov/vuln/detail/CVE-2022-2010
CVE-2020-4039SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file readable by the app can be retrieved by the attacker. Furthermore, some files can also be moved or deleted.9.1https://nvd.nist.gov/vuln/detail/CVE-2020-4039
CVE-2018-25009A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16 .9.1https://nvd.nist.gov/vuln/detail/CVE-2018-25009
CVE-2018-25010A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter .9.1https://nvd.nist.gov/vuln/detail/CVE-2018-25010
CVE-2018-25012A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24 .9.1https://nvd.nist.gov/vuln/detail/CVE-2018-25012
CVE-2018-25013A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes .9.1https://nvd.nist.gov/vuln/detail/CVE-2018-25013
CVE-2018-10866It was discovered that the configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a “system” file, that is an xml file with host related information, not belonging to him.9.1https://nvd.nist.gov/vuln/detail/CVE-2018-10866
CVE-2018-10867Files are accessible without restrictions from the update results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user.9.1https://nvd.nist.gov/vuln/detail/CVE-2018-10867
CVE-2021-43837vault-cli is a configurable command-line interface tool and python library to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix vault-cli interprets the rest of the contents of the secret as a Jinja2 template. Jinja2 is a powerful templating engine and is not designed to safely render arbitrary templates. An attacker controlling a jinja2 template rendered on a machine can trigger arbitrary code, making this a Remote Code Execution (RCE) risk. If the content of the vault can be completely trusted, then this is not a problem. Otherwise, if your threat model includes cases where an attacker can manipulate a secret value read from the vault using vault-cli, then this vulnerability may impact you. In 3.0.0, the code related to interpreting vault templated secrets has been removed entirely. Users are advised to upgrade as soon as possible. For users unable to upgrade a workaround does exist. Using the environment variable or the flag placed between `vault-cli` and the subcommand disables rendering and removes the vulnerability. 9.1https://nvd.nist.gov/vuln/detail/CVE-2021-43837
CVE-2022-23806Curve.IsOnCurve in crypto elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-23806
CVE-2021-44521When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-44521
CVE-2022-28805singlevar in lparser.c in Lua from including 5.4.0 up to excluding 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-28805
CVE-2022-1379URL Restriction Bypass in GitHub repository plantuml plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows accessing restricted internal resources servers or sending requests to third party servers.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-1379
CVE-2022-0670A flaw was found in Openstack manilla owning a Ceph File system “share”, which enables the owner to read write any manilla share or entire file system. The vulnerability is due to a bug in the “volumes” plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-0670
CVE-2022-35643IBM PowerVM VIOS 3.1 could allow a remote attacker to tamper with system configuration or cause a denial of service. IBM X-Force ID: 230956.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-35643
CVE-2022-31775IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228359.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-31775
CVE-2022-31321The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service DoS via a crafted input.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-31321
CVE-2020-15180A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system’s confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.9https://nvd.nist.gov/vuln/detail/CVE-2020-15180

OTHER VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2020-7352The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the service for execution in this elevated context. The service listens for such commands on a locally-bound network port, localhost:9978. A Metasploit module has been published which exploits this vulnerability. This issue affects the 2.0.x branch of the software 2.0.12 and earlier as well as the 1.2.x branch 1.2.64 and earlier . A fix was issued for the 2.0.x branch of the affected software.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-7352
CVE-2020-13584An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13584
CVE-2020-35135The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-35135
CVE-2021-21017Acrobat Reader DC versions versions 2020.013.20074 and earlier , 2020.001.30018 and earlier and 2017.011.30188 and earlier are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21017
CVE-2021-1309Multiple vulnerabilities exist in the Link Layer Discovery Protocol LLDP implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device Layer 2 adjacent .8.8https://nvd.nist.gov/vuln/detail/CVE-2021-1309
CVE-2020-13566SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin edit_group.php, when the parameter action is “Delete”, the parameter delete_group leads to a SQL injection.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13566
CVE-2020-13568SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin edit_group.php, when the parameter action is “Submit”, the parameter parent_id leads to a SQL injection.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13568
CVE-2020-7034A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x8.8https://nvd.nist.gov/vuln/detail/CVE-2020-7034
CVE-2021-1284A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to bypass authentication and authorization and modify the configuration of an affected system. To exploit this vulnerability, the attacker must be able to access an associated Cisco SD-WAN vEdge device. This vulnerability is due to insufficient authorization checks. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based messaging service interface of an affected system. A successful exploit could allow the attacker to gain unauthenticated read and write access to the affected vManage system. With this access, the attacker could access information about the affected vManage system, modify the configuration of the system, or make configuration changes to devices that are managed by the system.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-1284
CVE-2021-1505Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-1505
CVE-2021-32620XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 11.10.13, 12.6.7, and 12.10.2, a user disabled on a wiki using email verification for registration canouldre-activate themself by using the activation link provided for his registration. The problem has been patched in the following versions of XWiki: 11.10.13, 12.6.7, 12.10.2, 13.0. It is possible to workaround the issue by resetting the `validkey` property of the disabled XWiki users. This can be done by editing the user profile with object editor.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-32620
CVE-2021-1574Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation BPA could allow an authenticated, remote attacker to elevate privileges to Administrator. These vulnerabilities are due to improper authorization enforcement for specific features and for access to log files that contain confidential information. An attacker could exploit these vulnerabilities either by submitting crafted HTTP messages to an affected system and performing unauthorized actions with the privileges of an administrator, or by retrieving sensitive data from the logs and using it to impersonate a legitimate privileged user. A successful exploit could allow the attacker to elevate privileges to Administrator.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-1574
CVE-2021-1576Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation BPA could allow an authenticated, remote attacker to elevate privileges to Administrator. These vulnerabilities are due to improper authorization enforcement for specific features and for access to log files that contain confidential information. An attacker could exploit these vulnerabilities either by submitting crafted HTTP messages to an affected system and performing unauthorized actions with the privileges of an administrator, or by retrieving sensitive data from the logs and using it to impersonate a legitimate privileged user. A successful exploit could allow the attacker to elevate privileges to Administrator.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-1576
CVE-2021-41263rails_multisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using `rails_multisite` alongside Rails’ signed encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different ‘sites’ within a multi-site Rails application. The issue has been patched in v4 of the `rails_multisite` gem. Note that this upgrade will invalidate all previous signed encrypted cookies. The impact of this invalidation will vary based on the application architecture.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-41263
CVE-2021-3725Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name, then press Alt-Left, the system is subject to command injection. Impacted areas: - Functions pop_past and pop_future in dirhistory plugin.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-3725
CVE-2021-42124An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-42124
CVE-2021-42126An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-42126
CVE-2021-24750The WP Visitor Statistics Real Time Traffic WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks8.8https://nvd.nist.gov/vuln/detail/CVE-2021-24750
CVE-2021-43858MinIO is a Kubernetes native application for cloud storage. Prior to version `RELEASE.2021-12-27T07-23-18Z`, a malicious client can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges. The patch in version `RELEASE.2021-12-27T07-23-18Z` changes the accepted request body type and removes the ability to apply policy changes through this API. There is a workaround for this vulnerability: Changing passwords can be disabled by adding an explicit `Deny` rule to disable the API for users.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-43858
CVE-2021-32649October CMS is a self-hosted content management system CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with “create, modify and delete website pages” privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. The issue has been patched in Build 473 v1.0.473 and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-32649
CVE-2021-32650October CMS is a self-hosted content management system CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents PHP execution in the CMS templates. The issue has been patched in Build 473 v1.0.473 and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-32650
CVE-2022-0323Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache mustache prior to 2.14.1.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0323
CVE-2021-3967Improper Access Control in GitHub repository zulip zulip prior to 4.10.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-3967
CVE-2022-0410The WP Visitor Statistics Real Time Traffic WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0410
CVE-2022-24715Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24715
CVE-2022-28506There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB in gif2rgb.c:298:45.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-28506
CVE-2021-43939Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level administration authorization by issuing requests directly to the desired endpoints.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-43939
CVE-2022-28572Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function8.8https://nvd.nist.gov/vuln/detail/CVE-2022-28572
CVE-2022-28799The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL unvalidated deeplink can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-28799
CVE-2022-22476IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604. 8.8https://nvd.nist.gov/vuln/detail/CVE-2022-22476
CVE-2022-31144Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version 7.0.4.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-31144
CVE-2022-26137A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim’s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-26137
CVE-2022-1042In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1042
CVE-2022-34549Sims v1.0 was discovered to contain an arbitrary file upload vulnerability via the component uploadServlet. This vulnerability allows attackers to escalate privileges and execute arbitrary commands via a crafted file.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34549
CVE-2022-36882A cross-site request forgery CSRF vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36882
CVE-2022-36889Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36889
CVE-2022-36920A cross-site request forgery CSRF vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36920
CVE-2022-1855Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1855
CVE-2022-1856Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension or specific user interaction.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1856
CVE-2022-1857Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1857
CVE-2022-1859Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1859
CVE-2022-1860Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user interactions.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1860
CVE-2022-1861Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific user interaction.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1861
CVE-2022-1866Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific user interactions.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1866
CVE-2022-1874Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a remote attacker to bypass downloads protection policy via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1874
CVE-2022-1876Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1876
CVE-2022-1919Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1919
CVE-2022-2007Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2007
CVE-2022-2008Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2008
CVE-2022-2158Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2158
CVE-2022-2161Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2161
CVE-2022-2162Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2162
CVE-2022-2415Heap buffer overflow in WebGL in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2415
CVE-2022-36988An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36988
CVE-2022-36989An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36989
CVE-2022-36992An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server in specific notify conditions .8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36992
CVE-2022-36993An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36993
CVE-2022-36997An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery SSRF , and denial of service.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36997
CVE-2022-2163Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2163
CVE-2022-2294Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2294
CVE-2022-2295Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2295
CVE-2022-2296Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2296
CVE-2022-2477Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2477
CVE-2022-2481Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2481
CVE-2022-22684Improper neutralization of special elements used in an OS command ’OS Command Injection’ vulnerability in task management component in Synology DiskStation Manager DSM before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-22684
CVE-2022-27613Improper neutralization of special elements used in an SQL command ’SQL Injection’ vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-27613
CVE-2022-36364Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via `httpclient_impl` connection property however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary classes and in rare cases remote code execution. To exploit the vulnerability: 1 the attacker needs to have privileges to control JDBC connection parameters 2 and there should be a vulnerable class constructor with URL parameter and ability to execute code in the classpath. From Apache Calcite Avatica 1.22.0 onwards, it will be verified that the class implements the expected interface before invoking its constructor.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36364
CVE-2022-29558Realtek rtl819x-SDK before v3.6.1 allows command injection over the web interface.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-29558
CVE-2022-34557Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at pages permit permit.php.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34557
CVE-2022-2577A vulnerability classified as critical was found in SourceCodester Garage Management System 1.0. This vulnerability affects unknown code of the file edituser.php. The manipulation of the argument id with the input leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2577
CVE-2022-27864A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.exe application on PDF files within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-27864
CVE-2022-2323Improper neutralization of special elements used in a user input allows an authenticated malicious user to perform remote code execution in the host system. This vulnerability impacts SonicWall Switch 1.1.1.0-2s and earlier versions8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2323
CVE-2022-34527D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via the function byte_4C0160.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34527
CVE-2022-34528D-Link DSL-3782 v1.03 and below was discovered to contain a stack overflow via the function getAttrValue.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34528
CVE-2022-31776IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to server-side request forgery SSRF . This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 228433.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-31776
CVE-2022-26309Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation User operation resulting in elevation of privilege to Administrator group.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-26309
CVE-2022-26310Pandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to the User Management module could create, modify or delete any user with full admin privilege. The impact could lead to a vertical privilege escalation to access the privileges of a higher-level user or typically an admin user.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-26310
CVE-2022-2184The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a sensitive require_once call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2184
CVE-2022-2245The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2245
CVE-2022-2273The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted request.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2273
CVE-2022-34154Authenticated author or higher user role Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP ICO Upload plugin = 1.0.1 at WordPress.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34154
CVE-2022-34567An issue in \\Roaming\\Mango\\Plugins of University of Texas Multi-image Analysis GUI Mango 4.1 allows attackers to escalate privileges via crafted plugins.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34567
CVE-2022-34161IBM CICS TX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 229331.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34161
CVE-2022-2631Improper Access Control in GitHub repository tooljet tooljet prior to v1.19.0.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2631
CVE-2022-34928JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via system user.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34928
CVE-2022-34937Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery CSRF via the component savepage.php. This vulnerability allows attackers to execute arbitrary code. 8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34937
CVE-2022-36359An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36359
CVE-2022-2636Improper Input Validation in GitHub repository hestiacp hestiacp prior to 1.6.6.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2636
CVE-2022-25649Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin = 4.7.0 at WordPress.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-25649
CVE-2022-33201Cross-Site Request Forgery CSRF vulnerability in MailerLite – Signup forms official plugin = 1.5.7 at WordPress allows an attacker to change the API key.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-33201
CVE-2022-21201A stack-based buffer overflow vulnerability exists in the confers ucloud_add_node_new functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. 8.8https://nvd.nist.gov/vuln/detail/CVE-2022-21201
CVE-2022-24023A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurrences of the buffer overflow vulnerability within the pppd binary.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24023
CVE-2022-34691Active Directory Domain Services Elevation of Privilege Vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34691
CVE-2022-34717Microsoft Office Remote Code Execution Vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34717
CVE-2022-35777Visual Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35825, CVE-2022-35826, CVE-2022-35827.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-35777
CVE-2022-35804SMB Client and Server Remote Code Execution Vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-35804
CVE-2022-35825Visual Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35777, CVE-2022-35826, CVE-2022-35827. 8.8https://nvd.nist.gov/vuln/detail/CVE-2022-35825
CVE-2022-35826Visual Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35777, CVE-2022-35825, CVE-2022-35827. 8.8https://nvd.nist.gov/vuln/detail/CVE-2022-35826
CVE-2022-35827Visual Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35777, CVE-2022-35825, CVE-2022-35826.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-35827
CVE-2021-1274Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service DoS attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.8.6https://nvd.nist.gov/vuln/detail/CVE-2021-1274
CVE-2021-1279Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service DoS attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.8.6https://nvd.nist.gov/vuln/detail/CVE-2021-1279
CVE-2021-1402A vulnerability in the software-based SSL TLS message handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of SSL TLS messages when the device performs software-based SSL decryption. An attacker could exploit this vulnerability by sending a crafted SSL TLS message through an affected device. SSL TLS messages sent to an affected device do not trigger this vulnerability. A successful exploit could allow the attacker to cause a process to crash. This crash would then trigger a reload of the device. No manual intervention is needed to recover the device after the reload.8.6https://nvd.nist.gov/vuln/detail/CVE-2021-1402
CVE-2021-39184Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request an image of an arbitrary file on the user’s system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. Versions 15.0.0-alpha.10, 14.0.0, 13.3.0, 12.1.0, and 11.5.0 all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one’s app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it.8.6https://nvd.nist.gov/vuln/detail/CVE-2021-39184
CVE-2020-6998The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.8.6https://nvd.nist.gov/vuln/detail/CVE-2020-6998
CVE-2022-36955In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send specific commands to escalate their privileges. This affects 8.0 through 8.1.2, 8.2, 8.3 through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1. 8.4https://nvd.nist.gov/vuln/detail/CVE-2022-36955
CVE-2022-35761Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-34707, CVE-2022-35768.8.4https://nvd.nist.gov/vuln/detail/CVE-2022-35761
CVE-2022-33636Microsoft Edge Chromium-based Remote Code Execution Vulnerability.8.3https://nvd.nist.gov/vuln/detail/CVE-2022-33636
CVE-2020-17437An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.8.2https://nvd.nist.gov/vuln/detail/CVE-2020-17437
CVE-2021-39341The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~ OMAPI RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4.8.2https://nvd.nist.gov/vuln/detail/CVE-2021-39341
CVE-2022-36899Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties.8.2https://nvd.nist.gov/vuln/detail/CVE-2022-36899
CVE-2022-36900Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties.8.2https://nvd.nist.gov/vuln/detail/CVE-2022-36900
CVE-2021-21013Magento versions 2.4.1 and earlier , 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an insecure direct object vulnerability IDOR in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user’s account.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-21013
CVE-2021-21772A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 8.1https://nvd.nist.gov/vuln/detail/CVE-2021-21772
CVE-2021-20235There’s a flaw in the zeromq server in versions before 4.3.3 in src decoder_allocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to the zeromq server could trigger a buffer overflow WRITE of arbitrary data if CURVE ZAP authentication is not enabled. The greatest impact of this flaw is to application availability, data integrity, and confidentiality.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-20235
CVE-2020-27009A vulnerability has been identified in Nucleus NET (All versions V5.2), Nucleus Source Code (Versions including affected DNS modules). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-27009
CVE-2021-1542Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-1542
CVE-2021-39333The Hashthemes Demo Importer Plugin 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of wp-content uploads.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-39333
CVE-2021-41242OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files anywhere on the target system. The attack could be used to write files anywhere in the web root folder or outside, depending on the configuration of the system and the properly configured permission of the application server user. The attack requires an OpenOlat user account, an enabled REST API and the rights on a business object to call the vulnerable REST calls. The problem is fixed in version 15.5.12 and 16.0.5. There is a workaround available. The vulnerability requires the REST module to be enabled. Disabling the REST module or limiting the REST module via some firewall or web-server access rules to be accessed only be trusted systems will mitigate the risk.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-41242
CVE-2022-31163TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are defined in Ruby files. There is one file per time zone. Time zone files are loaded with `require` on demand. In the affected versions, `TZInfo::Timezone.get` fails to validate time zone identifiers correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later, `TZInfo::Timezone.get` can be made to load unintended files with `require`, executing them within the Ruby process. Versions 0.3.61 and 1.2.10 include fixes to correctly validate time zone identifiers. Versions 2.0.0 and later are not vulnerable. Version 0.3.61 can still load arbitrary files from the Ruby load path if their name follows the rules for a valid time zone identifier and the file has a prefix of `tzinfo definition` within a directory in the load path. Applications should ensure that untrusted files are not placed in a directory on the load path.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-31163
CVE-2022-36921A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-36921
CVE-2022-27615Improper limitation of a pathname to a restricted directory ’Path Traversal’ vulnerability in cgi component in Synology DNS Server before 2.2.2-5027 allows remote authenticated users to delete arbitrary files via unspecified vectors.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-27615
CVE-2022-22685Improper limitation of a pathname to a restricted directory ’Path Traversal’ vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-22685
CVE-2022-27611Improper limitation of a pathname to a restricted directory ’Path Traversal’ vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-27611
CVE-2022-1805When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-1805
CVE-2022-32293In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-32293
CVE-2022-34702Windows Secure Socket Tunneling Protocol SSTP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34714, CVE-2022-35745, CVE-2022-35752, CVE-2022-35753, CVE-2022-35766, CVE-2022-35767, CVE-2022-35794.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-34702
CVE-2022-34714Windows Secure Socket Tunneling Protocol SSTP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34702, CVE-2022-35745, CVE-2022-35752, CVE-2022-35753, CVE-2022-35766, CVE-2022-35767, CVE-2022-35794.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-34714
CVE-2022-35766Windows Secure Socket Tunneling Protocol SSTP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34702, CVE-2022-34714, CVE-2022-35745, CVE-2022-35752, CVE-2022-35753, CVE-2022-35767, CVE-2022-35794.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-35766
CVE-2022-35767Windows Secure Socket Tunneling Protocol SSTP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34702, CVE-2022-34714, CVE-2022-35745, CVE-2022-35752, CVE-2022-35753, CVE-2022-35766, CVE-2022-35794.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-35767
CVE-2022-35794Windows Secure Socket Tunneling Protocol SSTP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34702, CVE-2022-34714, CVE-2022-35745, CVE-2022-35752, CVE-2022-35753, CVE-2022-35766, CVE-2022-35767.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-35794
CVE-2022-35802Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-35802
CVE-2020-10736An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.8https://nvd.nist.gov/vuln/detail/CVE-2020-10736
CVE-2022-34571An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the system key information and execute arbitrary commands via accessing the page syslog.shtml.8https://nvd.nist.gov/vuln/detail/CVE-2022-34571
CVE-2022-36916A cross-site request forgery CSRF vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers to request a manual backup.8https://nvd.nist.gov/vuln/detail/CVE-2022-36916
CVE-2022-30287Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects.8https://nvd.nist.gov/vuln/detail/CVE-2022-30287
CVE-2022-31197PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow` method is not performing escaping of column names so a malicious column name that contains a statement terminator, could lead to SQL injection. This could lead to executing additional SQL commands as the application’s JDBC user. User applications that do not invoke the method are not impacted. User application that does invoke that method are impacted if the underlying database that they are querying via their JDBC application may be under the control of an attacker. The attack requires the attacker to trick the user into executing SQL against a table name whose column names would contain the malicious SQL and subsequently invoke the method on the ResultSet. Note that the application’s JDBC user and the schema owner need not be the same. A JDBC application that executes as a privileged user querying database schemas owned by potentially malicious less-privileged users would be vulnerable. In that situation it may be possible for the malicious user to craft a schema that causes the application to execute commands as the privileged user. Patched versions will be released as `42.2.26` and `42.4.1`. Users are advised to upgrade. There are no known workarounds for this issue. 8https://nvd.nist.gov/vuln/detail/CVE-2022-31197
CVE-2022-21980Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24477, CVE-2022-24516. 8https://nvd.nist.gov/vuln/detail/CVE-2022-21980
CVE-2022-24477Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21980, CVE-2022-24516. 8https://nvd.nist.gov/vuln/detail/CVE-2022-24477
CVE-2022-24516Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21980, CVE-2022-24477.8https://nvd.nist.gov/vuln/detail/CVE-2022-24516
CVE-2016-5195Race condition in mm gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write COW feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka “Dirty COW.”7.8https://nvd.nist.gov/vuln/detail/CVE-2016-5195
CVE-2015-2325The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service out-of-bounds heap read and crash , or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.7.8https://nvd.nist.gov/vuln/detail/CVE-2015-2325
CVE-2020-27828There’s a flaw in jasper’s jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability. 7.8https://nvd.nist.gov/vuln/detail/CVE-2020-27828
CVE-2020-13535A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. In its default configuration, an attacker can globally overwrite service configuration to execute arbitrary code with NT SYSTEM privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-13535
CVE-2021-21048Adobe Photoshop versions 21.2.4 and earlier and 22.1.1 and earlier are affected by a Memory Corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21048
CVE-2021-21058Acrobat Reader DC versions versions 2020.013.20074 and earlier , 2020.001.30018 and earlier and 2017.011.30188 and earlier are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21058
CVE-2021-21059Acrobat Reader DC versions versions 2020.013.20074 and earlier , 2020.001.30018 and earlier and 2017.011.30188 and earlier are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21059
CVE-2021-21062Acrobat Reader DC versions versions 2020.013.20074 and earlier , 2020.001.30018 and earlier and 2017.011.30188 and earlier are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21062
CVE-2021-21063Acrobat Reader DC versions versions 2020.013.20074 and earlier , 2020.001.30018 and earlier and 2017.011.30188 and earlier are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21063
CVE-2021-1366A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture HostScan Module is installed on the AnyConnect client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1366
CVE-2021-20194There is a vulnerability in the linux kernel versions higher than 5.2 if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered. As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt function that can lead to heap overflow because of non-hardened usercopy. The impact of attack could be deny of service or possibly privileges escalation.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-20194
CVE-2021-21071Adobe Animate version 21.0.3 and earlier is affected by a Memory Corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21071
CVE-2021-1137Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1137
CVE-2021-1480Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. 7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1480
CVE-2021-20294A flaw was found in binutils readelf 2.35 program. An attacker who can convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-20294
CVE-2021-1514A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as a low-privileged user to execute the affected commands. A successful exploit could allow the attacker to execute commands with Administrator privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1514
CVE-2020-27815A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-27815
CVE-2020-10145The Adobe ColdFusion installer fails to set a secure access-control list ACL on the default installation directory, such as C:\\ColdFusion2021\\. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-10145
CVE-2021-43019Adobe Creative Cloud version 5.5 (and earlier) are affected by a privilege escalation vulnerability in the resources leveraged by the Setup.exe service. An unauthenticated attacker could leverage this vulnerability to remove files and escalate privileges under the context of SYSTEM . An attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability on the product installer. User interaction is required before product installation to abuse this vulnerability. 7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43019
CVE-2021-43518Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate m_Channels value coming from a map file, leading to a buffer overflow. A malicious server may offer a specially crafted map that will overwrite client’s stack causing denial of service or code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43518
CVE-2021-4173vim is vulnerable to Use After Free7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4173
CVE-2021-4187vim is vulnerable to Use After Free7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4187
CVE-2021-4192vim is vulnerable to Use After Free7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4192
CVE-2021-31854A command Injection Vulnerability in McAfee Agent MA for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the System Tree. An attacker may exploit the vulnerability to obtain a reverse shell which can lead to privilege escalation to obtain root privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31854
CVE-2021-44204Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 Windows before build 28035, Acronis Agent Windows before build 27147, Acronis Cyber Protect Home Office Windows before build 39612, Acronis True Image 2021 Windows before build 392877.8https://nvd.nist.gov/vuln/detail/CVE-2021-44204
CVE-2021-4106A vulnerability in Snow Inventory Java Scanner allows an attacker to run malicious code at a higher level of privileges. This issue affects: SNOW Snow Inventory Java Scanner 1.07.8https://nvd.nist.gov/vuln/detail/CVE-2021-4106
CVE-2021-42855It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the “.debug_command.config” file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the “ api appInternals 1.0 agent configuration” API to map the corresponding ID to a command to be executed.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-42855
CVE-2021-42029A vulnerability has been identified in SIMATIC STEP 7 TIA Portal V15 All versions , SIMATIC STEP 7 TIA Portal V16 All versions V16 Update 5 , SIMATIC STEP 7 TIA Portal V17 All versions V17 Update 2 . An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server. 7.8https://nvd.nist.gov/vuln/detail/CVE-2021-42029
CVE-2021-3717A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0. 7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3717
CVE-2017-20052A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 7.8https://nvd.nist.gov/vuln/detail/CVE-2017-20052
CVE-2022-34918An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net netfilter nf_tables_api.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34918
CVE-2022-23000The Western Digital My Cloud Web App [https: os5.mycloud.com ] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an “SSL” context instead of “TLS” or specifying stronger validation, deprecated or insecure protocols are permitted. As a result, a local user with no privileges can exploit this vulnerability and jeopardize the integrity, confidentiality and authenticity of information transmitted. The scope of impact cannot extend to other components and no user input is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23000
CVE-2022-35870This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 b2022030114 . Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within com.inductiveautomation.metro.impl. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17265. 7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35870
CVE-2022-35871This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 b2022030114 . Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from the lack of authentication prior to allowing the execution of python code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17206. 7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35871
CVE-2022-35872This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 b2022030114 . User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17115. 7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35872
CVE-2022-35873This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 b2022030114 . User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of ZIP files. Crafted data in a ZIP file can cause the application to execute arbitrary Python scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16949. 7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35873
CVE-2022-29957The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508) TCP, (18518) TCP Plug-and-Play (18510) UDP Hawk services (18507) UDP Management (18519) TCP Cold restart (18512) UDP SIS communications (12345) TCP and Wireless Gateway Protocol (18515) UDP. None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-29957
CVE-2022-35672Adobe Acrobat Reader version 22.001.20085 (and earlier), 20.005.30314 (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35672
CVE-2021-38410AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-38410
CVE-2022-36949In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36949
CVE-2022-36985An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36985
CVE-2022-37009In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37009
CVE-2021-39088IBM QRadar SIEM 7.3, 7.4, and 7.5 is vulnerable to local privilege escalation if this could be combined with other unknown vulnerabilities then privilege escalation could be performed. IBM X-Force ID: 216111. 7.8https://nvd.nist.gov/vuln/detail/CVE-2021-39088
CVE-2022-36123The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol .bss . This allows Xen PV guest OS users to cause a denial of service or gain privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36123
CVE-2022-27873An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain victim’s public IP and possibly other sensitive information.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-27873
CVE-2022-33881Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-33881
CVE-2022-27865A maliciously crafted TGA or PCX file may be used to write beyond the allocated buffer through DesignReview.exe application while parsing TGA and PCX files. This vulnerability may be exploited to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-27865
CVE-2022-27866A maliciously crafted TIFF file when consumed through DesignReview.exe application can be forced to read beyond allocated boundaries when parsing the TIFF file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-27866
CVE-2022-36336A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36336
CVE-2022-26429In cta, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07025415 Issue ID: ALPS07025415.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26429
CVE-2022-2571Heap-based Buffer Overflow in GitHub repository vim vim prior to 9.0.0101.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2571
CVE-2022-2580Heap-based Buffer Overflow in GitHub repository vim vim prior to 9.0.0102.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2580
CVE-2022-2581Out-of-bounds Read in GitHub repository vim vim prior to 9.0.0104.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2581
CVE-2022-34927MilkyTracker v1.03.00 was discovered to contain a stack overflow via the component LoaderXM::load. This vulnerability is triggered when the program is supplied a crafted XM module file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34927
CVE-2022-28668This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.9.2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16679.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28668
CVE-2022-34992Luadec v0.9.9 was discovered to contain a heap-buffer overflow via the function UnsetPending.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34992
CVE-2022-31609NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-31609
CVE-2022-30175Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30176, CVE-2022-34687, CVE-2022-35773, CVE-2022-35779, CVE-2022-35806.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-30175
CVE-2022-30176Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30175, CVE-2022-34687, CVE-2022-35773, CVE-2022-35779, CVE-2022-35806.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-30176
CVE-2022-33640System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-33640
CVE-2022-33648Microsoft Excel Remote Code Execution Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-33648
CVE-2022-33670Windows Partition Management Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-34703. 7.8https://nvd.nist.gov/vuln/detail/CVE-2022-33670
CVE-2022-34687Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30175, CVE-2022-30176, CVE-2022-35773, CVE-2022-35779, CVE-2022-35806.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34687
CVE-2022-34696Windows Hyper-V Remote Code Execution Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34696
CVE-2022-34699Windows Win32k Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34699
CVE-2022-34703Windows Partition Management Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33670. 7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34703
CVE-2022-34705Windows Defender Credential Guard Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35771.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34705
CVE-2022-34706Windows Local Security Authority LSA Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34706
CVE-2022-34707Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35761, CVE-2022-35768. 7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34707
CVE-2022-34713Microsoft Windows Support Diagnostic Tool MSDT Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35743.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34713
CVE-2022-35760Microsoft ATA Port Driver Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35760
CVE-2022-35762Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35763, CVE-2022-35764, CVE-2022-35765, CVE-2022-35792. 7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35762
CVE-2022-35763Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35762, CVE-2022-35764, CVE-2022-35765, CVE-2022-35792. 7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35763
CVE-2022-35764Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35762, CVE-2022-35763, CVE-2022-35765, CVE-2022-35792. 7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35764
CVE-2022-35765Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35762, CVE-2022-35763, CVE-2022-35764, CVE-2022-35792. 7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35765
CVE-2022-35768Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-34707, CVE-2022-35761. 7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35768
CVE-2022-35771Windows Defender Credential Guard Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-34705. 7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35771
CVE-2022-35773Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30175, CVE-2022-30176, CVE-2022-34687, CVE-2022-35779, CVE-2022-35806.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35773
CVE-2022-35779Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30175, CVE-2022-30176, CVE-2022-34687, CVE-2022-35773, CVE-2022-35806.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35779
CVE-2022-35792Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35762, CVE-2022-35763, CVE-2022-35764, CVE-2022-35765.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35792
CVE-2022-35795Windows Error Reporting Service Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35795
CVE-2022-35806Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30175, CVE-2022-30176, CVE-2022-34687, CVE-2022-35773, CVE-2022-35779.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35806
CVE-2022-35820Windows Bluetooth Driver Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35820
CVE-2022-30134Microsoft Exchange Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21979, CVE-2022-34692.7.6https://nvd.nist.gov/vuln/detail/CVE-2022-30134
CVE-2015-8080Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service memory corruption and application crash or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.7.5https://nvd.nist.gov/vuln/detail/CVE-2015-8080
CVE-2020-24368Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-24368
CVE-2020-1679On Juniper Networks PTX and QFX Series devices with packet sampling configured using tunnel-observation mpls-over-udp, sampling of a malformed packet can cause the Kernel Routing Table (KRT) queue to become stuck. KRT is the module within the Routing Process Daemon (RPD) that synchronized the routing tables with the forwarding tables in the kernel. This table is then synchronized to the Packet Forwarding Engine (PFE) via the KRT queue. Thus, when KRT queue become stuck, it can lead to unexpected packet forwarding issues. An administrator can monitor the following command to check if there is the KRT queue is stuck: user@device show krt state ... Number of async queue entries: 65007 --- this value keep on increasing. This issue affects Juniper Networks Junos OS on PTX QFX Series: 17.2X75 versions prior to 17.2X75-D105 18.1 versions prior to 18.1R3-S11 18.2 versions prior to 18.2R3-S5 18.2X75 versions prior to 18.2X75-D420, 18.2X75-D53, 18.2X75-D65 18.3 versions prior to 18.3R2-S4, 18.3R3-S3 18.4 versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S4 19.1 versions prior to 19.1R2-S2, 19.1R3-S2 19.2 versions prior to 19.2R1-S5, 19.2R3 19.3 versions prior to 19.3R2-S3, 19.3R3 19.4 versions prior to 19.4R1-S2, 19.4R2-S1, 19.4R3 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-1679
CVE-2020-28366Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-28366
CVE-2020-28367Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-28367
CVE-2020-13987An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net ipv4 uip.c.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-13987
CVE-2020-29361An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-29361
CVE-2018-7580Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp 80 will freeze Philips Hue’s hub and it will stop responding. The “hub” will stop operating and be frozen until the flood stops. During the flood, the user won’t be able to turn on/off the lights, and all of the hub’s functionality will be unresponsive. The cloud service also won’t work with the hub.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-7580
CVE-2021-1223Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of an HTTP range header. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-1223
CVE-2021-0202On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPC Modular Port Concentrator where Integrated Routing and Bridging (IRB) interface is configured and it is mapped to a VPLS instance or a Bridge-Domain, certain network events at Customer Edge (CE) device may cause memory leak in the MPC which can cause an out of memory and MPC restarts. When this issue occurs, there will be temporary traffic interruption until the MPC is restored. An administrator can use the following CLI command to monitor the status of memory usage level of the MPC: user@device show system resource-monitor. This issue affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines). Please refer to https://kb.juniper.net KB25385 for the list of Trio-based PFEs. This issue affects Juniper Networks Junos OS on MX Series, EX9200 Series: 17.3R3-S8 17.4R3-S2 18.2R3-S4, 18.2R3-S5 18.3R3-S2, 18.3R3-S3 18.4 versions starting from 18.4R3-S1 and later versions prior to 18.4R3-S6 19.2 versions starting from 19.2R2 and later versions prior to 19.2R3-S1 19.4 versions starting from 19.4R2 and later versions prior to 19.4R2-S3, 19.4R3 20.2 versions starting from 20.2R1 and later versions prior to 20.2R1-S3, 20.2R2. This issue does not affect Juniper Networks Junos OS: 18.1, 19.1, 19.3, 20.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-0202
CVE-2021-1278Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service DoS attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-1278
CVE-2021-3115Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the “go get” command to fetch modules that make use of cgo for example, cgo can execute a gcc program from an untrusted download .7.5https://nvd.nist.gov/vuln/detail/CVE-2021-3115
CVE-2021-1296Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-1296
CVE-2021-1297Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-1297
CVE-2021-20275A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete leading to denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-20275
CVE-2021-20276A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile may lead to denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-20276
CVE-2021-27918encoding xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-27918
CVE-2021-20216A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-20216
CVE-2021-1252A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus ClamAV Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-1252
CVE-2021-1404A vulnerability in the PDF parsing module in Clam AntiVirus ClamAV Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a heap buffer over-read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-1404
CVE-2021-1405A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in a NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-1405
CVE-2021-29430Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it makes to remote Matrix homeservers. A malicious homeserver could return a very large response, again leading to memory exhaustion and denial of service. This affects any server which accepts registration requests from untrusted clients. This issue has been patched by releases 89071a1, 0523511, f56eee3. As a workaround request size can be limited in an HTTP reverse-proxy. There are no known workarounds for the problem with overlarge responses.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-29430
CVE-2021-20990In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal management service is accessible on port 8000 and some API endpoints could be accessed without authentication to trigger a shutdown, a reboot or a reboot into recovery mode.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-20990
CVE-2021-0230On Juniper Networks SRX Series devices with link aggregation lag configured, executing any operation that fetches Aggregated Ethernet AE interface statistics, including but not limited to SNMP GET requests, causes a slow kernel memory leak. If all the available memory is consumed, the traffic will be impacted and a reboot might be required. The following log can be seen if this issue happens. (kernel: rt_pfe_veto: Memory over consumed. Op 1 err 12, rtsm_id 0:-1, msg type 72 ) (kernel: rt_pfe_veto: free kmem_map memory = 20770816 curproc = kmd) An administrator can use the following CLI command to monitor the status of memory consumption ifstat bucket: user@device show system virtual-memory no-forwarding | match ifstat Type InUse MemUse HighUse Limit Requests Limit Limit Size ifstat 2588977 162708K - 19633958 user@device show system virtual-memory no-forwarding | match ifstat Type InUse MemUse HighUse Limit Requests Limit Limit Size ifstat 3021629 189749K – 22914415. This issue affects Juniper Networks Junos OS on SRX Series: 17.1 versions 17.1R3 and above prior to 17.3R3-S11 17.4 versions prior to 17.4R3-S5 18.2 versions prior to 18.2R3-S7, 18.2R3-S8 18.3 versions prior to 18.3R3-S4 18.4 versions prior to 18.4R2-S7, 18.4R3-S6 19.1 versions prior to 19.1R3-S4 19.2 versions prior to 19.2R1-S6 19.3 versions prior to 19.3R3-S1 19.4 versions prior to 19.4R3-S1 20.1 versions prior to 20.1R2, 20.1R3 20.2 versions prior to 20.2R2-S2, 20.2R3 20.3 versions prior to 20.3R1-S2, 20.3R2. This issue does not affect Juniper Networks Junos OS prior to 17.1R3. 7.5https://nvd.nist.gov/vuln/detail/CVE-2021-0230
CVE-2021-29469Node-redis is a Node.js Redis client. Before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service. The issue is patched in version 3.1.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-29469
CVE-2020-15078OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-15078
CVE-2020-17517The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. The current security vulnerability allows access to keys and buckets through a curl command or an unauthenticated HTTP request. This enables unauthorized access to buckets and keys thereby exposing data to anonymous clients or users. This affected Apache Ozone prior to the 1.1.0 release.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-17517
CVE-2020-7038A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard sessions. The affected versions of Management component of Avaya Equinox Conferencing include all 3.x versions before 3.17. Avaya Equinox Conferencing is now offered as Avaya Meetings Server.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-7038
CVE-2021-20228A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-20228
CVE-2021-29486cumulative-distribution-function is an open source npm library used which calculates statistical cumulative distribution function from data array of x values. In versions prior to 2.0.0 apps using this library on improper data may crash or go into an infinite-loop. In the case of a nodejs server-app using this library to act on invalid non-numeric data, the nodejs server may crash. This may affect other users of this server and/or require the server to be rebooted for proper operation. In the case of a browser app using this library to act on invalid non-numeric data, that browser may crash or lock up. A flaw enabling an infinite-loop was discovered in the code for evaluating the cumulative-distribution-function of input data. Although the documentation explains that numeric data is required, some users may confuse an array of strings like [“1”,”2”,”3”,”4”,”5”] for numeric data [1,2,3,4,5] when it is in fact string data. An infinite loop is possible when the cumulative-distribution-function is evaluated for a given point when the input data is string data rather than type `number`. This vulnerability enables an infinite-cpu-loop denial-of-service-attack on any app using npm:cumulative-distribution-function v1.0.3 or earlier if the attacker can supply malformed data to the library. The vulnerability could also manifest if a data source to be analyzed changes data type from Arrays of number prope to Arrays of string invalid, but undetected by earlier version of the library. Users should upgrade to at least v2.0.0, or the latest version. Tests for several types of invalid data have been created, and version 2.0.0 has been tested to reject this invalid data by throwing a `TypeError` instead of processing it. Developers using this library may wish to adjust their app’s code slightly to better tolerate or handle this TypeError. Apps performing proper numeric data validation before sending data to this library should be mostly unaffected by this patch. The vulnerability can be mitigated in older versions by ensuring that only finite numeric data of type `Array[number]` or `number` is passed to `cumulative-distribution-function` and its `f(x)` function, respectively.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-29486
CVE-2021-20277A flaw was found in Samba’s libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-20277
CVE-2021-20181A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-20181
CVE-2018-10863It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the var/www.rhcert/store/transfer directory, through the rhcert-transfer URL. An unauthorized attacker may use this flaw to gather sensible information.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-10863
CVE-2018-10865It was discovered that the configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to call a “restart” RPC method on any host accessible by the system, even if not belonging to him.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-10865
CVE-2018-10868redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a “Billion Laugh Attack” by replying to XMLRPC methods when getting the status of an host.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-10868
CVE-2021-20237An uncontrolled resource consumption memory leak flaw was found in ZeroMQ’s src pub.cpp in versions before 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if the CURVE ZAP authentication is disabled on the server, causing a denial of service. The highest threat from this vulnerability is to system availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-20237
CVE-2021-20019A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-20019
CVE-2021-32514Improper access control vulnerability in FirmwareUpgrade in QSAN Storage Manager allows remote attackers to reboot and discontinue the device. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32514
CVE-2021-32517Improper access control vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files using particular parameter in download function. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32517
CVE-2021-33196In archive zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count in an archive’s header can cause a NewReader or OpenReader panic.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-33196
CVE-2021-33198In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math big.Rat SetString or UnmarshalText method.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-33198
CVE-2021-29923Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which in some situations allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-29923
CVE-2021-23424This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-23424
CVE-2021-39187Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the `explain` option. This is due to a bug in the MongoDB Node.js driver which throws an exception that Parse Server cannot catch. There is a patch for this issue in version 4.10.3. No workarounds aside from upgrading are known to exist.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-39187
CVE-2021-39342The Credova_Financial WordPress plugin discloses a site’s associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-39342
CVE-2021-40118A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40118
CVE-2021-40112Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40112
CVE-2021-41771ImportedSymbols in debug for Open or OpenFat in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-41771
CVE-2021-41772Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-41772
CVE-2021-43173In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP connections, this time-out was only applied to individual read or write operations rather than the complete request. Thus, if an RRDP repository sends a little bit of data before that time-out expired, it can continuously extend the time it takes for the request to finish. Since validation will only continue once the update of an RRDP repository has concluded, this delay will cause validation to stall, leading to Routinator continuing to serve the old data set or, if in the initial validation run directly after starting, never serve any data at all.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-43173
CVE-2021-3908OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-3908
CVE-2021-43175The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial validate the username and password incorrectly, allowing the caller to specify any values for these parameters and successfully authenticate. CVSS:3.1 AV:N AC:L PR:N UI:N S:U C:L I:N A:N E:P RL:O RC:C7.5https://nvd.nist.gov/vuln/detail/CVE-2021-43175
CVE-2021-43828PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management (IDOR) has been found in PatrowlManager. All imports findings file is placed under media/imports/owner_id tmp_file In that, owner_id is predictable and tmp_file is in format of import_ownder_id_time_created, for example: import_1_1639213059582.json This filename is predictable and allows anyone without logging in to download all finding import files This vulnerability is capable of allowing unlogged in users to download all finding imports file. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-43828
CVE-2021-43843jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service (ReDoS) attack. If an attacker can put a lot of JSX elements into `blockquote` tag _with including multibyte characters_, an internal regular expression for escaping characters may consume an excessive amount of computing resources. v4.5.1 passes the test against ASCII characters but misses the case of multibyte characters. jsx-slack v4.5.2 has updated regular expressions for escaping blockquote characters to prevent catastrophic backtracking. It is also including an updated test case to confirm rendering multiple tags in `blockquote` with multibyte characters.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-43843
CVE-2021-44716net http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP 2 requests.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-44716
CVE-2021-43859XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-43859
CVE-2022-23772Rat.SetString in math big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23772
CVE-2022-23773cmd go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23773
CVE-2021-4021A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0, 5.5.4 and 5.5.2. Mapping a huge section filled with zeros of an ELF64 binary for MIPS architecture can lead to uncontrolled resource consumption and DoS.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-4021
CVE-2022-24921regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24921
CVE-2022-24716Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24716
CVE-2021-32476A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32476
CVE-2022-24675encoding pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24675
CVE-2022-27536Certificate.Verify in crypto x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27536
CVE-2022-28327The generic P-256 feature in crypto elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-28327
CVE-2022-30333RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract aka unpack operation, as demonstrated by creating a ~ .ssh authorized_keys file. NOTE: WinRAR and Android RAR are unaffected. 7.5https://nvd.nist.gov/vuln/detail/CVE-2022-30333
CVE-2021-27777XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient validation. Attackers can exploit this vulnerability to manipulate XML content and inject malicious external entity references.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-27777
CVE-2022-33099An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-33099
CVE-2022-31116UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair was decoded incorrectly. Besides corrupting strings, this allowed for potential key confusion and value overwriting in dictionaries. All users parsing JSON from untrusted sources are vulnerable. From version 5.4.0, UltraJSON decodes lone surrogates in the same way as the standard library’s `json` module does, preserving them in the parsed output. Users are advised to upgrade. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-31116
CVE-2021-46828In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-46828
CVE-2022-31169Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime’s code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38.2 and Cranelift prior to 0.85.2. This issue only affects the AArch64 platform. Other platforms are not affected. The translation rules for constants did not consider whether sign or zero-extension should happen which resulted in an incorrect value being placed into a register when a division was encountered. The impact of this bug is that programs executing within the WebAssembly sandbox would not behave according to the WebAssembly specification. This means that it is hypothetically possible for execution within the sandbox to go awry and WebAssembly programs could produce unexpected results. This should not impact hosts executing WebAssembly but does affect the correctness of guest programs. This bug has been patched in Wasmtime version 0.38.2 and cranelift-codegen 0.85.2. There are no known workarounds.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-31169
CVE-2022-34966OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ip_address/:port ossn home.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-34966
CVE-2022-34576A vulnerability in cgi-bin ExportAllSettings.sh of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted request.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-34576
CVE-2022-31204Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password to restrict sensitive engineering operations (such as project logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-31204
CVE-2022-31205In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-31205
CVE-2021-33057The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements (e.g., android.permission.ACCESS_FINE_LOCATION) for determining the device’s physical location. An attacker can use qq.createMapContext to create a MapContext object, use MapContext.moveToLocation to move the center of the map to the device’s location, and use MapContext.getCenterLocation to get the latitude and longitude of the current map center.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-33057
CVE-2021-40180In the WeChat application 8.0.10 for Android and iOS, a mini program can obtain sensitive information from a user’s address book via wx.searchContacts.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40180
CVE-2022-30276The Motorola MOSCAD and ACE line of RTUs through 2022-05-02 omit an authentication requirement. They feature IP Gateway modules which allow for interfacing between Motorola Data Link Communication (MDLC) networks potentially over a variety of serial, RF and or Ethernet links and TCP IP networks. Communication with RTUs behind the gateway is done by means of the proprietary IPGW protocol 5001 TCP. This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke a subset of desired functionality.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-30276
CVE-2022-36883A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36883
CVE-2022-34121Cuppa CMS v1.0 was discovered to contain a local file inclusion LFI vulnerability via the component templates/default/html/windows/right.php.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-34121
CVE-2022-36946nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service panic because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb-len.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36946
CVE-2021-38417VISAM VBASE version 11.6.0.6 is vulnerable to improper access control via the web-remote endpoint, which may allow an unauthenticated user viewing access to folders and files in the directory listing.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-38417
CVE-2021-42537VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-42537
CVE-2022-35911On Patlite NH-FB series devices through 1.46, remote attackers can cause a denial of service by omitting the query string.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35911
CVE-2022-36956In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate private key from the same domain. The affects 9.0.x through 9.0.0.1 and 9.1.x through 9.1.0.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36956
CVE-2022-27614Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecified vectors.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27614
CVE-2021-22642An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-22642
CVE-2022-30313Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0051, there is a Honeywell Experion PKS Safety Manager multiple proprietary protocols with unauthenticated functionality issue. The affected components are characterized as: Honeywell Experion TCP (51000) TCP, Safety Builder (51010) TCP. The potential impact is: Manipulate controller state, Manipulate controller configuration, Manipulate controller logic, Manipulate controller files, Manipulate IO. The Honeywell Experion PKS Distributed Control System DCS Safety Manager utilizes several proprietary protocols for a wide variety of functionality, including process data acquisition, controller steering and configuration management. These protocols include: Experion TCP 51000TC and Safety Builder 5101 TCP. None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke a subset of desired functionality. There is no authentication functionality on the protocols in question. An attacker capable of invoking the protocols’ functionalities could achieve a wide range of adverse impacts, including but not limited to, the following: for Experion TCP 51000 TCP : Issue IO manipulation commands, Issue file read write commands and for Safety Builder 51010 TCP : Issue controller start stop commands, Issue logic download upload commands, Issue file read commands, Issue system time change commands. A mitigating factor with regards to some, but not all, of the above functionality is that these require the Safety Manager physical keyswitch to be in the right position.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-30313
CVE-2016-0796WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple vulnerabilities, including open proxy and security bypass vulnerabilities because it fails to properly verify user-supplied input. An attacker may leverage these issues to hide attacks directed at a target site from behind vulnerable website or to perform otherwise restricted actions and subsequently download files with the extension mp3, mp4a, wav and ogg from anywhere the web server application has read access to the system. WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files version 1.7.6 is vulnerable prior versions may also be affected.7.5https://nvd.nist.gov/vuln/detail/CVE-2016-0796
CVE-2016-4427In zulip before 1.3.12, deactivated users could access messages if SSO was enabled.7.5https://nvd.nist.gov/vuln/detail/CVE-2016-4427
CVE-2022-34593DPTech VPN v8.1.28.0 was discovered to contain an arbitrary file read vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-34593
CVE-2022-34568SDL v1.2 was discovered to contain a use-after-free via the XFree function at src video x11 SDL_x11yuv.c.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-34568
CVE-2022-36234SimpleNetwork TCP Server commit 29bc615f0d9910eb2f59aa8dff1f54f0e3af4496 was discovered to contain a double free vulnerability which is exploited via crafted TCP packets.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36234
CVE-2022-24912The package github.com runatlantis atlantis server controllers events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an attacker and then forge webhook events.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24912
CVE-2022-2576In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification DDoS other peers and high CPU load DoS own peer. The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-2576
CVE-2022-2414Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-2414
CVE-2022-2324Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions7.5https://nvd.nist.gov/vuln/detail/CVE-2022-2324
CVE-2022-22505IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow IBM tenant credentials to be exposed. IBM X-Force ID: 227288. 7.5https://nvd.nist.gov/vuln/detail/CVE-2022-22505
CVE-2022-2591A vulnerability classified as critical has been found in TEM FLEX-1085 1.6.0. Affected is an unknown function of the file/Sistema/flash/reboot. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-2591
CVE-2022-1585The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-1585
CVE-2022-2509A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-2509
CVE-2022-36301BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36301
CVE-2022-31173Juniper is a GraphQL server library for Rust. Affected versions of Juniper are vulnerable to uncontrolled recursion resulting in a program crash. This issue has been addressed in version 0.15.10. Users are advised to upgrade. Users unable to upgrade should limit the recursion depth manually. 7.5https://nvd.nist.gov/vuln/detail/CVE-2022-31173
CVE-2022-31184Discourse is the an open source discussion platform. In affected versions an email activation route can be abused to send mass spam emails. A fix has been included in the latest stable, beta and tests-passed versions of Discourse which rate limits emails. Users are advised to upgrade. Users unable to upgrade should manually rate limit email.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-31184
CVE-2022-37315graphql-go aka GraphQL for Go through 0.8.0 has infinite recursion in the type definition parser.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-37315
CVE-2022-34924Lanling OA Landray Office Automation (OA) internal patch number #133383 #137780 contains an arbitrary file read vulnerability via the component sys ui extend varkind custom.jsp.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-34924
CVE-2022-35923v8n is a javascript validation library. Versions of v8n prior to 1.5.1 were found to have an inefficient regular expression complexity in the `lowercase` and `uppercase` regex which could lead to a DoS attack. In testing of the `lowercase` function a payload of ‘a’ + ‘a’.repeat i + ‘A’ with 32 leading characters took 29443 ms to execute. The same issue happens with uppercase. Users are advised to upgrade. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35923
CVE-2022-34967The assertion `stmt-Dbc-FirstStmt’ failed in MonetDB Database Server v11.43.13.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-34967
CVE-2022-34968An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-34968
CVE-2022-34969PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer dereference.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-34969
CVE-2022-32963OMICARD EDM’s mail file relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files. 7.5https://nvd.nist.gov/vuln/detail/CVE-2022-32963
CVE-2022-35216OMICARD EDM’s mail image relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35216
CVE-2022-27185A denial of service vulnerability exists in the confctl_set_master_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27185
CVE-2022-27630An information disclosure vulnerability exists in the confctl_get_master_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted network packet can lead to information disclosure. An attacker can send packets to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27630
CVE-2022-27633An information disclosure vulnerability exists in the confctl_get_guest_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially crafted network packet can lead to information disclosure. An attacker can send packets to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27633
CVE-2022-27660A denial of service vulnerability exists in the confctl_set_guest_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27660
CVE-2022-30144Windows Bluetooth Service Remote Code Execution Vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-30144
CVE-2022-30194Windows WebBrowser Control Remote Code Execution Vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-30194
CVE-2022-35769Windows Point-to-Point Protocol PPP Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-35747.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35769
CVE-2022-35796Microsoft Edge Chromium-based Elevation of Privilege Vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35796
CVE-2021-0217A vulnerability in processing of certain DHCP packets from adjacent clients on EX Series and QFX Series switches running Juniper Networks Junos OS with DHCP local relay server configured may lead to exhaustion of DMA memory causing a Denial of Service DoS . Over time, exploitation of this vulnerability may cause traffic to stop being forwarded, or to crashing of the fxpc process. When Packet DMA heap utilization reaches 99%, the system will become unstable. An indication of the issue occurring may be observed through the following log messages: Dec 10 08:07:00.124 2020 hostname fpc0 brcm_pkt_buf_alloc:523 buf alloc failed allocating packet buffer Dec 10 08:07:00.126 2020 hostname fpc0 buf alloc failed allocating packet buffer Dec 10 08:07:00.128 2020 hostname fpc0 brcm_pkt_buf_alloc:523 buf alloc failed allocating packet buffer Dec 10 08:07:00.130 2020 hostnameC fpc0 buf alloc failed allocating packet buffer This issue affects Juniper Networks Junos OS on EX Series and QFX Series: 17.4R3 versions prior to 17.4R3-S3 18.1R3 versions between 18.1R3-S6 and 18.1R3-S11 18.2R3 versions prior to 18.2R3-S6 18.3R3 versions prior to 18.3R3-S4 18.4R2 versions prior to 18.4R2-S5 18.4R3 versions prior to 18.4R3-S6 19.1 versions between 19.1R2 and 19.1R3-S3 19.2 versions prior to 19.2R3-S1 19.3 versions prior to 19.3R2-S5, 19.3R3 19.4 versions prior to 19.4R2-S2, 19.4R3 20.1 versions prior to 20.1R2 20.2 versions prior to 20.2R1-S2, 20.2R2. Junos OS versions prior to 17.4R3 are unaffected by this vulnerability. 7.4https://nvd.nist.gov/vuln/detail/CVE-2021-0217
CVE-2021-20247A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing ‘..’ path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity.7.4https://nvd.nist.gov/vuln/detail/CVE-2021-20247
CVE-2021-1403A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking (CSWSH) attack and cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient HTTP protections in the web UI on an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the web UI to follow a crafted link. A successful exploit could allow the attacker to corrupt memory on the affected device, forcing it to reload and causing a DoS condition.7.4https://nvd.nist.gov/vuln/detail/CVE-2021-1403
CVE-2021-1251Multiple vulnerabilities exist in the Link Layer Discovery Protocol LLDP implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).7.4https://nvd.nist.gov/vuln/detail/CVE-2021-1251
CVE-2021-1308Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device Layer 2 adjacent .7.4https://nvd.nist.gov/vuln/detail/CVE-2021-1308
CVE-2021-3712ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL’s own “d2i” functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the “data” and “length” fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0 function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the “data” field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email, X509_REQ_get1_email and X509_get1_ocsp functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash causing a Denial of Service attack. It could also result in the disclosure of private memory contents such as private keys, or sensitive plaintext. Fixed in OpenSSL 1.1.1l Affected 1.1.1-1.1.1k. Fixed in OpenSSL 1.0.2za Affected 1.0.2-1.0.2y.7.4https://nvd.nist.gov/vuln/detail/CVE-2021-3712
CVE-2021-40366A vulnerability has been identified in Climatix POL909 AWB module All versions V11.42 , Climatix POL909 AWM module All versions V11.34 . The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit.7.4https://nvd.nist.gov/vuln/detail/CVE-2021-40366
CVE-2022-29154An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server or Man-in-The-Middle attacker can overwrite arbitrary files in the rsync client target directory and subdirectories.7.4https://nvd.nist.gov/vuln/detail/CVE-2022-29154
CVE-2015-6527The php_str_replace_in_subject function in ext standard string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace function.7.3https://nvd.nist.gov/vuln/detail/CVE-2015-6527
CVE-2015-6831Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving 1 ArrayObject, 2 SplObjectStorage, and 3 SplDoublyLinkedList, which are mishandled during unserialization.7.3https://nvd.nist.gov/vuln/detail/CVE-2015-6831
CVE-2020-8116Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.7.3https://nvd.nist.gov/vuln/detail/CVE-2020-8116
CVE-2020-28396A vulnerability has been identified in SICAM A8000 CP-8000 All versions V16 , SICAM A8000 CP-8021 All versions V16 , SICAM A8000 CP-8022 All versions V16 . A web server misconfiguration of the affected device can cause insecure ciphers usage by a user´s browser. An attacker in a privileged position could decrypt the communication and compromise confidentiality and integrity of the transmitted information.7.3https://nvd.nist.gov/vuln/detail/CVE-2020-28396
CVE-2021-33195Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection e.g., XSS that does not conform to the RFC1035 format.7.3https://nvd.nist.gov/vuln/detail/CVE-2021-33195
CVE-2021-44160Carinal Tien Hospital Health Report System’s login page has improper authentication, a remote attacker can acquire another general user’s privilege by modifying the cookie parameter without authentication. The attacker can then perform limited operations on the system or modify data, making the service partially unavailable to the user.7.3https://nvd.nist.gov/vuln/detail/CVE-2021-44160
CVE-2022-32223Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine: OpenSSL has been installed and “C:\\Program Files\\Common Files\\SSL\\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability.7.3https://nvd.nist.gov/vuln/detail/CVE-2022-32223
CVE-2022-33631Microsoft Excel Security Feature Bypass Vulnerability.7.3https://nvd.nist.gov/vuln/detail/CVE-2022-33631
CVE-2022-35793Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35755.7.3https://nvd.nist.gov/vuln/detail/CVE-2022-35793
CVE-2021-1146Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-1146
CVE-2021-1147Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-1147
CVE-2021-1148Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-1148
CVE-2021-1149Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-1149
CVE-2021-1150Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-1150
CVE-2021-1314Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-1314
CVE-2021-1315Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-1315
CVE-2021-1316Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-1316
CVE-2021-1317Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-1317
CVE-2021-1318Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-1318
CVE-2021-1443A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying operating system of an affected device. The vulnerability exists because the affected software improperly sanitizes values that are parsed from a specific configuration file. An attacker could exploit this vulnerability by tampering with a specific configuration file and then sending an API call. A successful exploit could allow the attacker to inject arbitrary code that would be executed on the underlying operating system of the affected device. To exploit this vulnerability, the attacker would need to have a privileged set of credentials to the device.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-1443
CVE-2021-20206An improper limitation of path name flaw was found in containernetworking cni in versions before 0.8.1. When specifying the plugin to load in the ‘type’ field in the network configuration, it is possible to use special elements such as “.. “ separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins types, such as ‘reboot’. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-20206
CVE-2021-1401Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-1401
CVE-2020-7870A memory corruption vulnerability exists when ezPDF improperly handles the parameter. This vulnerability exists due to insufficient validation of the parameter.7.2https://nvd.nist.gov/vuln/detail/CVE-2020-7870
CVE-2021-32523Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to bypass the access control and execute arbitrary commands. Suggest contacting with QSAN and refer to recommendations in QSAN Document.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-32523
CVE-2021-40120A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system and execute them using root-level privileges. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to a specific field in the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as a user with root-level privileges.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-40120
CVE-2021-41276Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could force accounts to be suspended or take over another account by forcing the update of the ldap_uid attribute. Note that the malicious user either need to have site administrator capability on the Tuleap instance or be an LDAP operator with the capability to create modify account. The Tuleap instance needs to have the LDAP plugin activated and enabled for this issue to be exploitable. This issue has been patched in Tuleap Community Edition 13.2.99.31, Tuleap Enterprise Edition 13.1-5, and Tuleap Enterprise Edition 13.2-3.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-41276
CVE-2021-43782Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. This is a follow up to GHSA-887w-pv2r-x8pm CVE-2021-41276, the initial fix was incomplete. Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could force accounts to be suspended or take over another account by forcing the update of the ldap_uid attribute. Note that the malicious user either need to have site administrator capability on the Tuleap instance or be an LDAP operator with the capability to create modify account. The Tuleap instance needs to have the LDAP plugin activated and enabled for this issue to be exploitable. The following versions contain the fix: Tuleap Community Edition 13.2.99.83, Tuleap Enterprise Edition 13.1-6, and Tuleap Enterprise Edition 13.2-4.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-43782
CVE-2022-33970Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin = 3.1.2 at WordPress.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-33970
CVE-2022-34120Barangay Management System v1.0 was discovered to contain a remote code execution RCE vulnerability via the module editing function at pages activity activity.php.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-34120
CVE-2022-34578Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-34578
CVE-2022-30616IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. IBM X-Force ID: 227978.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-30616
CVE-2022-36799This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. In this case the security improvement was to protect against using the XStream library to be able to execute arbitrary code in velocity templates. The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.7, and from version 8.21.0 before 8.22.1.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-36799
CVE-2022-31194DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowing an attacker to create files directories anywhere on the server writable by the Tomcat DSpace user, by modifying some request parameters during submission. This path traversal can only be executed by a user with special privileges submitter rights . This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds. However, this vulnerability cannot be exploited by an anonymous user or a basic user. The user must first have submitter privileges to at least one Collection and be able to determine how to modify the request parameters to exploit the vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-31194
CVE-2022-31195DSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF simple archive format package could cause a file directory to be created anywhere the Tomcat DSpace user can write to on the server. However, this path traversal vulnerability is only possible by a user with special privileges either Administrators or someone with command-line access to the server . This vulnerability impacts the XMLUI, JSPUI and command-line. Users are advised to upgrade. As a basic workaround, users may block all access to the following URL paths: If you are using the XMLUI, block all access to admin batchimport path this is the URL of the Admin Batch Import tool . Keep in mind, if your site uses the path “xmlui”, then you’d need to block access to xmlui admin batchimport. If you are using the JSPUI, block all access to dspace-admin batchimport path this is the URL of the Admin Batch Import tool . Keep in mind, if your site uses the path “ jspui”, then you’d need to block access to jspui dspace-admin batchimport. Keep in mind, only an Administrative user or a user with command-line access to the server is able to import upload SAF packages. Therefore, assuming those users do not blindly upload untrusted SAF packages, then it is unlikely your site could be impacted by this vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-31195
CVE-2022-35421Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the pname parameter at admin operations packages.php.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-35421
CVE-2022-34625Mealie1.0.0beta3 was discovered to contain a Server-Side Template Injection vulnerability, which allows attackers to execute arbitrary code via a crafted Jinja2 template.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-34625
CVE-2022-34871This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-16335.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-34871
CVE-2022-2626Incorrect Privilege Assignment in GitHub repository hestiacp hestiacp prior to 1.6.6.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-2626
CVE-2022-35772Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35824.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-35772
CVE-2022-35824Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35772.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-35824
CVE-2021-43818lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-43818
CVE-2021-4166vim is vulnerable to Out-of-bounds Read7.1https://nvd.nist.gov/vuln/detail/CVE-2021-4166
CVE-2022-35234Trend Micro Security 2021 and 2022 Consumer is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-35234
CVE-2022-34690Windows Fax Service Elevation of Privilege Vulnerability.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-34690
CVE-2020-25668A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.7https://nvd.nist.gov/vuln/detail/CVE-2020-25668
CVE-2022-29582In the Linux kernel before 5.17.3, fs io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace however, the race condition perhaps can only be exploited infrequently.7https://nvd.nist.gov/vuln/detail/CVE-2022-29582
CVE-2022-31614NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager vGPU plugin where it may double-free some resources. An attacker may exploit this vulnerability with other vulnerabilities to cause denial of service, code execution, and information disclosure.7https://nvd.nist.gov/vuln/detail/CVE-2022-31614
CVE-2022-33646Azure Batch Node Agent Elevation of Privilege Vulnerability.7https://nvd.nist.gov/vuln/detail/CVE-2022-33646
CVE-2022-30316Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The potential impact is Firmware manipulation. The Honeywell Experion PKS Safety Manager utilizes the DCOM-232 485 communication FTA serial interface and Enea POLO bootloader for firmware management purposes. An engineering workstation running the Safety Builder software communicates via serial or serial-over-ethernet link with the DCOM-232 485 interface. Firmware images were found to have no authentication in the form of firmware signing and only relied on insecure checksums for regular integrity checks. Firmware images are unsigned. An attacker with access to the serial interface either through physical access, a compromised EWS or an exposed serial-to-ethernet gateway can utilize hardcoded credentials see FSCT-2022-0052 for the POLO bootloader to control the boot process and push malicious firmware images to the controller allowing for firmware manipulation, remote code execution and denial of service impacts. A mitigating factor is that in order for a firmware update to be initiated, the Safety Manager has to be rebooted which is typically done by means of physical controls on the Safety Manager itself. As such, an attacker would have to either lay dormant until a legitimate reboot occurs or possibly attempt to force a reboot through a secondary vulnerability.6.8https://nvd.nist.gov/vuln/detail/CVE-2022-30316
CVE-2022-33955IBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. IBM X-Force ID: 229312.6.8https://nvd.nist.gov/vuln/detail/CVE-2022-33955
CVE-2017-3312Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Packaging . Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 Confidentiality, Integrity and Availability impacts .6.7https://nvd.nist.gov/vuln/detail/CVE-2017-3312
CVE-2021-1281A vulnerability in CLI management in Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system as the root user. This vulnerability is due to the way the software handles concurrent CLI sessions. An attacker could exploit this vulnerability by authenticating to the device as an administrative user and executing a sequence of commands. A successful exploit could allow the attacker to obtain access to the underlying operating system as the root user.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-1281
CVE-2021-1488A vulnerability in the upgrade process of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to inject commands that could be executed with root privileges on the underlying operating system (OS). This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by uploading a crafted upgrade package file to an affected device. A successful exploit could allow the attacker to inject commands that could be executed with root privileges on the underlying OS.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-1488
CVE-2021-1567A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture HostScan Module is installed on the AnyConnect client. This vulnerability is due to a race condition in the signature verification process for DLL files that are loaded on an affected device. An attacker could exploit this vulnerability by sending a series of crafted interprocess communication (IPC ) messages to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid credentials on the Windows system.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-1567
CVE-2021-4210A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-4210
CVE-2022-21788In scp, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06988728 Issue ID: ALPS06988728.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-21788
CVE-2022-21792In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085410 Issue ID: ALPS07085410.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-21792
CVE-2022-26426In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085486 Issue ID: ALPS07085486.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-26426
CVE-2022-26427In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085540 Issue ID: ALPS07085540.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-26427
CVE-2022-26430In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032521 Issue ID: ALPS07032521.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-26430
CVE-2022-26431In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032553 Issue ID: ALPS07032553.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-26431
CVE-2022-26432In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032542 Issue ID: ALPS07032542.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-26432
CVE-2022-26433In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138400 Issue ID: ALPS07138400.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-26433
CVE-2022-26434In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138450 Issue ID: ALPS07138450.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-26434
CVE-2022-26435In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138435 Issue ID: ALPS07138435.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-26435
CVE-2022-26438In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420013 Issue ID: GN20220420013.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-26438
CVE-2022-26439In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420020 Issue ID: GN20220420020.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-26439
CVE-2022-26440In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420037 Issue ID: GN20220420037.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-26440
CVE-2022-26441In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420044 Issue ID: GN20220420044.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-26441
CVE-2022-26442In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420051 Issue ID: GN20220420051.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-26442
CVE-2022-26443In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420068 Issue ID: GN20220420068.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-26443
CVE-2022-26444In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420075 Issue ID: GN20220420075.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-26444
CVE-2022-26445In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420088 Issue ID: GN20220420088.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-26445
CVE-2022-35867This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000 virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-15056.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-35867
CVE-2021-20285A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service SEGV or buffer overflow and application crash or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability.6.6https://nvd.nist.gov/vuln/detail/CVE-2021-20285
CVE-2021-44832Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.6.6https://nvd.nist.gov/vuln/detail/CVE-2021-44832
CVE-2016-5609Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.6.5https://nvd.nist.gov/vuln/detail/CVE-2016-5609
CVE-2016-5627Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.6.5https://nvd.nist.gov/vuln/detail/CVE-2016-5627
CVE-2018-3143Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB . Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 6.5 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:L UI:N S:U C:N I:N A:H .6.5https://nvd.nist.gov/vuln/detail/CVE-2018-3143
CVE-2018-3156Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB . Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 6.5 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:L UI:N S:U C:N I:N A:H .6.5https://nvd.nist.gov/vuln/detail/CVE-2018-3156
CVE-2018-3251Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB . Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 6.5 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:L UI:N S:U C:N I:N A:H .6.5https://nvd.nist.gov/vuln/detail/CVE-2018-3251
CVE-2019-2455Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Parser . Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 6.5 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:L UI:N S:U C:N I:N A:H .6.5https://nvd.nist.gov/vuln/detail/CVE-2019-2455
CVE-2019-2529Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer . Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 6.5 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:L UI:N S:U C:N I:N A:H .6.5https://nvd.nist.gov/vuln/detail/CVE-2019-2529
CVE-2019-2740Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: XML . Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 6.5 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:L UI:N S:U C:N I:N A:H .6.5https://nvd.nist.gov/vuln/detail/CVE-2019-2740
CVE-2019-2805Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Parser . Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 6.5 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:L UI:N S:U C:N I:N A:H .6.5https://nvd.nist.gov/vuln/detail/CVE-2019-2805
CVE-2019-9516Some HTTP 2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.6.5https://nvd.nist.gov/vuln/detail/CVE-2019-9516
CVE-2019-2974Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer . Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 6.5 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:L UI:N S:U C:N I:N A:H .6.5https://nvd.nist.gov/vuln/detail/CVE-2019-2974
CVE-2020-2780Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML . Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 6.5 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:L UI:N S:U C:N I:N A:H .6.5https://nvd.nist.gov/vuln/detail/CVE-2020-2780
CVE-2020-35964track_header in libavformat vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-35964
CVE-2021-0215On Juniper Networks Junos EX series, QFX Series, MX Series and SRX branch series devices, a memory leak occurs every time the 802.1X authenticator port interface flaps which can lead to other processes, such as the pfex process, responsible for packet forwarding, to crash and restart. An administrator can use the following CLI command to monitor the status of memory consumption: user@device show task memory detail Please refer to https: kb.juniper.net KB31522 for details. This issue affects Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D54 15.1X49 versions prior to 15.1X49-D240 15.1X53 versions prior to 15.1X53-D593 16.1 versions prior to 16.1R7-S8 17.2 versions prior to 17.2R3-S4 17.3 versions prior to 17.3R3-S8 17.4 versions prior to 17.4R2-S11, 17.4R3-S2 18.1 versions prior to 18.1R3-S10 18.2 versions prior to 18.2R2-S7, 18.2R3-S3 18.3 versions prior to 18.3R2-S4, 18.3R3-S2 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2 19.1 versions prior to 19.1R1-S5, 19.1R2-S2, 19.1R3 19.2 versions prior to 19.2R1-S5, 19.2R2 19.3 versions prior to 19.3R2-S3, 19.3R3 19.4 versions prior to 19.4R1-S2, 19.4R2. This issue does not affect Juniper Networks Junos OS 12.3, 15.1.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-0215
CVE-2021-3114In Go before 1.14.14 and 1.15.x before 1.15.7, crypto elliptic p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-3114
CVE-2021-21254CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin @ckeditor ckeditor5-markdown-gfm before version 25.0.0 has a regex denial of service (ReDoS) vulnerability. The vulnerability allowed to abuse link recognition regular expression, which could cause a significant performance drop resulting in browser tab freeze. It affects all users using CKEditor 5 Markdown plugin at version = 24.0.0. The problem has been recognized and patched. The fix will be available in version 25.0.0.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-21254
CVE-2021-20234An uncontrolled resource consumption memory leak flaw was found in the ZeroMQ client in versions before 4.3.3 in src pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-20234
CVE-2021-29452a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make this change. Patched in v0.18.2.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-29452
CVE-2021-29453matrix-media-repo is an open-source multi-domain media repository for Matrix. Versions 1.2.6 and earlier of matrix-media-repo do not properly handle malicious images which are crafted to be small in file size, but large in complexity. A malicious user could upload a relatively small image in terms of file size, using particular image formats, which expands to have extremely large dimensions during the process of thumbnailing. The server can be exhausted of memory in the process of trying to load the whole image into memory for thumbnailing, leading to denial of service. Version 1.2.7 has a fix for the vulnerability.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-29453
CVE-2021-0242A vulnerability due to the improper handling of direct memory access DMA buffers on EX4300 switches on Juniper Networks Junos OS allows an attacker sending specific unicast frames to trigger a Denial of Service DoS condition by exhausting DMA buffers, causing the FPC to crash and the device to restart. The DMA buffer leak is seen when receiving these specific, valid unicast frames on an interface without Layer 2 Protocol Tunneling L2PT or dot1x configured. Interfaces with either L2PT or dot1x configured are not vulnerable to this issue. When this issue occurs, DMA buffer usage keeps increasing and the following error log messages may be observed: Apr 14 14:29:34.360 kernel: pid 64476 pfex_junos , uid 0: exited on signal 11 core dumped Apr 14 14:29:33.790 init: pfe-manager PID 64476 terminated by signal number 11. This issue affects Juniper Networks Junos OS on the EX4300: 17.3 versions prior to 17.3R3-S11 17.4 versions prior to 17.4R2-S13, 17.4R3-S4 18.1 versions prior to 18.1R3-S12 18.2 versions prior to 18.2R2-S8, 18.2R3-S7 18.3 versions prior to 18.3R3-S4 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4 19.2 versions prior to 19.2R1-S6, 19.2R3-S2 19.3 versions prior to 19.3R3-S2 19.4 versions prior to 19.4R2-S3, 19.4R3-S1 20.1 versions prior to 20.1R2 20.2 versions prior to 20.2R2-S1, 20.2R3 20.3 versions prior to 20.3R1-S1, 20.3R2.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-0242
CVE-2021-0257On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs Modular Port Concentrators where Integrated Routing and Bridging IRB interfaces are configured and mapped to a VPLS instance or a Bridge-Domain, certain Layer 2 network events at Customer Edge CE devices may cause memory leaks in the MPC of Provider Edge PE devices which can cause an out of memory condition and MPC restart. When this issue occurs, there will be temporary traffic interruption until the MPC is restored. This issue affects MX Series and EX9200 Series with Trio-based PFEs Packet Forwarding Engines , including MX-MPC1-3D, MX-MPC1E-3D, MX-MPC2-3D, MX-MPC2E-3D, MPC-3D-16XGE, and CHAS-MXxx Series MPCs. No other products or platforms are affected by this issue. This issue affects Juniper Networks Junos OS on MX Series, EX9200 Series: 17.3 versions prior to 17.3R3-S10 17.4 versions prior to 17.4R3-S3 18.2 versions prior to 18.2R3-S7 18.3 versions prior to 18.3R3-S4 18.4 versions prior to 18.4R3-S6 19.2 versions prior to 19.2R3-S2 19.3 versions prior to 19.3R3-S1 19.4 versions prior to 19.4R2-S2, 19.4R3 20.2 versions prior to 20.2R1-S3, 20.2R2 20.3 versions prior to 20.3R1-S1,, 20.3R2. This issue does not affect Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8 17.4 versions prior to 17.4R3-S2 18.1 18.2 versions prior to 18.2R3-S4 18.3 versions prior to 18.3R3-S2 18.4 versions prior to 18.4R3-S1 19.1 19.2 versions prior to 19.2R2 19.3 versions prior to 19.3R3 19.4 versions prior to 19.4R2.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-0257
CVE-2020-27736A vulnerability has been identified in Nucleus NET All versions , Nucleus ReadyStart V3 All versions V2017.02.3 , Nucleus ReadyStart V4 All versions V4.1.0 , Nucleus Source Code Versions including affected DNS modules , SIMOTICS CONNECT 400 All versions V0.5.0.0 . The DNS domain name label parsing functionality does not properly validate the null-terminated name in DNS-responses. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the read memory.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-27736
CVE-2021-20278An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy `OpenID` is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID `implicit flow` is used with RBAC turned off, this token validation doesn’t occur, and this allows a malicious user to bypass the authentication.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-20278
CVE-2021-1563Multiple vulnerabilities in the implementation of the Cisco Discovery Protocol and Link Layer Discovery Protocol LLDP for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain Cisco Discovery Protocol and LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted Cisco Discovery Protocol or LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: Cisco Discovery Protocol and LLDP are Layer 2 protocols. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device Layer 2 adjacent .6.5https://nvd.nist.gov/vuln/detail/CVE-2021-1563
CVE-2021-1564Multiple vulnerabilities in the implementation of the Cisco Discovery Protocol and Link Layer Discovery Protocol LLDP for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service DoS condition on an affected device. These vulnerabilities are due to incorrect processing of certain Cisco Discovery Protocol and LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted Cisco Discovery Protocol or LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: Cisco Discovery Protocol and LLDP are Layer 2 protocols. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device Layer 2 adjacent .6.5https://nvd.nist.gov/vuln/detail/CVE-2021-1564
CVE-2021-32508Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-32508
CVE-2021-32509Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-32509
CVE-2021-34558The crypto tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-34558
CVE-2021-32001A Missing Encryption of Sensitive Data vulnerability in k3s, kde2 of SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup to extract the cluster’s confidential keying material cluster certificate authority private keys, secrets encryption configuration passphrase, etc and decrypt it, without having to know the token value. This issue affects: SUSE Rancher K3s version v1.19.12+k3s1, v1.20.8+k3s1, v1.21.2+k3s1 and prior versions RKE2 version v1.19.12+rke2r1, v1.20.8+rke2r1, v1.21.2+rke2r1 and prior versions.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-32001
CVE-2021-39196pcapture is an open source dumpcap web service interface . In affected versions this vulnerability allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is important because the capture filters can effectively limit the scope of information that a user can see in the data captures. If no filter is present, then all data on the local network segment where the program is running can be captured and downloaded. v3.12 fixes this problem. There is no workaround, you must upgrade to v3.12 or greater.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-39196
CVE-2021-39203WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don’t have permission to view private post types data can bypass restrictions in the block editor under certain conditions. This affected WordPress 5.8 beta during the testing period. It’s fixed in the final 5.8 release.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-39203
CVE-2021-32029A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-32029
CVE-2021-35582Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite component: View Reports . Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Manager accessible data as well as unauthorized read access to a subset of Oracle Applications Manager accessible data and unauthorized ability to cause a partial denial of service partial DOS of Oracle Applications Manager. CVSS 3.1 Base Score 6.5 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.1 AV:N AC:L PR:L UI:R S:C C:L I:L A:L .6.5https://nvd.nist.gov/vuln/detail/CVE-2021-35582
CVE-2021-41308Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-41308
CVE-2021-3912OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory and thus crash .6.5https://nvd.nist.gov/vuln/detail/CVE-2021-3912
CVE-2021-41972Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-41972
CVE-2021-3992kimai2 is vulnerable to Improper Access Control6.5https://nvd.nist.gov/vuln/detail/CVE-2021-3992
CVE-2021-43847HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-43847
CVE-2021-40404An authentication bypass vulnerability exists in the cgiserver.cgi Login functionality of reolink RLC-410W v3.0.0.136_20121102. A specially crafted HTTP request can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-40404
CVE-2021-42000When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-42000
CVE-2021-46744An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-46744
CVE-2021-41834JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-41834
CVE-2022-26135A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user including a user who joined via the sign-up feature to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-26135
CVE-2022-29901Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-29901
CVE-2022-23825Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-23825
CVE-2022-24406OX App Suite through 7.10.6 allows SSRF because multipart form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-24406
CVE-2022-34551Sims v1.0 was discovered to allow path traversal when downloading attachments.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-34551
CVE-2022-36888A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and earlier allows attackers with Overall Read permission to obtain credentials stored in Vault with attacker-specified path and keys.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-36888
CVE-2022-36894An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfb_f and earlier allows attackers with Overall Read permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-36894
CVE-2022-36896A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-36896
CVE-2022-36901Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-36901
CVE-2022-36906A cross-site request forgery CSRF vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-36906
CVE-2022-36907A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall Read permission to connect to an attacker-specified URL using attacker-specified username and password.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-36907
CVE-2022-36908A cross-site request forgery CSRF vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-36908
CVE-2022-36909A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-36909
CVE-2022-36954In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-36954
CVE-2022-1858Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform an out of bounds memory read via specific user interaction.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-1858
CVE-2022-1862Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-1862
CVE-2022-1867Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass same origin policy via a crafted clipboard content.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-1867
CVE-2022-1868Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-1868
CVE-2022-1873Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-1873
CVE-2021-46830A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and or profile information to gain access to files at a higher directory level than intended.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-46830
CVE-2022-2160Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user’s local files via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-2160
CVE-2022-36984An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-36984
CVE-2022-36987An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-36987
CVE-2022-36990An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-36990
CVE-2022-36991An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-36991
CVE-2022-36994An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-36994
CVE-2022-36996An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-36996
CVE-2022-36998An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-36998
CVE-2022-36999An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-36999
CVE-2022-37000An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-37000
CVE-2022-2553The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-2553
CVE-2022-34526A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted TIFF file.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-34526
CVE-2022-33169IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. IBM X-Force ID: 228888.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-33169
CVE-2022-34338IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could disclose sensitive information due to improper privilege management for storage provider types. IBM X-Force ID: 229962.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-34338
CVE-2022-35716IBM UrbanCode Deploy UCD 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. IBM X-Force ID: 231360.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35716
CVE-2022-2260The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the database many times which leads to overwhelm the target’s CPU.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-2260
CVE-2022-2370The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them6.5https://nvd.nist.gov/vuln/detail/CVE-2022-2370
CVE-2022-30698NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the “ghost domain names” attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound’s delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-30698
CVE-2022-30699NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the “ghost domain names” attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-30699
CVE-2022-35220Teamplus Pro community discussion function has an ‘allocation of resource without limits or throttling’ vulnerability. A remote attacker with general user privilege posting a thread with large content can cause the receiving client device to allocate too much memory, leading to abnormal termination of this client’s Teamplus Pro application.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35220
CVE-2022-27618Improper limitation of a pathname to a restricted directory ’Path Traversal’ vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-27618
CVE-2022-34872This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of Virtual Metrics. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16336.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-34872
CVE-2022-35864This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16690.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35864
CVE-2022-27551HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-27551
CVE-2022-35775Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35775
CVE-2022-35780Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35780
CVE-2022-35781Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35781
CVE-2022-35782Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35782
CVE-2022-35784Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35784
CVE-2022-35785Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35785
CVE-2022-35786Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35786
CVE-2022-35788Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35788
CVE-2022-35789Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35789
CVE-2022-35790Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35790
CVE-2022-35791Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35791
CVE-2022-35799Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35799
CVE-2022-35801Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35801
CVE-2022-35807Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35807
CVE-2022-35808Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35808
CVE-2022-35809Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35809
CVE-2022-35810Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35810
CVE-2022-35811Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35811
CVE-2022-35813Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35813
CVE-2022-35814Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35814
CVE-2022-35815Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35815
CVE-2022-35816Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35816
CVE-2022-35817Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35818, CVE-2022-35819.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35817
CVE-2022-35818Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35819.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35818
CVE-2022-35819Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35819
CVE-2019-2503Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Connection Handling . Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 6.4 Confidentiality and Availability impacts . CVSS Vector: CVSS:3.0 AV:A AC:H PR:L UI:N S:U C:H I:N A:H .6.4https://nvd.nist.gov/vuln/detail/CVE-2019-2503
CVE-2016-2138In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in xss_clean in class KippoInput.class.php.6.4https://nvd.nist.gov/vuln/detail/CVE-2016-2138
CVE-2016-2139In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in $file_link in class KippoInput.class.php.6.4https://nvd.nist.gov/vuln/detail/CVE-2016-2139
CVE-2022-21789In audio ipi, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478101 Issue ID: ALPS06478101.6.4https://nvd.nist.gov/vuln/detail/CVE-2022-21789
CVE-2022-26428In video codec, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521260 Issue ID: ALPS06521260.6.4https://nvd.nist.gov/vuln/detail/CVE-2022-26428
CVE-2017-3291Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Packaging . Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 Confidentiality, Integrity and Availability impacts .6.3https://nvd.nist.gov/vuln/detail/CVE-2017-3291
CVE-2021-40403An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev commit b5f1eacd , and Gerbv forked 2.8.0. A specially crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability.6.3https://nvd.nist.gov/vuln/detail/CVE-2021-40403
CVE-2022-34573An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to arbitrarily configure device settings via accessing the page mb_wifibasic.shtml.6.3https://nvd.nist.gov/vuln/detail/CVE-2022-34573
CVE-2022-2164Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page.6.3https://nvd.nist.gov/vuln/detail/CVE-2022-2164
CVE-2022-35776Azure Site Recovery Denial of Service Vulnerability.6.2https://nvd.nist.gov/vuln/detail/CVE-2022-35776
CVE-2020-13944In Apache Airflow 1.10.12, the “origin” parameter passed to some of the endpoints like ‘ trigger’ was vulnerable to XSS exploit.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-13944
CVE-2020-29395The EventON plugin through 3.0.5 for WordPress allows addons ?q= XSS via the search field.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-29395
CVE-2020-27783A XSS vulnerability was discovered in python-lxml’s clean module. The module’s parser didn’t properly imitate browsers, which caused different behaviors between the sanitizer and the user’s page. A remote attacker could exploit this flaw to run arbitrary HTML JS code.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-27783
CVE-2020-17515The “origin” parameter passed to some of the endpoints like ‘ trigger’ was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-17515
CVE-2020-35416Multiple cross-site scripting XSS vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage with different request parameters , allows remote attackers to inject arbitrary web script or HTML.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-35416
CVE-2020-26275The Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version 1.1.1, an open redirect vulnerability could cause the jupyter server to redirect the browser to a different malicious website. All jupyter servers running without a base_url prefix are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may appear safe, but ultimately redirect to a spoofed server on the public internet. This same vulnerability was patched in upstream notebook v5.7.8. This is fixed in jupyter_server 1.1.1. If upgrade is not available, a workaround can be to run your server on a url prefix: “jupyter server --ServerApp.base_url= jupyter “.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-26275
CVE-2021-1351A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-1351
CVE-2020-1761A flaw was found in the OpenShift web console, where the access token is stored in the browser’s local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim’s browser. This flaw affects openshift console versions before openshift console-4.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-1761
CVE-2021-40369A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.0 or later.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-40369
CVE-2021-43808Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting XSS vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-43808
CVE-2022-23101OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-23101
CVE-2022-36922Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the ‘search’ result page, resulting in a reflected cross-site scripting XSS vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-36922
CVE-2021-42535VISAM VBASE version 11.6.0.6 does not neutralize or incorrectly neutralizes user-controllable input before the data is placed in output used as a public-facing webpage.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-42535
CVE-2022-27509Unauthenticated redirection to a malicious website6.1https://nvd.nist.gov/vuln/detail/CVE-2022-27509
CVE-2016-3709Possible cross-site scripting vulnerability in libxml after commit 960f0e2.6.1https://nvd.nist.gov/vuln/detail/CVE-2016-3709
CVE-2022-35630A cross-site scripting XSS issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor 0.6.5-2.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-35630
CVE-2022-1906The Copyright Proof WordPress plugin through 4.16 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting when a specific setting is enabled.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-1906
CVE-2022-2181The Advanced WordPress Reset WordPress plugin before 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting6.1https://nvd.nist.gov/vuln/detail/CVE-2022-2181
CVE-2022-2241The Featured Image from URL FIFU WordPress plugin before 4.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and escaping in some of them, it could also lead to Stored XSS issues6.1https://nvd.nist.gov/vuln/detail/CVE-2022-2241
CVE-2022-2589Cross-site Scripting XSS - Reflected in GitHub repository beancount fava prior to 1.22.3.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-2589
CVE-2022-34162IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 229332.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-34162
CVE-2022-34163IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229333.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-34163
CVE-2022-31109laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and or port of a `Laminas\\Diactoros\\Uri` instance associated with the incoming server request modified to reflect values from headers. Such changes can potentially lead to XSS attacks if a fully-qualified URL is used in links and or URL poisoning. Since the headers do have valid use cases, particularly in clustered environments using a load balancer, the library offers mitigation measures only in the v2 releases, as doing otherwise would break these use cases immediately. Users are advised to upgrade to version 2.11.1 or later to resolve this issue. Users unable to upgrade may configure web servers to reject headers at the web server level.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-31109
CVE-2022-35118PyroCMS v3.9 was discovered to contain multiple cross-site scripting XSS vulnerabilities.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-35118
CVE-2022-31191DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck “Did you mean” HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autocomplete HTML does not properly escape text passed to it. Both are vulnerable to XSS. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this issue.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-31191
CVE-2022-31192DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI “Request a Copy” feature does not properly escape values submitted and stored from the “Request a Copy” form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-31192
CVE-2022-31193DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legitimate DSpace repository URL. When that URL is clicked by the target, it redirects them to a site of the attacker’s choice. This issue has been patched in versions 5.11 and 6.4. Users are advised to upgrade. There are no known workaround for this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-31193
CVE-2022-1293The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-1293
CVE-2022-2645A vulnerability has been found in SourceCodester Garage Management System and classified as problematic. Affected by this vulnerability is an unknown functionality of the file edituser.php. The manipulation of the argument id with the input 1\\”ScRiPtalert 1 sCrIpT leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205573 was assigned to this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-2645
CVE-2022-2646A vulnerability, which was classified as problematic, was found in SourceCodester Online Admission System. Affected is an unknown function of the file index.php. The manipulation of the argument eid with the input 8 h3--redacted-- leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-2055726.1https://nvd.nist.gov/vuln/detail/CVE-2022-2646
CVE-2021-46676A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the transactional maps name field.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-46676
CVE-2021-46677A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the event filter name field.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-46677
CVE-2021-46678A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the service name field.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-46678
CVE-2021-46679A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via service elements.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-46679
CVE-2021-46680A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the module form name field.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-46680
CVE-2021-46681A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-46681
CVE-2022-2685A vulnerability was found in SourceCodester Interview Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file addQuestion.php. The manipulation of the argument question with the input --redacted-- leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205673 was assigned to this vulnerability6.1https://nvd.nist.gov/vuln/detail/CVE-2022-2685
CVE-2022-35797Windows Hello Security Feature Bypass Vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-35797
CVE-2020-27821A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0.6https://nvd.nist.gov/vuln/detail/CVE-2020-27821
CVE-2022-34709Windows Defender Credential Guard Security Feature Bypass Vulnerability.6https://nvd.nist.gov/vuln/detail/CVE-2022-34709
CVE-2015-3152Oracle MySQL before 5.7.3, Oracle MySQL Connector C aka libmysqlclient before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a “BACKRONYM” attack.5.9https://nvd.nist.gov/vuln/detail/CVE-2015-3152
CVE-2018-2761Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 5.9 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:H PR:N UI:N S:U C:N I:N A:H .5.9https://nvd.nist.gov/vuln/detail/CVE-2018-2761
CVE-2020-2574Vulnerability in the MySQL Client product of Oracle MySQL component: C API . Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Client. CVSS 3.0 Base Score 5.9 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:H PR:N UI:N S:U C:N I:N A:H .5.9https://nvd.nist.gov/vuln/detail/CVE-2020-2574
CVE-2020-15023Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute-force cracking. This arises because of issues with the random number selection for the Diffie-Hellman exchange. By capturing an attempted and even failed WPS authentication attempt, it is possible to brute force the overall authentication exchange. This allows an attacker to obtain the recovered WPS PIN in minutes or even seconds, and eventually obtain the Wi-Fi PSK key, gaining access to the Wi=Fi network.5.9https://nvd.nist.gov/vuln/detail/CVE-2020-15023
CVE-2020-1926Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.85.9https://nvd.nist.gov/vuln/detail/CVE-2020-1926
CVE-2021-20989Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities. This connection can be intercepted using DNS spoofing attack and a device initiated remote port-forward channel can be used to connect to the web management interface. Knowledge of authorization credentials to the management interface is required to perform any further actions.5.9https://nvd.nist.gov/vuln/detail/CVE-2021-20989
CVE-2021-31525net http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.5.9https://nvd.nist.gov/vuln/detail/CVE-2021-31525
CVE-2021-36221Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net http httputil ReverseProxy panic upon an ErrAbortHandler abort.5.9https://nvd.nist.gov/vuln/detail/CVE-2021-36221
CVE-2021-3597A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.5.9https://nvd.nist.gov/vuln/detail/CVE-2021-3597
CVE-2022-31117UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. This issue has been resolved in version 5.4.0 and all users should upgrade to UltraJSON 5.4.0. There are no known workarounds for this issue.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-31117
CVE-2022-21541Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot . Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1 Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 Integrity impacts . CVSS Vector: CVSS:3.1 AV:N AC:H PR:N UI:N S:U C:N I:H A:N .5.9https://nvd.nist.gov/vuln/detail/CVE-2022-21541
CVE-2022-2596Denial of Service in GitHub repository node-fetch node-fetch prior to 3.2.10.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-2596
CVE-2022-27619Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-27619
CVE-2022-34716.NET Spoofing Vulnerability.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-34716
CVE-2021-29432Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. This issue has been fixed in 4469d1d.5.7https://nvd.nist.gov/vuln/detail/CVE-2021-29432
CVE-2022-34572An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the telnet password via accessing the page tftp.txt.5.7https://nvd.nist.gov/vuln/detail/CVE-2022-34572
CVE-2022-34574An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing Tftpd32.ini.5.7https://nvd.nist.gov/vuln/detail/CVE-2022-34574
CVE-2022-34575An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing fctest.shtml.5.7https://nvd.nist.gov/vuln/detail/CVE-2022-34575
CVE-2019-14274MCPP 2.7.2 has a heap-based buffer overflow in the do_msg function in support.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2019-14274
CVE-2015-2326The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service out-of-bounds read via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by “ ?+1 \\1 “.5.5https://nvd.nist.gov/vuln/detail/CVE-2015-2326
CVE-2021-1126A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center FMC could allow an authenticated, local attacker to view credentials for a configured proxy server. The vulnerability is due to clear-text storage and weak permissions of related configuration files. An attacker could exploit this vulnerability by accessing the CLI of the affected software and viewing the contents of the affected files. A successful exploit could allow the attacker to view the credentials that are used to access the proxy server.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-1126
CVE-2021-20255A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-20255
CVE-2021-20265A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-20265
CVE-2021-27919archive zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which .. occurs at the beginning of any filename.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-27919
CVE-2020-27824A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-27824
CVE-2020-14335A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-14335
CVE-2021-42744Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not explicitly authorized to have access.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-42744
CVE-2021-4193vim is vulnerable to Out-of-bounds Read5.5https://nvd.nist.gov/vuln/detail/CVE-2021-4193
CVE-2021-45958UltraJSON aka ujson through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked called from encode . Exploitation can, for example, use a large amount of indentation.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-45958
CVE-2021-45067Acrobat Reader DC version 21.007.20099 and earlier , 20.004.30017 and earlier and 17.011.30204 and earlier are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-45067
CVE-2022-0419NULL Pointer Dereference in GitHub repository radareorg radare2 prior to 5.6.0.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0419
CVE-2020-12966AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State SEV-ES and Secure Encrypted Virtualization with Secure Nested Paging SEV-SNP . A local authenticated attacker could potentially exploit this vulnerability leading to leaking guest data by the malicious hypervisor.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-12966
CVE-2022-0529A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0529
CVE-2022-0530A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0530
CVE-2021-4115There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned5.5https://nvd.nist.gov/vuln/detail/CVE-2021-4115
CVE-2022-27359Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a this.maildoc NULL pointer dereference.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-27359
CVE-2022-25169The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-25169
CVE-2022-21123Incomplete cleanup of multi-core shared buffers for some Intel R Processors may allow an authenticated user to potentially enable information disclosure via local access.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-21123
CVE-2022-21125Incomplete cleanup of microarchitectural fill buffers on some Intel R Processors may allow an authenticated user to potentially enable information disclosure via local access.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-21125
CVE-2022-21166Incomplete cleanup in specific special register write operations for some Intel R Processors may allow an authenticated user to potentially enable information disclosure via local access.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-21166
CVE-2022-1852A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch x86 kvm emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-1852
CVE-2022-2078A vulnerability was found in the Linux kernel’s nft_set_desc_concat_parse function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse , causing a denial of service and possibly to run code.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-2078
CVE-2022-29960Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-29960
CVE-2022-29962The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials but may often be disabled in production . This affects S-series, P-series, and CIOC EIOC nodes. NOTE: this is different from CVE-2014-2350.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-29962
CVE-2022-29963The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC EIOC nodes. NOTE: this is different from CVE-2014-2350.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-29963
CVE-2022-29964The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-29964
CVE-2022-29965The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface 23 TCP on M-series and SIS CSLS LSNB LSNG nodes is controlled by means of utility passwords. These passwords are generated using a deterministic, insecure algorithm using a single seed value composed of a day hour minute timestamp with less than 16 bits of entropy. The seed value is fed through a lookup table and a series of permutation operations resulting in three different four-character passwords corresponding to different privilege levels. An attacker can easily reconstruct these passwords and thus gain access to privileged maintenance operations. NOTE: this is different from CVE-2014-2350.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-29965
CVE-2022-34529WASM3 v0.5.0 was discovered to contain a segmentation fault via the component Compile_Memory_CopyFill.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-34529
CVE-2022-2549NULL Pointer Dereference in GitHub repository gpac gpac prior to v2.1.0-DEV.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-2549
CVE-2022-35669Acrobat Reader versions 22.001.20142 and earlier , 20.005.30334 and earlier and 20.005.30334 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-35669
CVE-2022-34009Fossil 2.18 on Windows allows attackers to cause a denial of service daemon crash via an XSS payload in a ticket. This occurs because the ticket data is stored in a temporary file, and the product does not properly handle the absence of this file after Windows Defender has flagged it as malware.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-34009
CVE-2022-34556PicoC v3.2.2 was discovered to contain a NULL pointer dereference at variable.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-34556
CVE-2022-36752png2webp v1.0.4 was discovered to contain an out-of-bounds write via the function w2p. This vulnerability is exploitable via a crafted png file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-36752
CVE-2022-35631On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. This issue was resolved in Velociraptor 0.6.5-2.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-35631
CVE-2022-2598Undefined Behavior for Input to API in GitHub repository vim vim prior to 9.0.0100.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-2598
CVE-2022-34164IBM CICS TX 11.1 could allow a local user to impersonate another legitimate user due to improper input validation. IBM X-Force ID: 229338.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-34164
CVE-2022-31618NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager vGPU plugin , where it can dereference a null pointer, which may lead to denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-31618
CVE-2022-30197Windows Kernel Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34708.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-30197
CVE-2022-34685Azure RTOS GUIX Studio Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34686.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-34685
CVE-2022-34686Azure RTOS GUIX Studio Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34685.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-34686
CVE-2022-34704Windows Defender Credential Guard Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34710, CVE-2022-34712.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-34704
CVE-2022-34708Windows Kernel Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30197.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-34708
CVE-2022-34710Windows Defender Credential Guard Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34704, CVE-2022-34712.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-34710
CVE-2022-34712Windows Defender Credential Guard Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34704, CVE-2022-34710.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-34712
CVE-2020-12262Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow cgi-bin cgiServer.exx?page= XSS.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-12262
CVE-2021-1249Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager DCNM could allow a remote attacker with network-operator privileges to conduct a cross-site scripting XSS attack or a reflected file download RFD attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-1249
CVE-2021-42367The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the ~ includes class-menu-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. Due to missing authorization checks on the tawcvs_save_settings function, low-level authenticated users such as subscribers can exploit this vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-42367
CVE-2021-43853Ajax.NET Professional AjaxPro is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation when parsing json input. Releases before version 21.12.22.1 are affected. A workaround exists that replaces one of the core JavaScript files embedded in the library. See the GHSA-5q7q-qqw2-hjq7 for workaround details.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-43853
CVE-2021-43862jQuery Terminal Emulator is a plugin for creating command line interpreters in your applications. Versions prior to 2.31.1 contain a low impact and limited cross-site scripting XSS vulnerability. The code for XSS payload is always visible, but an attacker can use other techniques to hide the code the victim sees. If the application uses the `execHash` option and executes code from URL, the attacker can use this URL to execute their code. The scope is limited because the javascript attribute used is added to span tag, so no automatic execution like with `onerror` on images is possible. This issue is fixed in version 2.31.1. As a workaround, the user can use formatting that wrap whole user input and its no op. The code for this workaround is available in the GitHub Security Advisory. The fix will only work when user of the library is not using different formatters e.g. to highlight code in different way .5.4https://nvd.nist.gov/vuln/detail/CVE-2021-43862
CVE-2021-45729The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin versions = 1.8.0 allows authenticated low-role users to create, edit, and delete maps.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-45729
CVE-2021-45074JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-45074
CVE-2021-43742CMSimple 5.4 is vulnerable to Cross Site Scripting XSS via the file upload feature.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-43742
CVE-2022-1757The pagebar WordPress plugin before 2.70 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation in some of them, it could also lead to Stored XSS issues5.4https://nvd.nist.gov/vuln/detail/CVE-2022-1757
CVE-2022-23099OX App Suite through 7.10.6 allows XSS by forcing block-wise read.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-23099
CVE-2022-36902Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item Configure permission.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-36902
CVE-2022-36905Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item Configure permission.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-36905
CVE-2022-36910Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-36910
CVE-2022-36948In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-36948
CVE-2022-34140A stored cross-site scripting XSS vulnerability signup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-34140
CVE-2022-1948An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML in contact details.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-1948
CVE-2022-29360The Email Viewer in RainLoop through 1.6.0 allows XSS via a crafted email message.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-29360
CVE-2022-2579A vulnerability, which was classified as problematic, was found in SourceCodester Garage Management System 1.0. Affected is an unknown function of the file php_action createUser.php. The manipulation of the argument userName with the input lalaimg src=““ onerror=alert 1 leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-2579
CVE-2022-35629Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-35629
CVE-2022-33994The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the “Insert from URL” feature. NOTE: the XSS payload does not execute in the context of the WordPress instance’s domain however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-33994
CVE-2022-31774IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228358.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-31774
CVE-2022-32750IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228435.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-32750
CVE-2022-26308Pandora FMS v7.0NG.760 and below allows an improper access control in Configuration Credential store where a user with the role of Operator Write could create, delete, view existing keys which are outside the intended role.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-26308
CVE-2022-2171The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-2171
CVE-2022-36302File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-36302
CVE-2022-36343Authenticated author or higher user role Stored Cross-Site Scripting XSS vulnerability in ideasToCode Enable SVG, WebP ICO Upload plugin = 1.0.1 at WordPress.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-36343
CVE-2022-31128Tuleap is a Free Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can create branches via the REST endpoint regardless of the permissions set on the repository. This issue has been fixed in version 13.10.99.82 Tuleap Community Edition as well as in version 13.10-3 of Tuleap Enterprise Edition. Users are advised to upgrade. There are no known workarounds for this issue.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-31128
CVE-2022-31148Shopware is an open source e-commerce software. In versions from 5.7.0 a persistent cross site scripting XSS vulnerability exists in the customer module. Users are recommend to update to the current version 5.7.14. You can get the update to 5.7.14 regularly via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-31148
CVE-2022-34618A stored cross-site scripting XSS vulnerability in Mealie 1.0.0beta3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the recipe description text field.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-34618
CVE-2022-23733A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github’s Content Security Policy CSP . This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-23733
CVE-2022-35221Teamplus Pro community discussion has an ‘allocation of resource without limits or throttling’ vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-35221
CVE-2022-30571The iWay Service Manager Console component of TIBCO Software Inc.’s TIBCO iWay Service Manager contains easily exploitable Reflected Cross Site Scripting XSS vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim’s local system. Affected releases are TIBCO Software Inc.’s TIBCO iWay Service Manager: versions 8.0.6 and below.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-30571
CVE-2022-34619A stored cross-site scripting XSS vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text field.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-34619
CVE-2022-36197BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-36197
CVE-2016-3098Cross-site request forgery CSRF vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user’s OAuth autorization code.5.4https://nvd.nist.gov/vuln/detail/CVE-2016-3098
CVE-2020-1691In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-1691
CVE-2022-2682A vulnerability, which was classified as problematic, has been found in SourceCodester Alphaware Simple E-Commerce System. Affected by this issue is some unknown functionality of the file stockin.php. The manipulation of the argument id with the input ‘“--redacted-- leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205670 is the identifier assigned to this vulnerability5.4https://nvd.nist.gov/vuln/detail/CVE-2022-2682
CVE-2022-2683A vulnerability, which was classified as problematic, was found in SourceCodester Simple Food Ordering System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument email password with the input “ScRiPtalert 1 sCrIpT leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205671.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-2683
CVE-2022-2684A vulnerability has been found in SourceCodester Apartment Visitor Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file manage-apartment.php. The manipulation of the argument Apartment Number with the input --redacted-- leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-2056725.4https://nvd.nist.gov/vuln/detail/CVE-2022-2684
CVE-2017-3636Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs . Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service partial DOS of MySQL Server. CVSS 3.0 Base Score 5.3 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.0 AV:L AC:L PR:L UI:N S:U C:L I:L A:L .5.3https://nvd.nist.gov/vuln/detail/CVE-2017-3636
CVE-2020-13886Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin cgiServer.exx?page=.. Directory Traversal.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-13886
CVE-2020-35176In AWStats through 7.8, cgi-bin awstats.pl?config= accepts a partial absolute pathname omitting the initial etc , even though it was intended to only read a file in the etc awstats awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-35176
CVE-2020-35460common InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-35460
CVE-2021-1224Multiple Cisco products are affected by a vulnerability with TCP Fast Open TFO when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect detection of the HTTP payload if it is contained at least partially within the TFO connection handshake. An attacker could exploit this vulnerability by sending crafted TFO packets with an HTTP payload through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-1224
CVE-2021-21012Magento versions 2.4.1 and earlier , 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an insecure direct object vulnerability IDOR in the checkout module. Successful exploitation could lead to sensitive information disclosure.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-21012
CVE-2021-21022Magento versions 2.4.1 and earlier , 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an insecure direct object reference IDOR in the product module. Successful exploitation could lead to unauthorized access to restricted resources.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-21022
CVE-2021-26697The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-26697
CVE-2021-20281It was possible for some users without permission to view other users’ full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-20281
CVE-2020-35518When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-35518
CVE-2020-15077OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-15077
CVE-2021-33197In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy from net http httputil result in a situation where an attacker is able to drop arbitrary headers.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-33197
CVE-2021-39211GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file `ajax telemetry.php`, which is not needed for usual functions of GLPI.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-39211
CVE-2021-41157FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse of this security issue allows attackers to subscribe to user agent event notifications without the need to authenticate. This abuse poses privacy concerns and might lead to social engineering or similar attacks. For example, attackers may be able to monitor the status of target SIP extensions. Although this issue was fixed in version v1.10.6, installations upgraded to the fixed version of FreeSWITCH from an older version, may still be vulnerable if the configuration is not updated accordingly. Software upgrades do not update the configuration by default. SIP SUBSCRIBE messages should be authenticated by default so that FreeSWITCH administrators do not need to explicitly set the `auth-subscriptions` parameter. When following such a recommendation, a new parameter can be introduced to explicitly disable authentication.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-41157
CVE-2021-40128A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an arbitrary domain. This vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by sending a crafted HTTP request to the account activation page of Cisco Webex Meetings. A successful exploit could allow the attacker to send to any recipient an account activation email that contains a tampered activation link, which could direct the user to an attacker-controlled website.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-40128
CVE-2021-41532In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-41532
CVE-2021-40338Hitachi Energy LinkOne product, has a vulnerability due to a web server misconfiguration, that enables debug mode and reveals the full path of the filesystem directory when an attacker generates errors during a query operation. This issue affects: Hitachi Energy LinkOne 3.20 3.22 3.23 3.24 3.25 3.26.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-40338
CVE-2022-24714Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may still have access to a collection of content. Note that this only applies if a role has implicitly permitted access to hosts, due to permitted access to at least one of their services. If access to a host is permitted by other means, no sensible information has been disclosed to unauthorized users. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-24714
CVE-2021-42778A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-42778
CVE-2021-42851A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-42851
CVE-2022-29526Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-29526
CVE-2022-21540Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot . Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1 Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 Confidentiality impacts . CVSS Vector: CVSS:3.1 AV:N AC:L PR:N UI:N S:U C:L I:N A:N .5.3https://nvd.nist.gov/vuln/detail/CVE-2022-21540
CVE-2022-21549Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries . Supported versions that are affected are Oracle Java SE: 17.0.3.1 Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 Integrity impacts . CVSS Vector: CVSS:3.1 AV:N AC:L PR:N UI:N S:U C:N I:L A:N .5.3https://nvd.nist.gov/vuln/detail/CVE-2022-21549
CVE-2022-36884The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-36884
CVE-2022-36885Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-36885
CVE-2022-23001When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user’s assistance can exploit this vulnerability with only knowledge of the public key and the library. The resulting output may cause an error when used in other operations for instance, verification of a valid signature under a decompressed public key may fail. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-23001
CVE-2022-23002When compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output will cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-23002
CVE-2022-23003When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario or incorrect choice of session key in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-23003
CVE-2022-23004When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. This may be leveraged by an attacker to cause an error scenario, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-23004
CVE-2022-1600The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor’s IP from certain HTTP headers over PHP’s REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-1600
CVE-2022-31182Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse’s default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-31182
CVE-2022-31185mprweb is a hosting platform for the makedeb Package Repository. Email addresses were found to not have been hidden, even if a user had clicked the `Hide Email Address` checkbox on their account page, or during signup. This could lead to an account’s email being leaked, which may be problematic if your email needs to remain private for any reason. Users hosting their own mprweb instance will need to upgrade to the latest commit to get this fixed. Users on the official instance will already have this issue fixed.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-31185
CVE-2022-31190DSpace open source software is a repository application which provides durable access to digital resources. dspace-xmlui is a UI component for DSpace. In affected versions metadata on a withdrawn Item is exposed via the XMLUI “mets.xml” object, as long as you know the handle URL of the withdrawn Item. This vulnerability only impacts the XMLUI. Users are advised to upgrade to version 6.4 or newer.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-31190
CVE-2022-34530An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-34530
CVE-2022-31189DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an “Internal System Error” occurs in the JSPUI, then entire exception including stack trace is available. Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. This vulnerability only impacts the JSPUI. This issue has been fixed in version 6.4. users are advised to upgrade. Users unable to upgrade should disable the display of error messages in their internal.jsp file.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-31189
CVE-2022-35915OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 `supportsInterface` query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-35915
CVE-2022-35916OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, `CrossChainEnabledArbitrumL2` or `LibArbitrumL2`, will classify direct interactions of externally owned accounts EOAs as cross chain calls, even though they are not started on L1. This issue has been patched in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-35916
CVE-2022-34692Microsoft Exchange Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21979, CVE-2022-30134.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-34692
CVE-2022-34701Windows Secure Socket Tunneling Protocol SSTP Denial of Service Vulnerability.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-34701
CVE-2018-3081Vulnerability in the MySQL Client component of Oracle MySQL subcomponent: Client programs . Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 Integrity and Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:H PR:H UI:N S:U C:N I:L A:H .5https://nvd.nist.gov/vuln/detail/CVE-2018-3081
CVE-2016-5629Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.4.9https://nvd.nist.gov/vuln/detail/CVE-2016-5629
CVE-2016-5630Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.4.9https://nvd.nist.gov/vuln/detail/CVE-2016-5630
CVE-2017-3456Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DML . Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily “exploitable” vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:H UI:N S:U C:N I:N A:H .4.9https://nvd.nist.gov/vuln/detail/CVE-2017-3456
CVE-2017-10320Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: InnoDB . Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:H UI:N S:U C:N I:N A:H .4.9https://nvd.nist.gov/vuln/detail/CVE-2017-10320
CVE-2019-2627Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges . Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:H UI:N S:U C:N I:N A:H .4.9https://nvd.nist.gov/vuln/detail/CVE-2019-2627
CVE-2019-2628Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB . Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:H UI:N S:U C:N I:N A:H .4.9https://nvd.nist.gov/vuln/detail/CVE-2019-2628
CVE-2019-2737Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Pluggable Auth . Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:H UI:N S:U C:N I:N A:H .4.9https://nvd.nist.gov/vuln/detail/CVE-2019-2737
CVE-2020-14776Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB . Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.1 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.1 AV:N AC:L PR:H UI:N S:U C:N I:N A:H .4.9https://nvd.nist.gov/vuln/detail/CVE-2020-14776
CVE-2020-14789Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS . Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.1 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.1 AV:N AC:L PR:H UI:N S:U C:N I:N A:H .4.9https://nvd.nist.gov/vuln/detail/CVE-2020-14789
CVE-2021-1282Multiple vulnerabilities in Cisco Unified Communications Manager IM amp Presence Service Unified CM IMampP could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IMampP also affects Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.4.9https://nvd.nist.gov/vuln/detail/CVE-2021-1282
CVE-2021-40130A vulnerability in the web application of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. This vulnerability is due to improper restriction of the syslog configuration. An attacker could exploit this vulnerability by configuring non-log files as sources for syslog reporting through the web application. A successful exploit could allow the attacker to read non-log files on the CSPC.4.9https://nvd.nist.gov/vuln/detail/CVE-2021-40130
CVE-2021-45730JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators.4.9https://nvd.nist.gov/vuln/detail/CVE-2021-45730
CVE-2022-27620Improper limitation of a pathname to a restricted directory ’Path Traversal’ vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors.4.9https://nvd.nist.gov/vuln/detail/CVE-2022-27620
CVE-2022-35774Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.4.9https://nvd.nist.gov/vuln/detail/CVE-2022-35774
CVE-2022-35787Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.4.9https://nvd.nist.gov/vuln/detail/CVE-2022-35787
CVE-2022-35800Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.4.9https://nvd.nist.gov/vuln/detail/CVE-2022-35800
CVE-2021-39348The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~ inc admin views backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.3.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. Please note that this is seperate from CVE-2021-24702.4.8https://nvd.nist.gov/vuln/detail/CVE-2021-39348
CVE-2021-44717Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.4.8https://nvd.nist.gov/vuln/detail/CVE-2021-44717
CVE-2022-1961The Google Tag Manager for WordPress GTM4WP plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the `gtm4wp-options[scroller-contentid]` parameter found in the `~ public frontend.php` file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-1961
CVE-2022-35882Authenticated author or higher user role Stored Cross-Site Scripting XSS vulnerability in GS Plugins GS Testimonial Slider plugin = 1.9.1 at WordPress.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-35882
CVE-2022-34580Advanced School Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the address parameter at ip school index.php.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-34580
CVE-2022-35632The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. This field was not properly sanitized and can lead to cross-site scripting XSS . This issue was resolved in Velociraptor 0.6.5-2.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-35632
CVE-2022-36378Authenticated author or higher user role Stored Cross-Site Scripting XSS vulnerability in PluginlySpeaking Floating Div plugin = 3.0 at WordPress.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-36378
CVE-2022-0598The Login with phone number WordPress plugin through 1.3.7 do not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-0598
CVE-2022-1324The Event Timeline WordPress plugin through 1.1.5 does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed4.8https://nvd.nist.gov/vuln/detail/CVE-2022-1324
CVE-2022-2170The Microsoft Advertising Universal Event Tracking UET WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-2170
CVE-2022-2215The GiveWP WordPress plugin before 2.21.3 does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed for example in multisite setup 4.8https://nvd.nist.gov/vuln/detail/CVE-2022-2215
CVE-2022-2278The Featured Image from URL FIFU WordPress plugin before 4.0.1 does not validate, sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed for example in multisite setup 4.8https://nvd.nist.gov/vuln/detail/CVE-2022-2278
CVE-2022-2305The WordPress Popup WordPress plugin through 1.9.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed for example in multisite setup 4.8https://nvd.nist.gov/vuln/detail/CVE-2022-2305
CVE-2022-2325The Invitation Based Registrations WordPress plugin through 2.2.84 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed for example in multisite setup 4.8https://nvd.nist.gov/vuln/detail/CVE-2022-2325
CVE-2022-2328The Flexi Quote Rotator WordPress plugin through 0.9.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-2328
CVE-2022-35162Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the CATEGORY parameter at category controller.php?action=edit.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-35162
CVE-2022-35163Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the U_NAME parameter at category controller.php?action=edit.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-35163
CVE-2022-21979Microsoft Exchange Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30134, CVE-2022-34692.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-21979
CVE-2020-10686A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in Keycloak version 9.0.1, where a malicious user registers as oneself. The attacker could then use the remove devices form to post different credential IDs and possibly remove MFA devices for other users.4.7https://nvd.nist.gov/vuln/detail/CVE-2020-10686
CVE-2022-31175CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5’s packages in versions prior to 35.0.1. The vulnerability allowed to trigger a JavaScript code after fulfilling special conditions. The affected packages are `@ckeditor ckeditor5-markdown-gfm`, `@ckeditor ckeditor5-html-support`, and `@ckeditor ckeditor5-html-embed`. The specific conditions are 1 Using one of the affected packages. In case of `ckeditor5-html-support` and `ckeditor5-html-embed`, additionally, it was required to use a configuration that allows unsafe markup inside the editor. 2 Destroying the editor instance and 3 Initializing the editor on an element and using an element other than `textarea` as a base. The root cause of the issue was a mechanism responsible for updating the source element with the markup coming from the CKEditor 5 data pipeline after destroying the editor. This vulnerability might affect a small percent of integrators that depend on dynamic editor initialization destroy and use Markdown, General HTML Support or HTML embed features. The problem has been recognized and patched. The fix is available in version 35.0.1. There are no known workarounds for this issue.4.7https://nvd.nist.gov/vuln/detail/CVE-2022-31175
CVE-2022-30314Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The Honeywell Experion PKS Safety Manager utilizes the DCOM-232 485 serial interface for firmware management purposes. When booting, the Safety Manager exposes the Enea POLO bootloader via this interface. Access to the boot configuration is controlled by means of credentials hardcoded in the Safety Manager firmware. The credentials for the bootloader are hardcoded in the firmware. An attacker with access to the serial interface either through physical access, a compromised EWS or an exposed serial-to-ethernet gateway can utilize these credentials to control the boot process and manipulate the unauthenticated firmware image see FSCT-2022-0054 .4.6https://nvd.nist.gov/vuln/detail/CVE-2022-30314
CVE-2020-35508A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.4.5https://nvd.nist.gov/vuln/detail/CVE-2020-35508
CVE-2022-21790In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479306 Issue ID: ALPS06479306.4.4https://nvd.nist.gov/vuln/detail/CVE-2022-21790
CVE-2022-21791In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478059 Issue ID: ALPS06478059.4.4https://nvd.nist.gov/vuln/detail/CVE-2022-21791
CVE-2022-26436In emi mpu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07023666 Issue ID: ALPS07023666.4.4https://nvd.nist.gov/vuln/detail/CVE-2022-26436
CVE-2022-35783Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.4.4https://nvd.nist.gov/vuln/detail/CVE-2022-35783
CVE-2022-35812Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819.4.4https://nvd.nist.gov/vuln/detail/CVE-2022-35812
CVE-2022-35821Azure Sphere Information Disclosure Vulnerability.4.4https://nvd.nist.gov/vuln/detail/CVE-2022-35821
CVE-2021-1143A vulnerability in Cisco Connected Mobile Experiences CMX API authorizations could allow an authenticated, remote attacker to enumerate what users exist on the system. The vulnerability is due to a lack of authorization checks for certain API GET requests. An attacker could exploit this vulnerability by sending specific API GET requests to an affected device. A successful exploit could allow the attacker to enumerate users of the CMX system.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-1143
CVE-2021-20283The web service responsible for fetching other users’ enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-20283
CVE-2021-1467A vulnerability in Cisco Webex Meetings for Android could allow an authenticated, remote attacker to modify the avatar of another user. This vulnerability is due to improper authorization checks. An attacker could exploit this vulnerability by sending a crafted request to the Cisco Webex Meetings client of a targeted user of a meeting in which they are both participants. A successful exploit could allow the attacker to modify the avatar of the targeted user.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-1467
CVE-2021-1477A vulnerability in an access control mechanism of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to access services beyond the scope of their authorization. This vulnerability is due to insufficient enforcement of access control in the affected software. An attacker could exploit this vulnerability by directly accessing the internal services of an affected device. A successful exploit could allow the attacker to overwrite policies and impact the configuration and operation of the affected device.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-1477
CVE-2021-20250A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-20250
CVE-2021-20306A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any authenticated user from any project can see the name of Ruleflow Groups from other projects, despite the user not having access to those projects. The highest threat from this vulnerability is to confidentiality.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-20306
CVE-2020-10743It was discovered that OpenShift Container Platform’s OCP distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP’s distribution of Kibana, such as clickjacking.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-10743
CVE-2021-42337The permission control of AIFU cashier management salary query function can be bypassed, thus after obtaining general user’s permission, the remote attacker can access account information except passwords by crafting URL parameters.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-42337
CVE-2021-42116Incorrect Access Control in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 allows an authenticated remote attacker to view the Shape Editor and Settings, which are functionality for higher privileged users, via identifying said components in the front-end source code or other means.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-42116
CVE-2021-4026bookstack is vulnerable to Improper Access Control4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4026
CVE-2021-43793Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse4.3https://nvd.nist.gov/vuln/detail/CVE-2021-43793
CVE-2021-4089snipe-it is vulnerable to Improper Access Control4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4089
CVE-2021-24836The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation and CSRF checks when updating its settings, which could allows any logged-in users, such as subscribers to update them4.3https://nvd.nist.gov/vuln/detail/CVE-2021-24836
CVE-2021-4111yetiforcecrm is vulnerable to Business Logic Errors4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4111
CVE-2021-4117yetiforcecrm is vulnerable to Business Logic Errors4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4117
CVE-2021-41241Nextcloud server is a self hosted system designed to provide cloud style services. The groupfolders application for Nextcloud allows sharing a folder with a group of people. In addition, it allows setting “advanced permissions” on subfolders, for example, a user could be granted access to the groupfolder but not specific subfolders. Due to a lacking permission check in affected versions, a user could still access these subfolders by copying the groupfolder to another location. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the “groupfolders” application in the admin settings.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-41241
CVE-2021-32472Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-32472
CVE-2022-36886A cross-site request forgery CSRF vulnerability in Jenkins External Monitor Job Type Plugin 191.v363d0d1efdf8 and earlier allows attackers to create runs of an external job.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-36886
CVE-2022-36887A cross-site request forgery CSRF vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-36887
CVE-2022-36890Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-36890
CVE-2022-36891A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item Read permission but without Deploy Now Deploy permission to read deployment logs.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-36891
CVE-2022-36892Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item Read permission but without Item Workspace or Item Configure permission to check whether attacker-specified file patterns match workspace contents.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-36892
CVE-2022-36893Jenkins rpmsign-plugin Plugin 0.5.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item Read permission but without Item Workspace or Item Configure permission to check whether attacker-specified file patterns match workspace contents.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-36893
CVE-2022-36895A missing permission check in Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier allows attackers with Overall Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-36895
CVE-2022-36897A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-36897
CVE-2022-36898A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-36898
CVE-2022-36903A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall Read permission to enumerate credentials IDs of credentials stored in Jenkins.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-36903
CVE-2022-36904Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-36904
CVE-2022-36912A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall Read permission to connect to an attacker-specified URL.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-36912
CVE-2022-36913Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-36913
CVE-2022-36914Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-36914
CVE-2022-36915Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item Read permission but without Item Workspace or Item Configure permission to check whether attacker-specified file patterns match workspace contents.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-36915
CVE-2022-36917A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers with Overall Read permission to request a manual backup.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-36917
CVE-2022-36918Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-36918
CVE-2022-36919A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall Read permission to enumerate credentials IDs of credentials stored in Jenkins.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-36919
CVE-2022-36953In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to gain sensitive information. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-36953
CVE-2022-1871Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass file system policy via a crafted HTML page.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-1871
CVE-2022-1872Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-1872
CVE-2022-1875Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-1875
CVE-2022-36995An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-36995
CVE-2022-2479Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-2479
CVE-2016-4426In zulip before 1.3.12, bot API keys were accessible to other users in the same realm.4.3https://nvd.nist.gov/vuln/detail/CVE-2016-4426
CVE-2022-22334IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. IBM X-Force ID: 219391.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-22334
CVE-2022-1561Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions older than v2.0.0 do not sanitize URL parameters correctly, allowing a malicious user to alter the backend URL defined for a pipe when remote users send crafty URL requests. The vulnerability does not affect KrakenD itself, but the consumed backend might be vulnerable.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-1561
CVE-2022-2369The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin4.3https://nvd.nist.gov/vuln/detail/CVE-2022-2369
CVE-2022-34307IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http: link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 229436.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-34307
CVE-2022-31154Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able to read contents of existing code monitors, only override the data. The issue is fixed in Sourcegraph 3.42. There are no workaround for the issue and patching is highly recommended.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-31154
CVE-2022-31155Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is possible for an attacker to delete other users’ saved searches due to a bug in the authorization check. The vulnerability does not allow the reading of other users’ saved searches, only overwriting them with attacker-controlled searches. The issue is patched in Sourcegraph version 3.41.0. There is no workaround for this issue and updating to a secure version is highly recommended.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-31155
CVE-2022-31178eLabFTW is an electronic lab notebook manager for research teams. A vulnerability was discovered which allows a logged in user to read a template without being authorized to do so. This vulnerability has been patched in 4.3.4. Users are advised to upgrade. There are no known workarounds for this issue.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-31178
CVE-2022-36968In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery CSRF attacks.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-36968
CVE-2022-27617Improper limitation of a pathname to a restricted directory ’Path Traversal’ vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-27617
CVE-2022-36800Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the “Browse Users” permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-36800
CVE-2022-23442An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-23442
CVE-2020-1754In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the ‘access all groups’ capability were not restricted to viewing grades of users within their own groups.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-1754
CVE-2021-36861Cross-Site Request Forgery CSRF vulnerability in Rich Reviews by Starfish plugin = 1.9.14 at WordPress allows an attacker to delete reviews.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-36861
CVE-2021-4001A race condition was found in the Linux kernel’s ebpf verifier between bpf_map_update_elem and bpf_map_freeze due to a missing lock in kernel bpf syscall.c. In this flaw, a local user with a special privilege cap_sys_admin or cap_bpf can modify the frozen mapped address space. This flaw affects kernel versions prior to 5.16 rc2.4.1https://nvd.nist.gov/vuln/detail/CVE-2021-4001
CVE-2017-10365Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: InnoDB . Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service partial DOS of MySQL Server. CVSS 3.0 Base Score 3.8 Integrity and Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:H UI:N S:U C:N I:L A:L .3.8https://nvd.nist.gov/vuln/detail/CVE-2017-10365
CVE-2022-27621Improper limitation of a pathname to a restricted directory ’Path Traversal’ vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors.3.8https://nvd.nist.gov/vuln/detail/CVE-2022-27621
CVE-2021-39212ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. policy domain=“module” rights=“none” pattern=“PS” . The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy.3.6https://nvd.nist.gov/vuln/detail/CVE-2021-39212
CVE-2020-13597Clusters using Calico version 3.14.0 and below , Calico Enterprise version 2.8.2 and below , may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure the node’s IPv6 interface due to the node accepting route advertisement by default, allowing the attacker to redirect full or partial network traffic from the node to the compromised pod.3.5https://nvd.nist.gov/vuln/detail/CVE-2020-13597
CVE-2021-39220Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommended that the Nextcloud Mail application is upgraded to 1.10.4 or 1.11.0. There are no known workarounds aside from upgrading.3.5https://nvd.nist.gov/vuln/detail/CVE-2021-39220
CVE-2020-0368In queryInternal of CallLogProvider.java, there is a possible permission bypass due to improper input validation. This could lead to local information disclosure of voicemail metadata with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1432309803.3https://nvd.nist.gov/vuln/detail/CVE-2020-0368
CVE-2021-21046Acrobat Reader DC versions versions 2020.013.20074 and earlier , 2020.001.30018 and earlier and 2017.011.30188 and earlier are affected by an memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-21046
CVE-2021-32453SITEL CAP PRX firmware version 5.2.01 allows an attacker with access to the local network, to access via HTTP to the internal configuration database of the device without any authentication. An attacker could exploit this vulnerability in order to obtain information about the device´s configuration.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-32453
CVE-2021-20239A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-20239
CVE-2021-4016Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-4016
CVE-2022-37010In JetBrains IntelliJ IDEA before 2022.2 email address validation in the “Git User Name Is Not Defined” dialog was missed3.3https://nvd.nist.gov/vuln/detail/CVE-2022-37010
CVE-2022-22326IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks. IBM X-Force ID: 218856.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-22326
CVE-2022-31186NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in `next-auth` before `v4.10.2` and `v3.29.9` allows an attacker with log access privilege to obtain excessive information such as an identity provider’s secret in the log which is thrown during OAuth error handling and use it to leverage further attacks on the system, like impersonating the client to ask for extensive permissions. This issue has been patched in `v4.10.2` and `v3.29.9` by moving the log for `provider` information to the debug level. In addition, we added a warning for having the `debug: true` option turned on in production. If for some reason you cannot upgrade, you can user the `logger` configuration option by sanitizing the logs.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-31186
CVE-2020-15185In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this attack, an attacker must have write access to the index file which can occur during a MITM attack on a non-SSL connection . This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the index file in the Helm repository cache before installing software.2.7https://nvd.nist.gov/vuln/detail/CVE-2020-15185
CVE-2022-31177Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users. This issue has been fixed in version 4.1.3. Users are advised to upgrade. There are no known workarounds for this issue.2.7https://nvd.nist.gov/vuln/detail/CVE-2022-31177
CVE-2005-0004The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.-https://nvd.nist.gov/vuln/detail/CVE-2005-0004
CVE-2007-2401CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting XSS attacks.-https://nvd.nist.gov/vuln/detail/CVE-2007-2401
CVE-2007-2400Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting XSS attacks via vectors related to page updating and HTTP redirects.-https://nvd.nist.gov/vuln/detail/CVE-2007-2400
CVE-2007-2399WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an “invalid type conversion”, which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.-https://nvd.nist.gov/vuln/detail/CVE-2007-2399
CVE-2007-3757Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to trick the iPhone user into making calls to arbitrary telephone numbers via a crafted “tel:” link that causes iPhone to display a different number than the number that will be dialed.-https://nvd.nist.gov/vuln/detail/CVE-2007-3757
CVE-2007-3756Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain.-https://nvd.nist.gov/vuln/detail/CVE-2007-3756
CVE-2007-3755Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a “tel:” link, which does not prompt the user before dialing the number.-https://nvd.nist.gov/vuln/detail/CVE-2007-3755
CVE-2007-3754Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle MITM attack.-https://nvd.nist.gov/vuln/detail/CVE-2007-3754
CVE-2007-3753Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service application termination and execute arbitrary code via crafted Service Discovery Protocol SDP packets, related to insufficient input validation.-https://nvd.nist.gov/vuln/detail/CVE-2007-3753
CVE-2007-4671Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to “alter or access” HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain.-https://nvd.nist.gov/vuln/detail/CVE-2007-4671
CVE-2007-3761Cross-site scripting XSS vulnerability in Safari in Apple iPhone 1.1.1 allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain.-https://nvd.nist.gov/vuln/detail/CVE-2007-3761
CVE-2007-3760Cross-site scripting XSS vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags.-https://nvd.nist.gov/vuln/detail/CVE-2007-3760
CVE-2007-3759Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari is restarted, which might leave Safari open to attacks that the user does not expect.-https://nvd.nist.gov/vuln/detail/CVE-2007-3759
CVE-2007-3758Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting XSS attacks.-https://nvd.nist.gov/vuln/detail/CVE-2007-3758
CVE-2007-5450Unspecified vulnerability in Safari on the Apple iPod touch aka iTouch and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service application crash , and enable filesystem browsing by the local user, via a certain TIFF file.-https://nvd.nist.gov/vuln/detail/CVE-2007-5450
CVE-2007-5858WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to “navigate the subframes of any other page,” which can be leveraged to conduct cross-site scripting XSS attacks and obtain sensitive information.-https://nvd.nist.gov/vuln/detail/CVE-2007-5858
CVE-2008-0035Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service application termination or execute arbitrary code via a crafted URL that triggers memory corruption in Safari.-https://nvd.nist.gov/vuln/detail/CVE-2008-0035
CVE-2008-0034Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls.-https://nvd.nist.gov/vuln/detail/CVE-2008-0034
CVE-2008-0729Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote attackers to cause a denial of service memory exhaustion and device crash via certain JavaScript code that constructs a long string and an array containing long string elements, possibly a related issue to CVE-2006-3677. NOTE: some of these details are obtained from third party information.-https://nvd.nist.gov/vuln/detail/CVE-2008-0729
CVE-2008-2317WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service heap corruption and application crash via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element, as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0, a different vulnerability than CVE-2008-1590.-https://nvd.nist.gov/vuln/detail/CVE-2008-2317
CVE-2008-2303Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307.-https://nvd.nist.gov/vuln/detail/CVE-2008-2303
CVE-2008-1590JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch before 2.0 does not properly perform runtime garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via unspecified vectors that trigger memory corruption, a different vulnerability than CVE-2008-2317.-https://nvd.nist.gov/vuln/detail/CVE-2008-1590
CVE-2008-1589Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a 1 self-signed or 2 invalid certificate, which makes it easier for remote attackers to spoof web sites.-https://nvd.nist.gov/vuln/detail/CVE-2008-1589
CVE-2008-1588Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL.-https://nvd.nist.gov/vuln/detail/CVE-2008-1588
CVE-2008-3632Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service application crash via a web page with crafted Cascading Style Sheets CSS import statements.-https://nvd.nist.gov/vuln/detail/CVE-2008-3632
CVE-2008-1586ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service memory consumption and device reset via a crafted TIFF image.-https://nvd.nist.gov/vuln/detail/CVE-2008-1586
CVE-2008-4227Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic.-https://nvd.nist.gov/vuln/detail/CVE-2008-4227
CVE-2008-4228The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number.-https://nvd.nist.gov/vuln/detail/CVE-2008-4228
CVE-2008-4229Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup.-https://nvd.nist.gov/vuln/detail/CVE-2008-4229
CVE-2008-4230The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593.-https://nvd.nist.gov/vuln/detail/CVE-2008-4230
CVE-2008-4231Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted HTML document.-https://nvd.nist.gov/vuln/detail/CVE-2008-4231
CVE-2008-4232Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME’s content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document.-https://nvd.nist.gov/vuln/detail/CVE-2008-4232
CVE-2008-4233Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document.-https://nvd.nist.gov/vuln/detail/CVE-2008-4233
CVE-2009-1698WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets CSS attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted HTML document.-https://nvd.nist.gov/vuln/detail/CVE-2009-1698
CVE-2009-1699The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file: etc passwd URL in an entity declaration, related to an “XXE attack.”-https://nvd.nist.gov/vuln/detail/CVE-2009-1699
CVE-2009-1700The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.-https://nvd.nist.gov/vuln/detail/CVE-2009-1700
CVE-2009-1701Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service application crash by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute.-https://nvd.nist.gov/vuln/detail/CVE-2009-1701
CVE-2009-1702Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects.-https://nvd.nist.gov/vuln/detail/CVE-2009-1702
CVE-2009-0958Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials.-https://nvd.nist.gov/vuln/detail/CVE-2009-0958
CVE-2009-0959The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service device reset via a crafted MPEG-4 video file that triggers an “input validation issue.”-https://nvd.nist.gov/vuln/detail/CVE-2009-0959
CVE-2009-0960The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an e-mail is read via an HTML email containing an image URL.-https://nvd.nist.gov/vuln/detail/CVE-2009-0960
CVE-2009-0961The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert.-https://nvd.nist.gov/vuln/detail/CVE-2009-0961
CVE-2009-1679The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the intended policy.-https://nvd.nist.gov/vuln/detail/CVE-2009-1679
CVE-2009-1680Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history.-https://nvd.nist.gov/vuln/detail/CVE-2009-1680
CVE-2009-1683The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service device reset via a crafted ICMP echo request, which triggers an assertion error related to a “logic issue.”-https://nvd.nist.gov/vuln/detail/CVE-2009-1683
CVE-2009-1692WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service memory consumption or device reset via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.-https://nvd.nist.gov/vuln/detail/CVE-2009-1692
CVE-2009-1724Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects.-https://nvd.nist.gov/vuln/detail/CVE-2009-1724
CVE-2009-1725WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms KHTML in kdelibs in KDE QtWebKit aka Qt toolkit and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted HTML document.-https://nvd.nist.gov/vuln/detail/CVE-2009-1725
CVE-2009-2199Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs.-https://nvd.nist.gov/vuln/detail/CVE-2009-2199
CVE-2009-2206Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted 1 AAC or 2 MP3 file, as demonstrated by a ringtone with malformed entries in the sample size table.-https://nvd.nist.gov/vuln/detail/CVE-2009-2206
CVE-2009-3555The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a “plaintext injection” attack, aka the “Project Mogul” issue.-https://nvd.nist.gov/vuln/detail/CVE-2009-3555
CVE-2010-1387Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769.-https://nvd.nist.gov/vuln/detail/CVE-2010-1387
CVE-2010-1407WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document.-https://nvd.nist.gov/vuln/detail/CVE-2010-1407
CVE-2010-1751Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors.-https://nvd.nist.gov/vuln/detail/CVE-2010-1751
CVE-2010-1752Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to URL handling.-https://nvd.nist.gov/vuln/detail/CVE-2010-1752
CVE-2010-1753ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted JPEG image.-https://nvd.nist.gov/vuln/detail/CVE-2010-1753
CVE-2010-1754Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to bypass intended passcode requirements via unspecified vectors.-https://nvd.nist.gov/vuln/detail/CVE-2010-1754
CVE-2010-1755Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie.-https://nvd.nist.gov/vuln/detail/CVE-2010-1755
CVE-2010-1756The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an unintended network.-https://nvd.nist.gov/vuln/detail/CVE-2010-1756
CVE-2010-1757WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document.-https://nvd.nist.gov/vuln/detail/CVE-2010-1757
CVE-2010-1775Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot.-https://nvd.nist.gov/vuln/detail/CVE-2010-1775
CVE-2010-2965The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via requests to UDP port 17185, a related issue to CVE-2005-3804.-https://nvd.nist.gov/vuln/detail/CVE-2010-2965
CVE-2010-2973Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe.-https://nvd.nist.gov/vuln/detail/CVE-2010-2973
CVE-2010-1781Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to the rendering of an inline element.-https://nvd.nist.gov/vuln/detail/CVE-2010-1781
CVE-2010-1809The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors.-https://nvd.nist.gov/vuln/detail/CVE-2010-1809
CVE-2010-1810FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.-https://nvd.nist.gov/vuln/detail/CVE-2010-1810
CVE-2010-1811ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted TIFF file.-https://nvd.nist.gov/vuln/detail/CVE-2010-1811
CVE-2010-1812Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving selections.-https://nvd.nist.gov/vuln/detail/CVE-2010-1812
CVE-2010-1813WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via vectors involving HTML object outlines.-https://nvd.nist.gov/vuln/detail/CVE-2010-1813
CVE-2010-1814WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via vectors involving form menus.-https://nvd.nist.gov/vuln/detail/CVE-2010-1814
CVE-2010-1815Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving scrollbars.-https://nvd.nist.gov/vuln/detail/CVE-2010-1815
CVE-2010-1817Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted GIF file.-https://nvd.nist.gov/vuln/detail/CVE-2010-1817
CVE-2010-3832Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity TMSI field.-https://nvd.nist.gov/vuln/detail/CVE-2010-3832
CVE-2010-4180OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.-https://nvd.nist.gov/vuln/detail/CVE-2010-4180
CVE-2011-1344Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5 iOS before 4.3.2 for iPhone, iPod, and iPad iOS before 4.2.7 for iPhone 4 CDMA and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011.-https://nvd.nist.gov/vuln/detail/CVE-2011-1344
CVE-2012-0876The XML parser xmlparse.c in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via an XML file with many identifiers with the same value.-https://nvd.nist.gov/vuln/detail/CVE-2012-0876
CVE-2012-2386Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.-https://nvd.nist.gov/vuln/detail/CVE-2012-2386
CVE-2012-2648Cross-site scripting XSS vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser.-https://nvd.nist.gov/vuln/detail/CVE-2012-2648
CVE-2012-1702Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.-https://nvd.nist.gov/vuln/detail/CVE-2012-1702
CVE-2013-1861MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service crash via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.-https://nvd.nist.gov/vuln/detail/CVE-2013-1861
CVE-2013-1523Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Optimizer.-https://nvd.nist.gov/vuln/detail/CVE-2013-1523
CVE-2013-3801Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.-https://nvd.nist.gov/vuln/detail/CVE-2013-3801
CVE-2013-5807Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.-https://nvd.nist.gov/vuln/detail/CVE-2013-5807
CVE-2014-2440Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.-https://nvd.nist.gov/vuln/detail/CVE-2014-2440
CVE-2014-3515The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to “type confusion” issues in 1 ArrayObject and 2 SPLObjectStorage.-https://nvd.nist.gov/vuln/detail/CVE-2014-3515
CVE-2014-8964Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service crash or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.-https://nvd.nist.gov/vuln/detail/CVE-2014-8964
CVE-2014-9425Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.-https://nvd.nist.gov/vuln/detail/CVE-2014-9425
CVE-2015-1351Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.-https://nvd.nist.gov/vuln/detail/CVE-2015-1351
CVE-2015-2568Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.-https://nvd.nist.gov/vuln/detail/CVE-2015-2568
CVE-2015-4879Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.-https://nvd.nist.gov/vuln/detail/CVE-2015-4879
CVE-2022-35924NextAuth.js is a complete open source authentication solution for Next.js applications. `next-auth` users who are using the `EmailProvider` either in versions before `4.10.3` or `3.29.10` are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.: `attacker@attacker.com,victim@victim.com` to the sign-in endpoint, NextAuth.js would send emails to both the attacker and the victim’s e-mail addresses. The attacker could then login as a newly created user with the email being `attacker@attacker.com,victim@victim.com`. This means that basic authorization like `email.endsWith “@victim.com” ` in the `signIn` callback would fail to communicate a threat to the developer and would let the attacker bypass authorization, even with an `@attacker.com` address. This vulnerability has been patched in `v4.10.3` and `v3.29.10` by normalizing the email value that is sent to the sign-in endpoint before accessing it anywhere else. We also added a `normalizeIdentifier` callback on the `EmailProvider` configuration, where you can further tweak your requirements for what your system considers a valid e-mail address. E.g.: strict RFC2821 compliance . Users are advised to upgrade. There are no known workarounds for this vulnerability. If for some reason you cannot upgrade, you can normalize the incoming request using Advanced Initialization.-https://nvd.nist.gov/vuln/detail/CVE-2022-35924
CVE-2022-29807A SQL injection vulnerability exists within Quest KACE Systems Management Appliance SMA through 12.0 that can allow for remote code execution via download_agent_installer.php.-https://nvd.nist.gov/vuln/detail/CVE-2022-29807
CVE-2022-29808In Quest KACE Systems Management Appliance SMA through 12.0, predictable token generation occurs when appliance linking is enabled.-https://nvd.nist.gov/vuln/detail/CVE-2022-29808
CVE-2022-30285In Quest KACE Systems Management Appliance SMA through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials.-https://nvd.nist.gov/vuln/detail/CVE-2022-30285
CVE-2022-36967In Progress WS_FTP Server prior to version 8.7.3, multiple reflected cross-site scripting XSS vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WS_FTP administrator’s web session. This would allow the attacker to execute code within the context of the victim’s browser.-https://nvd.nist.gov/vuln/detail/CVE-2022-36967
CVE-2022-33917An issue was discovered in the Arm Mali GPU Kernel Driver Valhall r29p0 through r38p0 . A non-privileged user can make improper GPU processing operations to gain access to already freed memory.-https://nvd.nist.gov/vuln/detail/CVE-2022-33917
CVE-2022-37035An issue was discovered in bgpd in FRRouting FRR 8.3. In bgp_notify_send_with_data and bgp_process_packet in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation.-https://nvd.nist.gov/vuln/detail/CVE-2022-37035
CVE-2022-27616Improper neutralization of special elements used in an OS command ’OS Command Injection’ vulnerability in webapi component in Synology DiskStation Manager DSM before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors.-https://nvd.nist.gov/vuln/detail/CVE-2022-27616
CVE-2022-35737SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.-https://nvd.nist.gov/vuln/detail/CVE-2022-35737
CVE-2022-37394An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected.-https://nvd.nist.gov/vuln/detail/CVE-2022-37394
CVE-2022-27484A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request.-https://nvd.nist.gov/vuln/detail/CVE-2022-27484
CVE-2022-34973D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at ping.ccp.-https://nvd.nist.gov/vuln/detail/CVE-2022-34973
CVE-2022-34974D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function.-https://nvd.nist.gov/vuln/detail/CVE-2022-34974
CVE-2022-35619D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution RCE vulnerability via the function ssdpcgi_main.-https://nvd.nist.gov/vuln/detail/CVE-2022-35619
CVE-2022-35620D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution RCE vulnerability via the function binary.soapcgi_main.-https://nvd.nist.gov/vuln/detail/CVE-2022-35620
CVE-2022-28684This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16710.-https://nvd.nist.gov/vuln/detail/CVE-2022-28684
CVE-2022-35866This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17139.-https://nvd.nist.gov/vuln/detail/CVE-2022-35866
CVE-2022-37396In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution-https://nvd.nist.gov/vuln/detail/CVE-2022-37396
CVE-2022-35928AES Crypt is a file encryption software for multiple platforms. AES Crypt for Linux built using the source on GitHub and having the version number 3.11 has a vulnerability with respect to reading user-provided passwords and confirmations via command-line prompts. Passwords lengths were not checked before being read. This vulnerability may lead to buffer overruns. This does _not_ affect source code found on aescrypt.com, nor is the vulnerability present when providing a password or a key via the `-p` or `-k` command-line options. The problem was fixed via in commit 68761851b and will be included in release 3.16. Users are advised to upgrade. Users unable to upgrade should us the `-p` or `-k` options to provide a password or key.-https://nvd.nist.gov/vuln/detail/CVE-2022-35928
CVE-2022-35158A vulnerability in the lua parser of TscanCode tsclua v2.15.01 allows attackers to cause a Denial of Service DoS via a crafted lua script.-https://nvd.nist.gov/vuln/detail/CVE-2022-35158
CVE-2022-35161GVRET Stable Release as of Aug 15, 2015 was discovered to contain a buffer overflow via the handleConfigCmd function at SerialConsole.cpp.-https://nvd.nist.gov/vuln/detail/CVE-2022-35161
CVE-2022-35505A segmentation fault in TripleCross v0.1.0 occurs when sending a control command from the client to the server. This occurs because there is no limit to the length of the output of the executed command.-https://nvd.nist.gov/vuln/detail/CVE-2022-35505
CVE-2022-35506TripleCross v0.1.0 was discovered to contain a stack overflow which occurs because there is no limit to the length of program parameters.-https://nvd.nist.gov/vuln/detail/CVE-2022-35506
CVE-2022-27166A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim.-https://nvd.nist.gov/vuln/detail/CVE-2022-27166
CVE-2022-28730A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. This vulnerability leverages CVE-2021-40369, where the Denounce plugin dangerously renders user-supplied URLs. Upon re-testing CVE-2021-40369, it appears that the patch was incomplete as it was still possible to insert malicious input via the Denounce plugin. Apache JSPWiki users should upgrade to 2.11.3 or later.-https://nvd.nist.gov/vuln/detail/CVE-2022-28730
CVE-2022-28731A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.-https://nvd.nist.gov/vuln/detail/CVE-2022-28731
CVE-2022-28732A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later.-https://nvd.nist.gov/vuln/detail/CVE-2022-28732
CVE-2022-34158A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker’s account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page.-https://nvd.nist.gov/vuln/detail/CVE-2022-34158
CVE-2022-2647A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file api . The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205594 is the identifier assigned to this vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-2647
CVE-2022-2651Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social bookwyrm prior to 0.4.5.-https://nvd.nist.gov/vuln/detail/CVE-2022-2651
CVE-2022-2652Depending on the way the format strings in the card label are crafted it’s possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request reproduce e.g. with many %s modifiers in a row .-https://nvd.nist.gov/vuln/detail/CVE-2022-2652
CVE-2022-2653With this vulnerability an attacker can read many sensitive files like configuration files, or the proc self environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file in the system.-https://nvd.nist.gov/vuln/detail/CVE-2022-2653
CVE-2022-2656A vulnerability classified as critical has been found in SourceCodester Multi Language Hotel Management Software. Affected is an unknown function. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205596.-https://nvd.nist.gov/vuln/detail/CVE-2022-2656
CVE-2022-25168Apache Hadoop’s FileUtil.unTar File, File API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. “Check existence of file before untarring zipping”, which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper including HADOOP-18136 .-https://nvd.nist.gov/vuln/detail/CVE-2022-25168
CVE-2022-31118Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares `a-zA-Z0-9` ^ 15 . It is recommended that the Nextcloud Server is upgraded to 22.2.9, 23.0.6 or 24.0.2. Users unable to upgrade may disable federated sharing via the Admin Sharing settings in `index.php settings admin sharing`.-https://nvd.nist.gov/vuln/detail/CVE-2022-31118
CVE-2022-31120Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior exacerbates the impact of CVE-2022-31118. It is recommended that the Nextcloud Server is upgraded to 22.2.7, 23.0.4 or 24.0.0. There are no workarounds available.-https://nvd.nist.gov/vuln/detail/CVE-2022-31120
CVE-2022-31132Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path `. vendor cerdic css-tidy css_optimiser.php`. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF . It is recommendet to upgrade to Mail 1.12.7 or Mail 1.13.6. Users unable to upgrade may manually delete the file located at `. vendor cerdic css-tidy css_optimiser.php`-https://nvd.nist.gov/vuln/detail/CVE-2022-31132
CVE-2022-30535In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support EoTS are not evaluated.-https://nvd.nist.gov/vuln/detail/CVE-2022-30535
CVE-2022-31119Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is recommended that the Nextcloud Mail is upgraded to 1.12.1. Operators should inspect their logs and remove passwords which have been logged. There are no workarounds to prevent logging in the event of a misconfiguration.-https://nvd.nist.gov/vuln/detail/CVE-2022-31119
CVE-2022-31473In BIG-IP Versions 16.1.x before 16.1.1 and 15.1.x before 15.1.4, when running in Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions due to a directory traversal vulnerability in an undisclosed page within iApps. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support EoTS are not evaluated.-https://nvd.nist.gov/vuln/detail/CVE-2022-31473
CVE-2022-32455In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed requests cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated.-https://nvd.nist.gov/vuln/detail/CVE-2022-32455
CVE-2022-33203In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated.-https://nvd.nist.gov/vuln/detail/CVE-2022-33203
CVE-2022-33947In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, a vulnerability exists in undisclosed pages of the BIG-IP DNS Traffic Management User Interface TMUI that allows an authenticated attacker with at least operator role privileges to cause the Tomcat process to restart and perform unauthorized DNS requests and operations through undisclosed requests. Note: Software versions which have reached End of Technical Support EoTS are not evaluated.-https://nvd.nist.gov/vuln/detail/CVE-2022-33947
CVE-2022-33962In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, certain iRules commands may allow an attacker to bypass the access control restrictions for a self IP address, regardless of the port lockdown settings. Note: Software versions which have reached End of Technical Support EoTS are not evaluated.-https://nvd.nist.gov/vuln/detail/CVE-2022-33962
CVE-2022-33968In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, when an LTM monitor or APM SSO is configured on a virtual server, and NTLM challenge-response is in use, undisclosed traffic can cause a buffer over-read. Note: Software versions which have reached End of Technical Support EoTS are not evaluated.-https://nvd.nist.gov/vuln/detail/CVE-2022-33968
CVE-2022-34651In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, when an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server, along with an iRule that calls HTTP::respond, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated.-https://nvd.nist.gov/vuln/detail/CVE-2022-34651
CVE-2022-34655In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated.-https://nvd.nist.gov/vuln/detail/CVE-2022-34655
CVE-2022-34844In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit DPDK Elastic Network Adapter ENA driver is used with BIG-IP or BIG-IQ on Amazon Web Services AWS systems, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Successful exploitation relies on conditions outside of the attacker’s control. Note: Software versions which have reached End of Technical Support EoTS are not evaluated.-https://nvd.nist.gov/vuln/detail/CVE-2022-34844
CVE-2022-34851In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x, an authenticated attacker may cause iControl SOAP to become unavailable through undisclosed requests. Note: Software versions which have reached End of Technical Support EoTS are not evaluated.-https://nvd.nist.gov/vuln/detail/CVE-2022-34851
CVE-2022-34862In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when an LTM virtual server is configured to perform normalization, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated.-https://nvd.nist.gov/vuln/detail/CVE-2022-34862
CVE-2022-34865In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential data poisoning. Note: Software versions which have reached End of Technical Support EoTS are not evaluated.-https://nvd.nist.gov/vuln/detail/CVE-2022-34865
CVE-2022-35236In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an HTTP2 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated.-https://nvd.nist.gov/vuln/detail/CVE-2022-35236
CVE-2022-35240In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when the Message Routing MR Message Queuing Telemetry Transport MQTT profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated.-https://nvd.nist.gov/vuln/detail/CVE-2022-35240
CVE-2022-35241In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated.-https://nvd.nist.gov/vuln/detail/CVE-2022-35241
CVE-2022-35243In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, using an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support EoTS are not evaluated.-https://nvd.nist.gov/vuln/detail/CVE-2022-35243
CVE-2022-35245In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5.1, when a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated.-https://nvd.nist.gov/vuln/detail/CVE-2022-35245
CVE-2022-35272In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework MRF virtual server, undisclosed traffic may cause the Traffic Management Microkernel TMM to produce a core file and the connection to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated.-https://nvd.nist.gov/vuln/detail/CVE-2022-35272
CVE-2022-35728In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user’s iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated.-https://nvd.nist.gov/vuln/detail/CVE-2022-35728
CVE-2022-35735In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, an authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the Configuration utility in an undisclosed manner leading to a privilege escalation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated.-https://nvd.nist.gov/vuln/detail/CVE-2022-35735
CVE-2022-34970Crow before 1.0+4 has a heap-based buffer overflow via the function qs_parse in query_string.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service.-https://nvd.nist.gov/vuln/detail/CVE-2022-34970
CVE-2022-34993Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in etc shadow.sample.-https://nvd.nist.gov/vuln/detail/CVE-2022-34993
CVE-2022-35929cosign is a container signing and verification utility. In versions prior to 1.10.1 cosign can report a false positive if any attestation exists. `cosign verify-attestation` used with the `--type` flag will report a false positive verification when there is at least one attestation with a valid signature and there are NO attestations of the type being verified --type defaults to “custom” . This can happen when signing with a standard keypair and with “keyless” signing with Fulcio. This vulnerability can be reproduced with the `distroless.dev static@sha256:dd7614b5a12bc4d617b223c588b4e0c833402b8f4991fb5702ea83afad1986e2` image. This image has a `vuln` attestation but not an `spdx` attestation. However, if you run `cosign verify-attestation --type=spdx` on this image, it incorrectly succeeds. This issue has been addressed in version 1.10.1 of cosign. Users are advised to upgrade. There are no known workarounds for this issue.-https://nvd.nist.gov/vuln/detail/CVE-2022-35929
CVE-2022-35142An issue in Renato v0.17.0 allows attackers to cause a Denial of Service DoS via a crafted payload injected into the Search parameter.-https://nvd.nist.gov/vuln/detail/CVE-2022-35142
CVE-2022-35143Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks.-https://nvd.nist.gov/vuln/detail/CVE-2022-35143
CVE-2022-35144Renato v0.17.0 was discovered to contain a cross-site scripting XSS vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-35144
CVE-2022-35858The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by invoking the function TEE_PopulateTransientObject with a large number in the parameter attrCount.-https://nvd.nist.gov/vuln/detail/CVE-2022-35858
CVE-2021-32771Contiki-NG is an open-source, cross-platform operating system for IoT devices. In affected versions it is possible to cause a buffer overflow when copying an IPv6 address prefix in the RPL-Classic implementation in Contiki-NG. In order to trigger the vulnerability, the Contiki-NG system must have joined an RPL DODAG. After that, an attacker can send a DAO packet with a Target option that contains a prefix length larger than 128 bits. The problem was fixed after the release of Contiki-NG 4.7. Users unable to upgrade may apply the patch in Contiki-NG PR #1615.-https://nvd.nist.gov/vuln/detail/CVE-2021-32771
CVE-2022-35926Contiki-NG is an open-source, cross-platform operating system for IoT devices. Because of insufficient validation of IPv6 neighbor discovery options in Contiki-NG, attackers can send neighbor solicitation packets that trigger an out-of-bounds read. The problem exists in the module os net ipv6 uip-nd6.c, where memory read operations from the main packet buffer, codeuip_buf code, are not checked if they go out of bounds. In particular, this problem can occur when attempting to read the 2-byte option header and the Source Link-Layer Address Option SLLAO . This attack requires ipv6 be enabled for the network. The problem has been patched in the develop branch of Contiki-NG. The upcoming 4.8 release of Contiki-NG will include the patch.Users unable to upgrade may apply the patch in Contiki-NG PR #1654.-https://nvd.nist.gov/vuln/detail/CVE-2022-35926
CVE-2022-35927Contiki-NG is an open-source, cross-platform operating system for IoT devices. In the RPL-Classic routing protocol implementation in the Contiki-NG operating system, an incoming DODAG Information Option DIO control message can contain a prefix information option with a length parameter. The value of the length parameter is not validated, however, and it is possible to cause a buffer overflow when copying the prefix in the set_ip_from_prefix function. This vulnerability affects anyone running a Contiki-NG version prior to 4.7 that can receive RPL DIO messages from external parties. To obtain a patched version, users should upgrade to Contiki-NG 4.7 or later. There are no workarounds for this issue.-https://nvd.nist.gov/vuln/detail/CVE-2022-35927
CVE-2022-31793do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected.-https://nvd.nist.gov/vuln/detail/CVE-2022-31793
CVE-2022-35930PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyController will report a false positive, resulting in an admission when it should not be admitted when there is at least one attestation with a valid signature and there are NO attestations of the type being verified --type defaults to “custom” . An example image that can be used to test this is `ghcr.io distroless static@sha256:dd7614b5a12bc4d617b223c588b4e0c833402b8f4991fb5702ea83afad1986e2`. Users should upgrade to version 0.2.1 to resolve this issue. There are no workarounds for users unable to upgrade.-https://nvd.nist.gov/vuln/detail/CVE-2022-35930
CVE-2022-37030Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module.-https://nvd.nist.gov/vuln/detail/CVE-2022-37030
CVE-2022-37415The Uniwill SparkIO.sys driver 1.0 is vulnerable to a stack-based buffer overflow via IOCTL 0x40002008.-https://nvd.nist.gov/vuln/detail/CVE-2022-37415
CVE-2022-21186The package @acrontum filesystem-template before 0.0.2 are vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input.-https://nvd.nist.gov/vuln/detail/CVE-2022-21186
CVE-2022-37416Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory blocks in impeg2_mc_fullx_fully_8x8.-https://nvd.nist.gov/vuln/detail/CVE-2022-37416
CVE-2022-37434zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader e.g., see the nodejs node reference .-https://nvd.nist.gov/vuln/detail/CVE-2022-37434
CVE-2022-2664A vulnerability classified as critical has been found in Private Cloud Management Platform. Affected is an unknown function of the file management api rcx_management global_config_query of the component Request Handler. The manipulation leads to improper authentication. It is possible to launch the attack remotely. VDB-205614 is the identifier assigned to this vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-2664
CVE-2022-2665A vulnerability classified as critical was found in SourceCodester Simple E-Learning System. Affected by this vulnerability is an unknown functionality of the file classroom.php. The manipulation of the argument post_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205615.-https://nvd.nist.gov/vuln/detail/CVE-2022-2665
CVE-2022-2667A vulnerability was found in SourceCodester Loan Management System and classified as critical. This issue affects some unknown processing of the file delete_lplan.php. The manipulation of the argument lplan_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205619.-https://nvd.nist.gov/vuln/detail/CVE-2022-2667
CVE-2022-2671A vulnerability was found in SourceCodester Garage Management System and classified as critical. This issue affects some unknown processing of the file removeUser.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205655.-https://nvd.nist.gov/vuln/detail/CVE-2022-2671
CVE-2022-2672A vulnerability was found in SourceCodester Garage Management System. It has been classified as critical. Affected is an unknown function of the file createUser.php. The manipulation of the argument userName uemail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205656.-https://nvd.nist.gov/vuln/detail/CVE-2022-2672
CVE-2022-2673A vulnerability was found in Rigatur Online Booking and Hotel Management System aff6409. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component Request Handler. The manipulation of the argument email pass leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205657 was assigned to this vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-2673
CVE-2022-2674A vulnerability was found in SourceCodester Best Fee Management System. It has been rated as critical. Affected by this issue is the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205658 is the identifier assigned to this vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-2674
CVE-2022-35936Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode i.e shared the same `CodeHash` will also stop working once one contract invokes `selfdestruct`, even though the other contracts did not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract’s code is recovered. The new contract deployment restores the `bytecode hash - bytecode` entry in the internal state.-https://nvd.nist.gov/vuln/detail/CVE-2022-35936
CVE-2022-1012A memory leak problem was found in the TCP source port generation algorithm in net ipv4 tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.-https://nvd.nist.gov/vuln/detail/CVE-2022-1012
CVE-2022-1704Due to an XML external entity reference, the software parses XML in the backup restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup.-https://nvd.nist.gov/vuln/detail/CVE-2022-1704
CVE-2022-2053When a request comes through AJP and the request exceeds the max-post-size limit maxEntitySize , Undertow’s AjpServerRequestConduit implementation closes a connection without sending any response to the client proxy. This behavior results in that a front-end proxy marking the backend worker application server as an error state and not forward requests to the worker for a while. In mod_cluster, this continues until the next STATUS request 10 seconds intervals from the application server updates the server state. So, in the worst case, it can result in “All workers are in error state” and mod_cluster responds “503 Service Unavailable” for a while up to 10 seconds . In mod_proxy_balancer, it does not forward requests to the worker until the “retry” timeout passes. However, luckily, mod_proxy_balancer has “forcerecovery” setting On by default this parameter can force the immediate recovery of all workers without considering the retry parameter of the workers if all workers of a balancer are in error state. . So, unlike mod_cluster, mod_proxy_balancer does not result in responding “503 Service Unavailable”. An attacker could use this behavior to send a malicious request and trigger server errors, resulting in DoS denial of service . This flaw was fixed in Undertow 2.2.19.Final, Undertow 2.3.0.Alpha2.-https://nvd.nist.gov/vuln/detail/CVE-2022-2053
CVE-2022-2095An improper access control check in GitLab CE EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious authenticated user to view a public project’s Deploy Key’s public fingerprint and name when that key has write permission. Note that GitLab never asks for nor stores the private key.-https://nvd.nist.gov/vuln/detail/CVE-2022-2095
CVE-2022-2303An issue has been discovered in GitLab CE EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using Resource Owner Password Credentials grant to obtain an access token without using 2FA.-https://nvd.nist.gov/vuln/detail/CVE-2022-2303
CVE-2022-2307A lack of cascading deletes in GitLab CE EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious Group Owner to retain a usable Group Access Token even after the Group is deleted, though the APIs usable by that token are limited.-https://nvd.nist.gov/vuln/detail/CVE-2022-2307
CVE-2022-2326An issue has been discovered in GitLab CE EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to gain access to a private project through an email invite by using other user’s email address as an unverified secondary email.-https://nvd.nist.gov/vuln/detail/CVE-2022-2326
CVE-2022-2417Insufficient validation in GitLab CE EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply chain attacks where a victim pinned to a specific Git commit of the project.-https://nvd.nist.gov/vuln/detail/CVE-2022-2417
CVE-2022-2456An issue has been discovered in GitLab CE EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or project visibility by crafting a malicious request.-https://nvd.nist.gov/vuln/detail/CVE-2022-2456
CVE-2022-2459An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enabled the setting to prevent members from being added to projects in a group, if the invite was sent before the setting was enabled.-https://nvd.nist.gov/vuln/detail/CVE-2022-2459
CVE-2022-2497An issue has been discovered in GitLab CE EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious maintainer could exfiltrate an integration’s access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.-https://nvd.nist.gov/vuln/detail/CVE-2022-2497
CVE-2022-2498An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription’s author.-https://nvd.nist.gov/vuln/detail/CVE-2022-2498
CVE-2022-2499An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab’s Jira integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Jira issues.-https://nvd.nist.gov/vuln/detail/CVE-2022-2499
CVE-2022-2500A cross-site scripting issue has been discovered in GitLab CE EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side.-https://nvd.nist.gov/vuln/detail/CVE-2022-2500
CVE-2022-2501An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required.-https://nvd.nist.gov/vuln/detail/CVE-2022-2501
CVE-2022-2512An issue has been discovered in GitLab CE EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a former project members to read updates via TODOs.-https://nvd.nist.gov/vuln/detail/CVE-2022-2512
CVE-2022-2531An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was not performing correct authentication on Grafana API under specific conditions allowing unauthenticated users to perform queries through a path traversal vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-2531
CVE-2022-2534An issue has been discovered in GitLab CE EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration.-https://nvd.nist.gov/vuln/detail/CVE-2022-2534
CVE-2022-2539An issue has been discovered in GitLab CE EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization.-https://nvd.nist.gov/vuln/detail/CVE-2022-2539
CVE-2022-31656VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.-https://nvd.nist.gov/vuln/detail/CVE-2022-31656
CVE-2022-31657VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.-https://nvd.nist.gov/vuln/detail/CVE-2022-31657
CVE-2022-31658VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.-https://nvd.nist.gov/vuln/detail/CVE-2022-31658
CVE-2022-31659VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.-https://nvd.nist.gov/vuln/detail/CVE-2022-31659
CVE-2022-31660VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to ‘root’.-https://nvd.nist.gov/vuln/detail/CVE-2022-31660
CVE-2022-31661VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to ‘root’.-https://nvd.nist.gov/vuln/detail/CVE-2022-31661
CVE-2022-31662VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files.-https://nvd.nist.gov/vuln/detail/CVE-2022-31662
CVE-2022-31663VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting XSS vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user’s window.-https://nvd.nist.gov/vuln/detail/CVE-2022-31663
CVE-2022-31664VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to ‘root’.-https://nvd.nist.gov/vuln/detail/CVE-2022-31664
CVE-2022-31665VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.-https://nvd.nist.gov/vuln/detail/CVE-2022-31665
CVE-2022-33714Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot.-https://nvd.nist.gov/vuln/detail/CVE-2022-33714
CVE-2022-33715Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI.-https://nvd.nist.gov/vuln/detail/CVE-2022-33715
CVE-2022-33716An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory.-https://nvd.nist.gov/vuln/detail/CVE-2022-33716
CVE-2022-33717A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory.-https://nvd.nist.gov/vuln/detail/CVE-2022-33717
CVE-2022-33718An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data.-https://nvd.nist.gov/vuln/detail/CVE-2022-33718
CVE-2022-33719Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow.-https://nvd.nist.gov/vuln/detail/CVE-2022-33719
CVE-2022-33720Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut.-https://nvd.nist.gov/vuln/detail/CVE-2022-33720
CVE-2022-33721A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege.-https://nvd.nist.gov/vuln/detail/CVE-2022-33721
CVE-2022-33722Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address.-https://nvd.nist.gov/vuln/detail/CVE-2022-33722
CVE-2022-33723A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking overlay attack.-https://nvd.nist.gov/vuln/detail/CVE-2022-33723
CVE-2022-33724Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log.-https://nvd.nist.gov/vuln/detail/CVE-2022-33724
CVE-2022-33725A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege.-https://nvd.nist.gov/vuln/detail/CVE-2022-33725
CVE-2022-33726Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity.-https://nvd.nist.gov/vuln/detail/CVE-2022-33726
CVE-2022-33727A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking overlay attack.-https://nvd.nist.gov/vuln/detail/CVE-2022-33727
CVE-2022-33728Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal.-https://nvd.nist.gov/vuln/detail/CVE-2022-33728
CVE-2022-33729Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connected Bluetooth device.-https://nvd.nist.gov/vuln/detail/CVE-2022-33729
CVE-2022-33730Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers.-https://nvd.nist.gov/vuln/detail/CVE-2022-33730
CVE-2022-33731Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components.-https://nvd.nist.gov/vuln/detail/CVE-2022-33731
CVE-2022-33732Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call.-https://nvd.nist.gov/vuln/detail/CVE-2022-33732
CVE-2022-33733Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission.-https://nvd.nist.gov/vuln/detail/CVE-2022-33733
CVE-2022-33734Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission.-https://nvd.nist.gov/vuln/detail/CVE-2022-33734
CVE-2022-34768Supersmart.me - Walk Through Performing unauthorized actions on other customers. Supersmart.me has a product designed to conduct smart shopping in stores. The customer receives a coder or using an Android application to scan at the beginning of the purchase the QR CODE on the cart, and then all the products he wants to purchase. At the end of the purchase the customer can pay independently. During the research it was discovered that it is possible to reset another customer’s cart without verification. Because the number of purchases is serial.-https://nvd.nist.gov/vuln/detail/CVE-2022-34768
CVE-2022-34769Michlol - rashim web interface Insecure direct object references IDOR . First of all, the attacker needs to login. After he performs log into the system there are some functionalities that the specific user is not allowed to perform. However all the attacker needs to do in order to achieve his goals is to change the value of the ptMsl parameter and then the attacker can access sensitive data that he not supposed to access because its belong to another user.-https://nvd.nist.gov/vuln/detail/CVE-2022-34769
CVE-2022-36284Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin = 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin free should be at least installed to get the extra input field on the user profile page.-https://nvd.nist.gov/vuln/detail/CVE-2022-36284
CVE-2022-36296Broken Authentication vulnerability in JumpDEMAND Inc. ActiveDEMAND plugin = 0.2.27 at WordPress allows unauthenticated post update create delete.-https://nvd.nist.gov/vuln/detail/CVE-2022-36296
CVE-2022-36829PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent.-https://nvd.nist.gov/vuln/detail/CVE-2022-36829
CVE-2022-36830PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent.-https://nvd.nist.gov/vuln/detail/CVE-2022-36830
CVE-2022-36831Path traversal vulnerability in UriFileUtils of Samsung Notes prior to version 4.3.14.39 allows attacker to access some file as Samsung Notes permission.-https://nvd.nist.gov/vuln/detail/CVE-2022-36831
CVE-2022-36832Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows attackers to access external storage as Cameralyzer privilege.-https://nvd.nist.gov/vuln/detail/CVE-2022-36832
CVE-2022-36833Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in Android 10, and 3.5.04.8 in Android 11 and above allows local attacker to execute hidden function for developer by changing package name.-https://nvd.nist.gov/vuln/detail/CVE-2022-36833
CVE-2022-36834Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interaction.-https://nvd.nist.gov/vuln/detail/CVE-2022-36834
CVE-2022-36835Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allows attackers to access arbitrary files.-https://nvd.nist.gov/vuln/detail/CVE-2022-36835
CVE-2022-36836Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to read connection state without permission.-https://nvd.nist.gov/vuln/detail/CVE-2022-36836
CVE-2022-36837Intent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows attacker to get sensitive information.-https://nvd.nist.gov/vuln/detail/CVE-2022-36837
CVE-2022-36838Implicit Intent hijacking vulnerability in Galaxy Wearable prior to version 2.2.50 allows attacker to get sensitive information.-https://nvd.nist.gov/vuln/detail/CVE-2022-36838
CVE-2022-36839SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information.-https://nvd.nist.gov/vuln/detail/CVE-2022-36839
CVE-2022-36840DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code.-https://nvd.nist.gov/vuln/detail/CVE-2022-36840
CVE-2021-28511This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an IP address in a range that matches the range allowed by a NAT ACL and a range denied by a Security ACL to be forwarded incorrectly as it should have been denied by the Security ACL. This can enable an ACL bypass.-https://nvd.nist.gov/vuln/detail/CVE-2021-28511
CVE-2022-1158A flaw was found in KVM. When updating a guest’s page table entry, vm_pgoff was improperly used as the offset to get the page’s pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition.-https://nvd.nist.gov/vuln/detail/CVE-2022-1158
CVE-2022-1973A use-after-free flaw was found in the Linux kernel in log_replay in fs ntfs3 fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.-https://nvd.nist.gov/vuln/detail/CVE-2022-1973
CVE-2022-27535Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its ‘Delete All Service Data And Reports’ feature by the local authenticated attacker.-https://nvd.nist.gov/vuln/detail/CVE-2022-27535
CVE-2022-28880A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker.-https://nvd.nist.gov/vuln/detail/CVE-2022-28880
CVE-2022-29071This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal CVP where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users.-https://nvd.nist.gov/vuln/detail/CVE-2022-29071
CVE-2022-2668An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled-https://nvd.nist.gov/vuln/detail/CVE-2022-2668
CVE-2022-2675Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 using firmware version 0.1.35 can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1.-https://nvd.nist.gov/vuln/detail/CVE-2022-2675
CVE-2022-37398A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include: 3.5.9.RUE3 and below, 4.0.5.RVI1 and below as well as 4.1.0.RJD1 and below.-https://nvd.nist.gov/vuln/detail/CVE-2022-37398
CVE-2022-22299A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.2, FortiMail version 6.4.0 through 6.4.5, FortiMail version 7.0.0 through 7.0.2 may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.-https://nvd.nist.gov/vuln/detail/CVE-2022-22299
CVE-2022-2676A vulnerability was found in SourceCodester Electronic Medical Records System and classified as critical. Affected by this issue is some unknown functionality of the component Request Handler. The manipulation of the argument user_email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205664.-https://nvd.nist.gov/vuln/detail/CVE-2022-2676
CVE-2022-2677A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been classified as critical. This affects an unknown part of the file index.php. The manipulation of the argument username with the input ‘ AND SELECT 4955 FROM SELECT SLEEP 5 RSzF AND ‘htiy’=‘htiy leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205665 was assigned to this vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-2677
CVE-2022-2678A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System. It has been declared as critical. This vulnerability affects unknown code of the file admin_feature.php of the component Background Management Page. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205666 is the identifier assigned to this vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-2678
CVE-2022-2679A vulnerability was found in SourceCodester Interview Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file viewReport.php. The manipulation of the argument id with the input UPDATEXML 9729,CONCAT 0x2e,0x716b707071, SELECT ELT 9729=9729,1 ,0x7162766a71 ,7319 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205667.-https://nvd.nist.gov/vuln/detail/CVE-2022-2679
CVE-2022-2680A vulnerability classified as critical has been found in SourceCodester Church Management System 1.0. Affected is an unknown function of the file login.php. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205668.-https://nvd.nist.gov/vuln/detail/CVE-2022-2680
CVE-2022-2681A vulnerability classified as problematic was found in SourceCodester Online Student Admission System. Affected by this vulnerability is an unknown functionality of the file edit-profile.php of the component Student User Page. The manipulation with the input --redacted-- leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205669 was assigned to this vulnerability-https://nvd.nist.gov/vuln/detail/CVE-2022-2681
CVE-2022-37450Go Ethereum aka geth through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making RUM, as exploited in the wild in 2020 through 2022.-https://nvd.nist.gov/vuln/detail/CVE-2022-37450
CVE-2022-26376A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-26376
CVE-2022-27631A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-27631
CVE-2022-29465An out-of-bounds write vulnerability exists in the PSD Header processing memory allocation functionality of Accusoft ImageGear 20.0. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-29465
CVE-2022-29886An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially crafted OLE file can lead to a heap buffer overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-29886
CVE-2022-32543An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially crafted OLE file can lead to a heap buffer overflow which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-32543
CVE-2022-2686A vulnerability, which was classified as problematic, was found in oretnom23 Fast Food Ordering System. This affects an unknown part of the component Menu List Page. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205725 was assigned to this vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-2686
CVE-2022-2687A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. Affected is an unknown function. The manipulation of the argument user_pass leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205734 is the identifier assigned to this vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-2687
CVE-2022-2688A vulnerability was found in SourceCodester Expense Management System. It has been rated as critical. This issue affects the function fetch_report_credit of the file report.php of the component Parameter Handler. The manipulation of the argument fromto leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-205811.-https://nvd.nist.gov/vuln/detail/CVE-2022-2688
CVE-2022-2689A vulnerability classified as problematic has been found in SourceCodester Wedding Hall Booking System. Affected is an unknown function of the file whbs?page=contact_us of the component Contact Page. The manipulation of the argument Message leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205812.-https://nvd.nist.gov/vuln/detail/CVE-2022-2689
CVE-2022-2690A vulnerability classified as problematic was found in SourceCodester Wedding Hall Booking System. Affected by this vulnerability is an unknown functionality of the file whbs?page=my_bookings of the component Booking Form. The manipulation of the argument Remarks leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205813 was assigned to this vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-2690
CVE-2022-2691A vulnerability, which was classified as problematic, has been found in SourceCodester Wedding Hall Booking System. Affected by this issue is some unknown functionality of the file whbs?page=manage_account of the component Profile Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205814 is the identifier assigned to this vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-2691
CVE-2022-2692A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Hall Booking System. This affects an unknown part of the file whbsadmin?page=user of the component Staff User Profile. The manipulation of the argument First NameLast Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205815.-https://nvd.nist.gov/vuln/detail/CVE-2022-2692
CVE-2022-2693A vulnerability has been found in SourceCodester Electronic Medical Records System and classified as critical. This vulnerability affects unknown code of the file register.php of the component UPDATE Statement Handler. The manipulation of the argument pconsultation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205816.-https://nvd.nist.gov/vuln/detail/CVE-2022-2693
CVE-2022-2694A vulnerability was found in SourceCodester Company Website CMS and classified as critical. This issue affects some unknown processing. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205817 was assigned to this vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-2694
CVE-2022-37451Exim before 4.96 has an invalid free in pam_converse in auths call_pam.c because store_free is not used after store_malloc.-https://nvd.nist.gov/vuln/detail/CVE-2022-37451
CVE-2022-27944Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow an exportXFAData NULL pointer dereference.-https://nvd.nist.gov/vuln/detail/CVE-2022-27944
CVE-2022-26979Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a NULL pointer dereference when this.Span is used for oState of Collab.addStateModel, because this.Span.text can be NULL.-https://nvd.nist.gov/vuln/detail/CVE-2022-26979
CVE-2022-37452Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.-https://nvd.nist.gov/vuln/detail/CVE-2022-37452
CVE-2022-2697A vulnerability was found in SourceCodester Simple E-Learning System. It has been classified as critical. Affected is an unknown function of the file comment_frame.php. The manipulation of the argument post_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205818 is the identifier assigned to this vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-2697
CVE-2022-2698A vulnerability was found in SourceCodester Simple E-Learning System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205819.-https://nvd.nist.gov/vuln/detail/CVE-2022-2698
CVE-2022-2699A vulnerability was found in SourceCodester Simple E-Learning System. It has been rated as critical. Affected by this issue is some unknown functionality of the file claire_blake. The manipulation of the argument phoneNumber leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205820.-https://nvd.nist.gov/vuln/detail/CVE-2022-2699
CVE-2022-2700A vulnerability classified as critical has been found in SourceCodester Gym Management System. This affects an unknown part of the component GET Parameter Handler. The manipulation of the argument day leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205821 was assigned to this vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-2700
CVE-2022-2701A vulnerability classified as problematic was found in SourceCodester Simple E-Learning System. This vulnerability affects unknown code of the file claire_blake. The manipulation of the argument Bio leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205822 is the identifier assigned to this vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-2701
CVE-2022-2702A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file site-settings.php of the component Cookie Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205826 is the identifier assigned to this vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-2702
CVE-2022-2703A vulnerability was found in SourceCodester Gym Management System. It has been classified as critical. This affects an unknown part of the component Exercises Module. The manipulation of the argument exer leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205827.-https://nvd.nist.gov/vuln/detail/CVE-2022-2703
CVE-2022-2704A vulnerability was found in SourceCodester Simple E-Learning System. It has been declared as problematic. This vulnerability affects unknown code of the file downloadFiles.php. The manipulation of the argument download leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205828.-https://nvd.nist.gov/vuln/detail/CVE-2022-2704
CVE-2022-2705A vulnerability was found in SourceCodester Simple Student Information System. It has been rated as critical. This issue affects some unknown processing of the file admindepartmentsmanage_department.php. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205829 was assigned to this vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-2705
CVE-2022-2706A vulnerability classified as critical has been found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file pagesclass_sched.php. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205830 is the identifier assigned to this vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-2706
CVE-2022-2707A vulnerability classified as critical was found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected by this vulnerability is an unknown functionality of the file pagesfaculty_sched.php. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205831.-https://nvd.nist.gov/vuln/detail/CVE-2022-2707
CVE-2022-2708A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. This affects an unknown part of the file login.php. The manipulation of the argument user_login with the input 123@xx.com. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-205833 was assigned to this vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-2708
CVE-2022-1323The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users with privileges as low as Subscriber, to change Theme options by sending a crafted POST request.-https://nvd.nist.gov/vuln/detail/CVE-2022-1323
CVE-2022-2046The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite configurations.-https://nvd.nist.gov/vuln/detail/CVE-2022-2046
CVE-2022-2269The Website File Changes Monitor WordPress plugin before 1.8.3 does not sanitise and escape user input before using it in a SQL statement via an action available to users with the manage_options capability by default admins , leading to an SQL injection-https://nvd.nist.gov/vuln/detail/CVE-2022-2269
CVE-2022-2355The Easy Username Updater WordPress plugin before 1.0.5 does not implement CSRF checks, which could allow attackers to make a logged in admin change any user’s username includes the admin-https://nvd.nist.gov/vuln/detail/CVE-2022-2355
CVE-2022-2356The Frontend File Manager Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded.-https://nvd.nist.gov/vuln/detail/CVE-2022-2356
CVE-2022-2357The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php.-https://nvd.nist.gov/vuln/detail/CVE-2022-2357
CVE-2022-2367The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images files from, this can be bypassed due to the lack of good “link” parameter validation-https://nvd.nist.gov/vuln/detail/CVE-2022-2367
CVE-2022-2371The YaySMTP WordPress plugin before 2.2.1 does not have proper authorisation when saving its settings, allowing users with a role as low as subscriber to change them, and use that to conduct Stored Cross-Site Scripting attack due to the lack of escaping in them as well.-https://nvd.nist.gov/vuln/detail/CVE-2022-2371
CVE-2022-2372The YaySMTP WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed for example in multisite setup -https://nvd.nist.gov/vuln/detail/CVE-2022-2372
CVE-2022-2386The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting-https://nvd.nist.gov/vuln/detail/CVE-2022-2386
CVE-2022-2391The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description.-https://nvd.nist.gov/vuln/detail/CVE-2022-2391
CVE-2022-2395The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.-https://nvd.nist.gov/vuln/detail/CVE-2022-2395
CVE-2022-2398The WordPress Comments Fields WordPress plugin before 4.1 does not escape Field Error Message, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed-https://nvd.nist.gov/vuln/detail/CVE-2022-2398
CVE-2022-2409The Rough Chart WordPress plugin through 1.0.0 does not properly escape chart data label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.-https://nvd.nist.gov/vuln/detail/CVE-2022-2409
CVE-2022-2410The mTouch Quiz WordPress plugin through 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed for example in multisite setup -https://nvd.nist.gov/vuln/detail/CVE-2022-2410
CVE-2022-2411The Auto More Tag WordPress plugin through 4.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed for example in multisite setup -https://nvd.nist.gov/vuln/detail/CVE-2022-2411
CVE-2022-2412The Better Tag Cloud WordPress plugin through 0.99.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed for example in multisite setup -https://nvd.nist.gov/vuln/detail/CVE-2022-2412
CVE-2022-2423The DW Promobar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed for example in multisite setup -https://nvd.nist.gov/vuln/detail/CVE-2022-2423
CVE-2022-2424The Google Maps Anywhere WordPress plugin through 1.2.6.3 does not sanitise and escape any of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed for example in multisite setup -https://nvd.nist.gov/vuln/detail/CVE-2022-2424
CVE-2022-2425The WP DS Blog Map WordPress plugin through 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed for example in multisite setup -https://nvd.nist.gov/vuln/detail/CVE-2022-2425
CVE-2022-2426The Thinkific Uploader WordPress plugin through 1.0.0 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks against other administrators.-https://nvd.nist.gov/vuln/detail/CVE-2022-2426
CVE-2022-2460The WPDating WordPress plugin through 7.1.9 does not properly escape user input before concatenating it to certain SQL queries, leading to multiple SQL injection vulnerabilities.-https://nvd.nist.gov/vuln/detail/CVE-2022-2460
CVE-2022-35487Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not correctly perform authorization on certain attachment endpoints. This could be abused by an unauthenticated attacker to gain access to attachments, such as emails or attached files.-https://nvd.nist.gov/vuln/detail/CVE-2022-35487
CVE-2022-35488In Zammad 5.2.0, an attacker could manipulate the rate limiting in the ‘forgot password’ feature of Zammad, and thereby send many requests for a known account to cause Denial Of Service by many generated emails which would also spam the victim.-https://nvd.nist.gov/vuln/detail/CVE-2022-35488
CVE-2022-35489In Zammad 5.2.0, customers who have secondary organizations assigned were able to see all organizations of the system rather than only those to which they are assigned.-https://nvd.nist.gov/vuln/detail/CVE-2022-35489
CVE-2022-35490Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a prevention against brute-force attacks trying to guess login credentials. After a configurable amount of attempts, users are invalidated and logins prevented. An attacker might work around this prevention, enabling them to send more than the configured amount of requests before the user invalidation takes place.-https://nvd.nist.gov/vuln/detail/CVE-2022-35490
CVE-2022-2713Insufficient Session Expiration in GitHub repository cockpit-hq cockpit prior to 2.2.0.-https://nvd.nist.gov/vuln/detail/CVE-2022-2713
CVE-2022-35493A Cross-site scripting XSS vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the get_products?search parameter.-https://nvd.nist.gov/vuln/detail/CVE-2022-35493
CVE-2022-36264In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename and append a relative path that will be interpreted during the upload process. Using this method, it is possible to rewrite any file in the system or upload a new file.-https://nvd.nist.gov/vuln/detail/CVE-2022-36264
CVE-2022-36265In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the device with root privileges. An authenticated malicious threat actor can use this page to fully compromise the device.-https://nvd.nist.gov/vuln/detail/CVE-2022-36265
CVE-2022-36266In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file home www cgi-bin login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS payload that will be accepted and stored. A successful attack will results in the injection of malicious scripts into the user settings page.-https://nvd.nist.gov/vuln/detail/CVE-2022-36266
CVE-2022-36267In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file home www cgi-bin diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device.-https://nvd.nist.gov/vuln/detail/CVE-2022-36267
CVE-2022-34293wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped.-https://nvd.nist.gov/vuln/detail/CVE-2022-34293
CVE-2021-41615websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 or RFC 2617 section 3.2.1 . NOTE: 2.1.8 is a version from 2003 however, the affected websda.c code appears in multiple derivative works that may be used in 2021. Recent GoAhead software is unaffected.-https://nvd.nist.gov/vuln/detail/CVE-2021-41615
CVE-2022-25907The package ts-deepmerge before 2.0.2 are vulnerable to Prototype Pollution due to missing sanitization of the merge function.-https://nvd.nist.gov/vuln/detail/CVE-2022-25907
CVE-2022-2715A vulnerability has been found in SourceCodester Employee Management System and classified as critical. This vulnerability affects unknown code of the file eloginwel.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205834 is the identifier assigned to this vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-2715
CVE-2022-2722A vulnerability was found in SourceCodester Simple Student Information System and classified as critical. This issue affects some unknown processing of the file manage_course.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205835.-https://nvd.nist.gov/vuln/detail/CVE-2022-2722
CVE-2022-2723A vulnerability was found in SourceCodester Employee Management System. It has been classified as critical. Affected is an unknown function of the file process eprocess.php. The manipulation of the argument mailuid pwd leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205836.-https://nvd.nist.gov/vuln/detail/CVE-2022-2723
CVE-2022-2724A vulnerability was found in SourceCodester Employee Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file process aprocess.php. The manipulation of the argument mailuid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205837 was assigned to this vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-2724
CVE-2022-2725A vulnerability was found in SourceCodester Company Website CMS. It has been rated as problematic. Affected by this issue is some unknown functionality of the file add-blog.php. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-205838 is the identifier assigned to this vulnerability.-https://nvd.nist.gov/vuln/detail/CVE-2022-2725
CVE-2022-2726A vulnerability classified as critical has been found in SEMCMS. This affects an unknown part of the file Ant_Check.php. The manipulation of the argument DID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205839.-https://nvd.nist.gov/vuln/detail/CVE-2022-2726
CVE-2022-35724It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs . Users should update to apache-avro version 0.14.0 which addresses this issue.-https://nvd.nist.gov/vuln/detail/CVE-2022-35724
CVE-2022-36124It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs . Users should update to apache-avro version 0.14.0 which addresses this issue.-https://nvd.nist.gov/vuln/detail/CVE-2022-36124
CVE-2022-36125It is possible to crash panic an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs . Users should update to apache-avro version 0.14.0 which addresses this issue.-https://nvd.nist.gov/vuln/detail/CVE-2022-36125
CVE-2022-2727A vulnerability was found in SourceCodester Gym Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file mygym admin login.php. The manipulation of the argument admin_email admin_pass leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205855.-https://nvd.nist.gov/vuln/detail/CVE-2022-2727
CVE-2022-2728A vulnerability was found in SourceCodester Gym Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file mygym admin index.php. The manipulation of the argument edit_tran leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205856.-https://nvd.nist.gov/vuln/detail/CVE-2022-2728
CVE-2022-2729Cross-site Scripting XSS - DOM in GitHub repository openemr openemr prior to 7.0.0.1.-https://nvd.nist.gov/vuln/detail/CVE-2022-2729
CVE-2022-2730Authorization Bypass Through User-Controlled Key in GitHub repository openemr openemr prior to 7.0.0.1.-https://nvd.nist.gov/vuln/detail/CVE-2022-2730
CVE-2022-2731Cross-site Scripting XSS - Reflected in GitHub repository openemr openemr prior to 7.0.0.1.-https://nvd.nist.gov/vuln/detail/CVE-2022-2731
CVE-2022-2732Improper Privilege Management in GitHub repository openemr openemr prior to 7.0.0.1.-https://nvd.nist.gov/vuln/detail/CVE-2022-2732
CVE-2022-2733Cross-site Scripting XSS - Reflected in GitHub repository openemr openemr prior to 7.0.0.1.-https://nvd.nist.gov/vuln/detail/CVE-2022-2733
CVE-2022-2734Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr openemr prior to 7.0.0.1.-https://nvd.nist.gov/vuln/detail/CVE-2022-2734
CVE-2022-30573The ftlserver component of TIBCO Software Inc.’s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.’s TIBCO FTL - Community Edition: versions 6.0.0 through 6.8.0, TIBCO FTL - Developer Edition: versions 6.0.1 through 6.8.0, TIBCO FTL - Enterprise Edition: versions 6.0.0 through 6.7.3, and TIBCO FTL - Enterprise Edition: version 6.8.0.-https://nvd.nist.gov/vuln/detail/CVE-2022-30573
CVE-2022-30574The ftlserver component of TIBCO Software Inc.’s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, TIBCO eFTL - Enterprise Edition, and TIBCO eFTL - Enterprise Edition contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to obtain user credentials to the affected system. Affected releases are TIBCO Software Inc.’s TIBCO FTL - Community Edition: versions 6.0.0 through 6.8.0, TIBCO FTL - Developer Edition: versions 6.0.1 through 6.8.0, TIBCO FTL - Enterprise Edition: versions 6.0.0 through 6.7.3, TIBCO FTL - Enterprise Edition: version 6.8.0, TIBCO eFTL - Community Edition: versions 6.0.0 through 6.8.0, TIBCO eFTL - Developer Edition: versions 6.0.1 through 6.8.0, TIBCO eFTL - Enterprise Edition: versions 6.0.0 through 6.7.3, and TIBCO eFTL - Enterprise Edition: version 6.8.0.-https://nvd.nist.gov/vuln/detail/CVE-2022-30574
CVE-2022-29083Prior Dell BIOS versions contain an Improper Authentication vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability by bypassing drive security mechanisms in order to gain access to the system.-https://nvd.nist.gov/vuln/detail/CVE-2022-29083