Security Bulletin 26 Oct 2022

Published on 26 Oct 2022

Updated on 26 Oct 2022

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Critical vulnerabilities with a base score of 9.0 to 10.0
High vulnerabilities with a base score of 7.0 to 8.9
Medium vulnerabilities with a base score of 4.0 to 6.9
Low vulnerabilities with a base score of 0.1 to 3.9
None vulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2021-22893 Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild. 10 https://nvd.nist.gov/vuln/detail/CVE-2021-22893
CVE-2021-38454 A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. 10 https://nvd.nist.gov/vuln/detail/CVE-2021-38454
CVE-2021-40422 An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. 10 https://nvd.nist.gov/vuln/detail/CVE-2021-40422
CVE-2022-30945 Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines. 10 https://nvd.nist.gov/vuln/detail/CVE-2022-30945
CVE-2021-21345 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. If you rely on XStream’s default blacklist of the Security Framework, you will have to use at least version 1.4.16. 9.9 https://nvd.nist.gov/vuln/detail/CVE-2021-21345
CVE-2021-25320 A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach the requested credentials without further checks This issue affects: Rancher versions prior to 2.5.9; Rancher versions prior to 2.4.16. 9.9 https://nvd.nist.gov/vuln/detail/CVE-2021-25320
CVE-2021-32829 ZStack is open source IaaS infrastructure as a service software aiming to automate datacenters, managing resources of compute, storage, and networking all by APIs. Affected versions of ZStack REST API are vulnerable to post-authentication Remote Code Execution RCE via bypass of the Groovy shell sandbox. The REST API exposes the GET zstack/v1/batch-queries?script endpoint which is backed up by the BatchQueryAction class. Messages are represented by the APIBatchQueryMsg, dispatched to the QueryFacadeImpl facade and handled by the BatchQuery class. The HTTP request parameter script is mapped to the APIBatchQueryMsg.script property and evaluated as a Groovy script in BatchQuery.query the evaluation of the user-controlled Groovy script is sandboxed by SandboxTransformer which will apply the restrictions defined in the registered sandbox.register GroovyInterceptor. Even though the sandbox heavily restricts the receiver types to a small set of allowed types, the sandbox is non effective at controlling any code placed in Java annotations and therefore vulnerable to meta-programming escapes. This issue leads to post-authenticated remote code execution. For more details see the referenced GHSL-2021-065. This issue is patched in versions 3.8.21, 3.10.8, and 4.1.0. 9.9 https://nvd.nist.gov/vuln/detail/CVE-2021-32829
CVE-2022-2884 A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint 9.9 https://nvd.nist.gov/vuln/detail/CVE-2022-2884
CVE-2022-43402 A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. 9.9 https://nvd.nist.gov/vuln/detail/CVE-2022-43402
CVE-2022-43403 A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. 9.9 https://nvd.nist.gov/vuln/detail/CVE-2022-43403
CVE-2022-43404 A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. 9.9 https://nvd.nist.gov/vuln/detail/CVE-2022-43404
CVE-2022-43405 A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. 9.9 https://nvd.nist.gov/vuln/detail/CVE-2022-43405
CVE-2022-43406 A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. 9.9 https://nvd.nist.gov/vuln/detail/CVE-2022-43406
CVE-2017-15095 A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-15095
CVE-2019-7667 Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and disclose login information, which can allow the attacker to bypass authentication and have full access to the system. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-7667
CVE-2020-2551 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: WLS Core Components . Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H . 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-2551
CVE-2020-2555 Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Caching,CacheStore,Invocation . Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H . 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-2555
CVE-2020-26867 ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-26867
CVE-2020-12501 Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT all versions use undocumented accounts. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12501
CVE-2020-6016 Valve’s Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment , leading to a Heap-Based Buffer Underflow and a free of memory not from the heap, resulting in a memory corruption and probably even a remote code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6016
CVE-2019-20933 InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret aka shared secret . 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-20933
CVE-2020-10148 The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10148
CVE-2021-21244 OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server side template injection via Bean validation message tampering. Full details in the reference GHSA. This issue was fixed in 4.0.3 by disabling validation interpolation completely. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21244
CVE-2021-22850 HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22850
CVE-2020-2506 The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-2506
CVE-2021-21304 Dynamoose is an open-source modeling tool for Amazon’s DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method “lib/utils/object/set.ts”. This method is used throughout the codebase for various operations throughout Dynamoose. We have not seen any evidence of this vulnerability being exploited. There is no evidence this vulnerability impacts versions 1.x.x since the vulnerable method was added as part of the v2 rewrite. This vulnerability also impacts v2.x.x beta/alpha versions. Version 2.7.0 includes a patch for this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21304
CVE-2020-15798 A vulnerability has been identified in SIMATIC HMI Comfort Panels incl. SIPLUS variants All versions < V16 Update 3a , SIMATIC HMI KTP Mobile Panels All versions < V16 Update 3a , SINAMICS GH150 All versions , SINAMICS GL150 with option X30 All versions , SINAMICS GM150 with option X30 All versions , SINAMICS SH150 All versions , SINAMICS SL150 All versions , SINAMICS SM120 All versions , SINAMICS SM150 All versions , SINAMICS SM150i All versions . Affected devices with enabled telnet service do not require authentication for this service. This could allow a remote attacker to gain full access to the device. ZDI-CAN-12046 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-15798
CVE-2021-21403 In github.com/kongchuanhujiao/server before version 1.3.21 there is an authentication Bypass by Primary Weakness vulnerability. All users are impacted. This is fixed in version 1.3.21. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21403
CVE-2021-24171 The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a “blocked” extension within another “blocked” extension in the “wcuf_file_name” parameter. It was also possible to perform a double extension attack and upload files to a different location via path traversal using the “wcuf_current_upload_session_id” parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24171
CVE-2021-21425 Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user. This vulnerability is fixed in version 1.10.8. Blocking access to the `/admin` path from untrusted sources can be applied as a workaround. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21425
CVE-2021-30167 The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30167
CVE-2021-30168 The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administrator’s credential and further control the devices. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30168
CVE-2021-21505 Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default credentials, could potentially exploit this to log in to the system to gain root privileges. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21505
CVE-2021-20999 In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-20999
CVE-2021-22737 Insufficiently Protected Credentials vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior that could cause unauthorized access of when credentials are discovered after a brute force attack. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22737
CVE-2021-25384 An improper input validation vulnerability in sdfffd_parse_chunk_PROP with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25384
CVE-2021-32726 Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused an earlier used username, the previous user could gain access to their account. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32726
CVE-2021-22910 A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22910
CVE-2021-21564 Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malformed data. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21564
CVE-2021-21829 A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21829
CVE-2021-21830 A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21830
CVE-2021-37708 Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a command injection vulnerability in mail agent settings. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-37708
CVE-2021-39159 BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. In affected versions a remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with maliciously crafted input could execute code in the BinderHub context, with the potential to egress credentials of the BinderHub deployment, including JupyterHub API tokens, kubernetes service accounts, and docker registry credentials. This may provide the ability to manipulate images and other user created pods in the deployment, with the potential to escalate to the host depending on the underlying kubernetes configuration. Users are advised to update to version 0.2.0-n653. If users are unable to update they may disable the git repo provider by specifying the `BinderHub.repo_providers` as a workaround. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39159
CVE-2021-27663 A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27663
CVE-2021-22869 An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group could access all of the enterprise runner groups within the organization because of improper authentication checks during the request. This could cause code to be run unintentionally by the incorrect runner group. This vulnerability affected GitHub Enterprise Server versions from 3.0.0 to 3.0.15 and 3.1.0 to 3.1.7 and was fixed in 3.0.16 and 3.1.8 releases. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22869
CVE-2021-41290 ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely set arbitrary values for location and content type and gain the possibility to execute arbitrary code on the affected device. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41290
CVE-2021-3319 DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.4.0 contain NULL Pointer Dereference CWE-476 , Attempt to Access Child of a Non-structure Pointer CWE-588 . For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3319
CVE-2021-31349 The usage of an internal HTTP header created an authentication bypass vulnerability CWE-287 , allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Technology Session Smart Router versions prior to 4.5.11, and all versions of 5.0 up to and including 5.0.1. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31349
CVE-2021-41163 Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribe_url values. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. To workaround the issue without updating, requests with a path starting /webhooks/aws path could be blocked at an upstream proxy. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41163
CVE-2021-40113 Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network PON Series Switches Optical Network Terminal ONT could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40113
CVE-2021-21693 When creating temporary files, agent-to-controller access to create those files is only checked after they’ve been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21693
CVE-2021-35368 OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-35368
CVE-2021-40358 A vulnerability has been identified in SIMATIC PCS 7 V8.2 All versions , SIMATIC PCS 7 V9.0 All versions < V9.0 SP3 UC04 , SIMATIC PCS 7 V9.1 All versions < V9.1 SP1 , SIMATIC WinCC V15 and earlier All versions < V15 SP1 Update 7 , SIMATIC WinCC V16 All versions < V16 Update 5 , SIMATIC WinCC V17 All versions < V17 Update 2 , SIMATIC WinCC V7.4 All versions < V7.4 SP1 Update 19 , SIMATIC WinCC V7.5 All versions < V7.5 SP2 Update 5 . Legitimate file operations on the web server of the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read, write or delete unexpected critical files. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40358
CVE-2021-44143 A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers i.e., one that starts with an empty line to provoke a heap overflow, which could conceivably be exploited for remote code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44143
CVE-2021-43527 NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \\#7, or PKCS \\#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43527
CVE-2021-22566 An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead to privileged executable pages being mapped as executable from an unprivileged context. This can be leveraged by an attacker to bypass executability restrictions of kernel-mode pages from user-mode. An incorrect setting of PXN bits within mmu_flags_to_s1_pte_attr lead to unprivileged executable pages being mapped as executable from a privileged context. This can be leveraged by an attacker to bypass executability restrictions of user-mode pages from kernel-mode. Typically this allows a potential attacker to circumvent a mitigation, making exploitation of potential kernel-mode vulnerabilities easier. We recommend updating kernel beyond commit 7d731b4e9599088ac3073956933559da7bca6a00 and rebuilding. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22566
CVE-2022-0318 Heap-based Buffer Overflow in vim/vim prior to 8.2. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0318
CVE-2021-46386 File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46386
CVE-2021-25003 The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25003
CVE-2021-45809 GlobalProtect-openconnect versions prior to 1.4.3 are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the `--script=--redacted--otect-openconnect versions prior to 1.4.3 are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting a parameter 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45809
CVE-2022-25521 NUUO v03.11.00 was discovered to contain access control issue. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25521
CVE-2021-32933 An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument. This could then be leveraged to run a malicious process. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32933
CVE-2021-32986 After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32986
CVE-2021-40390 An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP request to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40390
CVE-2022-1292 The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 Affected 3.0.0,3.0.1,3.0.2 . Fixed in OpenSSL 1.1.1o Affected 1.1.1-1.1.1n . Fixed in OpenSSL 1.0.2ze Affected 1.0.2-1.0.2zd . 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1292
CVE-2022-28111 MyBatis PageHelper v1.x.x-v3.7.0 v4.0.0-v5.0.0,v5.1.0-v5.3.0 was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28111
CVE-2022-30525 A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100 W firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50 W firmware versions 5.10 through 5.21 Patch 1, USG20 W -VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30525
CVE-2022-1927 Buffer Over-read in GitHub repository vim/vim prior to 8.2. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1927
CVE-2022-2042 Use After Free in GitHub repository vim/vim prior to 8.2. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2042
CVE-2022-32207 When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32207
CVE-2022-24082 If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running on PegaCloud due to its design and architecture. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24082
CVE-2022-31627 In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31627
CVE-2022-35914 /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35914
CVE-2022-35951 Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35951
CVE-2022-41352 An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole extraction to /opt/zimbra/jetty/webapps/zimbra/public that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 or CentOS 6 . Once pax is installed, amavisd automatically prefers it over cpio. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41352
CVE-2022-42889 Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is “${prefix:name}”, where “prefix” is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - “script” - execute expressions using the JVM script execution engine javax.script - “dns” - resolve dns records - “url” - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42889
CVE-2022-38980 The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process control permissions. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38980
CVE-2022-38982 The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38982
CVE-2022-35690 Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35690
CVE-2022-35710 Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35710
CVE-2022-35711 Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35711
CVE-2022-35712 Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35712
CVE-2022-38418 Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ‘Path Traversal’ vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38418
CVE-2017-20149 The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-20149
CVE-2022-42968 Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42968
CVE-2022-42980 go-admin aka GO Admin 2.0.12 uses the string go-admin as a production JWT key. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42980
CVE-2022-2052 Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2052
CVE-2022-3550 A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3550
CVE-2022-42163 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42163
CVE-2022-42164 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetClientState. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42164
CVE-2022-42165 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42165
CVE-2022-42154 An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42154
CVE-2022-42166 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42166
CVE-2022-42167 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42167
CVE-2022-42168 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42168
CVE-2022-42169 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42169
CVE-2022-42170 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42170
CVE-2022-42171 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42171
CVE-2022-42237 A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42237
CVE-2020-35539 A flaw was found in Wordpress 5.1. “X-Forwarded-For” is a HTTP header used to carry the client’s original IP address. However, because these headers may very well be added by the client to the requests, if the systems/devices use IP addresses which decelerate at X-Forwarded-For header instead of original IP, various issues may be faced. If the data originating from these fields is trusted by the application developers and processed, any authorization checks originating IP address logging could be manipulated. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-35539
CVE-2022-0699 A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0699
CVE-2022-22128 Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22128
CVE-2022-23769 Remote code execution vulnerability due to insufficient user privilege verification in reverseWall-MDS. Remote attackers can exploit the vulnerability such as stealing account, through remote code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23769
CVE-2022-23770 This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Remote attackers could use this vulnerability to execute malicious commands such as directory traversal. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23770
CVE-2022-40055 An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate privileges via a brute force attack at the login page. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-40055
CVE-2022-42149 kkFileView 4.0 is vulnerable to Server-side request forgery SSRF via controller\\OnlinePreviewController.java. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42149
CVE-2022-22241 An Improper Input Validation vulnerability in the J-Web component of Juniper Networks Junos OS may allow an unauthenticated attacker to access data without proper authorization. Utilizing a crafted POST request, deserialization may occur which could lead to unauthorized local file access or the ability to execute arbitrary commands. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S9; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22241
CVE-2022-39056 RAVA certificate validation system has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify and delete database. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39056
CVE-2022-3583 A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument business leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-211192. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3583
CVE-2022-40889 Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-40889
CVE-2022-35846 An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35846
CVE-2022-40684 An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-40684
CVE-2022-33872 An improper neutralization of special elements used in an OS Command ‘OS Command Injection’ vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-33872
CVE-2022-33873 An improper neutralization of special elements used in an OS Command ‘OS Command Injection’ vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute arbitrary command in the underlying shell. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-33873
CVE-2022-33874 An improper neutralization of special elements used in an OS Command ‘OS Command Injection’ vulnerabilities [CWE-78] in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-33874
CVE-2022-41544 GetSimple CMS v3.3.16 was discovered to contain a remote code execution RCE vulnerability via the edited_file parameter in admin/theme-edit.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41544
CVE-2022-43260 Tenda AC18 V15.03.05.19 6318 was discovered to contain a stack overflow via the time parameter in the fromSetSysTime function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43260
CVE-2022-39198 A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version 3.1.0 and prior versions. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39198
CVE-2022-21587 Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite component: Upload . Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H . 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21587
CVE-2022-39428 Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite component: Upload . Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H . 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39428
CVE-2016-20016 MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the “JAWS webserver RCE” because of the easily identifying HTTP response server field. Other firmware versions, at least from 2014 through 2019, can be affected. This was exploited in the wild in 2017 through 2022. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2016-20016
CVE-2016-20017 D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2016-20017
CVE-2022-25687 memory corruption in video due to buffer overflow while parsing asf clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25687
CVE-2022-25718 Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25718
CVE-2022-25720 Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25720
CVE-2022-25748 Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25748
CVE-2022-41415 Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a stack overflow in the RevserveMem component. This vulnerability allows attackers to cause a Denial of Service DoS via injecting crafted shellcode into the NVRAM variable. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41415
CVE-2022-43184 D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via the component /bin/proc.cgi. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43184
CVE-2022-43019 OpenCATS v0.9.6 was discovered to contain a remote code execution RCE vulnerability via the getDataGridPager’s ajax functionality. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43019
CVE-2022-43024 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43024
CVE-2022-43025 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the startIp parameter at /goform/SetPptpServerCfg. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43025
CVE-2022-43026 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the endIp parameter at /goform/SetPptpServerCfg. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43026
CVE-2022-43027 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the firewallEn parameter at /goform/SetFirewallCfg. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43027
CVE-2022-43028 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter at /goform/SetSysTimeCfg. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43028
CVE-2022-43029 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the time parameter at /goform/SetSysTimeCfg. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43029
CVE-2022-3327 Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3327
CVE-2022-27624 A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band OOB Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager DSM versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27624
CVE-2022-27625 A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band OOB Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager DSM versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27625
CVE-2022-37298 Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37298
CVE-2022-37598 Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37598
CVE-2022-42021 Best Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42021
CVE-2022-42233 Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42233
CVE-2022-3620 A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name of the patch is 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211919. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3620
CVE-2022-37454 The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37454
CVE-2021-42553 A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42553
CVE-2022-43400 A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 All versions < V22.2a 80 . The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43400
CVE-2022-3570 Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3570
CVE-2022-26870 Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26870
CVE-2022-3649 A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3649
CVE-2021-26727 Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user root . This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26727
CVE-2021-26728 Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user root . This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26728
CVE-2021-26729 Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user root . This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26729
CVE-2021-26730 A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code with the same privileges as the server user root . This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26730
CVE-2021-26731 Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user root . This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26731
CVE-2021-42010 Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42010
CVE-2021-46279 Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46279
CVE-2021-46849 pikepdf before 2.10.0 allows an XXE attack against PDF XMP metadata parsing. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46849
CVE-2022-39305 Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Versions prior to 2.5.4 contain a file upload ability. The affected code fails to validate fileMd5 and fileName parameters, resulting in an arbitrary file being read. This issue is patched in 2.5.4b. There are no known workarounds. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39305
CVE-2022-40984 Stack-based buffer overflow in WTViewerE series WTViewerE 761941 from 1.31 to 1.61 and WTViewerEfree from 1.01 to 1.52 allows an attacker to cause the product to crash by processing a long file name. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-40984
CVE-2021-21382 Restund is an open source NAT traversal server. The restund TURN server can be instructed to open a relay to the loopback address range. This allows you to reach any other service running on localhost which you might consider private. In the configuration that we ship https://github.com/wireapp/ansible-restund/blob/master/templates/restund.conf.j2#L40-L43 the `status` interface of restund is enabled and is listening on `127.0.0.1`.The `status` interface allows users to issue administrative commands to `restund` like listing open relays or draining connections. It would be possible for an attacker to contact the status interface and issue administrative commands by setting `XOR-PEER-ADDRESS` to `127.0.0.1:{{restund_udp_status_port}}` when opening a TURN channel. We now explicitly disallow relaying to loopback addresses, ‘any’ addresses, link local addresses, and the broadcast address. As a workaround disable the `status` module in your restund configuration. However there might still be other services running on `127.0.0.0/8` that you do not want to have exposed. The `turn` module can be disabled. Restund will still perform STUN and this might already be enough for initiating calls in your environments. TURN is only used as a last resort when other NAT traversal options do not work. One should also make sure that the TURN server is set up with firewall rules so that it cannot relay to other addresses that you don’t want the TURN server to relay to. For example other services in the same VPC where the TURN server is running. Ideally TURN servers should be deployed in an isolated fashion where they can only reach what they need to reach to perform their task of assisting NAT-traversal. 9.6 https://nvd.nist.gov/vuln/detail/CVE-2021-21382
CVE-2020-6294 Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2020-6294
CVE-2020-26197 Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note: This does not affect clusters which are not relying on an LDAP server for the authentication provider. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2020-26197
CVE-2021-1577 A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Application Policy Infrastructure Controller Cloud APIC could allow an unauthenticated, remote attacker to read or write arbitrary files on an affected system. This vulnerability is due to improper access control. An attacker could exploit this vulnerability by using a specific API endpoint to upload a file to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on an affected device. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-1577
CVE-2021-21689 FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-21689
CVE-2021-43400 An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-43400
CVE-2022-22544 Solution Manager Diagnostics Root Cause Analysis Tools - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. An attacker could thereby control the managed systems. It is considered that this is a missing segregation of duty for the SAP Solution Manager administrator. Impacts of unauthorized execution of commands can lead to sensitive information disclosure, loss of system integrity and denial of service. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-22544
CVE-2022-41477 A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery SSRF vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-41477
CVE-2020-8974 In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the firmware upload process does not perform any type of restriction. This allows an attacker to modify it and re-upload it via web with malicious modifications, rendering the device unusable. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2020-8974
CVE-2022-25719 Information disclosure in WLAN due to improper length check while processing authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25719
CVE-2022-1523 Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to a write-what-where condition, which could allow an attacker to overwrite program memory to manipulate the flow of information. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1523
CVE-2021-46848 GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-46848
CVE-2019-7671 Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to scripts are not properly sanitized before being returned to the user, which may allow an attacker to execute arbitrary code in a user’s browser session in context of an affected site. 9 https://nvd.nist.gov/vuln/detail/CVE-2019-7671
CVE-2021-26566 Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic. 9 https://nvd.nist.gov/vuln/detail/CVE-2021-26566

OTHER VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2018-3839 An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2018-3839
CVE-2019-7280 Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of an insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session and bypass authentication. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-7280
CVE-2019-7281 Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-7281
CVE-2019-7666 Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-7666
CVE-2019-7669 Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated attacker to upload and execute malicious applications within the application’s web root with root privileges. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-7669
CVE-2020-2696 Vulnerability in the Oracle Solaris product of Oracle Systems component: Common Desktop Environment . The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H . 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-2696
CVE-2020-15087 In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication, as these installations are inherently insecure. This only affects Presto server installations. This does NOT affect clients such as the CLI or JDBC driver. This vulnerability has been fixed in version 337. Additionally, this issue can be mitigated by blocking network access to internal APIs on the coordinator and workers. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-15087
CVE-2020-27387 An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker with access to the FileManager to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager’s rename function to provide the payload which will receive a random name on the server with the PHP extension, and finally executing the PHP file via an HTTP GET request to /storage/ . NOTE: the vendor has patched this while leaving the version number at 1.0.0-beta. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27387
CVE-2020-25695 A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25695
CVE-2020-25629 A vulnerability was found in Moodle where users with “Log in as” capability in a course context typically, course managers may gain access to some site administration capabilities by “logging in as” a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. This is fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25629
CVE-2021-21248 OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability involving the build endpoint parameters. InputSpec is used to define parameters of a Build spec. It does so by using dynamically generated Groovy classes. A user able to control job parameters can run arbitrary code on OneDev’s server by injecting arbitrary Groovy code. The ultimate result is in the injection of a static constructor that will run arbitrary code. For a full example refer to the referenced GHSA. This issue was addressed in 4.0.3 by escaping special characters such as quote from user input. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21248
CVE-2021-21277 angular-expressions is “angular’s nicest part extracted as a standalone module for the browser and node”. In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call “expressions.compile userControlledInput ” where “userControlledInput” is text that comes from user input. The security of the package could be bypassed by using a more complex payload, using a “.constructor.constructor” technique. In terms of impact: If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile userControlledInput . If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution. This is fixed in version 1.1.2 of angular-expressions A temporary workaround might be either to disable user-controlled input that will be fed into angular-expressions in your application or allow only following characters in the userControlledInput. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21277
CVE-2021-22858 Attackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22858
CVE-2021-21368 msgpack5 is a msgpack v5 implementation for node.js and the browser. In msgpack5 before versions 3.6.1, 4.5.1, and 5.2.1 there is a “Prototype Poisoning” vulnerability. When msgpack5 decodes a map containing a key “__proto__”, it assigns the decoded value to __proto__. Object.prototype.__proto__ is an accessor property for the receiver’s prototype. If the value corresponding to the key __proto__ decodes to an object or null, msgpack5 sets the decoded object’s prototype to that value. An attacker who can submit crafted MessagePack data to a service can use this to produce values that appear to be of other types; may have unexpected prototype properties and methods for example length, numeric properties, and push et al if __proto__’s value decodes to an Array ; and/or may throw unexpected exceptions when used for example if the __proto__ value decodes to a Map or Date . Other unexpected behavior might be produced for other types. There is no effect on the global prototype. This “prototype poisoning” is sort of a very limited inversion of a prototype pollution attack. Only the decoded value’s prototype is affected, and it can only be set to msgpack5 values though if the victim makes use of custom codecs, anything could be a msgpack5 value . We have not found a way to escalate this to true prototype pollution absent other bugs in the consumer’s code . This has been fixed in msgpack5 version 3.6.1, 4.5.1, and 5.2.1. See the referenced GitHub Security Advisory for an example and more details. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21368
CVE-2021-25667 A vulnerability has been identified in RUGGEDCOM RM1224 All versions >= V4.3 and < V6.4 , SCALANCE M-800 All versions >= V4.3 and < V6.4 , SCALANCE S615 All versions >= V4.3 and < V6.4 , SCALANCE SC-600 Family All versions >= V2.0 and < V2.1.3 , SCALANCE XB-200 All versions < V4.1 , SCALANCE XC-200 All versions < V4.1 , SCALANCE XF-200BA All versions < V4.1 , SCALANCE XM400 All versions < V6.2 , SCALANCE XP-200 All versions < V4.1 , SCALANCE XR-300WG All versions < V4.1 , SCALANCE XR500 All versions < V6.2 . Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25667
CVE-2021-21372 Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21372
CVE-2021-21433 Discord Recon Server is a bot that allows you to do your reconnaissance process from your Discord. Remote code execution in version 0.0.1 would allow remote users to execute commands on the server resulting in serious issues. This flaw is patched in 0.0.2. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21433
CVE-2021-22879 Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22879
CVE-2020-22025 A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other potential consequences. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-22025
CVE-2020-22032 A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption and other potential consequences. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-22032
CVE-2021-33842 Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within the network where the device affected is located. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33842
CVE-2021-33538 In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33538
CVE-2021-21596 Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. A malicious attacker with access to the immediate subnet may potentially exploit this vulnerability leading to information disclosure and a possible elevation of privileges. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21596
CVE-2021-24602 The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24602
CVE-2021-39160 nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. This has been resolved in version 0.10.2 and all users are advised to upgrade. No work around exist for users who can not upgrade. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39160
CVE-2021-21678 Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21678
CVE-2021-21679 Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21679
CVE-2021-36032 Magento Commerce versions 2.4.2 and earlier , 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36032
CVE-2021-24620 The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin through 2.2.5 does not check for the uploaded Downloadable Digital product file, allowing any file, such as PHP to be uploaded by an administrator. Furthermore, as there is no CSRF in place, attackers could also make a logged admin upload a malicious PHP file, which would lead to RCE 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24620
CVE-2021-22149 Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22149
CVE-2021-39537 An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39537
CVE-2021-34710 Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service DoS condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34710
CVE-2021-34748 A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to execute a command using crafted input. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on an affected device. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34748
CVE-2021-41146 qutebrowser is an open source keyboard-focused browser with a minimal GUI. Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers a `qutebrowserurl:` URL handler. With certain applications, opening a specially crafted `qutebrowserurl:...` URL can lead to execution of qutebrowser commands, which in turn allows arbitrary code execution via commands such as `:spawn` or `:debug-pyeval`. Only Windows installs where qutebrowser is registered as URL handler are affected. The issue has been fixed in qutebrowser v2.4.0. The fix also adds additional hardening for potential similar issues on Linux by adding the new --untrusted-args flag to the .desktop file , though no such vulnerabilities are known. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41146
CVE-2021-38475 The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38475
CVE-2021-34856 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 49160 . An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the virtio-gpu virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13581. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34856
CVE-2021-34859 This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TVS files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13697. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34859
CVE-2021-21695 FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21695
CVE-2019-8922 A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn’t any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in service_attr_req gets called by process_request in sdpd-request.c , which also allocates the response buffer. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-8922
CVE-2021-3621 A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3621
CVE-2021-21408 Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21408
CVE-2021-29454 Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29454
CVE-2021-25036 The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue, which was discovered during an internal audit by the Jetpack Scan team, and may grant bad actors access to protected REST API endpoints they shouldn’t have access to. This could ultimately enable users with low-privileged accounts, like subscribers, to perform remote code execution on affected sites. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25036
CVE-2021-40416 An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. All the Get APIs that are not included in cgi_check_ability are already executable by any logged-in users. An attacker can send an HTTP request to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40416
CVE-2020-25718 A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC read-only domain controller . This would allow an RODC to print administrator tickets. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25718
CVE-2022-0729 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0729
CVE-2022-0204 A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0204
CVE-2022-0435 A stack overflow flaw was found in the Linux kernel’s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0435
CVE-2020-25150 A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute arbitrary commands. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25150
CVE-2021-3101 Hotdog, prior to v1.0.1, did not mimic the capabilities or the SELinux label of the target JVM process. This would allow a container to gain full privileges on the host, bypassing restrictions set on the container. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3101
CVE-2022-26889 In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page e.g., HTML Injection, XSS or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim’s browser e.g., phishing . 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26889
CVE-2022-1631 Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain pre-authentication to the victim’s account. Further, due to the lack of proper validation of email coming from Social Login and failing to check if an account already exists, the victim will not identify if an account is already existing. Hence, the attacker’s persistence will remain. An attacker would be able to see all the activities performed by the victim user impacting the confidentiality and attempt to modify/corrupt the data impacting the integrity and availability factor. This attack becomes more interesting when an attacker can register an account from an employee’s email address. Assuming the organization uses G-Suite, it is much more impactful to hijack into an employee’s account. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1631
CVE-2022-29221 Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29221
CVE-2017-20042 A vulnerability has been found in Navetti PricePoint 4.6.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection Blind . The attack can be launched remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-20042
CVE-2017-20045 A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-20045
CVE-2022-1131 Use after free in Cast UI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1131
CVE-2022-1133 Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1133
CVE-2022-1134 Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1134
CVE-2022-1135 Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via standard feature user interaction. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1135
CVE-2022-1136 Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific set of user gestures. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1136
CVE-2022-20254 In Wi-Fi, there is a permissions bypass. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-223377547 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20254
CVE-2022-39176 BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39176
CVE-2022-39177 BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39177
CVE-2022-2852 Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2852
CVE-2022-2853 Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2853
CVE-2022-42902 In Linaro Automated Validation Architecture LAVA before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42902
CVE-2022-42719 A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers able to inject WLAN frames to crash the kernel and potentially execute code. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42719
CVE-2022-39311 GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 are vulnerable to remote code execution on the server from a malicious or compromised agent. The Spring RemoteInvocation endpoint exposed agent communication and allowed deserialization of arbitrary java objects, as well as subsequent remote code execution. Exploitation requires agent-level authentication, thus an attacker would need to either compromise an existing agent, its network communication or register a new agent to practically exploit this vulnerability. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39311
CVE-2022-42983 anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42983
CVE-2019-14841 A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-14841
CVE-2022-23771 This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker can use this vulnerability to or delete user accounts, or to escalate arbitrary user privileges. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23771
CVE-2022-2992 A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2992
CVE-2022-42221 Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, resulting in a command injection vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42221
CVE-2022-42029 Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to ‘big file uploads’ to copy/move files from anywhere in the file system into the web directory. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42029
CVE-2022-38743 Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. If successfully exploited, this could allow the attacker to execute arbitrary code and gain access to restricted data. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38743
CVE-2022-3368 A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3368
CVE-2020-8976 The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and triggers the malicious request. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-8976
CVE-2022-3158 Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully exploited, this could allow a user with basic user privileges to perform remote code execution on the server. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3158
CVE-2022-22239 An Execution with Unnecessary Privileges vulnerability in Management Daemon mgd of Juniper Networks Junos OS Evolved allows a locally authenticated attacker with low privileges to escalate their privileges on the device and potentially remote systems. This vulnerability allows a locally authenticated attacker with access to the ssh operational command to escalate their privileges on the system to root, or if there is user interaction on the local device to potentially escalate privileges on a remote system to root. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.1-EVO versions prior to 21.1R3-EVO; 21.2-EVO versions prior to 21.2R2-S1-EVO, 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22239
CVE-2022-22246 A PHP Local File Inclusion LFI vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged authenticated attacker to execute an untrusted PHP file. By chaining this vulnerability with other unspecified vulnerabilities, and by circumventing existing attack requirements, successful exploitation could lead to a complete system compromise. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22246
CVE-2022-3579 A vulnerability classified as critical was found in SourceCodester Cashier Queuing System 1.0. This vulnerability affects unknown code of the file /queuing/login.php of the component Login Page. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-211186 is the identifier assigned to this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3579
CVE-2022-3584 A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file edituser.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211193 was assigned to this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3584
CVE-2022-21613 Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware component: Dashboard . Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Data Quality, attacks may significantly impact additional products scope change . Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Data Quality accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Data Quality accessible data and unauthorized ability to cause a partial denial of service partial DOS of Oracle Enterprise Data Quality. CVSS 3.1 Base Score 8.8 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L . 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21613
CVE-2022-39427 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core . Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products scope change . Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 8.8 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H . 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39427
CVE-2022-41500 EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery CSRF vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41500
CVE-2022-25750 Memory corruption in BTHOST due to double free while music playback and calls over bluetooth headset in Snapdragon Mobile 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25750
CVE-2022-39260 Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git’s push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv `, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39260
CVE-2022-39267 Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With: XMLHttpRequest field in the request header. This issue has been patched in 1.8.8-release. There are no known workarounds. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39267
CVE-2022-23734 A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery SSRF that would let an attacker control the data being deserialized. This vulnerability affected all versions of GitHub Enterprise Server prior to v3.6 and was fixed in versions 3.5.3, 3.4.6, 3.3.11, and 3.2.16. This vulnerability was reported via the GitHub Bug Bounty program. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23734
CVE-2022-43401 A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43401
CVE-2022-43407 Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the ‘input’ step, which is used for the URLs that process user interactions for the given ‘input’ step proceed or abort and is not correctly encoded, allowing attackers able to configure Pipelines to have Jenkins build URLs from ‘input’ step IDs that would bypass the CSRF protection of any target URL in Jenkins when the ‘input’ step is interacted with. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43407
CVE-2022-43416 Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with attacker-controlled version, install location, and arguments, and attackers additionally able to create files on the Jenkins controller e.g., attackers with Item/Configure permission could archive artifacts to invoke arbitrary OS commands. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43416
CVE-2022-1414 3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1414
CVE-2022-41835 In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41835
CVE-2022-42198 In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42198
CVE-2022-42199 Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Site Request Forgery CSRF via the Exam List. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42199
CVE-2022-42344 Adobe Commerce versions 2.4.3-p2 and earlier , 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42344
CVE-2022-36958 SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36958
CVE-2022-3203 On ORing net IAP-420 + with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device with with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3203
CVE-2022-3640 A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3640
CVE-2020-26237 Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object’s prototype during highlighting. If you allow users to insert custom HTML code blocks into your page/app via parsing Markdown code blocks or similar and do not filter the language names the user can provide you may be vulnerable. The pollution should just be harmless data but this can cause problems for applications not expecting these properties to exist and can result in strange behavior or application crashes, i.e. a potential DOS vector. If your website or application does not render user provided data it should be unaffected. Versions 9.18.2 and 10.1.2 and newer include fixes for this vulnerability. If you are using version 7 or 8 you are encouraged to upgrade to a newer release. 8.7 https://nvd.nist.gov/vuln/detail/CVE-2020-26237
CVE-2021-32656 Nextcloud Server is a Nextcloud package that handles data storage. A vulnerability in federated share exists in versions prior to 19.0.11, 20.0.10, and 21.0.2. An attacker can gain access to basic information about users of a server by accessing a public link that a legitimate server user added as a federated share. This happens because Nextcloud supports sharing registered users with other Nextcloud servers, which can be done automatically when selecting the “Add server automatically once a federated share was created successfully” setting. The vulnerability is patched in versions 19.0.11, 20.0.10, and 21.0.2 As a workaround, disable “Add server automatically once a federated share was created successfully” in the Nextcloud settings. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2021-32656
CVE-2021-32690 Helm is a tool for managing Charts packages of pre-configured Kubernetes resources . In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. This issue has been resolved in 3.6.1. There is a workaround through which one may check for improperly passed credentials. One may use a username and password for a Helm repository and may audit the Helm repository in order to check for another domain being used that could have received the credentials. In the `index.yaml` file for that repository, one may look for another domain in the `urls` list for the chart versions. If there is another domain found and that chart version was pulled or installed, the credentials would be passed on. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2021-32690
CVE-2021-34720 A vulnerability in the IP Service Level Agreements IP SLA responder and Two-Way Active Measurement Protocol TWAMP features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in a denial of service DoS condition. This vulnerability exists because socket creation failures are mishandled during the IP SLA and TWAMP processes. An attacker could exploit this vulnerability by sending specific IP SLA or TWAMP packets to an affected device. A successful exploit could allow the attacker to exhaust the packet memory, which will impact other processes, such as routing protocols, or crash the IP SLA process. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2021-34720
CVE-2021-3682 A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host. 8.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3682
CVE-2022-22229 An Improper Neutralization of Input During Web Page Generation ‘Cross-site Scripting’ vulnerability, a stored XSS or persistent , in the Control Center Controller web pages of Juniper Networks Paragon Active Assurance Formerly Netrounds allows a high-privilege attacker with ‘WRITE’ permissions to store one or more malicious scripts that will infect any other authorized user’s account when they accidentally trigger the malicious script s while managing the device. Triggering these attacks enables the attacker to execute commands with the permissions up to that of the superuser account. This issue affects: Juniper Networks Paragon Active Assurance Formerly Netrounds All versions prior to 3.1.1; 3.2 versions prior to 3.2.1. 8.4 https://nvd.nist.gov/vuln/detail/CVE-2022-22229
CVE-2022-3608 Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha. 8.4 https://nvd.nist.gov/vuln/detail/CVE-2022-3608
CVE-2021-32779 Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI ‘#fragment’ element as part of the path element. Envoy is configured with an RBAC filter for authorization or similar mechanism with an explicit case of a final “/admin” path element, or is using a negative assertion with final path element of “/admin”. The client sends request to “/app1/admin#foo”. In Envoy prior to 1.18.0, or 1.18.0+ configured with path_normalization=false. Envoy treats fragment as a suffix of the query string when present, or as a suffix of the path when query string is absent, so it evaluates the final path element as “/admin#foo” and mismatches with the configured “/admin” path element. In Envoy 1.18.0+ configured with path_normalization=true. Envoy transforms this to /app1/admin%23foo and mismatches with the configured /admin prefix. The resulting URI is sent to the next server-agent with the offending “#foo” fragment which violates RFC3986 or with the nonsensical “%23foo” text appended. A specifically constructed request with URI containing ‘#fragment’ element delivered by an untrusted client in the presence of path based request authorization resulting in escalation of Privileges when path based request authorization extensions. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes that removes fragment from URI path in incoming requests. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2021-32779
CVE-2021-21045 Acrobat Reader DC versions versions 2020.013.20074 and earlier , 2020.001.30018 and earlier and 2017.011.30188 and earlier are affected by an improper access control vulnerability. An unauthenticated attacker could leverage this vulnerability to elevate privileges in the context of the current user. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-21045
CVE-2021-21378 Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list when Envoy’s JWT Authentication filter is configured with the `allow_missing` requirement under `requires_any` due to a mistake in implementation. Envoy’s JWT Authentication filter can be configured with the `allow_missing` requirement that will be satisfied if JWT is missing JwtMissed error and fail if JWT is presented or invalid. Due to a mistake in implementation, a JwtUnknownIssuer error was mistakenly converted to JwtMissed when `requires_any` was configured. So if `allow_missing` was configured under `requires_any`, an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list. Integrity may be impacted depending on configuration if the JWT token is used to protect against writes or modifications. This regression was introduced on 2020/11/12 in PR 13839 which fixed handling `allow_missing` under RequiresAny in a JwtRequirement see issue 13458 . The AnyVerifier aggregates the children verifiers’ results into a final status where JwtMissing is the default error. However, a JwtUnknownIssuer was mistakenly treated the same as a JwtMissing error and the resulting final aggregation was the default JwtMissing. As a result, `allow_missing` would allow a JWT token with an unknown issuer status. This is fixed in version 1.17.1 by PR 15194. The fix works by preferring JwtUnknownIssuer over a JwtMissing error, fixing the accidental conversion and bypass with `allow_missing`. A user could detect whether a bypass occurred if they have Envoy logs enabled with debug verbosity. Users can enable component level debug logs for JWT. The JWT filter logs will indicate that there is a request with a JWT token and a failure that the JWT token is missing. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-21378
CVE-2021-3546 An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device vhost-user-gpu of QEMU in versions up to and including 6.0. The flaw occurs while processing the ‘VIRTIO_GPU_CMD_GET_CAPSET’ command from the guest. It could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service condition, or potential code execution with the privileges of the QEMU process. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-3546
CVE-2021-3750 A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller’s registers and trigger undesirable actions such as reset while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-3750
CVE-2022-1012 A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-1012
CVE-2022-1066 Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-1066
CVE-2020-25694 A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-25694
CVE-2021-22863 An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would be able to gain access to head branches of pull requests opened on repositories of which they are a maintainer. Forking is disabled by default for organization owned private repositories and would prevent this vulnerability. Additionally, branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.12.22 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-22863
CVE-2021-21431 sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior to 2.0.1, on some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when kicking multiple users at once. We also believe it may have been possible to remove users from other channels but due to the wonder that is IRC and following RfCs, We have no POC for that. Freenode is not affected. This is fixed in version 2.0.1. As a workaround, do not use this plugin on networks where TARGMAX > 1. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-21431
CVE-2021-21540 Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to overwrite configuration information by injecting arbitrarily large payload. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-21540
CVE-2020-25716 A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before cfme 5.11.10.1 are affected 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-25716
CVE-2021-24500 Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially modifying or deleting arbitrary objects on the target site. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-24500
CVE-2021-34595 A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-34595
CVE-2021-38161 Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-38161
CVE-2021-41253 Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v3.2.0 and older that use the string functions provided in `zycore` in order to append untrusted user data to the formatter buffer within their custom formatter hooks can run into heap buffer overflows. Older versions of Zydis failed to properly initialize the string object within the formatter buffer, forgetting to initialize a few fields, leaving their value to chance. This could then in turn cause zycore functions like `ZyanStringAppend` to make incorrect calculations for the new target size, resulting in heap memory corruption. This does not affect the regular uncustomized Zydis formatter, because Zydis internally doesn’t use the string functions in zycore that act upon these fields. However, because the zycore string functions are the intended way to work with the formatter buffer for users of the library that wish to extend the formatter, we still consider this to be a vulnerability in Zydis. This bug is patched starting in version 3.2.1. As a workaround, users may refrain from using zycore string functions in their formatter hooks until updating to a patched version. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-41253
CVE-2020-10627 Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-10627
CVE-2022-27438 Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer Advanced Updater are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-27438
CVE-2022-1130 Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1130
CVE-2022-41674 An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-41674
CVE-2022-2780 In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-2780
CVE-2020-8973 ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, does not properly accept specially constructed requests. This allows an attacker with access to the network where the affected asset is located, to operate and change several parameters without having to be registered as a user on the web that owns the device. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-8973
CVE-2022-31122 Wire is an encrypted communication and collaboration platform. Versions prior to 2022-07-12/Chart 4.19.0 are subject to Token Recipient Confusion. If an attacker has certain details of SAML IdP metadata, and configures their own SAML on the same backend, the attacker can delete all SAML authenticated accounts of a targeted team, Authenticate as a user of the attacked team and create arbitrary accounts in the context of the team if it is not managed by SCIM. This issue is fixed in wire-server 2022-07-12 and is already deployed on all Wire managed services. On-premise instances of wire-server need to be updated to 2022-07-12/Chart 4.19.0, so that their backends are no longer affected. As a workaround, the risk of an attack can be reduced by disabling SAML configuration for teams galley.config.settings.featureFlags.sso . Helm overrides are located in `values/wire-server/values.yaml` Note that the ability to configure SAML SSO as a team is disabled by default for on-premise installations. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-31122
CVE-2022-41541 TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to the web application as an admin user. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-41541
CVE-2022-21612 Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware component: Dashboard . Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Data Quality accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Data Quality accessible data. CVSS 3.1 Base Score 8.1 Confidentiality and Integrity impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N . 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-21612
CVE-2022-39406 Vulnerability in the PeopleSoft Enterprise Common Components product of Oracle PeopleSoft component: Approval Framework . The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise Common Components. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise Common Components accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise Common Components accessible data. CVSS 3.1 Base Score 8.1 Confidentiality and Integrity impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N . 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-39406
CVE-2022-39424 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core . Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H . 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-39424
CVE-2022-39425 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core . Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H . 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-39425
CVE-2022-39426 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core . Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H . 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-39426
CVE-2022-23241 Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock configured FlexGroups are susceptible to a vulnerability which could allow an authenticated remote attacker to arbitrarily modify or delete WORM data prior to the end of the retention period. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-23241
CVE-2022-27626 A vulnerability regarding concurrent execution using shared resource with improper synchronization ‘Race Condition’ is found in the session processing functionality of Out-of-Band OOB Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager DSM versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-27626
CVE-2022-1070 Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1070
CVE-2021-4228 Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle MitM attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-4228
CVE-2020-15223 In ORY Fosite the security first OAuth2 & OpenID Connect framework for Go before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store. This is fixed in version 0.34.0 8 https://nvd.nist.gov/vuln/detail/CVE-2020-15223
CVE-2021-21605 Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file. 8 https://nvd.nist.gov/vuln/detail/CVE-2021-21605
CVE-2021-24914 The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in the tawkto_setwidget and tawkto_removewidget AJAX actions, available to any authenticated user. The first one allows low-privileged users including simple subscribers to change the ‘tawkto-embed-widget-page-id’ and ‘tawkto-embed-widget-widget-id’ parameters. Any authenticated user can thus link the vulnerable website to their own Tawk.to instance. Consequently, they will be able to monitor the vulnerable website and interact with its visitors receive contact messages, answer, ... . They will also be able to display an arbitrary Knowledge Base. The second one will remove the live chat widget from pages. 8 https://nvd.nist.gov/vuln/detail/CVE-2021-24914
CVE-2021-24945 The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtn_export_votes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the blog. 8 https://nvd.nist.gov/vuln/detail/CVE-2021-24945
CVE-2021-24905 The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPress setup again, gain administrator privileges and execute arbitrary code or display arbitrary content to the users. 8 https://nvd.nist.gov/vuln/detail/CVE-2021-24905
CVE-2021-4157 An out of memory bounds write flaw 1 or 2 bytes of memory in the Linux kernel NFS subsystem was found in the way users use mirroring replication of files with NFS . A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. 8 https://nvd.nist.gov/vuln/detail/CVE-2021-4157
CVE-2022-3534 A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211032. 8 https://nvd.nist.gov/vuln/detail/CVE-2022-3534
CVE-2022-2527 An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim interacting with this content could lead to arbitrary requests. 8 https://nvd.nist.gov/vuln/detail/CVE-2022-2527
CVE-2022-32176 In “Gin-Vue-Admin”, versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the “Compress Upload” functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin’s cookie leading to account takeover. 8 https://nvd.nist.gov/vuln/detail/CVE-2022-32176
CVE-2022-3564 A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. 8 https://nvd.nist.gov/vuln/detail/CVE-2022-3564
CVE-2022-3565 A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088. 8 https://nvd.nist.gov/vuln/detail/CVE-2022-3565
CVE-2020-24433 Adobe Acrobat Reader DC versions 2020.012.20048 and earlier , 2020.001.30005 and earlier and 2017.011.30175 and earlier are affected by a local privilege escalation vulnerability that could enable a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code as SYSTEM. Exploitation of this issue requires an attacker to socially engineer a victim, or the attacker must already have some access to the environment. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-24433
CVE-2020-16122 PackageKit’s apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-16122
CVE-2020-11206 Possible buffer overflow in Fastrpc while handling received parameters due to lack of validation on input parameters’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11206
CVE-2020-11207 Buffer overflow in LibFastCV library due to improper size checks with respect to buffer length’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8052, APQ8056, APQ8076, APQ8096, APQ8096SG, APQ8098, MDM9655, MSM8952, MSM8956, MSM8976, MSM8976SG, MSM8996, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11207
CVE-2020-11208 Out of Bound issue in DSP services while processing received arguments due to improper validation of length received as an argument’ in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11208
CVE-2020-0590 Improper input validation in BIOS firmware for some Intel R Processors may allow an authenticated user to potentially enable escalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-0590
CVE-2020-8744 Improper initialization in subsystem for Intel R CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel R TXE versions before 4.0.30 Intel R SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-8744
CVE-2020-14409 SDL Simple DirectMedia Layer through 2.0.12 has an Integer Overflow and resultant SDL_memcpy heap corruption in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-14409
CVE-2020-25238 A vulnerability has been identified in PCS neo Administration Console All versions < V3.1 , TIA Portal V15, V15.1 and V16 . Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25238
CVE-2021-22649 Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22649
CVE-2021-3410 A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3410
CVE-2021-25315 A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25315
CVE-2021-24144 Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24144
CVE-2021-25314 A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. This issue affects: SUSE Linux Enterprise High Availability 12-SP3 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 12-SP5 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 15-SP2 hawk2 versions prior to 2.6.3+git.1614684118.af555ad9. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25314
CVE-2021-22539 An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As such the attacker is able to execute any executable on the system through vscode-bazel. We recommend upgrading to version 0.4.1 or above. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22539
CVE-2021-3498 GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3498
CVE-2021-22678 Cscape All versions prior to 9.90 SP4 lacks proper validation of user-supplied data when parsing project files. This could lead to memory corruption. An attacker could leverage this vulnerability to execute code in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22678
CVE-2021-22682 Cscape All versions prior to 9.90 SP4 is configured by default to be installed for all users, which allows full permissions, including read/write access. This may allow unprivileged users to modify the binaries and configuration files and lead to local privilege escalation. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22682
CVE-2021-21415 Prisma VS Code a VSCode extension for Prisma schema files. This is a Remote Code Execution Vulnerability that affects all versions of the Prisma VS Code extension older than 2.20.0. If a custom binary path for the Prisma format binary is set in VS Code Settings, for example by downloading a project that has a .vscode/settings.json file that sets a value for “prismaFmtBinPath”. That custom binary is executed when auto-formatting is triggered by VS Code or when validation checks are triggered after each keypress on a *.prisma file. Fixed in versions 2.20.0 and 20.0.27. As a workaround users can either edit or delete the `.vscode/settings.json` file or check if the binary is malicious and delete it. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21415
CVE-2021-1448 A vulnerability in the CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device that is running in multi-instance mode. This vulnerability is due to insufficient validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1448
CVE-2021-29610 TensorFlow is an end-to-end open source platform for machine learning. The validation in `tf.raw_ops.QuantizeAndDequantizeV2` allows invalid values for `axis` argument:. The validation https://github.com/tensorflow/tensorflow/blob/eccb7ec454e6617738554a255d77f08e60ee0808/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L74-L77 uses `||` to mix two different conditions. If `axis_ < -1` the condition in `OP_REQUIRES` will still be true, but this value of `axis_` results in heap underflow. This allows attackers to read/write to other data on the heap. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29610
CVE-2021-29612 TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in Eigen implementation of `tf.raw_ops.BandedTriangularSolve`. The implementation https://github.com/tensorflow/tensorflow/blob/eccb7ec454e6617738554a255d77f08e60ee0808/tensorflow/core/kernels/linalg/banded_triangular_solve_op.cc#L269-L278 calls `ValidateInputTensors` for input validation but fails to validate that the two tensors are not empty. Furthermore, since `OP_REQUIRES` macro only stops execution of current function after setting `ctx->status ` to a non-OK value, callers of helper functions that use `OP_REQUIRES` must check value of `ctx->status ` before continuing. This doesn’t happen in this op’s implementation https://github.com/tensorflow/tensorflow/blob/eccb7ec454e6617738554a255d77f08e60ee0808/tensorflow/core/kernels/linalg/banded_triangular_solve_op.cc#L219 , hence the validation that is present is also not effective. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29612
CVE-2021-22117 RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22117
CVE-2021-30472 A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30472
CVE-2021-30499 A flaw was found in libcaca. A buffer overflow of export.c in function export_troff might lead to memory corruption and other potential consequences. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30499
CVE-2021-22118 In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by re creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22118
CVE-2020-36385 An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-36385
CVE-2021-22549 An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22549
CVE-2021-25322 A UNIX Symbolic Link Symlink Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25322
CVE-2021-31493 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13304. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31493
CVE-2021-31495 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13307. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31495
CVE-2021-37652 TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an attacker supplies specially crafted arguments. The [implementation] https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/boosted_trees/resource_ops.cc#L55 uses a reference counted resource and decrements the refcount if the initialization fails, as it should. However, when the code was written, the resource was represented as a naked pointer but later refactoring has changed it to be a smart pointer. Thus, when the pointer leaves the scope, a subsequent `free`-ing of the resource occurs, but this fails to take into account that the refcount has already reached 0, thus the resource has been already freed. During this double-free process, members of the resource object are accessed for cleanup but they are invalid as the entire resource has been freed. We have patched the issue in GitHub commit 5ecec9c6fbdbc6be03295685190a45e7eee726ab. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-37652
CVE-2021-39135 `@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is accomplished by extracting package contents into a project’s `node_modules` folder. If the `node_modules` folder of the root project or any of its dependencies is somehow replaced with a symbolic link, it could allow Arborist to write package dependencies to any arbitrary location on the file system. Note that symbolic links contained within package artifact contents are filtered out, so another means of creating a `node_modules` symbolic link would have to be employed. 1. A `preinstall` script could replace `node_modules` with a symlink. This is prevented by using `--ignore-scripts`. 2. An attacker could supply the target with a git repository, instructing them to run `npm install --ignore-scripts` in the root. This may be successful, because `npm install --ignore-scripts` is typically not capable of making changes outside of the project directory, so it may be deemed safe. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above. For more information including workarounds please see the referenced GHSA-gmw6-94gg-2rc2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39135
CVE-2021-36046 XMP Toolkit version 2020.1 and earlier is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36046
CVE-2021-36049 Adobe Bridge version 11.1 and earlier is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36049
CVE-2021-36052 XMP Toolkit version 2020.1 and earlier is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36052
CVE-2021-36070 Adobe Media Encoder version 15.1 and earlier is affected by an improper memory access vulnerability when parsing a crafted .SVG file. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36070
CVE-2021-21798 An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger the vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21798
CVE-2021-31843 Improper privileges management vulnerability in McAfee Endpoint Security ENS Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31843
CVE-2021-3747 The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3747
CVE-2021-22557 SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22557
CVE-2021-20264 An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. This flaw allows an attacker with access to the container to modify the /etc/passwd and escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-20264
CVE-2021-38436 FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a memory-corruption condition. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38436
CVE-2021-38442 FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a heap-corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38442
CVE-2021-31356 A command injection vulnerability in command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S1-EVO; All versions of 21.1-EVO and 21.2-EVO. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31356
CVE-2021-31357 A command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-S2-EVO; 21.1 versions prior to 21.1R2-EVO; 21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31357
CVE-2021-31358 A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S2-EVO; 21.1 versions prior to 21.1R2-EVO; 21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31358
CVE-2021-34756 Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34756
CVE-2021-41203 TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and `CHECK`-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure is missing validation for invalid file formats. The fixes will be included in TensorFlow 2.7.0. We will also cherrypick these commits on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41203
CVE-2021-41228 TensorFlow is an open source platform for machine learning. In affected versions TensorFlow’s `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We have patched this by adding a `safe` flag which defaults to `True` and an explicit warning for users. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41228
CVE-2021-28500 An issue has recently been discovered in Arista EOS where the incorrect use of EOS’s AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28500
CVE-2022-0261 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0261
CVE-2022-0351 Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0351
CVE-2022-0359 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0359
CVE-2022-0361 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0361
CVE-2022-0368 Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0368
CVE-2021-4034 A local privilege escalation vulnerability was found on polkit’s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn’t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it’ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4034
CVE-2022-0392 Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0392
CVE-2022-0554 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0554
CVE-2022-0572 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0572
CVE-2022-0629 Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0629
CVE-2022-0685 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0685
CVE-2022-0492 A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0492
CVE-2022-0943 Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0943
CVE-2022-22640 A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. An application may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22640
CVE-2022-1055 A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1055
CVE-2022-1381 global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1381
CVE-2022-1616 Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1616
CVE-2022-1619 Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1619
CVE-2022-1621 Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1621
CVE-2022-1629 Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1629
CVE-2022-30594 The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30594
CVE-2022-1116 Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1116
CVE-2022-1733 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1733
CVE-2022-1769 Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1769
CVE-2022-29581 Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29581
CVE-2022-1735 Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1735
CVE-2022-29162 runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve 2 . This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container’s bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed as specified via `--cap` arguments do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec `config.json` file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29162
CVE-2022-1851 Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1851
CVE-2022-1898 Use After Free in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1898
CVE-2022-1897 Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1897
CVE-2022-1942 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1942
CVE-2022-1968 Use After Free in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1968
CVE-2022-2000 Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2000
CVE-2022-2124 Buffer Over-read in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2124
CVE-2022-2125 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2125
CVE-2022-2126 Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2126
CVE-2022-1720 Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1720
CVE-2022-2210 Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2210
CVE-2022-2816 Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2816
CVE-2022-2817 Use After Free in GitHub repository vim/vim prior to 9.0.0213. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2817
CVE-2022-2845 Buffer Over-read in GitHub repository vim/vim prior to 9.0.0218. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2845
CVE-2022-2849 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2849
CVE-2022-2862 Use After Free in GitHub repository vim/vim prior to 9.0.0221. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2862
CVE-2021-4037 A vulnerability was found in the fs/inode.c:inode_init_owner function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4037
CVE-2020-27796 A heap-based buffer over-read was discovered in the invert_pt_dynamic function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27796
CVE-2022-38784 Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder JBIG2Stream::readTextRegionSeg in JBIGStream.cc . Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38784
CVE-2022-3176 There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll and binder_poll use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn’t handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3176
CVE-2022-38434 Adobe Photoshop versions 22.5.8 and earlier and 23.4.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38434
CVE-2022-32908 A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. A user may be able to elevate privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32908
CVE-2022-32911 The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32911
CVE-2022-20421 In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20421
CVE-2022-42720 Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers able to inject WLAN frames to trigger use-after-free conditions to potentially execute code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42720
CVE-2022-41302 An Out-Of-Bounds Read Vulnerability in Autodesk FBX SDK version 2020. and prior may lead to code execution or information disclosure through maliciously crafted FBX files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41302
CVE-2022-41303 A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41303
CVE-2022-41304 An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK 2020 version and prior may lead to code execution through maliciously crafted FBX files or information disclosure. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41304
CVE-2022-41306 A maliciously crafted PCT file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41306
CVE-2022-41307 A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41307
CVE-2022-41308 A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41308
CVE-2022-3541 A vulnerability classified as critical has been found in Linux Kernel. This affects the function spl2sw_nvmem_get_mac_address of the file drivers/net/ethernet/sunplus/spl2sw_driver.c of the component BPF. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211041 was assigned to this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3541
CVE-2022-3545 A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3545
CVE-2022-41751 Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41751
CVE-2022-3569 Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite ZCS suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the ‘zimbra’ user can effectively coerce postfix into running arbitrary commands as ‘root’. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3569
CVE-2022-22251 On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22251
CVE-2021-3305 Beijing Feishu Technology Co., Ltd Feishu v3.40.3 was discovered to contain an untrusted search path vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3305
CVE-2022-36438 AsusSwitch.exe on ASUS personal computers running Windows sets weak file permissions, leading to local privilege escalation this also can be used to delete files within the system arbitrarily . This affects ASUS System Control Interface 3 before 3.1.5.0, and AsusSwitch.exe before 1.0.10.0. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36438
CVE-2022-22077 Memory corruption in graphics due to use-after-free in graphics dispatcher logic in Snapdragon Mobile 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22077
CVE-2022-25660 Memory corruption due to double free issue in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25660
CVE-2022-25661 Memory corruption due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25661
CVE-2022-25723 Memory corruption in multimedia due to use after free during callback registration failure in Snapdragon Mobile 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25723
CVE-2022-33210 Memory corruption in automotive multimedia due to use of out-of-range pointer offset while parsing command request packet with a very large type value. in Snapdragon Auto 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-33210
CVE-2022-33217 Memory corruption in Qualcomm IPC due to buffer copy without checking the size of input while starting communication with a compromised kernel. in Snapdragon Mobile 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-33217
CVE-2022-43040 GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gf_isom_box_dump_start_ex at /isomedia/box_funcs.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43040
CVE-2022-43042 GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function FixSDTPInTRAF at isomedia/isom_intern.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43042
CVE-2022-41709 Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application has the “nodeIntegration” option enabled. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41709
CVE-2022-41741 NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41741
CVE-2020-12744 The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate their privileges during install or repair. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12744
CVE-2022-42176 In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42176
CVE-2022-2069 The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcenter Visualization prior to V14.0.0.2 contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2069
CVE-2022-3577 An out-of-bounds memory write flaw was found in the Linux kernel’s Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect assumption - bigben devices all have inputs. However, malicious devices can break this assumption, leaking to out-of-bound write. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3577
CVE-2022-3625 A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3625
CVE-2022-3636 A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function __mtk_ppe_check_skb of the file drivers/net/ethernet/mediatek/mtk_ppe.c of the component Ethernet Handler. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211935. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3636
CVE-2022-36122 The Automox Agent before 40 on Windows incorrectly sets permissions on key files. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36122
CVE-2022-41309 A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41309
CVE-2022-41310 A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41310
CVE-2022-42933 A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42933
CVE-2022-42934 A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42934
CVE-2022-42935 A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42935
CVE-2022-42936 A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42936
CVE-2022-42937 A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42937
CVE-2022-42938 A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42938
CVE-2022-42939 A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42939
CVE-2022-42940 A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42940
CVE-2022-42941 A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42941
CVE-2022-42942 A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42942
CVE-2022-42943 A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42943
CVE-2022-42944 A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42944
CVE-2022-41796 Untrusted search path vulnerability in the installer of Content Transfer for Windows Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41796
CVE-2022-38435 Adobe Illustrator versions 26.4 and earlier and 25.4.7 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38435
CVE-2022-38436 Adobe Illustrator versions 26.4 and earlier and 25.4.7 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38436
CVE-2020-2511 Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of Core RDBMS. CVSS 3.0 Base Score 7.7 Availability impacts . CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H . 7.7 https://nvd.nist.gov/vuln/detail/CVE-2020-2511
CVE-2021-21272 ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a “zip-slip” vulnerability. The directory support feature allows the downloaded gzipped tarballs to be automatically extracted to the user-specified directory where the tarball can have symbolic links and hard links. A well-crafted tarball or tarballs allow malicious artifact providers linking, writing, or overwriting specific files on the host filesystem outside of the user-specified directory unexpectedly with the same permissions as the user who runs `oras pull`. Users of the affected versions are impacted if they are `oras` CLI users who runs `oras pull`, or if they are Go programs, which invoke `github.com/deislabs/oras/pkg/content.FileStore`. The problem has been fixed in version 0.9.0. For `oras` CLI users, there is no workarounds other than pulling from a trusted artifact provider. For `oras` package users, the workaround is to not use `github.com/deislabs/oras/pkg/content.FileStore`, and use other content stores instead, or pull from a trusted artifact provider. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-21272
CVE-2021-21303 Helm is open-source software which is essentially “The Kubernetes Package Manager”. Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted sources was not properly sanitized. When a SemVer in the `version` field of a chart is invalid, in some cases Helm allows the string to be used “as is” without sanitizing. Helm fails to properly sanitized some fields present on Helm repository `index.yaml` files. Helm does not properly sanitized some fields in the `plugin.yaml` file for plugins In some cases, Helm does not properly sanitize the fields in the `Chart.yaml` file. By exploiting these attack vectors, core maintainers were able to send deceptive information to a terminal screen running the `helm` command, as well as obscure or alter information on the screen. In some cases, we could send codes that terminals used to execute higher-order logic, like clearing a terminal screen. Further, during evaluation, the Helm maintainers discovered a few other fields that were not properly sanitized when read out of repository index files. This fix remedies all such cases, and once again enforces SemVer2 policies on version fields. All users of the Helm 3 should upgrade to the fixed version 3.5.2 or later. Those who use Helm as a library should verify that they either sanitize this data on their own, or use the proper Helm API calls to sanitize the data. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-21303
CVE-2021-44358 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetRec param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44358
CVE-2021-44359 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetCrop param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44359
CVE-2021-44360 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNorm param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44360
CVE-2021-44361 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Set3G param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44361
CVE-2021-44362 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetCloudSchedule param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44362
CVE-2021-44363 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPush param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44363
CVE-2021-44364 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetWifi param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44364
CVE-2021-44365 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetDevName param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44365
CVE-2021-44367 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetUpnp param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44367
CVE-2021-44368 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNetPort param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44368
CVE-2021-44369 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNtp param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44369
CVE-2021-44370 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetFtp param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44370
CVE-2021-44371 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetEmail param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44371
CVE-2021-44372 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetLocalLink param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44372
CVE-2021-44373 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetAutoFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44373
CVE-2021-44374 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetMask param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44374
CVE-2021-44376 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetIsp param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44376
CVE-2021-44377 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetImage param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44377
CVE-2021-44378 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetEnc param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44378
CVE-2021-44379 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetAutoMaint param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44379
CVE-2021-44380 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetTime param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44380
CVE-2021-44381 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPowerLed param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44381
CVE-2021-44382 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot.SetIrLights param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44382
CVE-2021-44383 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetAutoUpgrade param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44383
CVE-2021-44384 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzTattern param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44384
CVE-2021-44386 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzPatrol param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44386
CVE-2021-44387 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzPreset param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44387
CVE-2021-44388 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Login param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44388
CVE-2021-44389 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAbility param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44389
CVE-2021-44390 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Format param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44390
CVE-2021-44391 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetEnc param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44391
CVE-2021-44392 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetImage param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44392
CVE-2021-44393 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetIsp param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44393
CVE-2021-44395 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMask param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44395
CVE-2021-44397 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. rtmp=start param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44397
CVE-2021-44398 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. rtmp=stop param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44398
CVE-2021-44399 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzPreset param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44399
CVE-2021-44400 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzPatrol param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44400
CVE-2021-44401 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. PtzCtrl param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44401
CVE-2021-44402 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44402
CVE-2021-44403 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzTattern param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44403
CVE-2021-44404 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetZoomFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44404
CVE-2021-44405 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. StartZoomFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44405
CVE-2021-44406 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAutoFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44406
CVE-2021-44407 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestEmail param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44407
CVE-2021-44408 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestFtp param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44408
CVE-2021-44409 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestWifi param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44409
CVE-2021-44410 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. UpgradePrepare param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44410
CVE-2021-44411 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Search param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44411
CVE-2021-44412 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetRec param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44412
CVE-2021-44413 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. AddUser param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44413
CVE-2021-44414 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. DelUser param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44414
CVE-2021-44415 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. ModifyUser param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44415
CVE-2021-44416 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Disconnect param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44416
CVE-2021-44417 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44417
CVE-2021-44419 A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-44419
CVE-2022-31090 Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify an `Authorization` header. On making a request which responds with a redirect to a URI with a different origin change in host, scheme or port , if we choose to follow it, we should remove the `CURLOPT_HTTPAUTH` option before continuing, stopping curl from appending the `Authorization` header to the new request. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. If you do not require or expect redirects to be followed, one should simply disable redirects all together. Alternatively, one can specify to use the Guzzle steam handler backend, rather than curl. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2022-31090
CVE-2022-21590 Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware component: Core Formatting API . Supported versions that are affected are 5.9.0.0, 6.4.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service partial DOS of Oracle BI Publisher. CVSS 3.1 Base Score 7.6 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L . 7.6 https://nvd.nist.gov/vuln/detail/CVE-2022-21590
CVE-2020-2518 Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 7.5 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H . 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-2518
CVE-2020-1639 When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance Ethernet OAM packet to a target device, it may improperly handle the incoming malformed data and fail to sanitize this incoming data resulting in an overflow condition. This overflow condition in Juniper Networks Junos OS allows an attacker to cause a Denial of Service DoS condition by coring the CFM daemon. Continued receipt of these packets may cause an extended Denial of Service condition. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95 on SRX Series; 14.1X50 versions prior to 14.1X50-D145; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R2; 15.1X49 versions prior to 15.1X49-D170 on SRX Series; 15.1X53 versions prior to 15.1X53-D67. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-1639
CVE-2020-10604 In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-10604
CVE-2020-3566 A vulnerability in the Distance Vector Multicast Routing Protocol DVMRP feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protocol IGMP packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address this vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-3566
CVE-2020-26868 ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by legitimate web clients. This issue also affects third-party systems based on the Web Services Toolkit. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-26868
CVE-2020-1686 On Juniper Networks Junos OS devices, receipt of a malformed IPv6 packet may cause the system to crash and restart vmcore . This issue can be trigged by a malformed IPv6 packet destined to the Routing Engine. An attacker can repeatedly send the offending packet resulting in an extended Denial of Service condition. Only IPv6 packets can trigger this issue. IPv4 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS 18.4 versions prior to 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS prior to 18.4R1. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-1686
CVE-2020-7758 This affects versions of package browserless-chrome before 1.40.2-chrome-stable. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-7758
CVE-2020-25201 HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25201
CVE-2020-2322 Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-2322
CVE-2021-3282 HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3282
CVE-2021-21293 blaze is a Scala library for building asynchronous pipelines, with a focus on network IO. All servers running blaze-core before version 0.14.15 are affected by a vulnerability in which unbounded connection acceptance leads to file handle exhaustion. Blaze, accepts connections unconditionally on a dedicated thread pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an unbounded queue. Each connection allocates a socket handle, which drains a scarce OS resource. This can also confound higher level circuit breakers which work based on detecting failed connections. The vast majority of affected users are using it as part of http4s-blaze-server <= 0.21.16. http4s provides a mechanism for limiting open connections, but is enforced inside the Blaze accept loop, after the connection is accepted and the socket opened. Thus, the limit only prevents the number of connections which can be simultaneously processed, not the number of connections which can be held open. The issue is fixed in version 0.14.15 for “NIO1SocketServerGroup”. A “maxConnections” parameter is added, with a default value of 512. Concurrent connections beyond this limit are rejected. To run unbounded, which is not recommended, set a negative number. The “NIO2SocketServerGroup” has no such setting and is now deprecated. There are several possible workarounds described in the refrenced GitHub Advisory GHSA-xmw9-q7x9-j5qc. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21293
CVE-2021-21294 Http4s http4s-blaze-server is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its selector pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an unbounded queue. Each connection allocates a socket handle, which drains a scarce OS resource. This can also confound higher level circuit breakers which work based on detecting failed connections. http4s provides a general “MaxActiveRequests” middleware mechanism for limiting open connections, but it is enforced inside the Blaze accept loop, after the connection is accepted and the socket opened. Thus, the limit only prevents the number of connections which can be simultaneously processed, not the number of connections which can be held open. In 0.21.17, 0.22.0-M2, and 1.0.0-M14, a new “maxConnections” property, with a default value of 1024, has been added to the `BlazeServerBuilder`. Setting the value to a negative number restores unbounded behavior, but is strongly disrecommended. The NIO2 backend does not respect `maxConnections`. Its use is now deprecated in http4s-0.21, and the option is removed altogether starting in http4s-0.22. There are several possible workarounds described in the refrenced GitHub Advisory GHSA-xhv5-w9c5-2r2w. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21294
CVE-2021-22553 Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22553
CVE-2021-25122 When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A’s request. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25122
CVE-2020-27779 A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub’s memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27779
CVE-2021-22883 Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an ‘unknownProtocol’ are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22883
CVE-2021-21348 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. If you rely on XStream’s default blacklist of the Security Framework, you will have to use at least version 1.4.16. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21348
CVE-2021-20222 A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20222
CVE-2021-1437 A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. This vulnerability is due to an unrestricted Trivial File Transfer Protocol TFTP configuration. An attacker could exploit this vulnerability by sending a specific TFTP request to an affected device. A successful exploit could allow the attacker to download any file from the filesystem of the affected access point AP . 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1437
CVE-2021-21399 Ampache is a web based audio/video streaming application and file manager. Versions prior to 4.4.1 allow unauthenticated access to Ampache using the subsonic API. To successfully make the attack you must use a username that is not part of the site to bypass the auth checks. For more details and workaround guidance see the referenced GitHub security advisory. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21399
CVE-2021-28156 HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in 1.9.5, and 1.8.10. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28156
CVE-2021-30169 The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant user’s credential. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-30169
CVE-2021-1501 A vulnerability in the SIP inspection engine of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service DoS condition.The vulnerability is due to a crash that occurs during a hash lookup for a SIP pinhole connection. An attacker could exploit this vulnerability by sending crafted SIP traffic through an affected device. A successful exploit could allow the attacker to cause a crash and reload of the affected device. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1501
CVE-2021-31164 Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-31164
CVE-2021-31918 A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. The Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to data confidentiality. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-31918
CVE-2021-20313 A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20313
CVE-2021-27385 A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\\” & 15\\” incl. SIPLUS variants All versions < V15.1 Update 6 , SIMATIC HMI Comfort Outdoor Panels V16 7\\” & 15\\” incl. SIPLUS variants All versions < V16 Update 4 , SIMATIC HMI Comfort Panels V15 4\\” - 22\\” incl. SIPLUS variants All versions < V15.1 Update 6 , SIMATIC HMI Comfort Panels V16 4\\” - 22\\” incl. SIPLUS variants All versions < V16 Update 4 , SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F All versions < V15.1 Update 6 , SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F All versions < V16 Update 4 , SIMATIC WinCC Runtime Advanced V15 All versions < V15.1 Update 6 , SIMATIC WinCC Runtime Advanced V16 All versions < V16 Update 4 , SINAMICS GH150 All versions , SINAMICS GL150 with option X30 All versions , SINAMICS GM150 with option X30 All versions , SINAMICS SH150 All versions , SINAMICS SL150 All versions , SINAMICS SM120 All versions , SINAMICS SM150 All versions , SINAMICS SM150i All versions . A remote attacker could send specially crafted packets to SmartVNC device layout handler on client side, which could influence the amount of resources consumed and result in a Denial-of-Service infinite loop condition. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27385
CVE-2021-32926 When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. The user would no longer be able to authenticate to the controller Micro800: All versions, MicroLogix 1400: Version 21 and later causing a denial-of-service condition 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32926
CVE-2021-22116 RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22116
CVE-2021-32717 Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 private files publicly accessible with Cloud Storage providers when the hashed URL is known. Users are recommend to first change their configuration to set the correct visibility according to the documentation. The visibility must be at the same level as `type`. When the Storage is saved on Amazon AWS we recommending disabling public access to the bucket containing the private files: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html. Otherwise, update to Shopware 6.4.1.1 or install or update the Security plugin https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659 and run the command `./bin/console s3:set-visibility` to correct your cloud file visibilities. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32717
CVE-2021-21083 AEM’s Cloud Service offering, as well as versions 6.5.7.0 and below , 6.4.8.3 and below and 6.3.3.8 and below are affected by an Improper Access Control vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service in the context of the current user. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21083
CVE-2021-32770 Gatsby is a framework for building websites. The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js are not affected. A patch has been introduced in gatsby-source-wordpress@4.0.8 and gatsby-source-wordpress@5.9.2 which mitigates the issue by filtering all variables specified in the `auth: { }` section. Users that depend on this functionality are advised to upgrade to the latest release of gatsby-source-wordpress, run `gatsby clean` followed by a `gatsby build`. One may manually edit the app.js file post-build as a workaround. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32770
CVE-2021-32574 HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32574
CVE-2021-22527 Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22527
CVE-2021-3706 adminlte is vulnerable to Sensitive Cookie Without ‘HttpOnly’ Flag 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3706
CVE-2021-41079 Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41079
CVE-2021-38460 A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-38460
CVE-2021-41158 FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challenge response of a gateway configured on the FreeSWITCH server. This is done by challenging FreeSWITCH’s SIP requests with the realm set to that of the gateway, thus forcing FreeSWITCH to respond with the challenge response which is based on the password of that targeted gateway. Abuse of this vulnerability allows attackers to potentially recover gateway passwords by performing a fast offline password cracking attack on the challenge response. The attacker does not require special network privileges, such as the ability to sniff the FreeSWITCH’s network traffic, to exploit this issue. Instead, what is required for this attack to work is the ability to cause the victim server to send SIP request messages to the malicious party. Additionally, to exploit this issue, the attacker needs to specify the correct realm which might in some cases be considered secret. However, because many gateways are actually public, this information can easily be retrieved. The vulnerability appears to be due to the code which handles challenges in `sofia_reg.c`, `sofia_reg_handle_sip_r_challenge ` which does not check if the challenge is originating from the actual gateway. The lack of these checks allows arbitrary UACs and gateways to challenge any request sent by FreeSWITCH with the realm of the gateway being targeted. This issue is patched in version 10.10.7. Maintainers recommend that one should create an association between a SIP session for each gateway and its realm to make a check be put into place for this association when responding to challenges. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41158
CVE-2021-34792 A vulnerability in the memory management of Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper resource management when connection rates are high. An attacker could exploit this vulnerability by opening a significant number of connections on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-34792
CVE-2021-22044 In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22044
CVE-2021-26322 Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26322
CVE-2021-26338 Improper access controls in System Management Unit SMU may allow for an attacker to override performance control tables located in DRAM resulting in a potential lack of system resources. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26338
CVE-2021-20050 An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20050
CVE-2021-24948 The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tp_get_dl_post_info_ajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24948
CVE-2021-46669 MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46669
CVE-2022-22543 SAP NetWeaver Application Server for ABAP Kernel and ABAP Platform Kernel - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22543
CVE-2021-22785 A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40 , Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 H , BMXNOE0110 H , BMXNOC0401, BMXNOR0200H RTU All Versions , Modicon Premium Processors with integrated Ethernet Copro : TSXP574634, TSXP575634, TSXP576634 All Versions , Modicon Quantum Processors with Integrated Ethernet Copro : 140CPU65xxxxx All Versions , Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 All Versions , Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 All Versions 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22785
CVE-2022-25271 Drupal core’s form API has a vulnerability where certain contributed or custom modules’ forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25271
CVE-2022-24729 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24729
CVE-2021-27422 GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27422
CVE-2022-29153 HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29153
CVE-2022-1473 The OPENSSL_LH_flush function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 Affected 3.0.0,3.0.1,3.0.2 . 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1473
CVE-2021-31559 A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-31559
CVE-2022-1620 NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service application crash via a crafted input. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1620
CVE-2022-28739 There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28739
CVE-2022-29298 SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29298
CVE-2022-27781 libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server’s certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27781
CVE-2022-27782 libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27782
CVE-2022-34175 Jenkins 2.335 through 2.355 both inclusive allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34175
CVE-2022-32033 Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the function formSetVirtualSer. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32033
CVE-2022-32034 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32034
CVE-2022-32035 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32035
CVE-2022-32083 MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32083
CVE-2022-32086 MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32086
CVE-2022-2048 In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2048
CVE-2022-34027 Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34027
CVE-2022-34169 The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes such as OpenJDK include repackaged copies of Xalan. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34169
CVE-2022-30631 Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30631
CVE-2022-30632 Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30632
CVE-2022-30633 Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the ‘any’ field tag. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30633
CVE-2020-21365 Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-21365
CVE-2021-3998 A flaw was found in glibc. The realpath function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3998
CVE-2022-42004 In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42004
CVE-2022-42725 Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by symbolic directory links. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42725
CVE-2022-38138 The Triangle Microworks IEC 61850 Library Any client or server using the C language library with a version number of 11.2.0 or earlier and any client or server using the C++, C#, or Java language library with a version number of 5.0.1 or earlier and 60870-6 ICCP/TASE.2 Library Any client or server using a C++ language library with a version number of 4.4.3 or earlier are vulnerable to access given to a small number of uninitialized pointers within their code. This could allow an attacker to target any client or server using the affected libraries to cause a denial-of-service condition. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38138
CVE-2022-39201 Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. The destination plugin could receive a user’s Grafana authentication cookie. Versions 9.1.8 and 8.5.14 contain a patch for this issue. There are no known workarounds. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39201
CVE-2022-39278 Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted or oversized message which results in the control plane crashing when the Kubernetes validating or mutating webhook service is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially external istiod topologies, this port is exposed over the public internet. Versions 1.15.2, 1.14.5, and 1.13.9 contain patches for this issue. There are no effective workarounds, beyond upgrading. This bug is due to an error in `regexp.Compile` in Go. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39278
CVE-2022-2880 Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request’s Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2880
CVE-2022-38419 Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Restriction of XML External Entity Reference ‘XXE’ vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38419
CVE-2022-38420 Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not require user interaction. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38420
CVE-2022-3524 A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3524
CVE-2022-3526 A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function macvlan_handle_frame of the file drivers/net/macvlan.c of the component skb. The manipulation leads to memory leak. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211024. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3526
CVE-2022-42975 socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42975
CVE-2022-3281 WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3281
CVE-2022-3501 Article template contents with sensitive data could be accessed from agents without permissions. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3501
CVE-2022-3551 A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3551
CVE-2022-3553 A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier VDB-211053 was assigned to this vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3553
CVE-2022-3554 A vulnerability has been found in X.org libX11 and classified as problematic. This vulnerability affects the function _XimRegisterIMInstantiateCallback of the file modules/im/ximcp/imsClbk.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211054 is the identifier assigned to this vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3554
CVE-2022-3555 A vulnerability was found in X.org libX11 and classified as problematic. This issue affects the function _XFreeX11XCBStructure of the file xcb_disp.c. The manipulation of the argument dpy leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211055. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3555
CVE-2019-14840 A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-14840
CVE-2022-2931 A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high CPU usage. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2931
CVE-2022-3031 An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be possible for an attacker to guess a user’s password by brute force by sending crafted requests to a specific endpoint, even if the victim user has 2FA enabled on their account. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3031
CVE-2022-3283 A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used to trigger high CPU usage. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3283
CVE-2022-3559 A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3559
CVE-2022-3382 HIWIN Robot System Software version 3.3.21.9869 does not properly address the terminated command source. As a result, an attacker could craft code to disconnect HRSS and the controller and cause a denial-of-service condition. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3382
CVE-2022-3517 A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand function with specific arguments, resulting in a Denial of Service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3517
CVE-2020-8975 ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, allows a remote attacker with access to the web application and knowledge of the routes URIs used by the application, to access sensitive information about the system. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-8975
CVE-2022-22192 An Improper Validation of Syntactic Correctness of Input vulnerability in the kernel of Juniper Networks Junos OS Evolved on PTX series allows a network-based, unauthenticated attacker to cause a Denial of Service DoS . When an incoming TCP packet destined to the device is malformed there is a possibility of a kernel panic. Only TCP packets destined to the ports for BGP, LDP and MSDP can trigger this. This issue only affects PTX10004, PTX10008, PTX10016. No other PTX Series devices or other platforms are affected. This issue affects Juniper Networks Junos OS Evolved: 20.4-EVO versions prior to 20.4R3-S4-EVO; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 20.4R1-EVO. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22192
CVE-2022-22201 An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service DoS . On SRX5000 Series with SPC3, SRX4000 Series, and vSRX, when PowerMode IPsec is configured and a malformed ESP packet matching an established IPsec tunnel is received the PFE crashes. This issue affects Juniper Networks Junos OS on SRX5000 Series with SPC3, SRX4000 Series, and vSRX: All versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22201
CVE-2022-22211 A limitless resource allocation vulnerability in FPC resources of Juniper Networks Junos OS Evolved on PTX Series allows an unprivileged attacker to cause Denial of Service DoS . Continuously polling the SNMP jnxCosQstatTable causes the FPC to run out of GUID space, causing a Denial of Service to the FPC resources. When the FPC runs out of the GUID space, you will see the following syslog messages. The evo-aftmand-bt process is asserting. fpc1 evo-aftmand-bt[17556]: %USER-3: get_next_guid: Ran out of Guid Space start 1748051689472 end 1752346656767 fpc1 audit[17556]: %AUTH-5: ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295 pid=17556 comm=“EvoAftManBt-mai” exe=“/usr/sbin/evo-aftmand-bt” sig=6 fpc1 kernel: %KERN-5: audit: type=1701 audit 1648567505.119:57 : auid=4294967295 uid=0 gid=0 ses=4294967295 pid=17556 comm=“EvoAftManBt-mai” exe=“/usr/sbin/evo-aftmand-bt” sig=6 fpc1 emfd-fpa[14438]: %USER-5: Alarm set: APP color=red, class=CHASSIS, reason=Application evo-aftmand-bt fail on node Fpc1 fpc1 emfd-fpa[14438]: %USER-3-EMF_FPA_ALARM_REP: RaiseAlarm: Alarm Location: /Chassis[0]/Fpc[1] Module: sysman Object: evo-aftmand-bt:0 Error: 2 reported fpc1 sysepochman[12738]: %USER-5-SYSTEM_REBOOT_EVENT: Reboot [node] [ungraceful reboot] [evo-aftmand-bt exited] The FPC resources can be monitored using the following commands: user@router> start shell [vrf:none] user@router-re0:~$ cli -c “show platform application-info allocations app evo-aftmand-bt” | grep ^fpc | grep -v Route | grep -i -v Nexthop | awk ‘{total[$1] += $5} END { for key in total { print key “ “ total[key]/4294967296 }}’ Once the FPCs become unreachable they must be manually restarted as they do not self-recover. This issue affects Juniper Networks Junos OS Evolved on PTX Series: All versions prior to 20.4R3-S4-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO version 21.2R1-EVO and later versions; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22211
CVE-2022-22218 On SRX Series devices, an Improper Check for Unusual or Exceptional Conditions when using Certificate Management Protocol Version 2 CMPv2 auto re-enrollment, allows a network-based, unauthenticated attacker to cause a Denial of Service DoS by crashing the pkid process. The pkid process cannot handle an unexpected response from the Certificate Authority CA server, leading to crash. A restart is required to restore services. This issue affects: Juniper Networks Junos OS on SRX Series: All versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22218
CVE-2022-22223 On QFX10000 Series devices using Juniper Networks Junos OS when configured as transit IP/MPLS penultimate hop popping PHP nodes with link aggregation group LAG interfaces, an Improper Validation of Specified Index, Position, or Offset in Input weakness allows an attacker sending certain IP packets to cause multiple interfaces in the LAG to detach causing a Denial of Service DoS condition. Continued receipt and processing of these packets will sustain the Denial of Service. This issue affects IPv4 and IPv6 packets. Packets of either type can cause and sustain the DoS event. These packets can be destined to the device or be transit packets. On devices such as the QFX10008 with line cards, line cards can be restarted to restore service. On devices such as the QFX10002 you can restart the PFE service, or reboot device to restore service. This issue affects: Juniper Networks Junos OS on QFX10000 Series: All versions prior to 15.1R7-S11; 18.4 versions prior to 18.4R2-S10, 18.4R3-S10; 19.1 versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S1. An indicator of compromise may be seen by issuing the command: request pfe execute target fpc0 command “show jspec pechip[3] registers ps l2_node 10” timeout 0 | refresh 1 | no-more and reviewing for backpressured output; for example: GOT: 0x220702a8 pe.ps.l2_node[10].pkt_cnt 00000076 GOT: 0x220702b4 pe.ps.l2_node[10].backpressured 00000002 <<<< STICKS HERE and requesting detail on the pepic wanio: request pfe execute target fpc0 command “show pepic 0 wanio-info” timeout 0 | no-more | match xe-0/0/0:2 GOT: 3 xe-0/0/0:2 10 6 3 0 1 10 189 10 0x6321b088 <<< LOOK HERE as well as looking for tail drops looking at the interface queue, for example: show interfaces queue xe-0/0/0:2 resulting in: Transmitted: Total-dropped packets: 1094137 0 pps << LOOK HERE 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22223
CVE-2022-22228 An Improper Validation of Specified Type of Input vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS allows an attacker to cause an RPD memory leak leading to a Denial of Service DoS . This memory leak only occurs when the attacker’s packets are destined to any configured IPv6 address on the device. This issue affects: Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22228
CVE-2022-22231 An Unchecked Return Value to NULL Pointer Dereference vulnerability in Packet Forwarding Engine PFE of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service DoS . On SRX Series if Unified Threat Management UTM Enhanced Content Filtering CF and AntiVirus AV are enabled together and the system processes specific valid transit traffic the Packet Forwarding Engine PFE will crash and restart. This issue affects Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2 on SRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 21.4R1. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22231
CVE-2022-22232 A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service DoS . On SRX Series If Unified Threat Management UTM Enhanced Content Filtering CF is enabled and specific transit traffic is processed the PFE will crash and restart. This issue affects Juniper Networks Junos OS: 21.4 versions prior to 21.4R1-S2, 21.4R2 on SRX Series; 22.1 versions prior to 22.1R1-S1, 22.1R2 on SRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 21.4R1. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22232
CVE-2022-22235 An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based, attacker to cause Denial of Service DoS . A PFE crash will happen when a GPRS Tunnel Protocol GTP packet is received with a malformed field in the IP header of GTP encapsulated General Packet Radio Services GPRS traffic. The packet needs to match existing state which is outside the attackers control, so the issue cannot be directly exploited. The issue will only be observed when endpoint address validation is enabled. This issue affects Juniper Networks Junos OS on SRX Series: 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; 22.1 versions prior to 22.1R1-S1, 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.2R1. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22235
CVE-2022-22236 An Access of Uninitialized Pointer vulnerability in SIP Application Layer Gateway ALG of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a Denial of Service DoS . When specific valid SIP packets are received the PFE will crash and restart. This issue affects Juniper Networks Junos OS on SRX Series and MX Series: 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; 22.1 versions prior to 22.1R1-S1, 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22236
CVE-2022-22247 An Improper Input Validation vulnerability in ingress TCP segment processing of Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker to send a crafted TCP segment to the device, triggering a kernel panic, leading to a Denial of Service DoS condition. Continued receipt and processing of this TCP segment could create a sustained Denial of Service DoS condition. This issue affects Juniper Networks Junos OS Evolved: 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO; 22.1 versions prior to 22.1R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.3R1-EVO. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22247
CVE-2022-39058 RAVA certification validation system has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access arbitrary system files. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39058
CVE-2022-41479 The DevExpress Resource Handler ASPxHttpHandlerModule in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References IDOR vulnerability which allows attackers to access the application source code. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41479
CVE-2022-29055 A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via an HTTP GET request. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29055
CVE-2022-41547 Mobile Security Framework MobSF v0.9.2 and below was discovered to contain a local file inclusion LFI vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41547
CVE-2022-43259 Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43259
CVE-2022-42188 In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42188
CVE-2022-3594 A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3594
CVE-2022-21598 Vulnerability in the Siebel Core - DB Deployment and Configuration product of Oracle Siebel CRM component: Repository Utilities . Supported versions that are affected are 22.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Core - DB Deployment and Configuration. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Siebel Core - DB Deployment and Configuration accessible data. CVSS 3.1 Base Score 7.5 Integrity impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N . 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21598
CVE-2022-21614 Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware component: Dashboard . Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Data Quality accessible data. CVSS 3.1 Base Score 7.5 Confidentiality impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N . 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21614
CVE-2022-21620 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core . Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products scope change . Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H . 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21620
CVE-2022-21622 Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware component: Adapters . Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle SOA Suite accessible data. CVSS 3.1 Base Score 7.5 Integrity impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N . 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21622
CVE-2022-21623 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Application Config Console . Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 7.5 Integrity impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N . 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21623
CVE-2022-21634 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE component: LLVM Interpreter . Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 7.5 Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H . 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21634
CVE-2022-39412 Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Admin Console . The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.1 Base Score 7.5 Confidentiality impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N . 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39412
CVE-2022-39422 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core . Supported versions that are affected are Prior to 6.1.38. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products scope change . Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H . 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39422
CVE-2022-33077 An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer’s address via the addressedit endpoint. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-33077
CVE-2022-40798 OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a request the user can obtain the real email, sending the same request with correct email its possible to account takeover. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-40798
CVE-2020-23648 Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability. Through system.asp / start_apply.htm, an attacker can change the administrator password without any authentication. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-23648
CVE-2022-25662 Information disclosure due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25662
CVE-2022-25736 Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25736
CVE-2022-25749 Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25749
CVE-2022-43410 Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43410
CVE-2022-43415 Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43415
CVE-2022-43429 Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43429
CVE-2022-43430 Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43430
CVE-2013-4253 The deployment script in the unsupported “OpenShift Extras” set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user’s authorized_keys file. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2013-4253
CVE-2022-1738 Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to an out-of-bounds read, which could allow an attacker to leak sensitive data from the process memory. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1738
CVE-2022-42227 jsonlint 1.0 is vulnerable to heap-buffer-overflow via /home/hjsz/jsonlint/src/lexer. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42227
CVE-2022-36795 In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, and 14.1.x before 14.1.5.1, when an LTM TCP profile with Auto Receive Window Enabled is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36795
CVE-2022-41624 In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15.1.x before 15.1.7, 14.1.x before 14.1.5.2, and 13.1.x before 13.1.5.1, when a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41624
CVE-2022-41691 When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41691
CVE-2022-41787 In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when DNS profile is configured on a virtual server with DNS Express enabled, undisclosed DNS queries with DNSSEC can cause TMM to terminate. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41787
CVE-2022-41806 In versions 16.1.x before 16.1.3.2 and 15.1.x before 15.1.5.1, when BIG-IP AFM Network Address Translation policy with IPv6/IPv4 translation rules is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41806
CVE-2022-41832 In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when a SIP profile is configured on a virtual server, undisclosed messages can cause an increase in memory resource utilization. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41832
CVE-2022-41833 In all BIG-IP 13.1.x versions, when an iRule containing the HTTP::collect command is configured on a virtual server, undisclosed requests can cause Traffic Management Microkernel TMM to terminate. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41833
CVE-2022-41836 When an ‘Attack Signature False Positive Mode’ enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41836
CVE-2022-3576 A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band OOB Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager DSM versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3576
CVE-2022-3621 A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3621
CVE-2022-3623 A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function follow_page_pte of the file mm/gup.c of the component BPF. The manipulation leads to race condition. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211921 was assigned to this vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3623
CVE-2022-37453 An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffer overflow or an excess allocation happens due to unchecked array and matrix bounds in structure data types. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-37453
CVE-2022-39823 An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free error 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39823
CVE-2022-3638 A vulnerability was found in Nginx and classified as problematic. This issue affects some unknown processing of the file ngx_resolver.c of the component IPv4 Off Handler. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211937 was assigned to this vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3638
CVE-2022-41575 A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data e.g., cleartext credentials . This is fixed in 2022.3.3. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41575
CVE-2022-26423 Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26423
CVE-2022-3639 A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data handling on branch creation could have been used to trigger high CPU usage. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3639
CVE-2022-34439 Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34439
CVE-2022-3647 A vulnerability, which was classified as problematic, was found in Redis. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The name of the patch is 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3647
CVE-2022-23462 IOWOW is a C utility library and persistent key/value storage engine. Versions 1.4.15 and prior contain a stack buffer overflow vulnerability that allows for Denial of Service DOS when it parses scientific notation numbers present in JSON. A patch for this issue is available at commit a79d31e4cff1d5a08f665574b29fd885897a28fd in the `master` branch of the repository. There are no workarounds other than applying the patch. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23462
CVE-2021-26733 A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service DoS condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26733
CVE-2021-44467 A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service DoS condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44467
CVE-2021-44769 An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service DoS condition which can only be reverted via a factory reset. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44769
CVE-2022-39313 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.17, and prior to 5.2.8 on the 5.x branch, crash when a file download request is received with an invalid byte range, resulting in a Denial of Service. This issue has been patched in versions 4.10.17, and 5.2.8. There are no known workarounds. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39313
CVE-2022-41986 Information disclosure vulnerability in Android App ‘IIJ SmartKey’ versions prior to 2.1.4 allows an attacker to obtain a one-time password issued by the product under certain conditions. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41986
CVE-2022-43680 In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43680
CVE-2021-32923 HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases specifically, those within 1 second of their maximum TTL , which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-32923
CVE-2021-3713 An out-of-bounds write flaw was found in the UAS USB Attached SCSI device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-3713
CVE-2021-1621 A vulnerability in the Layer 2 punt code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a queue wedge on an interface that receives specific Layer 2 frames, resulting in a denial of service DoS condition. This vulnerability is due to improper handling of certain Layer 2 frames. An attacker could exploit this vulnerability by sending specific Layer 2 frames on the segment the router is connected to. A successful exploit could allow the attacker to cause a queue wedge on the interface, resulting in a DoS condition. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-1621
CVE-2021-21964 A denial of service vulnerability exists in the Modbus configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-21964
CVE-2022-2533 An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2022-2533
CVE-2022-21615 Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware component: Dashboard . Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Data Quality, attacks may significantly impact additional products scope change . Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Data Quality accessible data. CVSS 3.1 Base Score 7.4 Confidentiality impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N . 7.4 https://nvd.nist.gov/vuln/detail/CVE-2022-21615
CVE-2020-2556 Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering component: Core . Supported versions that are affected are 16.2.0.0-16.2.19.0, 17.12.0.0-17.12.16.0, 18.8.0.0-18.8.16.0, 19.12.0.0 and 20.1.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Primavera P6 Enterprise Project Portfolio Management executes to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service partial DOS of Primavera P6 Enterprise Project Portfolio Management. CVSS 3.0 Base Score 7.3 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L . 7.3 https://nvd.nist.gov/vuln/detail/CVE-2020-2556
CVE-2021-37617 The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextcloud Desktop Client invokes its uninstaller script when being installed to make sure there are no remnants of previous installations. In versions 3.0.3 through 3.2.4, the Client searches the `Uninstall.exe` file in a folder that can be written by regular users. This could lead to a case where a malicious user creates a malicious `Uninstall.exe`, which would be executed with administrative privileges on the Nextcloud Desktop Client installation. This issue is fixed in Nextcloud Desktop Client version 3.3.0. As a workaround, do not allow untrusted users to create content in the `C:\\` system folder and verify that there is no malicious `C:\\Uninstall.exe` file on the system. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-37617
CVE-2021-21957 A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report ODS Remote Connector 20.2.16900.0. A specially-crafted command injection can lead to elevated capabilities. An attacker can provide a malicious file to trigger this vulnerability. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21957
CVE-2022-2428 A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests 7.3 https://nvd.nist.gov/vuln/detail/CVE-2022-2428
CVE-2022-3060 Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests 7.3 https://nvd.nist.gov/vuln/detail/CVE-2022-3060
CVE-2022-3421 An attacker can pre-create the `/Applications/Google\\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set its setuid bit. Since the attacker owns the directory, the attacker can replace the binary with a symlink, causing the installer to set the setuid bit on the symlink. When the symlink is executed, it will run with root permissions. We recommend upgrading past version 64.0 7.3 https://nvd.nist.gov/vuln/detail/CVE-2022-3421
CVE-2022-22248 An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user’s session. If the follow-on user is a high-privileged administrator, the attacker could leverage this vulnerability to take complete control of the target system. While this issue is triggered by a user, other than the attacker, accessing the Junos shell, an attacker simply requires Junos CLI access to exploit this vulnerability. This issue affects Juniper Networks Junos OS Evolved: 20.4-EVO versions prior to 20.4R3-S1-EVO; All versions of 21.1-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 19.2R1-EVO. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2022-22248
CVE-2022-39421 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core . Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 7.3 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H . 7.3 https://nvd.nist.gov/vuln/detail/CVE-2022-39421
CVE-2019-7670 Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component, which could allow attackers to execute commands directly on the operating system. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2019-7670
CVE-2020-2549 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: WLS Core Components . The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.2 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H . 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-2549
CVE-2020-25643 A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-25643
CVE-2020-25654 An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-25654
CVE-2021-20187 It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-20187
CVE-2021-1469 Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service DoS condition. For more information about these vulnerabilities, see the Details section of this advisory. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-1469
CVE-2021-1506 Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-1506
CVE-2021-24252 The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result, or via a LFI as authorisation checks are missing but would require WP to be loaded 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-24252
CVE-2021-1618 Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to do one or both of the following: Execute a command using crafted input Upload a file that has been altered using path traversal techniques A successful exploit could allow the attacker to read and write arbitrary files or execute arbitrary commands as root on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-1618
CVE-2021-36022 Magento Commerce versions 2.4.2 and earlier , 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-36022
CVE-2020-25719 A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-25719
CVE-2022-38421 Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ‘Path Traversal’ vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but does require administrator privileges. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-38421
CVE-2022-3131 The Search Logger WordPress plugin through 0.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-3131
CVE-2022-3150 The WP Custom Cursors WordPress plugin through 3.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-3150
CVE-2022-3243 The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-3243
CVE-2022-3549 A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /csms/admin/?page=user/manage_user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211049 was assigned to this vulnerability. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-3549
CVE-2022-41498 Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editbrand.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-41498
CVE-2022-3552 Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-3552
CVE-2022-42142 Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-42142
CVE-2022-42143 Open Source SACCO Management System v1.0 is vulnerable to SQL Injection via /sacco_shield/manage_payment.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-42143
CVE-2022-39057 RAVA certificate validation system has insufficient filtering for special parameter of the web page input field. A remote attacker with administrator privilege can exploit this vulnerability to perform arbitrary system command and disrupt service. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-39057
CVE-2022-35844 An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-35844
CVE-2022-41504 An arbitrary file upload vulnerability in the component /php_action/editProductImage.php of Billing System Project v1.0 allows attackers to execute arbitrary code via a crafted PHP file. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-41504
CVE-2022-41537 Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /user_operations/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-41537
CVE-2022-21596 Vulnerability in the Oracle Database - Advanced Queuing component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having DBA user privilege with network access via Oracle Net to compromise Oracle Database - Advanced Queuing. Successful attacks of this vulnerability can result in takeover of Oracle Database - Advanced Queuing. CVSS 3.1 Base Score 7.2 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H . 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-21596
CVE-2022-21600 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer . Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H . 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-21600
CVE-2022-21603 Vulnerability in the Oracle Database - Sharding component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Local Logon to compromise Oracle Database - Sharding. Successful attacks of this vulnerability can result in takeover of Oracle Database - Sharding. CVSS 3.1 Base Score 7.2 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H . 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-21603
CVE-2022-42218 Open Source SACCO Management System v1.0 vulnerable to SQL Injection via /sacco_shield/manage_loan.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-42218
CVE-2022-41617 In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-41617
CVE-2022-31366 An arbitrary file upload vulnerability in the apiImportLabs function in api_labs.php of EVE-NG 2.0.3-112 Community allows attackers to execute arbitrary code via a crafted UNL file. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-31366
CVE-2022-42201 Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-42201
CVE-2022-36957 SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-36957
CVE-2022-38108 SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-38108
CVE-2022-42189 Emlog Pro 1.6.0 plugins upload suffers from a remote code execution RCE vulnerability. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-42189
CVE-2022-38104 Auth. WordPress Options Change siteurl, users_can_register, default_role, admin_email and new_admin_email vulnerability in Biplob Adhikari’s Accordions – Multiple Accordions or FAQs Builder plugin versions <= 2.0.3 on WordPress. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-38104
CVE-2021-46850 myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server endpoint. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-46850
CVE-2022-3300 The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-3300
CVE-2020-2688 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: Object Migration . Supported versions that are affected are 8.0.4-8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.0 Base Score 7.1 Confidentiality and Integrity impacts . CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N . 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-2688
CVE-2020-24394 In the Linux kernel before 5.7.8, fs/nfsd/vfs.c in the NFS server can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-24394
CVE-2021-29613 TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `tf.raw_ops.CTCLoss` allows an attacker to trigger an OOB read from heap. The fix will be included in TensorFlow 2.5.0. We will also cherrypick these commits on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-29613
CVE-2020-10709 A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original token granted to the user still has access to Ansible Tower, which allows any user that can gain access to the token to be fully authenticated to Ansible Tower. This flaw affects Ansible Tower versions before 3.6.4 and Ansible Tower versions before 3.5.6. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-10709
CVE-2021-25399 Improper configuration in Smart Manager prior to version 11.0.05.0 allows attacker to access the file with system privilege. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25399
CVE-2021-36286 Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links can be created by any non-privileged user under some object directories, but by themselves are not sufficient to successfully escalate privileges. However, combining them with a different object, such as the NTFS junction point allows for the exploitation. Support assist clean files functionality do not distinguish junction points from the physical folder and proceeds to clean the target of the junction that allows nonprivileged users to create junction points and delete arbitrary files on the system which can be accessed only by the admin. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-36286
CVE-2022-29458 ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-29458
CVE-2022-3566 A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-3566
CVE-2022-3567 A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-3567
CVE-2022-21593 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: OHS Config MBeans . Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data as well as unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 7.1 Confidentiality and Integrity impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N . 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-21593
CVE-2022-25665 Information disclosure due to buffer over read in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25665
CVE-2022-41742 NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-41742
CVE-2020-29370 An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71. 7 https://nvd.nist.gov/vuln/detail/CVE-2020-29370
CVE-2021-20271 A flaw was found in RPM’s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability. 7 https://nvd.nist.gov/vuln/detail/CVE-2021-20271
CVE-2021-41617 sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. 7 https://nvd.nist.gov/vuln/detail/CVE-2021-41617
CVE-2022-3522 A vulnerability was found in Linux Kernel and classified as problematic. This issue affects the function hugetlb_no_page of the file mm/hugetlb.c. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211019. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-3522
CVE-2022-33214 Memory corruption in display due to time-of-check time-of-use of metadata reserved size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 7 https://nvd.nist.gov/vuln/detail/CVE-2022-33214
CVE-2022-41743 NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus when the hls directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_hls_module. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-41743
CVE-2022-3635 A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-3635
CVE-2017-10274 Vulnerability in the Java SE component of Oracle Java SE subcomponent: Smart Card IO . Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code e.g., code installed by an administrator . CVSS 3.0 Base Score 6.8 Confidentiality and Integrity impacts . CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N . 6.8 https://nvd.nist.gov/vuln/detail/CVE-2017-10274
CVE-2019-6171 A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2019-6171
CVE-2022-35860 Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35860
CVE-2020-9285 Some versions of Sonos One 1st and 2nd generation allow partial or full memory access via attacker controlled hardware that can be attached to the Mini-PCI Express slot on the motherboard that hosts the WiFi card on the device. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9285
CVE-2020-15436 Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2020-15436
CVE-2021-1449 A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The vulnerability is due to an improper check that is performed by the area of code that manages system startup processes. An attacker could exploit this vulnerability by modifying a specific file that is stored on the system, which would allow the attacker to bypass existing protections. A successful exploit could allow the attacker to execute unsigned code at boot time and bypass the software image verification check part of the secure boot process of an affected device. Note: To exploit this vulnerability, the attacker would need to have access to the development shell devshell on the device. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-1449
CVE-2021-21554 Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-21554
CVE-2021-21557 Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-21557
CVE-2021-21590 Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-21590
CVE-2021-21591 Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-21591
CVE-2021-34725 A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to execute commands with root-level privileges. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-34725
CVE-2021-34726 A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to execute commands with root-level privileges. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-34726
CVE-2021-34729 A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input in the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system. An attacker would need valid user credentials to exploit this vulnerability. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-34729
CVE-2021-42739 A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-42739
CVE-2021-34402 NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, where a user with high privileges might be able to read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service, Information disclosure, loss of Integrity, or possible escalation of privileges. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-34402
CVE-2022-30783 An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-30783
CVE-2022-30785 A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-30785
CVE-2022-30787 An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-30787
CVE-2022-26691 A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26691
CVE-2021-35530 A vulnerability in the application authentication and authorization mechanism in Hitachi Energy’s TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0 2.1.0; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-35530
CVE-2022-25666 Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-25666
CVE-2022-34437 Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentially exploit this vulnerability, leading to a full system compromise. This impacts compliance mode clusters. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-34437
CVE-2022-34438 Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to full system compromise. This impacts compliance mode clusters. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-34438
CVE-2018-18584 In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2018-18584
CVE-2019-15961 A vulnerability in the email parsing module Clam AntiVirus ClamAV Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-15961
CVE-2020-15117 In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff 4294967295 if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the available memory of the Server is more than 4GB. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-15117
CVE-2020-1681 Receipt of a specifically malformed NDP packet sent from the local area network LAN to a device running Juniper Networks Junos OS Evolved can cause the ndp process to crash, resulting in a Denial of Service DoS . The process automatically restarts without intervention, but a continuous receipt of the malformed NDP packets could leaded to an extended Denial of Service condition. During this time, IPv6 neighbor learning will be affected. The issue occurs when parsing the incoming malformed NDP packet. Rather than simply discarding the packet, the process asserts, performing a controlled exit and restart, thereby avoiding any chance of an unhandled exception. Exploitation of this vulnerability is limited to a temporary denial of service, and cannot be leveraged to cause additional impact on the system. This issue is limited to the processing of IPv6 NDP packets. IPv4 packet processing cannot trigger, and is unaffected by this vulnerability. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO. Junos OS is unaffected by this vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-1681
CVE-2020-28041 The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim’s intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming. This occurs because the ALG takes action based on an IP packet with an initial REGISTER substring in the TCP data, and the correct intranet IP address in the subsequent Via header, without properly considering that connection progress and fragmentation affect the meaning of the packet data. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-28041
CVE-2020-7032 An XML external entity XXE vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-7032
CVE-2020-28053 HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-28053
CVE-2021-21235 kamadak-exif is an exif parsing library written in pure Rust. In kamadak-exif version 0.5.2, there is an infinite loop in parsing crafted PNG files. Specifically, reader::read_from_container can cause an infinite loop when a crafted PNG file is given. This is fixed in version 0.5.3. No workaround is available. Applications that do not pass files with the PNG signature to Reader::read_from_container are not affected. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21235
CVE-2021-21285 In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21285
CVE-2021-26559 Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26559
CVE-2021-21297 Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default behaviour of the Node-RED runtime. The vulnerability is patched in the 1.2.8 release. A workaround is to ensure only authorized users are able to access the editor url. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21297
CVE-2021-21274 Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse . Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers. Issue is resolved in version 1.25.0. As a workaround the `federation_domain_whitelist` setting can be used to restrict the homeservers communicated with over federation. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21274
CVE-2021-22861 An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted repository, a setting that is disabled by default for organization owned private repositories. Branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.4.21 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22861
CVE-2021-22862 An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference of a pull request to be updated to point to an arbitrary SHA or another pull request outside of the fork repository. By establishing this incorrect reference in a PR, the restrictions that limit the Actions secrets sent a workflow from forks could be bypassed. This vulnerability affected GitHub Enterprise Server version 3.0.0, 3.0.0.rc2, and 3.0.0.rc1. This vulnerability was reported via the GitHub Bug Bounty program. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22862
CVE-2021-21362 MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-04T00-53-13Z it is possible to bypass a readOnly policy by creating a temporary ‘mc share upload’ URL. Everyone is impacted who uses MinIO multi-users. This is fixed in version RELEASE.2021-03-04T00-53-13Z. As a workaround, one can disable uploads with `Content-Type: multipart/form-data` as mentioned in the S3 API RESTObjectPOST docs by using a proxy in front of MinIO. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21362
CVE-2021-21375 PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earlier, after an initial INVITE has been sent, when two 183 responses are received, with the first one causing negotiation failure, a crash will occur. This results in a denial of service. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21375
CVE-2021-21421 node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21421
CVE-2021-22865 An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App’s web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. The private repository metadata returned would be limited to repositories owned by the user the token identifies. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.4 and was fixed in versions 3.0.4, 2.22.10, 2.21.18. This vulnerability was reported via the GitHub Bug Bounty program. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22865
CVE-2021-3482 A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3482
CVE-2021-29501 Ticketer is a command based ticket system cog plugin for the red discord bot. A vulnerability allowing discord users to expose sensitive information has been found in the Ticketer cog. Please upgrade to version 1.0.1 as soon as possible. As a workaround users may unload the ticketer cog to disable the exploitable code. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29501
CVE-2021-29502 WarnSystem is a cog plugin for the Red discord bot. A vulnerability has been found in the code that allows any user to access sensible informations by setting up a specific template which is not properly sanitized. The problem has been patched in version 1.3.18. Users should update and type `!warnsysteminfo` to check that their version is 1.3.18 or above. As a workaround users may unload the WarnSystem cog or disable the `!warnset description` command globally. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29502
CVE-2021-29511 evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use `evm_core::Memory::copy_large`, the `evm` crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack. The flaw was corrected in commit `19ade85`. Users should upgrade to `==0.21.1, ==0.23.1, ==0.24.1, ==0.25.1, >=0.26.1`. There are no workarounds. Please upgrade your `evm` crate version. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29511
CVE-2020-25713 A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25713
CVE-2021-29624 fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a “double submit” mechanism using cookies with an application deployed across multiple subdomains, e.g. “heroku”-style platform as a service. Version 3.1.0 of the fastify-csrf fixes it. the vulnerability. The user of the module would need to supply a `userInfo` when generating the CSRF token to fully implement the protection on their end. This is needed only for applications hosted on different subdomains. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29624
CVE-2020-10716 A flaw was found in Red Hat Satellite’s Job Invocation, where the “User Input” entry was not properly restricted to the view. This flaw allows a malicious Satellite user to scan through the Job Invocation, with the ability to search for passwords and other sensitive data. This flaw affects tfm-rubygem-foreman_ansible versions before 4.0.3.4. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-10716
CVE-2021-24318 The Listeo WordPress theme before 1.6.11 did not ensure that the Post/Page and Booking to delete belong to the user making the request, allowing any authenticated users to delete arbitrary page/post and booking via an IDOR vector. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24318
CVE-2021-3544 Several memory leaks were found in the virtio vhost-user GPU device vhost-user-gpu of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory i.e., free after effective lifetime. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3544
CVE-2021-3545 An information disclosure vulnerability was found in the virtio vhost-user GPU device vhost-user-gpu of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3545
CVE-2021-22906 Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22906
CVE-2021-32699 Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to `1.4.4` are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intended and cause downstream impacts to other clients on the same hardware, eventually causing the physical server to stop responding. Users should upgrade to `1.4.4` to mitigate the issue. There is no non-code based workaround for impacted versions of the software. Users running customized versions of this software can manually set a PID limit for containers created. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32699
CVE-2021-1617 Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to do one or both of the following: Execute a command using crafted input Upload a file that has been altered using path traversal techniques A successful exploit could allow the attacker to read and write arbitrary files or execute arbitrary commands as root on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1617
CVE-2021-37750 The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37750
CVE-2021-39210 GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie when a user uses the “remember me” feature is accessible by scripts. A malicious plugin that could steal this cookie would be able to use it to autologin. This issue is fixed in version 9.5.6. As a workaround, one may avoid using the “remember me” feature. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39210
CVE-2021-1589 A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. This vulnerability exists because access to API endpoints is not properly restricted. An attacker could exploit this vulnerability by sending a request to an API endpoint. A successful exploit could allow the attacker to gain unauthorized access to administrative credentials that could be used in further attacks. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1589
CVE-2021-36309 Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\\Radius credentials stored to read sensitive information and use it in further attacks. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-36309
CVE-2021-39880 A Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to deny access to all users via specially crafted requests to the apollo_upload_server middleware. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39880
CVE-2021-24779 The WP Debugging WordPress plugin before 2.11.0 has its update_settings function hooked to admin_init and is missing any authorisation and CSRF checks, as a result, the settings can be updated by unauthenticated users. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24779
CVE-2021-41178 Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, a file traversal vulnerability makes an attacker able to download arbitrary SVG images from the host system, including user provided files. This could also be leveraged into a XSS/phishing attack, an attacker could upload a malicious SVG file that mimics the Nextcloud login form and send a specially crafted link to victims. The XSS risk here is mitigated due to the fact that Nextcloud employs a strict Content-Security-Policy disallowing execution of arbitrary JavaScript. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5 or 22.2.0. There are no known workarounds aside from upgrading. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41178
CVE-2021-41229 BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41229
CVE-2021-24894 The Reviews Plus WordPress plugin before 1.2.14 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated user submit such rating and the reviews are set to be displayed on the post/page 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24894
CVE-2019-8921 An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-8921
CVE-2021-22565 An attacker could prematurely expire a verification code, making it unusable by the patient, making the patient unable to upload their TEKs to generate exposure notifications. We recommend upgrading the Exposure Notification server to V1.1.2 or greater. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22565
CVE-2021-25013 The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubely_delete_saved_block AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25013
CVE-2021-24928 The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does not have proper access controls in the save_all_order AJAX action, nor validation and escaping when inserting user data in SQL statement, leading to an SQL injection, and allowing any authenticated user, such as subscriber, to modify arbitrary post content for example with an XSS payload , as well as exfiltrate any data by copying it to another post. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24928
CVE-2021-24947 The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24947
CVE-2021-24993 The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them and add arbitrary products, or change the plugin’s settings for example 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24993
CVE-2021-3930 An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page if the ‘page’ argument was set to MODE_PAGE_ALLS 0x3f . A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3930
CVE-2022-24741 Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial of service by uploading specially crafted files which will cause the server to allocate too much memory / CPU. It is recommended that the Nextcloud Server is upgraded to 21.0.8 , 22.2.4 or 23.0.1. Users unable to upgrade should disable preview generation with the `’enable_previews’` config flag. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24741
CVE-2022-1348 A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1348
CVE-2022-32206 curl < 7.84.0 supports “chained” HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable “links” in this “decompression chain” was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a “malloc bomb”, makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32206
CVE-2022-1128 Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1128
CVE-2022-1129 Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1129
CVE-2022-1137 Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1137
CVE-2022-1138 Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who had compromised the renderer process to obscure the contents of the Omnibox URL bar via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1138
CVE-2022-1139 Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1139
CVE-2022-20253 In Bluetooth, there is a possible cleanup failure due to an uncaught exception. This could lead to remote denial of service in Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224545125 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-20253
CVE-2022-39309 GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agents. A malicious/compromised agent may then expose that key from memory, and potentially allow an attacker the ability to decrypt secrets intended for other agents/environments if they also are able to obtain access to encrypted configuration values from the GoCD server. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39309
CVE-2022-39310 GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 can allow one authenticated agent to impersonate another agent, and thus receive work packages for other agents due to broken access control and incorrect validation of agent tokens within the GoCD server. Since work packages can contain sensitive information such as credentials intended only for a given job running against a specific agent environment, this can cause accidental information disclosure. Exploitation requires knowledge of agent identifiers and ability to authenticate as an existing agent with the GoCD server. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39310
CVE-2022-39052 An external attacker is able to send a specially crafted email with many recipients and trigger a potential DoS of the system 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39052
CVE-2022-3082 The miniOrange Discord Integration WordPress plugin before 2.1.6 does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for example 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3082
CVE-2022-41471 74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41471
CVE-2022-28291 Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an attacker to access credentials stored in Nessus scanners, potentially compromising its customers’ network of assets. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28291
CVE-2022-2455 A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed an authenticated and authorized user to exhaust server resources by importing a malicious project. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2455
CVE-2022-2592 A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2592
CVE-2022-3067 An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects’ content given the project’s ID. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3067
CVE-2022-3165 An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3165
CVE-2022-3279 An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3279
CVE-2022-3291 Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3291
CVE-2022-3540 An issue has been discovered in hunter2 affecting all versions before 2.1.0. Improper handling of auto-completion input allows an authenticated attacker to extract other users email addresses 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3540
CVE-2022-22224 An Improper Check or Handling of Exceptional Conditions vulnerability in the processing of a malformed OSPF TLV in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause the periodic packet management daemon PPMD process to go into an infinite loop, which in turn can cause protocols and functions reliant on PPMD such as OSPF neighbor reachability to be impacted, resulting in a sustained Denial of Service DoS condition. The DoS condition persists until the PPMD process is manually restarted. This issue affects: Juniper Networks Junos OS: All versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S5; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S9; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S3-EVO; 21.1 versions prior to 21.1R2-EVO. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22224
CVE-2022-22226 In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Uncontrolled Memory Allocation vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS allows an unauthenticated adjacently located attacker sending specific packets to cause a Denial of Service DoS condition by crashing one or more PFE’s when they are received and processed by the device. Upon automatic restart of the PFE, continued processing of these packets will cause the memory leak to reappear. Depending on the volume of packets received the attacker may be able to create a sustained Denial of Service DoS condition. This issue affects: Juniper Networks Junos OS on EX4300-MP, EX4600, QFX5000 Series: 17.1 version 17.1R1 and later versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S7, 19.2R3-S1; 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2. This issue does not affect Junos OS versions prior to 17.1R1. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22226
CVE-2022-22230 An Improper Input Validation vulnerability in the Routing Protocol Daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause DoS Denial of Service . If another router generates more than one specific valid OSPFv3 LSA then rpd will crash while processing these LSAs. This issue only affects systems configured with OSPFv3, while OSPFv2 is not affected. This issue affects: Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S6; 19.3 version 19.3R2 and later versions; 19.4 versions prior to 19.4R2-S8, 19.4R3-S9; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S5-EVO; 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-S1-EVO; 21.3-EVO versions prior to 21.3R3-S2-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO; 22.2-EVO versions prior to 22.2R2-EVO. This issue does not affect Juniper Networks Junos OS 19.2 versions prior to 19.2R2. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22230
CVE-2022-22237 An Improper Authentication vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause an impact on confidentiality or integrity. A vulnerability in the processing of TCP-AO will allow a BGP or LDP peer not configured with authentication to establish a session even if the peer is locally configured to use authentication. This could lead to untrusted or unauthorized sessions being established. This issue affects Juniper Networks Junos OS: 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2. This issue does not affect Juniper Networks Junos OS Evolved. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22237
CVE-2022-22238 An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service DoS . When an incoming RESV message corresponding to a protected LSP is malformed it causes an incorrect internal state resulting in an rpd core. This issue affects: Juniper Networks Junos OS All versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S8; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.2R3-S3-EVO; 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S1-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO version 21.2R1-EVO and later versions; 21.3-EVO versions prior to 21.3R2-EVO. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22238
CVE-2022-22249 An Improper Control of a Resource Through its Lifetime vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial of Service DoS . When there is a continuous mac move a memory corruption causes one or more FPCs to crash and reboot. These MAC moves can be between two local interfaces or between core/EVPN and local interface. The below error logs can be seen in PFE syslog when this issue happens: xss_event_handler 1071 : EA[0:0]_PPE 46.xss[0] ADDR Error. ppe_error_interrupt 4298 : EA[0:0]_PPE 46 Errors sync xtxn error xss_event_handler 1071 : EA[0:0]_PPE 1.xss[0] ADDR Error. ppe_error_interrupt 4298 : EA[0:0]_PPE 1 Errors sync xtxn error xss_event_handler 1071 : EA[0:0]_PPE 2.xss[0] ADDR Error. This issue affects Juniper Networks Junos OS on MX Series: All versions prior to 15.1R7-S13; 19.1 versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22249
CVE-2022-22250 An Improper Control of a Resource Through its Lifetime vulnerability in Packet Forwarding Engine PFE of Juniper Networks Junos OS and Junos OS Evolved allows unauthenticated adjacent attacker to cause a Denial of Service DoS . In an EVPN-MPLS scenario, if MAC is learned locally on an access interface but later a request to delete is received indicating that the MAC was learnt remotely, this can lead to memory corruption which can result in line card crash and reload. This issue affects: Juniper Networks Junos OS All versions 17.3R1 and later versions prior to 19.2R3-S5; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S8; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R1-S1, 21.4R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S3-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO; 21.4-EVO versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 17.3R1. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22250
CVE-2022-21601 Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications component: Connection Manager . Supported versions that are affected are 12.0.0.4.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Billing and Revenue Management accessible data and unauthorized ability to cause a partial denial of service partial DOS of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 6.5 Confidentiality and Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L . 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21601
CVE-2022-21635 Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB . Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.1 Base Score 6.5 Integrity and Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H . 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21635
CVE-2022-21636 Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Session Management . Supported versions that are affected are 12.2.6-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Framework accessible data. CVSS 3.1 Base Score 6.5 Confidentiality impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N . 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21636
CVE-2022-39408 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer . Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.1 Base Score 6.5 Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H . 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39408
CVE-2022-39410 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer . Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.1 Base Score 6.5 Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H . 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39410
CVE-2022-43032 An issue was discovered in Bento4 v1.6.0-639. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp, as demonstrated by mp42aac. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43032
CVE-2022-43033 An issue was discovered in Bento4 1.6.0-639. There is a bad free in the component AP4_HdlrAtom::~AP4_HdlrAtom which allows attackers to cause a Denial of Service DoS via a crafted input. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43033
CVE-2022-43034 An issue was discovered in Bento4 v1.6.0-639. There is a heap buffer overflow vulnerability in the AP4_BitReader::SkipBits unsigned int function in mp42ts. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43034
CVE-2022-43035 An issue was discovered in Bento4 v1.6.0-639. There is a heap-buffer-overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a Denial of Service DoS , as demonstrated by mp42aac. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43035
CVE-2022-43037 An issue was discovered in Bento4 1.6.0-639. There is a memory leak in the function AP4_File::ParseStream in /Core/Ap4File.cpp. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43037
CVE-2022-43038 Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadCache function in mp42ts. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43038
CVE-2022-43408 Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of ‘input’ steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify ‘input’ step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43408
CVE-2022-43419 Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43419
CVE-2022-41707 Relatedcode’s Messenger version 7bcd20b allows an authenticated external attacker to access sensitive data of any user of the application. This is possible because the application exposes user data to the public. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41707
CVE-2022-2805 A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. This flaw allows an attacker with sufficient privileges to read the log file, leading to confidentiality loss. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2805
CVE-2022-43020 OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag update function. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43020
CVE-2022-43021 OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the entriesPerPage variable. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43021
CVE-2022-43022 OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag deletion function. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43022
CVE-2022-43023 OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43023
CVE-2022-41770 In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated iControl REST user can cause an increase in memory resource utilization, via undisclosed requests. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41770
CVE-2022-41813 In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when BIG-IP is provisioned with PEM or AFM module, an undisclosed input can cause Traffic Management Microkernel TMM to terminate. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41813
CVE-2022-42197 In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42197
CVE-2022-3597 LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3597
CVE-2022-3598 LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3598
CVE-2022-3599 LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3599
CVE-2022-3626 LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3626
CVE-2022-3627 LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3627
CVE-2022-3676 In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3676
CVE-2022-41797 Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41797
CVE-2022-41799 Improper access control vulnerability in GROWI prior to v5.1.4 v5 series and versions prior to v4.5.25 v4 series allows a remote authenticated attacker to bypass access restriction and download the markdown data from the pages set to private by the other users. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41799
CVE-2021-21532 Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management server, thus allowing the attacker to change the device configuration or certificate file. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21532
CVE-2021-32760 containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules LSMs like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2021-32760
CVE-2022-21658 Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_dir_all` standard library function is vulnerable a race condition enabling symlink following CWE-363 . An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn’t otherwise access or delete. Rust 1.0.0 through Rust 1.58.0 is affected by this vulnerability with 1.58.1 containing a patch. Note that the following build targets don’t have usable APIs to properly mitigate the attack, and are thus still vulnerable even with a patched toolchain: macOS before version 10.10 Yosemite and REDOX. We recommend everyone to update to Rust 1.58.1 as soon as possible, especially people developing programs expected to run in privileged contexts including system daemons and setuid binaries , as those have the highest risk of being affected by this. Note that adding checks in your codebase before calling remove_dir_all will not mitigate the vulnerability, as they would also be vulnerable to race conditions like remove_dir_all itself. The existing mitigation is working as intended outside of race conditions. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21658
CVE-2022-21820 NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and limited impacts to both data confidentiality and integrity. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21820
CVE-2022-3140 LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme ‘vnd.libreoffice.command’ specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.1; 7.3 versions prior to 7.3.6. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2022-3140
CVE-2016-7103 Cross-site scripting XSS vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2016-7103
CVE-2021-21313 GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters _target and id are not properly sanitized. Here are two payloads due to two different exploitations depending on which parameter you act to exploit the vulnerability:/ajax/common.tabs.php?_target=javascript\:alert document.cookie &_itemtype=DisplayPreference&_glpi_tab=DisplayPreference$2&id=258&displaytype=Ticket Payload triggered if you click on the button . /ajax/common.tabs.php?_target=/front/ticket.form.php&_itemtype=Ticket&_glpi_tab=Ticket$1&id= {}; function%20 {alert document.cookie ;} ;function%20a&#. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-21313
CVE-2021-21510 Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-21510
CVE-2021-21333 Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse . Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the notification emails sent for notifications for missed messages or for an expiring account are subject to HTML injection. In the case of the notification for missed messages, this could allow an attacker to insert forged content into the email. The account expiry feature is not enabled by default and the HTML injection is not controllable by an attacker. This is fixed in version 1.27.0. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-21333
CVE-2021-20208 A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-20208
CVE-2020-25864 HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value KV raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-25864
CVE-2021-25640 In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25640
CVE-2021-39175 HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into another page. The problem is patched in version 1.9.0. There are no known workarounds aside from upgrading. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-39175
CVE-2021-21684 Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting XSS vulnerability. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-21684
CVE-2021-41182 jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-41182
CVE-2021-41183 jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-41183
CVE-2021-41184 jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position ` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-41184
CVE-2021-36322 Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-36322
CVE-2021-24977 The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the backend, it could also lead to Stored XSS issues 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-24977
CVE-2021-32478 The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-32478
CVE-2021-36914 Cross-Site Request Forgery CSRF vulnerability leading to Reflected Cross-Site Scripting XSS in CalderaWP License Manager WordPress plugin <= 1.2.11. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-36914
CVE-2021-40776 Adobe Lightroom Classic 10.3 and earlier are affected by a privilege escalation vulnerability in the Offline Lightroom Classic installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40776
CVE-2022-1132 Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1132
CVE-2022-34257 Adobe Commerce versions 2.4.3-p2 and earlier , 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-34257
CVE-2021-30071 A cross-site scripting XSS vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-30071
CVE-2022-39842 An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user , a heap overflow may occur. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-39842
CVE-2022-3518 A vulnerability classified as problematic has been found in SourceCodester Sanitization Management System 1.0. Affected is an unknown function of the component User Creation Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-211014 is the identifier assigned to this vulnerability. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-3518
CVE-2022-3519 A vulnerability classified as problematic was found in SourceCodester Sanitization Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Quote Requests Tab. The manipulation of the argument Manage Remarks leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-211015. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-3519
CVE-2022-3149 The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor options, it could also lead to Stored Cross-Site Scripting 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-3149
CVE-2022-40605 MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40606. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-40605
CVE-2022-40606 MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40605. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-40606
CVE-2022-42147 kkFileView 4.0 is vulnerable to Cross Site Scripting XSS via controller\\ Filecontroller.java. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-42147
CVE-2022-22242 A Cross-site Scripting XSS vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim’s browser in the context of their session within J-Web. This issue affects Juniper Networks Junos OS all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-22242
CVE-2022-3339 A reflected cross-site scripting XSS vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator’s session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-3339
CVE-2022-3580 A vulnerability, which was classified as problematic, has been found in SourceCodester Cashier Queuing System 1.0.1. This issue affects some unknown processing of the component User Creation Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-211187. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-3580
CVE-2022-3581 A vulnerability, which was classified as problematic, was found in SourceCodester Cashier Queuing System 1.0. Affected is an unknown function of the component Cashiers Tab. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-211188. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-3581
CVE-2022-42202 TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting XSS . 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-42202
CVE-2022-21606 Vulnerability in the Oracle Services for Microsoft Transaction Server component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Services for Microsoft Transaction Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Services for Microsoft Transaction Server, attacks may significantly impact additional products scope change . Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Services for Microsoft Transaction Server accessible data as well as unauthorized read access to a subset of Oracle Services for Microsoft Transaction Server accessible data. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 6.1 Confidentiality and Integrity impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N . 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-21606
CVE-2022-21630 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC . Supported versions that are affected are 9.2.6.4 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products scope change . Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 Confidentiality and Integrity impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N . 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-21630
CVE-2022-21631 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Design Tools SEC . Supported versions that are affected are 9.2.6.4 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products scope change . Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 Confidentiality and Integrity impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N . 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-21631
CVE-2022-21639 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Elastic Search Integration . Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products scope change . Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 Confidentiality and Integrity impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N . 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-21639
CVE-2022-42113 A Cross-site scripting XSS vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the `redirect` parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-42113
CVE-2022-42116 A Cross-site scripting XSS vulnerability in the Frontend Editor module’s integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the 1 name, or 2 namespace parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-42116
CVE-2022-42117 A Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-42117
CVE-2022-42466 Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and this would be executed. As of this release, the inputted strings are properly escaped when rendered. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-42466
CVE-2022-43014 OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the joborderID parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-43014
CVE-2022-43015 OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the entriesPerPage parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-43015
CVE-2022-43016 OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the callback component. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-43016
CVE-2022-43017 OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the indexFile component. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-43017
CVE-2022-43018 OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the email parameter in the Check Email function. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-43018
CVE-2022-26954 Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl parameter, processed by the 1 ChangePassword function, 2 SignInCustomerAsync function, 3 SuccessfulAuthentication method, or 4 NopRedirectResultExecutor class. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26954
CVE-2022-1059 Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1059
CVE-2022-38117 Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-38117
CVE-2020-2617 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Discovery Framework . Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service partial DOS of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L . 6 https://nvd.nist.gov/vuln/detail/CVE-2020-2617
CVE-2020-2642 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Connector Framework . Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service partial DOS of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L . 6 https://nvd.nist.gov/vuln/detail/CVE-2020-2642
CVE-2020-2894 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core . Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N . 6 https://nvd.nist.gov/vuln/detail/CVE-2020-2894
CVE-2022-36439 AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers running Windows allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.exe before 1.0.53.0, and AsusLiveUpdate.dll before 1.0.45.0. 6 https://nvd.nist.gov/vuln/detail/CVE-2022-36439
CVE-2022-21621 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core . Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products scope change . Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.0 Availability impacts . CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H . 6 https://nvd.nist.gov/vuln/detail/CVE-2022-21621
CVE-2022-39423 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core . Supported versions that are affected are Prior to 6.1.38. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products scope change . Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 Confidentiality impacts . CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N . 6 https://nvd.nist.gov/vuln/detail/CVE-2022-39423
CVE-2022-3607 Failure to Sanitize Special Elements into a Different Plane Special Element Injection in GitHub repository octoprint/octoprint prior to 1.8.3. 6 https://nvd.nist.gov/vuln/detail/CVE-2022-3607
CVE-2018-16758 Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2018-16758
CVE-2020-2512 Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of Database Gateway for ODBC. CVSS 3.0 Base Score 5.9 Availability impacts . CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H . 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-2512
CVE-2021-24122 When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath which in turn was caused by the inconsistent behaviour of the Windows API FindFirstFileW in some circumstances. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-24122
CVE-2021-32791 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-32791
CVE-2021-21704 In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute , execute , fetch and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-21704
CVE-2022-1434 The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection will fail at that point. Many application protocols require data to be sent from the client to the server first. Therefore, in such a case, only an OpenSSL 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. If both endpoints are OpenSSL 3.0 then the attacker could modify data being sent in both directions. In this case both clients and servers could be affected, regardless of the application protocol. Note that in the absence of an attacker this bug means that an OpenSSL 3.0 endpoint communicating with a non-OpenSSL 3.0 endpoint will fail to complete the handshake when using this ciphersuite. The confidentiality of data is not impacted by this issue, i.e. an attacker cannot decrypt data that has been encrypted using this ciphersuite - they can only modify it. In order for this attack to work both endpoints must legitimately negotiate the RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in OpenSSL 3.0, and is not available within the default provider or the default ciphersuite list. This ciphersuite will never be used if TLSv1.3 has been negotiated. In order for an OpenSSL 3.0 endpoint to use this ciphersuite the following must have occurred: 1 OpenSSL must have been compiled with the non-default compile time option enable-weak-ssl-ciphers 2 OpenSSL must have had the legacy provider explicitly loaded either through application code or via configuration 3 The ciphersuite must have been explicitly added to the ciphersuite list 4 The libssl security level must have been set to 0 default is 1 5 A version of SSL/TLS below TLSv1.3 must have been negotiated 6 Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any others that both endpoints have in common Fixed in OpenSSL 3.0.3 Affected 3.0.0,3.0.1,3.0.2 . 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-1434
CVE-2022-32208 When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-32208
CVE-2022-3206 The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named “passster” using base64 encoding method which is easy to decode. This puts the password at risk in case the cookies get leaked. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-3206
CVE-2022-22208 A Use After Free vulnerability in the Routing Protocol Daemon rdp of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service DoS . When a BGP session flap happens, a Use After Free of a memory location that was assigned to another object can occur, which will lead to an rpd crash. This is a race condition that is outside of the attacker’s control and cannot be deterministically exploited. Continued flapping of BGP sessions can create a sustained Denial of Service DoS condition. This issue affects Juniper Networks Junos OS: All versions prior to 18.4R2-S9, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 version 19.2R1 and later versions; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R2-S1, 21.2R3. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-22208
CVE-2022-22219 Due to the Improper Handling of an Unexpected Data Type in the processing of EVPN routes on Juniper Networks Junos OS and Junos OS Evolved, an attacker in direct control of a BGP client connected to a route reflector, or via a machine in the middle MITM attack, can send a specific EVPN route contained within a BGP Update, triggering a routing protocol daemon RPD crash, leading to a Denial of Service DoS condition. Continued receipt and processing of these specific EVPN routes could create a sustained Denial of Service DoS condition. This issue only occurs on BGP route reflectors, only within a BGP EVPN multicast environment, and only when one or more BGP clients have ‘leave-sync-route-oldstyle’ enabled. This issue affects: Juniper Networks Junos OS 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2-S2, 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R3; 22.2 versions prior to 22.2R2. Juniper Networks Junos OS Evolved 21.3 version 21.3R1-EVO and later versions prior to 21.4R3-EVO; 22.1 versions prior to 22.1R1-S2-EVO, 22.1R3-EVO; 22.2 versions prior to 22.2R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.3R1. Juniper Networks Junos OS Evolved versions prior to 21.3R1-EVO. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-22219
CVE-2022-22220 A Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Routing Protocol Daemon rpd of Juniper Networks Junos OS, Junos OS Evolved allows a network-based unauthenticated attacker to cause a Denial of Service DoS . When a BGP flow route with redirect IP extended community is received, and the reachability to the next-hop of the corresponding redirect IP is flapping, the rpd process might crash. Whether the crash occurs depends on the timing of the internally processing of these two events and is outside the attackers control. Please note that this issue also affects Route-Reflectors unless ‘routing-options flow firewall-install-disable’ is configured. This issue affects: Juniper Networks Junos OS: 18.4 versions prior to 18.4R2-S10, 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.4 versions prior to 19.4R3-S8; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-EVO; 21.1-EVO versions prior to 21.1R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 18.4R1. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-22220
CVE-2022-22225 A Time-of-check Time-of-use TOCTOU Race Condition vulnerability in the Routing Protocol Daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker with an established BGP session to cause a Denial of Service DoS . In a BGP multipath scenario, when one of the contributing routes is flapping often and rapidly, rpd may crash. As this crash depends on whether a route is a contributing route, and on the internal timing of the events triggered by the flap this vulnerability is outside the direct control of a potential attacker. This issue affects: Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S6; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R2-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect: Juniper Networks Junos OS versions 19.2 versions prior to 19.2R2, 19.3R1 and above prior to 20.2R1. Juniper Networks Junos OS Evolved versions prior to 20.2R1-EVO. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-22225
CVE-2022-41540 The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via a brute-force attack, and access sensitive information. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-41540
CVE-2020-2558 Vulnerability in the Oracle Solaris product of Oracle Systems component: Kernel . The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service partial DOS of Oracle Solaris. CVSS 3.0 Base Score 5.8 Availability impacts . CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L . 5.8 https://nvd.nist.gov/vuln/detail/CVE-2020-2558
CVE-2021-29474 HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker can read arbitrary `.md` files from the server’s filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can try to open the following URL: `http://localhost:3000/..%2F..%2FREADME#` replace `http://localhost:3000` with your instance’s base-URL e.g. `https://demo.hedgedoc.org/..%2F..%2FREADME#` . If you see a README page being rendered, you run an affected version. The attack works due the fact that the internal router passes the url-encoded alias to the `noteController.showNote`-function. This function passes the input directly to findNote utility function, that will pass it on the the parseNoteId -function, that tries to make sense out of the noteId/alias and check if a note already exists and if so, if a corresponding file on disk was updated. If no note exists the note creation-function is called, which pass this unvalidated alias, with a `.md` appended, into a path.join -function which is read from the filesystem in the follow up routine and provides the pre-filled content of the new note. This allows an attacker to not only read arbitrary `.md` files from the filesystem, but also observes changes to them. The usefulness of this attack can be considered limited, since mainly markdown files are use the file-ending `.md` and all markdown files contained in the hedgedoc project, like the README, are public anyway. If other protections such as a chroot or container or proper file permissions are in place, this attack’s usefulness is rather limited. On a reverse-proxy level one can force a URL-decode, which will prevent this attack because the router will not accept such a path. 5.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29474
CVE-2020-0569 Out of bounds write in Intel R PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2020-0569
CVE-2021-3426 There’s a flaw in Python 3’s pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2021-3426
CVE-2021-24752 Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPress plugin before 2.3, Header Enhancement WordPress plugin before 1.5, Generate Child Theme WordPress plugin before 1.6, Essential Content Types WordPress plugin before 1.9, Catch Web Tools WordPress plugin before 2.7, Catch Under Construction WordPress plugin before 1.4, Catch Themes Demo Import WordPress plugin before 1.6, Catch Sticky Menu WordPress plugin before 1.7, Catch Scroll Progress Bar WordPress plugin before 1.6, Social Gallery and Widget WordPress plugin before 2.3, Catch Infinite Scroll WordPress plugin before 1.9, Catch Import Export WordPress plugin before 1.9, Catch Gallery WordPress plugin before 1.7, Catch Duplicate Switcher WordPress plugin before 1.6, Catch Breadcrumb WordPress plugin before 1.7, Catch IDs WordPress plugin before 2.4’s configurations. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2021-24752
CVE-2021-24703 The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2021-24703
CVE-2021-24968 The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_page AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FAQ and FAQ questions 5.7 https://nvd.nist.gov/vuln/detail/CVE-2021-24968
CVE-2021-25011 The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin’s settings. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2021-25011
CVE-2022-3531 A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function get_syms of the file tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier VDB-211029 was assigned to this vulnerability. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2022-3531
CVE-2022-3532 A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function test_map_kptr_success/test_fentry of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211030 is the identifier assigned to this vulnerability. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2022-3532
CVE-2022-3533 A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects the function parse_usdt_arg of the file tools/lib/bpf/usdt.c of the component BPF. The manipulation of the argument reg_name leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211031. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2022-3533
CVE-2022-3563 A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2022-3563
CVE-2022-21609 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Analytics Server . The supported version that is affected is 5.9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.7 Confidentiality impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N . 5.7 https://nvd.nist.gov/vuln/detail/CVE-2022-21609
CVE-2018-3837 An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially crafted image to trigger this vulnerability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2018-3837
CVE-2020-14314 A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-14314
CVE-2020-0427 In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-0427
CVE-2020-24441 Adobe Acrobat Reader for Android version 20.6.2 and earlier does not properly restrict access to directories created by the application. This could result in disclosure of sensitive information stored in databases used by the application. Exploitation requires a victim to download and run a malicious application. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-24441
CVE-2020-28941 An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-28941
CVE-2020-25704 A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25704
CVE-2021-21364 swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix-Like systems, the system temporary directory is shared between all local users. When files/directories are created, the default `umask` settings for the process are respected. As a result, by default, most processes/apis will create files/directories with the permissions `-rw-r--r--` and `drwxr-xr-x` respectively, unless an API that explicitly sets safe file permissions is used. Because this vulnerability impacts generated code, the generated code will remain vulnerable until fixed manually! This vulnerability is fixed in version 2.4.19. Note this is a distinct vulnerability from CVE-2021-21363. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21364
CVE-2021-21096 Adobe Bridge versions 10.1.1 and earlier and 11.0.1 and earlier are affected by an Improper Authorization vulnerability in the Genuine Software Service. A low-privileged attacker could leverage this vulnerability to achieve application denial-of-service in the context of the current user. Exploitation of this issue does not require user interaction. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21096
CVE-2021-25382 An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25382
CVE-2021-21430 OpenAPI Generator allows generation of API client libraries SDK generation , server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. Auto-generated code Java, Scala that deals with uploading or downloading binary data through API endpoints will create insecure temporary files during the process. Affected generators: `java` jersey2, okhttp-gson default library , `scala-finch`. The issue has been patched with `Files.createTempFile` and released in the v5.1.0 stable version. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21430
CVE-2021-29575 TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.ReverseSequence` allows for stack overflow and/or `CHECK`-fail based denial of service. The implementation https://github.com/tensorflow/tensorflow/blob/5b3b071975e01f0d250c928b2a8f901cd53b90a7/tensorflow/core/kernels/reverse_sequence_op.cc#L114-L118 fails to validate that `seq_dim` and `batch_dim` arguments are valid. Negative values for `seq_dim` can result in stack overflow or `CHECK`-failure, depending on the version of Eigen code used to implement the operation. Similar behavior can be exhibited by invalid values of `batch_dim`. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29575
CVE-2020-25673 A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect leads to leak and eventually hanging-up the system. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25673
CVE-2021-30501 An assertion abort was found in upx MemBuffer::alloc in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service abort via a crafted file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-30501
CVE-2021-23215 An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23215
CVE-2021-26260 An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26260
CVE-2021-26945 An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26945
CVE-2021-32942 The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions WindowViewer if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32942
CVE-2021-25397 An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25397
CVE-2021-25652 An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities AVPU . This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25652
CVE-2021-3707 D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3707
CVE-2021-1836 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, tvOS 14.5. A local user may be able to create or modify privileged files. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1836
CVE-2021-34771 A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow. This vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by running a specific command. A successful exploit could allow the attacker to view sensitive configuration information that their privileges might not otherwise allow them to access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-34771
CVE-2021-34757 Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-34757
CVE-2021-41213 TensorFlow is an open source platform for machine learning. In affected versions the code behind `tf.function` API can be made to deadlock when two `tf.function` decorated Python functions are mutually recursive. This occurs due to using a non-reentrant `Lock` Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of service by causing users to load such models and calling a recursive `tf.function`, although this is not a frequent scenario. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41213
CVE-2022-0319 Out-of-bounds Read in vim/vim prior to 8.2. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0319
CVE-2021-3947 A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3947
CVE-2022-0696 NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0696
CVE-2022-0714 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0714
CVE-2021-3602 An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds e.g. Dockerfile RUN commands can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself e.g. container registry credentials . 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3602
CVE-2020-25184 Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25184
CVE-2022-1420 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1420
CVE-2022-1622 LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1622
CVE-2022-1674 NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service application crash via a crafted input. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1674
CVE-2022-30126 In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30126
CVE-2022-31651 In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31651
CVE-2022-32239 When a user opens manipulated JPEG 2000 .jp2, jp2k.x3d files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32239
CVE-2022-2476 A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0 ==84257==The signal is caused by a WRITE memory access. ==84257==Hint: address points to the zero page. #0 0x561b47a970c5 in main cli/wvunpack.c:834 #1 0x7efc4f5c0082 in __libc_start_main /lib/x86_64-linux-gnu/libc.so.6+0x24082 #2 0x561b47a945ed in _start /usr/local/bin/wvunpack+0xa5ed AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV cli/wvunpack.c:834 in main ==84257==ABORTING 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2476
CVE-2022-2874 NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2874
CVE-2021-3995 A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3995
CVE-2021-4214 A heap overflow flaw was found in libpngs’ pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-4214
CVE-2022-0171 A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root host user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization SEV . 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0171
CVE-2022-1184 A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1184
CVE-2022-3061 Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl interface. The driver doesn’t check the value of ‘pixclock’, so it may cause a divide by zero error. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3061
CVE-2022-32864 The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to disclose kernel memory. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32864
CVE-2022-32883 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to read sensitive location information. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32883
CVE-2022-1725 NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1725
CVE-2022-42721 A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers able to inject WLAN frames to corrupt a linked list and, in turn, potentially execute code. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42721
CVE-2022-42722 In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42722
CVE-2022-35691 Adobe Acrobat Reader versions 22.002.20212 and earlier and 20.005.30381 and earlier are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35691
CVE-2022-3542 A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function bnx2x_tpa_stop of the file drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211042 is the identifier assigned to this vulnerability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3542
CVE-2022-3543 A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function unix_sock_destructor/unix_release_sock of the file net/unix/af_unix.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211043. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3543
CVE-2022-3544 A vulnerability, which was classified as problematic, was found in Linux Kernel. Affected is the function damon_sysfs_add_target of the file mm/damon/sysfs.c of the component Netfilter. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211044. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3544
CVE-2022-22233 An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service DoS . In Segment Routing SR to Label Distribution Protocol LDP interworking scenario, configured with Segment Routing Mapping Server SRMS at any node, when an Area Border Router ABR leaks the SRMS entries having “S” flag set from IS-IS Level 2 to Level 1, an rpd core might be observed when a specific low privileged CLI command is issued. This issue affects: Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.4R1. Juniper Networks Junos OS Evolved versions prior to 21.4R1-EVO. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22233
CVE-2022-22234 An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to cause a Denial of Service DoS . If the device is very busy for example while executing a series of show commands on the CLI one or more SFPs might not be detected anymore. The system then changes its state to “unplugged” which is leading to traffic impact and at least a partial DoS. Once the system is less busy the port states return to their actual value. Indicators of compromise are log messages about unplugged SFPs and corresponding syspld messages without any physical or environmental cause. These can be checked by issuing the following commands: user@device# show log messages | match unplugged %PFE-6: fpc0 sfp-0/1/2 SFP unplugged %PFE-6: fpc0 sfp-0/1/3 SFP unplugged The following log messages will also be seen when this issue happens: fpc0 Error tvp_drv_syspld_read: syspld read failed for address
fpc0 Error[-1]:tvp_optics_presence_get - Syspld read failed for port fpc0 optics pres failed -1 for pic port fpc0 tvp_drv_syspld_read: i2c access retry count 200 This issue affects Juniper Networks Junos OS on EX2300 Series, EX3400 Series: All versions prior to 18.4R3-S11; 19.1 versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2.
5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22234
CVE-2022-22240 An Allocation of Resources Without Limits or Throttling and a Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated low privileged attacker to cause a Denial of Sevice DoS . In a high-scaled BGP routing environment with rib-sharding enabled, two issues may occur when executing a specific CLI command. One is a memory leak issue with rpd where the leak rate is not constant, and the other is a temporary spike in rpd memory usage during command execution. This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S1-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R1-S2-EVO, 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R1. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22240
CVE-2022-3595 A vulnerability was found in Linux Kernel. It has been rated as problematic. Affected by this issue is the function sess_free_buffer of the file fs/cifs/sess.c of the component CIFS Handler. The manipulation leads to double free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211364. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3595
CVE-2022-39401 Vulnerability in the Oracle Solaris product of Oracle Systems component: Kernel . The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of Oracle Solaris. CVSS 3.1 Base Score 5.5 Availability impacts . CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H . 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39401
CVE-2022-39407 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Security . Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.5 Confidentiality impacts . CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N . 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39407
CVE-2022-39417 Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystem . The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of Oracle Solaris. CVSS 3.1 Base Score 5.5 Availability impacts . CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H . 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39417
CVE-2022-3606 A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The identifier VDB-211749 was assigned to this vulnerability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3606
CVE-2022-25663 Possible buffer overflow due to lack of buffer length check during management frame Rx handling lead to denial of service in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25663
CVE-2022-25664 Information disclosure due to exposure of information while GPU reads the data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25664
CVE-2022-39253 Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone where the source and target of the clone are on the same volume , Git copies the contents of the source’s `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them if hardlinks are disabled via `--no-hardlinks` . A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim’s machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39253
CVE-2022-43039 GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_meta_restore_items_ref at /isomedia/meta.c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43039
CVE-2022-43043 GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43043
CVE-2022-43044 GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43044
CVE-2022-43045 GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43045
CVE-2013-4281 In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2013-4281
CVE-2022-3586 A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer SKB cb field after the same SKB had been enqueued and freed into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3586
CVE-2022-41780 In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0, a directory traversal vulnerability exists in an undisclosed location of the F5OS CLI that allows an attacker to read arbitrary files. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41780
CVE-2022-3630 A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects some unknown processing of the file fs/fscache/cookie.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211931. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3630
CVE-2022-3637 A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function jlink_init of the file monitor/jlink.c of the component BlueZ. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211936. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3637
CVE-2022-3642 A vulnerability classified as problematic has been found in Linux Kernel. This affects the function rtl8188f_spur_calibration of the file drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8188f.c of the component Wireless. The manipulation of the argument hw_ctrl_s1/sw_ctrl_s1 leads to use of uninitialized variable. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211959. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3642
CVE-2022-39259 jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files. versions prior to 1.4.5 are subject to a Denial of Service when opening zip files with HTML sequences. This issue has been patched in version 1.4.5. There are no known workarounds. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39259
CVE-2022-43677 In free5GC 3.2.1, a malformed NGAP message can crash the AMF and NGAP decoders via an index-out-of-range panic in aper.GetBitString. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43677
CVE-2017-2601 Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions SECURITY-353 . Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2017-2601
CVE-2020-28647 In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute arbitrary code within the context of the victim’s browser XSS . 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-28647
CVE-2021-22853 The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-22853
CVE-2020-25634 A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker to view sensitive information or modify service APIs. Versions before 3scale-2.10.0-ER1 are affected. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-25634
CVE-2021-24635 The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user such as subscriber to call them and 1 Get and search through title and content of Draft post, 2 Get title of a password-protected post as well as 3 Upload an image from an URL 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24635
CVE-2021-41164 CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-41164
CVE-2021-24842 The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1 list private post titles of other users and 2 change the posted date of other users’ posts. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24842
CVE-2021-24988 The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the wprss_dismiss_addon_notice AJAX action missing authorisation and CSRF checks, allowing any authenticated users, such as subscriber to call it and set a malicious payload in the addon parameter. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24988
CVE-2022-22546 Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence BI Launchpad - version 420. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-22546
CVE-2022-24728 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24728
CVE-2017-20043 A vulnerability was found in Navetti PricePoint 4.6.0.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting Persistent . The attack may be launched remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2017-20043
CVE-2017-20044 A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been classified as problematic. This affects an unknown part. The manipulation leads to basic cross site scripting Reflected . It is possible to initiate the attack remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2017-20044
CVE-2022-35698 Adobe Commerce versions 2.4.4-p1 and earlier and 2.4.5 and earlier are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-35698
CVE-2022-41472 74cmsSE v3.12.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-41472
CVE-2022-41542 devhub 0.102.0 was discovered to contain a broken session control. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-41542
CVE-2022-3066 An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an unauthorised user to create issues in a project. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-3066
CVE-2022-41139 MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist aka the gist contact configuration field , leading to execution of arbitrary commands on agents. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-41139
CVE-2022-41431 xzs v3.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /admin/question/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-41431
CVE-2022-31037 OroCommerce is an open-source Business to Business Commerce application. Versions between 4.1.0 and 4.1.17 inclusive, 4.2.0 and 4.2.11 inclusive, and between 5.0.0 and 5.0.3 inclusive, are vulnerable to Cross-site Scripting in the UPS Surcharge field of the Shipping rule edit page. The attacker needs permission to create or edit a shipping rule. This issue has been patched in version 5.0.6. There are no known workarounds. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-31037
CVE-2022-3338 An External XML entity XXE vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file through the API. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-3338
CVE-2022-3587 A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component My Account. The manipulation of the argument First Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211201 was assigned to this vulnerability. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-3587
CVE-2022-21591 Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: UI Infrastructure . Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Transportation Management accessible data and unauthorized ability to cause a partial denial of service partial DOS of Oracle Transportation Management. CVSS 3.1 Base Score 5.4 Integrity and Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L . 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-21591
CVE-2022-21629 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC . Supported versions that are affected are 9.2.6.4 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products scope change . Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.4 Confidentiality and Integrity impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N . 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-21629
CVE-2022-39420 Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: Data, Functional Security . Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Transportation Management accessible data as well as unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS 3.1 Base Score 5.4 Confidentiality and Integrity impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N . 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-39420
CVE-2022-42112 A Cross-site scripting XSS vulnerability in the Portal Search module’s Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted payload. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-42112
CVE-2022-42114 A Cross-site scripting XSS vulnerability in the Role module’s edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-42114
CVE-2022-42115 Cross-site scripting XSS vulnerability in the Object module’s edit object details page in Liferay Portal 7.4.3.4 through 7.4.3.36 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the object field’s `Label` text field. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-42115
CVE-2022-38901 A Cross-site scripting XSS vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-38901
CVE-2022-39233 Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions 12.9.99.228 and above, prior to 14.0.99.24, authorizations are not properly verified when updating the branch prefix used by the GitLab repository integration. Authenticated users can change the branch prefix of any of the GitLab repository integration they can see vie the REST endpoint `PATCH /gitlab_repositories/{id}`. This action should be restricted to Git administrators. This issue is patched in Tuleap Community Edition 14.0.99.24 and Tuleap Enterprise Edition 14.0-3. There are no known workarounds. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-39233
CVE-2022-39301 sra-admin is a background rights management system that separates the front and back end. sra-admin version 1.1.1 has a storage cross-site scripting XSS vulnerability. After logging into the sra-admin background, an attacker can upload an html page containing xss attack code in “Personal Center” - “Profile Picture Upload” allowing theft of the user’s personal information. This issue has been patched in 1.1.2. There are no known workarounds. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-39301
CVE-2022-43185 A stored cross-site scripting XSS vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-43185
CVE-2022-43409 Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create Pipelines. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-43409
CVE-2022-43420 Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control or modify Contrast service API responses. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-43420
CVE-2022-43425 Jenkins Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of Custom Checkbox Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-43425
CVE-2022-41358 A stored cross-site scripting XSS vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-41358
CVE-2021-33231 Cross Site Scripting XSS vulnerability in New equipment page in EasyVista Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via the notes field. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-33231
CVE-2022-42200 Simple Exam Reviewer Management System v1.0 is vulnerable to Stored Cross Site Scripting XSS via the Exam List. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-42200
CVE-2022-36966 Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference IDOR vulnerability in SolarWinds Platform 2022.3 and previous. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-36966
CVE-2022-42205 PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting XSS via add-patient.php. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-42205
CVE-2022-42206 PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting XSS via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-42206
CVE-2022-27494 Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-27494
CVE-2022-41638 Auth. Stored Cross-Site Scripting XSS in Pop-Up Chop Chop plugin <= 2.1.7 on WordPress. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-41638
CVE-2022-40690 Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-40690
CVE-2018-16737 tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2018-16737
CVE-2020-2559 Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM component: UIF Open UI . Supported versions that are affected are 19.7 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.3 Confidentiality impacts . CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N . 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-2559
CVE-2020-2592 Vulnerability in the Oracle AutoVue product of Oracle Supply Chain component: Security . The supported version that is affected is 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle AutoVue accessible data. CVSS 3.0 Base Score 5.3 Confidentiality impacts . CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N . 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-2592
CVE-2021-21263 Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the query builder, an unexpected number of query bindings can be added to the query. In some situations, this will simply lead to no results being returned by the query builder; however, it is possible certain queries could be affected in a way that causes the query to return unexpected results. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21263
CVE-2021-21253 OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attackers to pre-compute the hash value using dictionary attack techniques such as rainbow tables to crack passwords. This problem is fixed and published in version 1.1.2. A long randomly generated salt is added to the password hash function to better protect passwords stored in the voting system. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21253
CVE-2021-20185 It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose a character limit when sending messages, which could result in client-side browser denial of service for users receiving very large messages. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-20185
CVE-2020-26195 Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-26195
CVE-2021-21020 Magento versions 2.4.1 and earlier , 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an access control bypass vulnerability in the Login as Customer module. Successful exploitation could lead to unauthorized access to restricted resources. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21020
CVE-2021-21026 Magento versions 2.4.1 and earlier , 2.4.0-p1 and earlier and 2.3.6 and earlier are affected by an improper authorization vulnerability in the integrations module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21026
CVE-2021-21621 Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the “About user basic authentication details only ” information, which can include the session ID of the user creating the support bundle in some configurations. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21621
CVE-2021-21424 Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that 403s are returned whether the user exists or not if a user cannot switch to a user or if the user does not exist. The patch for this issue is available for branch 3.4. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21424
CVE-2021-20201 A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service CPU consumption by performing many renegotiations within a single connection. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-20201
CVE-2021-28169 For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-28169
CVE-2021-24359 The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site. Such issue could be chained with an open redirect CVE-2021-24358 in version below 4.1.10, to include a crafted password reset link in the email, which would lead to an account takeover. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-24359
CVE-2021-31412 Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 Vaadin 10.0.0 through 10.0.18 , 1.1.0 prior to 2.0.0 Vaadin 11 prior to 14 , 2.0.0 through 2.6.1 Vaadin 14.0.0 through 14.6.1 , and 3.0.0 through 6.0.9 Vaadin 15.0.0 through 19.0.8 allows network attacker to enumerate all available routes via crafted HTTP request when application is running in production mode and no custom handler for NotFoundException is provided. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-31412
CVE-2021-32731 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Between and including versions 13.1RC1 and 13.1, the reset password form reveals the email address of users just by giving their username. The problem has been patched on XWiki 13.2RC1. As a workaround, it is possible to manually modify the `resetpasswordinline.vm` to perform the changes made to mitigate the vulnerability. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-32731
CVE-2021-21565 Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21565
CVE-2021-39327 The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39327
CVE-2021-23195 Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 has the option for automated indexing directory listing activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all content of the directory will be displayed, allowing an attacker to identify and access files on the server. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-23195
CVE-2021-22815 A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. Affected Products: 1-Phase Uninterruptible Power Supply UPS using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 NMC2 : AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J NMC2 AOS V6.9.8 and earlier , 3-Phase Uninterruptible Power Supply UPS using NMC2 including Symmetra PX 250/500 SYPX Network Management Card 2 NMC2 : AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J NMC2 AOS V6.9.6 and earlier , 3-Phase Uninterruptible Power Supply UPS using NMC2 including Symmetra PX 48/96/100/160 kW UPS PX2 , Symmetra PX 20/40 kW UPS SY3P , Gutor SXW, GVX , and Galaxy GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU : AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH NMC2 AOS V6.9.6 and earlier , 1-Phase Uninterruptible Power Supply UPS using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 NMC3 : AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J NMC3 AOS V1.4.2.1 and earlier , APC Rack Power Distribution Units PDU using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX NMC2 AOS V6.9.6 and earlier , APC Rack Power Distribution Units PDU using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx NMC3 AOS V1.4.0 and earlier , APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 NMC2 AOS V6.9.6 and earlier , Network Management Card 2 NMC2 for InfraStruxure 150 kVA PDU with 84 Poles X84P : PDPB150G6F NMC2 AOS V6.9.6 and earlier , Network Management Card 2 for InfraStruxure 40/60kVA PDU XPDU PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M NMC2 AOS V6.9.6 and earlier , Network Management Card 2 for Modular 150/175kVA PDU XRDP : PDPM150G6F, PDPM150L6F, PDPM175G6H NMC2 AOS V6.9.6 and earlier , Network Management Card 2 for 400 and 500 kVA PMM : PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB NMC2 AOS V6.9.6 and earlier , Network Management Card 2 for Modular PDU XRDP2G : PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H NMC2 AOS V6.9.6 and earlier , Rack Automatic Transfer Switches ATS Embedded NMC2: Rack Automatic Transfer Switches - AP44XX ATS4G NMC2 AOS V6.9.6 and earlier , Network Management Card 2 NMC2 Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs ACRP2G , InRow Cooling for series ACRC10x SKUs RC10X2G , InRow Cooling for series ACRD6xx and ACRC6xx SKUs ACRD2G , InRow Cooling Display for series ACRD3xx ACRC2G , InRow Cooling for series ACSC1xx SKUs SC2G , InRow Cooling for series ACRD1xx and ACRD2xx ACRPTK2G , Ecoflair IAEC25/50 Air Economizer Display EB2G , Uniflair SP UCF0481I, UCF0341I UNFLRSP , Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV LEDX2G , Refrigerant Distribution Unit: ACDA9xx RDU NMC2 AOS V6.9.6 and earlier , Environmental Monitoring Unit with embedded NMC2 NB250 : NetBotz NBRK0250 NMC2 AOS V6.9.6 and earlier , and Network Management Card 2 NMC2 : AP9922 Battery Management System BM4 NMC2 AOS V6.9.6 and earlier 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-22815
CVE-2021-41239 Nextcloud server is a self hosted system designed to provide cloud style services. In affected versions the User Status API did not consider the user enumeration settings by the administrator. This allowed a user to enumerate other users on the instance, even when user listings where disabled. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. There are no known workarounds. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-41239
CVE-2020-25193 By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-25193
CVE-2021-24978 The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named ‘map’ and is registered with the wp_ajax_nopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete is a map one. As a result, unauthenticated user can delete arbitrary posts from the blog 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-24978
CVE-2022-22968 In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-22968
CVE-2022-1343 The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the non-default flag OCSP_NOCHECKS is used then the response will be positive meaning a successful verification even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value indicating a fatal error in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL “ocsp” application. When verifying an ocsp response with the “-no_cert_checks” option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 Affected 3.0.0,3.0.1,3.0.2 . 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-1343
CVE-2022-2663 An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-2663
CVE-2022-35689 Adobe Commerce versions 2.4.4-p1 and earlier and 2.4.5 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user’s minor feature. Exploitation of this issue does not require user interaction. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-35689
CVE-2022-42961 An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via an advanced technique for ECDSA key recovery. In 5.5.0 and later, WOLFSSL_CHECK_SIG_FAULTS can be used to address the vulnerability. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-42961
CVE-2022-3523 A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211020. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-3523
CVE-2022-2834 The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin’s settings 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-2834
CVE-2022-3286 Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a group member to bypass IP restrictions when using a deploy token 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-3286
CVE-2022-22227 An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated network-based attacker to cause a partial Denial of Service DoS . On receipt of specific IPv6 transit traffic, Junos OS Evolved on ACX7100-48L, ACX7100-32C and ACX7509 sends this traffic to the Routing Engine RE instead of forwarding it, leading to increased CPU utilization of the RE and a partial DoS. This issue only affects systems configured with IPv6. This issue does not affect ACX7024 which is supported from 22.3R1-EVO onwards where the fix has already been incorporated as indicated in the solution section. This issue affects Juniper Networks Junos OS Evolved on ACX7100-48L, ACX7100-32C, ACX7509: 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-S2-EVO; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.1R1-EVO. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-22227
CVE-2022-22244 An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker sending a crafted POST to reach the XPath channel, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; 22.1 versions prior to 22.1R1-S1, 22.1R2. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-22244
CVE-2022-39055 RAVA certificate validation system has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform SSRF attack to discover internal network topology base on query response. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-39055
CVE-2020-15853 supybot-fedora implements the command ‘refresh’, that refreshes the cache of all users from FAS. This takes quite a while to run, and zodbot stops responding to requests during this time. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-15853
CVE-2022-21597 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaScript . Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 5.3 Confidentiality impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N . 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21597
CVE-2022-21602 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Portal . Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.3 Confidentiality impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N . 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21602
CVE-2022-21618 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS . Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 Integrity impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N . 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21618
CVE-2022-21626 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security . Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service partial DOS of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L . 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21626
CVE-2022-21628 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Lightweight HTTP Server . Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service partial DOS of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code e.g., code installed by an administrator . CVSS 3.1 Base Score 5.3 Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L . 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21628
CVE-2022-39405 Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Authentication Engine . The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Access Manager accessible data. CVSS 3.1 Base Score 5.3 Integrity impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N . 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-39405
CVE-2022-42467 When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be done using the ‘isis.prototyping.h2-console.web-allow-remote-access’ configuration property; the web console will be unavailable without setting this configuration. As an additional safeguard, the new ‘isis.prototyping.h2-console.generate-random-web-admin-password’ configuration parameter enabled by default requires that the administrator use a randomly generated password to use the console. The password is printed to the log, as “webAdminPass: xxx” where “xxx” is the password. To revert to the original behaviour, the administrator would therefore need to set these configuration parameter: isis.prototyping.h2-console.web-allow-remote-access=true isis.prototyping.h2-console.generate-random-web-admin-password=false Note also that the h2 webconsole is never available in production mode, so these safeguards are only to ensure that the webconsole is secured by default also in prototype mode. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-42467
CVE-2022-43411 Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-43411
CVE-2022-43412 Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-43412
CVE-2022-43414 Jenkins NUnit Plugin 0.27 and earlier implements an agent-to-controller message that parses files inside a user-specified directory as test results, allowing attackers able to control agent processes to obtain test results from files in an attacker-specified directory on the Jenkins controller. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-43414
CVE-2022-43421 A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-43421
CVE-2022-43422 Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-43422
CVE-2022-43423 Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-43423
CVE-2022-43424 Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-43424
CVE-2022-43426 Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWS_SECRET_ACCESS_KEY form field, increasing the potential for attackers to observe and capture it. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-43426
CVE-2022-43428 Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-43428
CVE-2022-43434 Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-43434
CVE-2022-43435 Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-43435
CVE-2022-38107 Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-38107
CVE-2022-40084 OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-40084
CVE-2022-3646 A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-3646
CVE-2021-26732 A broken access control vulnerability in the First_network_func function of spx_restservice allows an attacker to arbitrarily change the network configuration of the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-26732
CVE-2021-44776 A broken access control vulnerability in the SubNet_handler_func function of spx_restservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-44776
CVE-2021-45925 Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-45925
CVE-2021-25338 Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to write certain part of RKP EL2 memory region. 5.2 https://nvd.nist.gov/vuln/detail/CVE-2021-25338
CVE-2022-21616 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Web Container . Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of Oracle WebLogic Server as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data and unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 5.2 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H . 5.2 https://nvd.nist.gov/vuln/detail/CVE-2022-21616
CVE-2020-2550 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: WLS Core Components . Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.1 Confidentiality and Integrity impacts . CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N . 5.1 https://nvd.nist.gov/vuln/detail/CVE-2020-2550
CVE-2020-2515 Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data as well as unauthorized read access to a subset of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service partial DOS of Database Gateway for ODBC. CVSS 3.0 Base Score 5.0 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L . 5 https://nvd.nist.gov/vuln/detail/CVE-2020-2515
CVE-2020-10744 An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected. 5 https://nvd.nist.gov/vuln/detail/CVE-2020-10744
CVE-2021-32716 Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommend to update to version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-32716
CVE-2021-34744 Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-34744
CVE-2022-22545 A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-22545
CVE-2022-35812 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-35812
CVE-2022-21594 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer . Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.1 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H . 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21594
CVE-2022-21599 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure . Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.1 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H . 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21599
CVE-2022-21604 Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB . Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.1 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H . 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21604
CVE-2022-21605 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Data Dictionary . Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.1 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H . 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21605
CVE-2022-21607 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer . Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.1 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H . 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21607
CVE-2022-21608 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer . Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.1 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H . 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21608
CVE-2022-21617 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Connection Handling . Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.1 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H . 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21617
CVE-2022-21632 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges . Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.1 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H . 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21632
CVE-2022-21633 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication . Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.1 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H . 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21633
CVE-2022-21637 Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB . Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.1 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H . 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21637
CVE-2022-21638 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer . Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.1 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H . 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21638
CVE-2022-21640 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer . Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.1 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H . 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21640
CVE-2022-21641 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer . Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.1 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H . 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21641
CVE-2022-39400 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer . Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.1 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H . 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-39400
CVE-2022-39411 Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: Business Process Automation . Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Transportation Management accessible data. CVSS 3.1 Base Score 4.9 Confidentiality impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N . 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-39411
CVE-2022-41694 In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x before 8.2.0.1 and all versions of 7.x, when an SSL key is imported on a BIG-IP or BIG-IQ system, undisclosed input can cause MCPD to terminate. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-41694
CVE-2020-2552 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: WLS Core Components . Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 Confidentiality and Integrity impacts . CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N . 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-2552
CVE-2021-36833 Authenticated admin or higher user role Stored Cross-Site Scripting XSS vulnerability in ibericode’s MC4WP plugin <= 4.8.6 at WordPress. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36833
CVE-2022-34258 Adobe Commerce versions 2.4.3-p2 and earlier , 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker with admin privileges to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34258
CVE-2022-2563 The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed for example in multisite setup 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2563
CVE-2022-2574 The Meks Easy Social Share WordPress plugin before 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed for example in multisite setup 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2574
CVE-2022-3139 The We’re Open! WordPress plugin before 1.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed for example in multisite setup 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3139
CVE-2022-3546 A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /csms/admin/?page=user/list of the component Create User Handler. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-211046 is the identifier assigned to this vulnerability. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3546
CVE-2022-3547 A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /csms/admin/?page=system_info of the component Setting Handler. The manipulation of the argument System Name/System Short Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-211047. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3547
CVE-2022-3548 A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Add New Storage Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-211048. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3548
CVE-2022-2865 A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2865
CVE-2022-26375 Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mammothology AB Press Optimizer plugin <= 1.1.1 on WordPress. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26375
CVE-2022-40311 Auth. admin+ Stored Cross-Site Scripting XSS in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-40311
CVE-2022-36368 Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary script. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36368
CVE-2020-2557 Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain component: Security . Supported versions that are affected are 12.2.4, 12.2.4.1, 12.2.5 and 12.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Demantra Demand Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Demantra Demand Management accessible data. CVSS 3.0 Base Score 4.7 Integrity impacts . CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N . 4.7 https://nvd.nist.gov/vuln/detail/CVE-2020-2557
CVE-2021-41084 http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names `Header.name`å , Header values `Header.value` , Status reason phrases `Status.reason` , URI paths `Uri.Path` , URI authority registered names `URI.RegName` through 0.21 . This issue has been resolved in versions 0.21.30, 0.22.5, 0.23.4, and 1.0.0-M27 perform the following. As a matter of practice http4s services and client applications should sanitize any user input in the aforementioned fields before returning a request or response to the backend. The carriage return, newline, and null characters are the most threatening. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2021-41084
CVE-2021-1616 A vulnerability in the H.323 application level gateway ALG used by the Network Address Translation NAT feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass the ALG. This vulnerability is due to insufficient data validation of traffic that is traversing the ALG. An attacker could exploit this vulnerability by sending crafted traffic to a targeted device. A successful exploit could allow the attacker to bypass the ALG and open connections that should not be allowed to a remote device located behind the ALG. Note: This vulnerability has been publicly discussed as NAT Slipstreaming. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2021-1616
CVE-2022-39188 An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition unmap_mapping_range versus munmap , a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2022-39188
CVE-2022-40307 An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2022-40307
CVE-2022-3303 A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user root or member of the audio group could use this flaw to crash the system, resulting in a denial of service condition 4.7 https://nvd.nist.gov/vuln/detail/CVE-2022-3303
CVE-2021-32658 Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Due to a timeout issue the Android client may not properly clean all sensitive data on account removal. This could include sensitive key material such as the End-to-End encryption keys. It is recommended that the Nextcloud Android App is upgraded to 3.16.1 4.6 https://nvd.nist.gov/vuln/detail/CVE-2021-32658
CVE-2022-22078 Denial of service in BOOT when partition size for a particular partition is requested due to integer overflow when blocks are calculated in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 4.6 https://nvd.nist.gov/vuln/detail/CVE-2022-22078
CVE-2020-2656 Vulnerability in the Oracle Solaris product of Oracle Systems component: X Window System . Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 4.4 Confidentiality and Integrity impacts . CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N . 4.4 https://nvd.nist.gov/vuln/detail/CVE-2020-2656
CVE-2021-1423 A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points AP could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to overwrite or create files with data that is already present in other files that are hosted on the affected device. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-1423
CVE-2020-10697 A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can take advantage of writing a playbook polluting this cache, causing a denial of service attack. This attack would not completely stop the service, but in the worst-case scenario, it can reduce the Tower performance, for which memcached is designed. Theoretically, more sophisticated attacks can be performed by manipulating and crafting the cache, as Tower relies on memcached as a place to pull out setting values. Confidential and sensitive data stored in memcached should not be pulled, as this information is encrypted. This flaw affects Ansible Tower versions before 3.6.4, Ansible Tower versions before 3.5.6 and Ansible Tower versions before 3.4.6. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2020-10697
CVE-2021-23182 Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3 ; All versions of 8.30. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-23182
CVE-2021-38553 HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-38553
CVE-2021-1583 A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an authenticated, local attacker to read arbitrary files on an affected system. This vulnerability is due to improper access control. An attacker with Administrator privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to read arbitrary files on the file system of the affected device. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-1583
CVE-2022-0494 A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege CAP_SYS_ADMIN or CAP_SYS_RAWIO to create issues with confidentiality. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0494
CVE-2022-21595 Vulnerability in the MySQL Server product of Oracle MySQL component: C API . Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.1 Base Score 4.4 Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H . 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-21595
CVE-2022-21625 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer . Supported versions that are affected are 8.0.30 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.1 Base Score 4.4 Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H . 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-21625
CVE-2022-21627 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core . Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 Availability impacts . CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H . 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-21627
CVE-2022-31239 Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-31239
CVE-2018-18585 chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has ‘\\0’ as its first or second character such as the “/\\0” name . 4.3 https://nvd.nist.gov/vuln/detail/CVE-2018-18585
CVE-2020-2519 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Console . Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service partial DOS of Oracle WebLogic Server. CVSS 3.0 Base Score 4.3 Availability impacts . CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L . 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-2519
CVE-2020-2687 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Elastic Search . Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.3 Confidentiality impacts . CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N . 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-2687
CVE-2020-24405 Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect permissions issue vulnerability in the Inventory module. This vulnerability could be abused by authenticated users to modify inventory stock data without authorization. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-24405
CVE-2020-26247 Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. This behavior is counter to the security policy followed by Nokogiri maintainers, which is to treat all input as untrusted by default whenever possible. This is fixed in Nokogiri version 1.11.0.rc4. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-26247
CVE-2021-22134 A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when executing a query against a recently updated document. This affects documents that have been updated and not yet refreshed in the index. This could result in the search disclosing the existence of documents and fields the attacker should not be able to view. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-22134
CVE-2021-21437 Agents are able to see linked Config Items without permissions, which are defined in General Catalog. This issue affects: OTRSCIsInCustomerFrontend 7.0.15 and prior versions, ITSMConfigurationManagement 7.0.24 and prior versions 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21437
CVE-2021-1515 A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to gain access to sensitive information. This vulnerability is due to improper access controls on API endpoints when Cisco SD-WAN vManage Software is running in multi-tenant mode. An attacker with access to a device that is managed in the multi-tenant environment could exploit this vulnerability by sending a request to an affected API endpoint on the vManage system. A successful exploit could allow the attacker to gain access to sensitive information that may include hashed credentials that could be used in future attacks. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-1515
CVE-2020-27831 A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when authorizing email addresses for repository email notifications. This flaw allows an attacker to add email addresses they do not own to repository notifications. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-27831
CVE-2021-28579 Adobe Connect version 11.2.1 and earlier is affected by an Improper access control vulnerability that can lead to the elevation of privileges. An attacker with ‘Learner’ permissions can leverage this scenario to access the list of event participants. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-28579
CVE-2021-1562 A vulnerability in the XSI-Actions interface of Cisco BroadWorks Application Server could allow an authenticated, remote attacker to access sensitive information on an affected system. This vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the XSI-Actions interface. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to join a Call Center instance and have calls that they do not have permissions to access distributed to them from the Call Center queue. At the time of publication, Cisco had not released updates that address this vulnerability for Cisco BroadWorks Application Server. However, firmware patches are available. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-1562
CVE-2021-32707 Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a `background-image` CSS attribute. Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage. The issue was patched in version 1.9.6 and 1.10.0. No workarounds are known to exist. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-32707
CVE-2021-34629 The SendGrid WordPress plugin is vulnerable to authorization bypass via the get_ajax_statistics function found in the ~/lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-34629
CVE-2021-25954 In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at “/adherents/note.php?id=1” endpoint. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-25954
CVE-2021-24583 The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when deleting a timeslot, allowing any user with the edit_posts capability contributor+ to delete arbitrary timeslot from any events. Furthermore, no CSRF check is in place as well, allowing such attack to be performed via CSRF against a logged in with such capability 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-24583
CVE-2021-34702 A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to improper enforcement of administrator privilege levels for low-value sensitive data. An attacker with read-only administrator access to the web-based management interface could exploit this vulnerability by browsing to the page that contains the sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-34702
CVE-2021-24790 The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation as well as CSRF checks in its delete_cf7_data and export_cf7_data AJAX actions, available to any authenticated users, which could allow users with a role as low as subscriber to call them. The delete_cf7_data would lead to arbitrary metadata deletion, as well as PHP Object Injection if a suitable gadget chain is present in another plugin, as user data is passed to the maybe_unserialize function without being first validated. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-24790
CVE-2021-41241 Nextcloud server is a self hosted system designed to provide cloud style services. The groupfolders application for Nextcloud allows sharing a folder with a group of people. In addition, it allows setting “advanced permissions” on subfolders, for example, a user could be granted access to the groupfolder but not specific subfolders. Due to a lacking permission check in affected versions, a user could still access these subfolders by copying the groupfolder to another location. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the “groupfolders” application in the admin settings. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-41241
CVE-2021-28544 Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal ‘copyfrom’ paths that should be hidden according to configured path-based authorization authz rules. When a node has been copied from a protected location, users with access to the copy can see the ‘copyfrom’ path of the original. This also reveals the fact that the node was copied. Only the ‘copyfrom’ path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-28544
CVE-2021-3503 A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-3503
CVE-2022-24888 Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \\n, \\r, \\t, and \\v characters. The server rejects files and folders that have these characters in the middle of their names, so this might be an opportunity for injection. This issue is fixed in versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1. There are currently no known workarounds. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24888
CVE-2022-24889 Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling “recommended” apps for the Nextcloud server that they do not need, thus expanding their attack surface unnecessarily. This issue is fixed in versions 21.0.8 , 22.2.4, and 23.0.1. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24889
CVE-2022-34798 Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-34798
CVE-2022-32205 A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of big cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests 1048576 bytes and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven’t expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a “sister server” to effectively cause a denial of service for a sibling site on the same second level domain using this method. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-32205
CVE-2022-39229 Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user’s login attempt by registering someone else’e email address as a username. A Grafana user’s username and email address are unique fields, that means no other user can have the same username or email address as another user. A user can have an email address as a username. However, the login system allows users to log in with either username or email address. Since Grafana allows a user to log in with either their username or email address, this creates an usual behavior where `user_1` can register with one email address and `user_2` can register their username as `user_1`’s email address. This prevents `user_1` logging into the application since `user_1`’s password won’t match with `user_2`’s email address. Versions 9.1.8 and 8.5.14 contain a patch. There are no workarounds for this issue. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-39229
CVE-2022-3126 The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-3126
CVE-2022-3151 The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-3151
CVE-2022-3282 The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the file length limit and bypass the limit set by admins in the contact form. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-3282
CVE-2022-2630 An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-2630
CVE-2022-2908 A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit message field. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-2908
CVE-2022-3030 An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-3030
CVE-2022-3288 A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-3288
CVE-2022-3293 Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-3293
CVE-2022-3325 Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules via the API by an unauthorised user. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-3325
CVE-2022-3330 It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-3330
CVE-2022-3331 An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab’s Zentao integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Zentao project issues. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-3331
CVE-2022-3351 An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A user’s primary email may be disclosed to an attacker through group member events webhooks. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-3351
CVE-2022-22243 An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to add an XPath command to the XPath stream, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-22243
CVE-2022-22245 A Path Traversal vulnerability in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to upload arbitrary files to the device by bypassing validation checks built into Junos OS. The attacker should not be able to execute the file due to validation checks built into Junos OS. Successful exploitation of this vulnerability could lead to loss of filesystem integrity. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-22245
CVE-2022-3585 A vulnerability classified as problematic has been found in SourceCodester Simple Cold Storage Management System 1.0. Affected is an unknown function of the file /csms/?page=contact_us of the component Contact Us. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-211194 is the identifier assigned to this vulnerability. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-3585
CVE-2022-21589 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges . Supported versions that are affected are 5.7.39 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 Confidentiality impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N . 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21589
CVE-2022-21592 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption . Supported versions that are affected are 5.7.39 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 Confidentiality impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N . 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21592
CVE-2022-39402 Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Core Client . Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. While the vulnerability is in MySQL Shell, attacks may significantly impact additional products scope change . Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Shell accessible data. CVSS 3.1 Base Score 4.3 Confidentiality impacts . CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N . 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-39402
CVE-2022-39419 Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java VM accessible data. CVSS 3.1 Base Score 4.3 Confidentiality impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N . 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-39419
CVE-2022-43413 Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-43413
CVE-2022-43417 Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-43417
CVE-2022-43418 A cross-site request forgery CSRF vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-43418
CVE-2022-43427 Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-43427
CVE-2022-43431 Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-43431
CVE-2022-43432 Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-43432
CVE-2022-43433 Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-43433
CVE-2022-41708 Relatedcode’s Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application does not validate permissions correctly. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-41708
CVE-2022-31684 Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-31684
CVE-2022-3619 A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211918 is the identifier assigned to this vulnerability. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-3619
CVE-2020-5355 The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol TCP and stream forwarding. This provides the remotesupport user and users with restricted shells more access than is intended. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-5355
CVE-2022-39272 Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields `.spec.interval` or `.spec.timeout` and structured variations of these fields , causing the entire object type to stop being processed. This issue is patched in version 0.35.0. As a workaround, Admission controllers can be employed to restrict the values that can be used for fields `.spec.interval` and `.spec.timeout`, however upgrading to the latest versions is still the recommended mitigation. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-39272
CVE-2022-3244 The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce 4.2 https://nvd.nist.gov/vuln/detail/CVE-2022-3244
CVE-2022-39404 Vulnerability in the MySQL Installer product of Oracle MySQL component: Installer: General . Supported versions that are affected are 1.6.3 and prior. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Installer executes to compromise MySQL Installer. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Installer accessible data as well as unauthorized read access to a subset of MySQL Installer accessible data and unauthorized ability to cause a partial denial of service partial DOS of MySQL Installer. CVSS 3.1 Base Score 4.2 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L . 4.2 https://nvd.nist.gov/vuln/detail/CVE-2022-39404
CVE-2020-2527 Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Index, Create Table privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. CVSS 3.0 Base Score 4.1 Confidentiality impacts . CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N . 4.1 https://nvd.nist.gov/vuln/detail/CVE-2020-2527
CVE-2020-25656 A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. 4.1 https://nvd.nist.gov/vuln/detail/CVE-2020-25656
CVE-2022-21611 Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB . Supported versions that are affected are 8.0.30 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.1 Base Score 4.1 Availability impacts . CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H . 4.1 https://nvd.nist.gov/vuln/detail/CVE-2022-21611
CVE-2022-29587 Konica Minolta bizhub MFP devices before 2022-04-14 have an internal Chromium browser that executes with root aka superuser access privileges. 4 https://nvd.nist.gov/vuln/detail/CVE-2022-29587
CVE-2022-39403 Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Core Client . Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Shell accessible data as well as unauthorized read access to a subset of MySQL Shell accessible data. CVSS 3.1 Base Score 3.9 Confidentiality and Integrity impacts . CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N . 3.9 https://nvd.nist.gov/vuln/detail/CVE-2022-39403
CVE-2018-16738 tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1. 3.7 https://nvd.nist.gov/vuln/detail/CVE-2018-16738
CVE-2021-32823 In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit. In combination with .constantize there is a potential for a CPU-based DoS. In version 2.4.10 bindata improved the creation time of Bits and Integers. 3.7 https://nvd.nist.gov/vuln/detail/CVE-2021-32823
CVE-2022-21619 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security . Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 Integrity impacts . CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N . 3.7 https://nvd.nist.gov/vuln/detail/CVE-2022-21619
CVE-2022-21624 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI . Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 Integrity impacts . CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N . 3.7 https://nvd.nist.gov/vuln/detail/CVE-2022-21624
CVE-2022-39399 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking . Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code e.g., code installed by an administrator . CVSS 3.1 Base Score 3.7 Integrity impacts . CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N . 3.7 https://nvd.nist.gov/vuln/detail/CVE-2022-39399
CVE-2022-41983 On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT QuickAssist Technology and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied. 3.7 https://nvd.nist.gov/vuln/detail/CVE-2022-41983
CVE-2022-39314 Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, Kirby is subject to user enumeration due to Improper Restriction of Excessive Authentication Attempts. This vulnerability affects you only if you are using the `code` or `password-reset` auth method with the `auth.methods` option or if you have enabled the `debug` option in production. By using two or more IP addresses and multiple login attempts, valid user accounts will lock, but invalid accounts will not, leading to account enumeration. This issue has been patched in versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1. If you cannot update immediately, you can work around the issue by setting the `auth.methods` option to `password`, which disables the code-based login and password reset forms. 3.7 https://nvd.nist.gov/vuln/detail/CVE-2022-39314
CVE-2022-3535 A vulnerability classified as problematic was found in Linux Kernel. Affected by this vulnerability is the function mvpp2_dbgfs_port_init of the file drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c of the component mvpp2. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier VDB-211033 was assigned to this vulnerability. 3.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3535
CVE-2017-7517 An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called “MyProject”, and then later deletes it another user can then create a project called “MyProject” and access the metrics stored from the original “MyProject” instance. 3.5 https://nvd.nist.gov/vuln/detail/CVE-2017-7517
CVE-2022-3582 A vulnerability has been found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument change password leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211189 was assigned to this vulnerability. 3.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3582
CVE-2021-25364 A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-25364
CVE-2020-15279 An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 allows a regular user to learn the scanning exclusion paths. This issue was discovered during external security research. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2020-15279
CVE-2021-32695 Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.16.1, a malicious app on the same device could have gotten access to the shared preferences of the Nextcloud Android application. This required user-interaction as a victim had to initiate the sharing flow and choose the malicious app. The shared preferences contain some limited private data such as push tokens and the account name. The vulnerability is patched in version 3.16.1. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-32695
CVE-2022-21610 Vulnerability in the Oracle Solaris product of Oracle Systems component: LDoms . The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service partial DOS of Oracle Solaris. CVSS 3.1 Base Score 3.3 Confidentiality and Availability impacts . CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L . 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21610
CVE-2022-3624 A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function rlb_arp_xmit of the file drivers/net/bonding/bond_alb.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211928. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-3624
CVE-2022-3629 A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-3629
CVE-2022-3633 A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-3633
CVE-2021-39164 Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with `shared` history visibility. Furthermore, the unauthorised user must be using an account on a vulnerable homeserver that is in the room. Server administrators should upgrade to 1.41.1 or later in order to receive the patch. One workaround is available. Administrators of servers that use a reverse proxy could, with potentially unacceptable loss of functionality, block the endpoints: `/_matrix/client/r0/rooms/{room_id}/members` with `at` query parameter, and `/_matrix/client/unstable/rooms/{room_id}/members` with `at` query parameter. 3.1 https://nvd.nist.gov/vuln/detail/CVE-2021-39164
CVE-2020-24403 Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the REST API. 2.7 https://nvd.nist.gov/vuln/detail/CVE-2020-24403
CVE-2020-24404 Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization. 2.7 https://nvd.nist.gov/vuln/detail/CVE-2020-24404
CVE-2021-21296 Fleet is an open source osquery manager. In Fleet before version 3.7.0 a malicious actor with a valid node key can send a badly formatted request that causes the Fleet server to exit, resulting in denial of service. This is possible only while a live query is currently ongoing. We believe the impact of this vulnerability to be low given the requirement that the actor has a valid node key. There is no information disclosure, privilege escalation, or code execution. The issue is fixed in Fleet 3.7.0. 2.7 https://nvd.nist.gov/vuln/detail/CVE-2021-21296
CVE-2021-21544 Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user. 2.7 https://nvd.nist.gov/vuln/detail/CVE-2021-21544
CVE-2022-2047 In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario. 2.7 https://nvd.nist.gov/vuln/detail/CVE-2022-2047
CVE-2022-39409 Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: Business Process Automation . Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service partial DOS of Oracle Transportation Management. CVSS 3.1 Base Score 2.7 Availability impacts . CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L . 2.7 https://nvd.nist.gov/vuln/detail/CVE-2022-39409
CVE-2020-2516 Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Materialized View, Create Table privilege with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data. CVSS 3.0 Base Score 2.4 Integrity impacts . CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N . 2.4 https://nvd.nist.gov/vuln/detail/CVE-2020-2516
CVE-2021-41181 Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim received a phone call the attacker could gain access to the chat messages and files of the user. It is recommended that the Nextcloud Android Talk App is upgraded to 12.3.0. There are no known workarounds. 2.4 https://nvd.nist.gov/vuln/detail/CVE-2021-41181
CVE-2021-3037 An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS configuration to the destination server. 2.3 https://nvd.nist.gov/vuln/detail/CVE-2021-3037
CVE-2007-5536 Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors. https://nvd.nist.gov/vuln/detail/CVE-2007-5536
CVE-2008-0132 Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long input to sshd.exe by creating an error-message window and waiting for the administrator to click in this window before terminating the sshd.exe process, which allows remote attackers to cause a denial of service connection slot exhaustion via a flood of SSH connections with long data objects, as demonstrated by 1 a long list of keys and 2 a long username. https://nvd.nist.gov/vuln/detail/CVE-2008-0132
CVE-2007-6755 The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation Dual_EC_DRBG algorithm contains point Q constants with a possible relationship to certain “skeleton key” values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE. https://nvd.nist.gov/vuln/detail/CVE-2007-6755
CVE-2010-5312 Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option. https://nvd.nist.gov/vuln/detail/CVE-2010-5312
CVE-2015-1197 cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. https://nvd.nist.gov/vuln/detail/CVE-2015-1197
CVE-2022-34255 Adobe Commerce versions 2.4.3-p2 and earlier , 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. An attacker with a low privilege account could leverage this vulnerability to perform an account takeover for a victim. Exploitation of this issue does not require user interaction. https://nvd.nist.gov/vuln/detail/CVE-2022-34255
CVE-2022-40884 Bento4 1.6.0 has memory leaks via the mp4fragment. https://nvd.nist.gov/vuln/detail/CVE-2022-40884
CVE-2022-40885 Bento4 v1.6.0-639 has a memory allocation issue that can cause denial of service. https://nvd.nist.gov/vuln/detail/CVE-2022-40885
CVE-2022-27622 Server-Side Request Forgery SSRF vulnerability in Package Center functionality in Synology DiskStation Manager DSM before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors. https://nvd.nist.gov/vuln/detail/CVE-2022-27622
CVE-2022-27623 Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager DSM before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors. https://nvd.nist.gov/vuln/detail/CVE-2022-27623
CVE-2022-27804 An os command injection vulnerability exists in the web interface util_set_abode_code functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-27804
CVE-2022-27805 An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted network request can lead to arbitrary XCMD execution. An attacker can send a malicious XML payload to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-27805
CVE-2022-29472 An OS command injection vulnerability exists in the web interface util_set_serial_mac functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-29472
CVE-2022-29475 An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-29475
CVE-2022-29477 An authentication bypass vulnerability exists in the web interface /action/factory* functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP header can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-29477
CVE-2022-29520 An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send an XML payload to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-29520
CVE-2022-29851 documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document. https://nvd.nist.gov/vuln/detail/CVE-2022-29851
CVE-2022-29889 A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. Use of a hard-coded root password can lead to arbitrary command execution. An attacker can authenticate with hard-coded credentials to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-29889
CVE-2022-2762 The AdminPad WordPress plugin before 2.2 does not have CSRF check when updating admin’s note, allowing attackers to make a logged in admin update their notes via a CSRF attack https://nvd.nist.gov/vuln/detail/CVE-2022-2762
CVE-2022-30541 An OS command injection vulnerability exists in the XCMD setUPnP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-30541
CVE-2022-30603 An OS command injection vulnerability exists in the web interface /action/iperf functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-30603
CVE-2022-32454 A stack-based buffer overflow vulnerability exists in the XCMD setIPCam functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to remote code execution. An attacker can send a malicious XML payload to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-32454
CVE-2022-32574 A double-free vulnerability exists in the web interface /action/ipcamSetParamPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption. An attacker can make an authenticated HTTP request to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-32574
CVE-2022-32586 An OS command injection vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-32586
CVE-2022-32760 A denial of service vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to denial of service. An attacker can send a malicious XML payload to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-32760
CVE-2022-32765 An OS command injection vulnerability exists in the sysupgrade command injection functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-32765
CVE-2022-32773 An OS command injection vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-32773
CVE-2022-32775 An integer overflow vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption. An attacker can make an authenticated HTTP request to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-32775
CVE-2022-33150 An OS command injection vulnerability exists in the js_package install functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-33150
CVE-2022-33189 An OS command injection vulnerability exists in the XCMD setAlexa functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-33189
CVE-2022-33192 Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability specifically focuses on the unsafe use of the `WL_SSID` and `WL_SSID_HEX` configuration values in the function at offset `0x1c7d28` of firmware 6.9Z. https://nvd.nist.gov/vuln/detail/CVE-2022-33192
CVE-2022-33193 Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability specifically focuses on the unsafe use of the `WL_WPAPSK` configuration value in the function located at offset `0x1c7d28` of firmware 6.9Z. https://nvd.nist.gov/vuln/detail/CVE-2022-33193
CVE-2022-33194 Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `WL_Key` and `WL_DefaultKeyID` configuration values in the function located at offset `0x1c7d28` of firmware 6.9Z , and even more specifically on the command execution occuring at offset `0x1c7f6c`. https://nvd.nist.gov/vuln/detail/CVE-2022-33194
CVE-2022-33195 Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `WL_DefaultKeyID` in the function located at offset `0x1c7d28` of firmware 6.9Z, and even more specifically on the command execution occuring at offset `0x1c7fac`. https://nvd.nist.gov/vuln/detail/CVE-2022-33195
CVE-2022-33204 Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `ssid_hex` HTTP parameter to construct an OS Command at offset `0x19afc0` of the `/root/hpgw` binary included in firmware 6.9Z. https://nvd.nist.gov/vuln/detail/CVE-2022-33204
CVE-2022-33205 Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `wpapsk_hex` HTTP parameter to construct an OS Command at offset `0x19b0ac` of the `/root/hpgw` binary included in firmware 6.9Z. https://nvd.nist.gov/vuln/detail/CVE-2022-33205
CVE-2022-33206 Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `key` and `default_key_id` HTTP parameters to construct an OS Command crafted at offset `0x19b1f4` of the `/root/hpgw` binary included in firmware 6.9Z. https://nvd.nist.gov/vuln/detail/CVE-2022-33206
CVE-2022-33207 Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on a second unsafe use of the `default_key_id` HTTP parameter to construct an OS Command at offset `0x19B234` of the `/root/hpgw` binary included in firmware 6.9Z. https://nvd.nist.gov/vuln/detail/CVE-2022-33207
CVE-2022-33757 An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance. https://nvd.nist.gov/vuln/detail/CVE-2022-33757
CVE-2022-33897 A directory traversal vulnerability exists in the web_server /ajax/remove/ functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-33897
CVE-2022-33938 A format string injection vulnerability exists in the ghome_process_control_packet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted XCMD can lead to memory corruption, information disclosure and denial of service. An attacker can send a malicious XML payload to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-33938
CVE-2022-34845 A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network packet can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-34845
CVE-2022-34850 An OS command injection vulnerability exists in the web_server /action/import_authorized_keys/ functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-34850
CVE-2022-34870 Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting XSS via data injection when using Pulse web application to view Region entries. https://nvd.nist.gov/vuln/detail/CVE-2022-34870
CVE-2022-35132 Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module. https://nvd.nist.gov/vuln/detail/CVE-2022-35132
CVE-2022-35244 A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to memory corruption, information disclosure, and denial of service. An attacker can send a malicious XML payload to trigger this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-35244
CVE-2022-35261 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_authorized_keys/` API is affected by command injection vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-35261
CVE-2022-35262 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_xml_file/` API is affected by command injection vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-35262
CVE-2022-35263 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_file/` API is affected by command injection vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-35263
CVE-2022-35264 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_aaa_cert_file/` API is affected by command injection vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-35264
CVE-2022-35265 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_nodejs_app/` API is affected by command injection vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-35265
CVE-2022-35266 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_firmware/` API is affected by command injection vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-35266
CVE-2022-35267 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_https_cert_file/` API is affected by command injection vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-35267
CVE-2022-35268 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_sdk_file/` API is affected by command injection vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-35268
CVE-2022-35269 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_e2c_json_file/` API is affected by command injection vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-35269
CVE-2022-35270 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_wireguard_cert_file/` API is affected by command injection vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-35270
CVE-2022-35271 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_cert_file/` API is affected by command injection vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-35271
CVE-2022-35739 PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets CSS data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing “characters, and from modern browsers disabling JavaScript support in style tags, this vulnerability could not be escalated into a Cross-Site Scripting vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-35739
CVE-2022-35874 Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `ssid` and `ssid_hex` configuration parameters, as used within the `testWifiAP` XCMD handler https://nvd.nist.gov/vuln/detail/CVE-2022-35874
CVE-2022-35875 Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `wpapsk` configuration parameter, as used within the `testWifiAP` XCMD handler https://nvd.nist.gov/vuln/detail/CVE-2022-35875
CVE-2022-35876 Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` configuration parameters, as used within the `testWifiAP` XCMD handler https://nvd.nist.gov/vuln/detail/CVE-2022-35876
CVE-2022-35877 Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` configuration parameter, as used within the `testWifiAP` XCMD handler https://nvd.nist.gov/vuln/detail/CVE-2022-35877
CVE-2022-35878 Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `ST` and `Location` HTTP response headers, as used within the `DoEnumUPnPService` action handler. https://nvd.nist.gov/vuln/detail/CVE-2022-35878
CVE-2022-35879 Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `controlURL` XML tag, as used within the `DoUpdateUPnPbyService` action handler. https://nvd.nist.gov/vuln/detail/CVE-2022-35879
CVE-2022-35880 Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `NewInternalClient` XML tag, as used within the `DoUpdateUPnPbyService` action handler. https://nvd.nist.gov/vuln/detail/CVE-2022-35880
CVE-2022-35881 Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `errorCode` and `errorDescription` XML tags, as used within the `DoUpdateUPnPbyService` action handler. https://nvd.nist.gov/vuln/detail/CVE-2022-35881
CVE-2022-35884 Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `ssid_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler. https://nvd.nist.gov/vuln/detail/CVE-2022-35884
CVE-2022-35885 Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `wpapsk_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler. https://nvd.nist.gov/vuln/detail/CVE-2022-35885
CVE-2022-35886 Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` HTTP parameters, as used within the `/action/wirelessConnect` handler. https://nvd.nist.gov/vuln/detail/CVE-2022-35886
CVE-2022-35887 Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` HTTP parameter, as used within the `/action/wirelessConnect` handler. https://nvd.nist.gov/vuln/detail/CVE-2022-35887
CVE-2022-36783 AlgoSec FireFlow Reflected Cross-Site-Scripting RXSS : A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user victim . JavaScript code is executed on the browser of the other user. https://nvd.nist.gov/vuln/detail/CVE-2022-36783
CVE-2022-38195 There is as reflected cross site scripting issue in Esri ArcGIS Server versions 10.9.1 and below which may allow a remote unauthorized attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. https://nvd.nist.gov/vuln/detail/CVE-2022-38195
CVE-2022-38196 Esri ArcGIS Server versions 10.9.1 and prior have a path traversal vulnerability that may result in a denial of service by allowing a remote, authenticated attacker to overwrite internal ArcGIS Server directory. https://nvd.nist.gov/vuln/detail/CVE-2022-38196
CVE-2022-38197 Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redirect issue that may allow a remote, unauthenticated attacker to phish a user into accessing an attacker controlled website via a crafted query parameter. https://nvd.nist.gov/vuln/detail/CVE-2022-38197
CVE-2022-38198 There is a reflected cross site scripting issue in the Esri ArcGIS Server services directory versions 10.9.1 and below that may allow a remote, unauthenticated attacker to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. https://nvd.nist.gov/vuln/detail/CVE-2022-38198
CVE-2022-38199 A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to launch a process in the victim’s PATH environment. Current browsers provide users with warnings against running unsigned executables downloaded from the internet. https://nvd.nist.gov/vuln/detail/CVE-2022-38199
CVE-2022-38200 A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim’s browser. https://nvd.nist.gov/vuln/detail/CVE-2022-38200
CVE-2022-38580 Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery SSRF . https://nvd.nist.gov/vuln/detail/CVE-2022-38580
CVE-2022-38870 Free5gc v3.2.1 is vulnerable to Information disclosure. https://nvd.nist.gov/vuln/detail/CVE-2022-38870
CVE-2022-39312 Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In `backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java`, the `MysqlConfiguration` class does not filter any parameters. If an attacker adds some parameters to a JDBC url and connects to a malicious mysql server, the attacker can trigger the mysql jdbc deserialization vulnerability. Through the deserialization vulnerability, the attacker can execute system commands and obtain server privileges. Version 1.15.2 contains a patch for this issue. https://nvd.nist.gov/vuln/detail/CVE-2022-39312
CVE-2022-39315 Kirby is a Content Management System. Prior to versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, a user enumeration vulnerability affects all Kirby sites with user accounts unless Kirby’s API and Panel are disabled in the config. It can only be exploited for targeted attacks because the attack does not scale to brute force. The problem has been patched in Kirby 3.5.8.2, Kirby 3.6.6.2, Kirby 3.7.5.1, and Kirby 3.8.1. In all of the mentioned releases, the maintainers have rewritten the affected code so that the delay is also inserted after the brute force limit is reached. https://nvd.nist.gov/vuln/detail/CVE-2022-39315
CVE-2022-39321 GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands was discovered in versions prior to 2.296.2, 2.293.1, 2.289.4, 2.285.2, and 2.283.4 that allows an input to escape the environment variable and modify that docker command invocation directly. Jobs that use container actions, job containers, or service containers alongside untrusted user inputs in environment variables may be vulnerable. The Actions Runner has been patched, both on `github.co