US-CERT Bulletin (SB22-122):Vulnerability Summary for the Week of April 25, 2022
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| jfinalcms_project — jfinalcms | JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function. | 2022-04-22 | 7.5 | CVE-2022-27341 MISC |
| link-admin_project — link-admin | Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerability via DictRest.ResponseResult(). | 2022-04-22 | 7.5 | CVE-2022-27342 MISC |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| ibm — cognos_analytics | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399. | 2022-04-22 | 6.8 | CVE-2021-38886 XF CONFIRM |
| pimcore — pimcore | SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data | 2022-04-22 | 5 | CVE-2022-1429 MISC CONFIRM |
| ibm — cognos_analytics | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user’s browser via incorrect autocomplete settings. IBM X-Force ID: 209693. | 2022-04-22 | 4.3 | CVE-2021-38904 XF CONFIRM |
| microweber — microweber | Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It’s the only payload I found working, you might need to press “tab” but there is probably a paylaod that runs without user interaction. | 2022-04-22 | 4.3 | CVE-2022-1439 CONFIRM MISC |
| crypt-server_project — crypt-server | Crypt Server before 3.3.0 allows XSS in the index view. This is related to serial, computername, and username. | 2022-04-22 | 4.3 | CVE-2022-29589 MISC MISC |
| ibm — cognos_analytics | IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813. | 2022-04-22 | 4 | CVE-2021-20464 CONFIRM XF |
| ibm — cognos_analytics | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the ‘Data Connections’ page to which they don’t have access. IBM X-Force ID: 204468. | 2022-04-22 | 4 | CVE-2021-29824 CONFIRM XF |
| ibm — cognos_analytics | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697. | 2022-04-22 | 4 | CVE-2021-38905 XF CONFIRM |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| ibm — cognos_analytics | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. IBM X-Force ID: 209691. | 2022-04-22 | 3.5 | CVE-2021-38903 CONFIRM XF |
| ibm — cognos_analytics | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240. | 2022-04-22 | 3.5 | CVE-2021-38946 CONFIRM XF |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| artifex — ghostscript |
Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839. | 2022-04-25 | not yet calculated | CVE-2019-25059 MISC MLIST |
| wordpress — dw_question_&_answer_pro_wordpress_plugin |
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments. | 2022-04-25 | not yet calculated | CVE-2021-24800 MISC |
| wordpress — dw_question_&_answer_pro_wordpress_plugin |
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as update a comment or a question status. | 2022-04-25 | not yet calculated | CVE-2021-24805 MISC |
| wordpress — advanced_page_visit_counter_wordpress_plugin |
The Advanced Page Visit Counter WordPress plugin through 5.0.8 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection | 2022-04-25 | not yet calculated | CVE-2021-24957 MISC |
| wordpress — tatsu_wordpress_plugin |
The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress’s upload directory. By adding a PHP shell with a filename starting with a dot “.”, this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker. | 2022-04-25 | not yet calculated | CVE-2021-25094 MISC MISC |
| wordpress– english_wordpress_admin_wordpress_plugin |
The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue | 2022-04-25 | not yet calculated | CVE-2021-25111 MISC |
| sophos — authenticator_for_android |
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495. | 2022-04-27 | not yet calculated | CVE-2021-25266 CONFIRM |
| maxboard — maxboard |
Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files. | 2022-04-26 | not yet calculated | CVE-2021-26628 MISC |
| tobesoft — xplatform | A path traversal vulnerability in XPLATFORM’s runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..\’. | 2022-04-26 | not yet calculated | CVE-2021-26629 MISC |
| ibm — qradar_siem |
IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user’s dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030. | 2022-04-27 | not yet calculated | CVE-2021-29776 CONFIRM XF |
| nomachine — nomachine_for_windows |
NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM. | 2022-04-28 | not yet calculated | CVE-2021-33436 MISC MISC MISC MISC |
| bender/ebee — charge_controllers |
In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable. | 2022-04-27 | not yet calculated | CVE-2021-34587 CONFIRM |
| bender/ebee — charge_controllers |
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot . | 2022-04-27 | not yet calculated | CVE-2021-34588 CONFIRM |
| bender/ebee — charge_controllers |
In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface. | 2022-04-27 | not yet calculated | CVE-2021-34589 CONFIRM |
| bender/ebee — charge_controllers |
In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed. | 2022-04-27 | not yet calculated | CVE-2021-34590 CONFIRM |
| bender/ebee — charge_controllers |
In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd. | 2022-04-27 | not yet calculated | CVE-2021-34591 CONFIRM |
| bender/ebee — charge_controllers |
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields. | 2022-04-27 | not yet calculated | CVE-2021-34592 CONFIRM |
| bender/ebee — cc612 |
In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI. | 2022-04-27 | not yet calculated | CVE-2021-34601 CONFIRM |
| bender/ebee — charge_controllers |
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges. | 2022-04-27 | not yet calculated | CVE-2021-34602 CONFIRM |
| 3scale — apicast |
A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address. | 2022-04-27 | not yet calculated | CVE-2021-3523 MISC |
| solarwinds — serv-u |
A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1. | 2022-04-25 | not yet calculated | CVE-2021-35250 MISC MISC |
| metasys — ads/adx/oas |
Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator. | 2022-04-29 | not yet calculated | CVE-2021-36207 CERT CONFIRM |
| veryfixpro — veryfixpro |
VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account’s password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user’s account, rendering the benefits of storing hashed passwords in the database useless. | 2022-04-25 | not yet calculated | CVE-2021-36460 MISC MISC MISC |
| wordpress –alexander_ustimenko’s_psychological_tests_&_quizzes_plugin |
Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko’s Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher user rights. | 2022-04-26 | not yet calculated | CVE-2021-36867 CONFIRM CONFIRM |
| tripetto — tripetto_plugin |
Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto’s Tripetto plugin <= 5.1.4 on WordPress via SVG image upload. | 2022-04-26 | not yet calculated | CVE-2021-36895 CONFIRM CONFIRM |
| lenovo — pcmanager |
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error. | 2022-04-22 | not yet calculated | CVE-2021-3721 MISC |
| lenovo — pcmanager |
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation. | 2022-04-22 | not yet calculated | CVE-2021-3722 MISC |
| lenovo — multiple_products |
An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected. | 2022-04-22 | not yet calculated | CVE-2021-3849 CONFIRM |
| ibm — qradar_siem |
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341. | 2022-04-27 | not yet calculated | CVE-2021-38869 CONFIRM XF |
| ibm — qradar_siem |
IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397. | 2022-04-27 | not yet calculated | CVE-2021-38874 XF CONFIRM |
| ibm — qradar |
IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchange without entity authentication. IBM X-Force ID: 208756. | 2022-04-27 | not yet calculated | CVE-2021-38878 CONFIRM XF |
| ibm — qradar_siem |
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021 | 2022-04-27 | not yet calculated | CVE-2021-38919 CONFIRM XF |
| ibm — qradar_siem |
IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037. | 2022-04-27 | not yet calculated | CVE-2021-38939 XF CONFIRM |
| ibm — infosphere_information_server |
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211408. | 2022-04-28 | not yet calculated | CVE-2021-38952 CONFIRM XF |
| lenovo — multiple_products |
An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected. | 2022-04-22 | not yet calculated | CVE-2021-3897 CONFIRM |
| motorola — multiple_products |
Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being accessible by an attacker. | 2022-04-22 | not yet calculated | CVE-2021-3898 MISC |
| ibm — planning_analytics_workspace | IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 214025. | 2022-04-25 | not yet calculated | CVE-2021-39040 XF CONFIRM |
| ibm — urbancode_deploy |
IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 2022-04-29 | not yet calculated | CVE-2021-39082 CONFIRM XF |
| lenovo — lenovovariable_smi_handler |
A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code. | 2022-04-22 | not yet calculated | CVE-2021-3970 MISC |
| lenovo — notebook |
A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable. | 2022-04-22 | not yet calculated | CVE-2021-3971 MISC |
| lenovo — notebook |
A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices’ BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. | 2022-04-22 | not yet calculated | CVE-2021-3972 MISC |
| red_hat — gnome-shell |
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine. | 2022-04-29 | not yet calculated | CVE-2021-3982 MISC MISC |
| artica — proxy |
There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi. | 2022-04-25 | not yet calculated | CVE-2021-40680 FULLDISC |
| eclipse — openj9 |
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles. | 2022-04-27 | not yet calculated | CVE-2021-41041 CONFIRM CONFIRM |
| novelplus — novel-plus |
novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution. | 2022-04-28 | not yet calculated | CVE-2021-41921 MISC |
| magic_cms_msvod — magic_cms_msvod |
The Magic CMS MSVOD v10 video system has a SQL injection vulnerability. Attackers can use vulnerabilities to obtain sensitive information in the database. | 2022-04-29 | not yet calculated | CVE-2021-41942 MISC |
| encode– oss_httpx |
Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`. | 2022-04-28 | not yet calculated | CVE-2021-41945 MISC MISC MISC MISC MISC |
| subrion_cms — subrion_cms |
A cross-site scripting (XSS) vulnerability exists in the “contact us” plugin for Subrion CMS <= 4.2.1 version via “List of subjects”. | 2022-04-29 | not yet calculated | CVE-2021-41948 MISC |
| pingidentity — pingid_windows_login |
A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. | 2022-04-30 | not yet calculated | CVE-2021-41992 MISC MISC |
| pingidentity — pingid_adnroid |
A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. | 2022-04-30 | not yet calculated | CVE-2021-41993 MISC MISC |
| pingidentity — pingid_ios |
A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. | 2022-04-30 | not yet calculated | CVE-2021-41994 MISC MISC |
| pingidentity — pingid_desktop |
PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP. | 2022-04-30 | not yet calculated | CVE-2021-42001 MISC MISC |
| aemu — aemu |
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. | 2022-04-29 | not yet calculated | CVE-2021-4206 MISC MISC |
| aemu — aemu |
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. | 2022-04-29 | not yet calculated | CVE-2021-4207 MISC MISC |
| lenovo — nvme_driver |
A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. | 2022-04-22 | not yet calculated | CVE-2021-4210 MISC |
| lenovo — smbios_event_log_driver |
A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. | 2022-04-22 | not yet calculated | CVE-2021-4211 MISC |
| lenovo — nlegacy_bios_mode_driver | A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code. | 2022-04-22 | not yet calculated | CVE-2021-4212 MISC |
| wordpress — sp_project_&_document_manager_wordpress_plugin |
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites. | 2022-04-25 | not yet calculated | CVE-2021-4225 MISC MISC |
| elcomplus — smartptt |
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system. | 2022-04-28 | not yet calculated | CVE-2021-43930 CONFIRM |
| elcomplus — smartptt |
Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page. | 2022-04-28 | not yet calculated | CVE-2021-43932 CONFIRM |
| elcomplus — smartptt |
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate upload requests, enabling a malicious user to potentially upload arbitrary files. | 2022-04-28 | not yet calculated | CVE-2021-43934 CONFIRM |
| elcomplus — smartptt_scada_server |
Elcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. | 2022-04-29 | not yet calculated | CVE-2021-43937 CONFIRM |
| elcomplus — smartptt_scada_server |
Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization. | 2022-04-29 | not yet calculated | CVE-2021-43938 CONFIRM |
| elcomplus — smartptt_scada |
Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level administration authorization by issuing requests directly to the desired endpoints. | 2022-04-28 | not yet calculated | CVE-2021-43939 CONFIRM |
| wondershare — dr._fone |
Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges. | 2022-04-29 | not yet calculated | CVE-2021-44595 MISC MISC MISC |
| wondershare — dr._fone | Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the “InstallAssistService.exe” service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges | 2022-04-29 | not yet calculated | CVE-2021-44596 MISC MISC MISC |
| terramaster — terramaster |
An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app. | 2022-04-25 | not yet calculated | CVE-2021-45836 MISC |
| terramaster — terramaster |
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del. | 2022-04-25 | not yet calculated | CVE-2021-45837 MISC |
| terramaster — terramaster |
It is possible to obtain the first administrator’s hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint. | 2022-04-25 | not yet calculated | CVE-2021-45839 MISC |
| terramaster — terramaster |
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop. | 2022-04-25 | not yet calculated | CVE-2021-45840 MISC |
| terramaster — terramaster |
In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target’s MAC address and the user’s password hash. Guest users (disabled by default) can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest. | 2022-04-25 | not yet calculated | CVE-2021-45841 MISC |
| terramaster — terramaster |
It is possible to obtain the first administrator’s hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint. | 2022-04-25 | not yet calculated | CVE-2021-45842 MISC |
| franklin_fueling_systems — ts-550_evo |
Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. | 2022-04-27 | not yet calculated | CVE-2021-46420 MISC |
| franklin_fueling_systems — t5_series |
Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. | 2022-04-27 | not yet calculated | CVE-2021-46421 MISC |
| telesquare — sdt-cw3b1 | Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication. | 2022-04-27 | not yet calculated | CVE-2021-46422 MISC |
| telesquare — tlr-2005ksh |
Telesquare TLR-2005KSH 1.0.0 is affected by an unauthenticated file download vulnerability that allows a remote attacker to download a full configuration file. | 2022-04-27 | not yet calculated | CVE-2021-46423 MISC |
| telesquare — tlr-2005ksh |
Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request. | 2022-04-27 | not yet calculated | CVE-2021-46424 MISC |
| d-link — dir-825_g1 |
In the “webupg” binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use “cmd” parameters to execute arbitrary system commands after obtaining authorization. | 2022-04-27 | not yet calculated | CVE-2021-46441 MISC MISC |
| D-Link DIR-825 G1 |
In the “webupg” binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters “autoupgrade.asp”, and perform functions such as downloading configuration files and updating firmware without authorization. | 2022-04-27 | not yet calculated | CVE-2021-46442 MISC MISC |
| wordpress — easy_google_maps_wordpress_plugin |
The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting | 2022-04-25 | not yet calculated | CVE-2021-46780 MISC |
| wordpress — supsystic_wordpress_plugin |
The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sanitise and escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting | 2022-04-25 | not yet calculated | CVE-2021-46781 MISC |
| wordpress — supsystic_wordpress_plugin |
The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting | 2022-04-25 | not yet calculated | CVE-2021-46782 MISC |
| lenovo — pcmanager |
A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation. | 2022-04-22 | not yet calculated | CVE-2022-0192 MISC |
| wordpress — mycred_wordpress_plugin |
The myCred WordPress plugin before 2.4.3.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog | 2022-04-25 | not yet calculated | CVE-2022-0287 MISC |
| lenovo — system_update |
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window. | 2022-04-22 | not yet calculated | CVE-2022-0354 MISC MISC |
| wordpress — mycred_wordpress_lugin |
The myCred WordPress plugin before 2.4.4 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts. | 2022-04-25 | not yet calculated | CVE-2022-0363 MISC |
| wordpress — thirstyaffiliates_affiliate_link_manager_wordpress_plugin |
The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website | 2022-04-25 | not yet calculated | CVE-2022-0398 MISC |
| gitlab — gitlab |
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from the package registries which could result in a Denial of Service under specific conditions. | 2022-04-25 | not yet calculated | CVE-2022-0477 MISC CONFIRM |
| wordpress — flo-launch_wordpress_plugin |
The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value. | 2022-04-25 | not yet calculated | CVE-2022-0541 MISC |
| wordpress — thirstyaffiliates_affiliate_link_manager_wordpress_plugin |
The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 lacks authorization checks in the ta_insert_external_image action, allowing a low-privilege user (with a role as low as Subscriber) to add an image from an external URL to an affiliate link. Further the plugin lacks csrf checks, allowing an attacker to trick a logged in user to perform the action by crafting a special request. | 2022-04-25 | not yet calculated | CVE-2022-0634 MISC |
| lenovo — thin_installer |
A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash. | 2022-04-22 | not yet calculated | CVE-2022-0636 MISC |
| wordpress — web_to_print_shop_udraw_wordpress_plugin |
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc) | 2022-04-25 | not yet calculated | CVE-2022-0656 MISC |
| wordpress — 5_stars_rating_funnel_wordpress_plugin |
The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress plugin before 1.2.54 does not properly sanitise, validate and escape lead ids before using them in a SQL statement via the rrtngg_delete_leads AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue. There is an attempt to sanitise the input, using sanitize_text_field(), however such function is not intended to prevent SQL injections. | 2022-04-25 | not yet calculated | CVE-2022-0657 MISC |
| wordpress — master_elements_wordpress_plugin |
The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL Injection | 2022-04-25 | not yet calculated | CVE-2022-0693 MISC |
| wordpress — users_ultra_wordpress_plugin |
The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote AJAX action (available to both unauthenticated and authenticated users), leading to an SQL Injection. | 2022-04-25 | not yet calculated | CVE-2022-0769 MISC |
| wordpress — donations_wordpress_plugin |
The Donations WordPress plugin through 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement via the nd_donations_single_cause_form_validate_fields_php_function AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection | 2022-04-25 | not yet calculated | CVE-2022-0782 MISC |
| wordpress — wpdevart_wordpress_plugin |
The Social comments by WpDevArt WordPress plugin before 2.5.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfiltered_html is disallowed | 2022-04-25 | not yet calculated | CVE-2022-0876 MISC |
| wordpress– anti-malware_secruity_and_brute-force_firewall_wordpress_lugin |
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters | 2022-04-25 | not yet calculated | CVE-2022-0953 MISC |
| linux — linux |
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges. | 2022-04-29 | not yet calculated | CVE-2022-0984 MISC |
| linux — linux |
Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability. | 2022-04-29 | not yet calculated | CVE-2022-0985 MISC |
| linux — linux_kernel |
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. | 2022-04-29 | not yet calculated | CVE-2022-1015 MISC MISC MISC |
| wordpress — page_restriction_wordpress_plugin |
The Page Restriction WordPress (WP) WordPress plugin before 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users. | 2022-04-25 | not yet calculated | CVE-2022-1027 MISC |
| linux — linux_kernel |
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. | 2022-04-29 | not yet calculated | CVE-2022-1048 MISC MISC |
| wordpress — mycred_plugin |
The myCred WordPress plugin before 2.4.4 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog | 2022-04-25 | not yet calculated | CVE-2022-1092 MISC |
| wordpress — wordpress |
The amr users WordPress plugin before 4.59.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2022-04-25 | not yet calculated | CVE-2022-1094 MISC |
| lenovo — thinkpad |
During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code. | 2022-04-22 | not yet calculated | CVE-2022-1107 MISC |
| lenovo — thinkpad |
A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code. | 2022-04-22 | not yet calculated | CVE-2022-1108 MISC |
| imagemagicks — relinquishdcminfo |
A heap-use-after-free flaw was found in ImageMagick’s RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service. | 2022-04-29 | not yet calculated | CVE-2022-1114 MISC |
| wordpress — menubar_plugin |
The Menubar WordPress plugin before 5.8 does not sanitise and escape the command parameter before outputting it back in the response via the menubar AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting | 2022-04-25 | not yet calculated | CVE-2022-1152 MISC |
| wordpress — layerslider_plugin |
The LayerSlider WordPress plugin before 7.1.2 does not sanitise and escape Project’s slug before outputting it back in various place, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | 2022-04-25 | not yet calculated | CVE-2022-1153 MISC |
| wordpress — books_and_papers_plugin |
The Books & Papers WordPress plugin through 0.20210223 does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2022-04-25 | not yet calculated | CVE-2022-1156 MISC |
| getgrav — grav |
stored xss in GitHub repository getgrav/grav prior to 1.7.33. | 2022-04-26 | not yet calculated | CVE-2022-1173 MISC CONFIRM |
| linux — linux_kernel |
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. | 2022-04-29 | not yet calculated | CVE-2022-1195 MISC MISC MISC MISC MISC |
| podman — podman |
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the ‘podman top’ command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. | 2022-04-29 | not yet calculated | CVE-2022-1227 MISC MISC |
| wordpress — opensea_plugin |
The Opensea WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, like its “Referer address” field, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2022-04-25 | not yet calculated | CVE-2022-1228 MISC |
| linux — linux |
A NULL pointer dereference flaw was found in pesign’s cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign. | 2022-04-29 | not yet calculated | CVE-2022-1249 MISC |
| linux — linux_kernel |
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. | 2022-04-29 | not yet calculated | CVE-2022-1353 MISC MISC |
| wordpress — admin_word_count_column |
The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique | 2022-04-25 | not yet calculated | CVE-2022-1390 MISC MISC |
| wordpress — cab_fare_calculator_plugin |
The Cab fare calculator WordPress plugin through 1.0.3 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues. | 2022-04-25 | not yet calculated | CVE-2022-1391 MISC MISC |
| wordpress — videos_sync_pdf_plugin |
The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues | 2022-04-25 | not yet calculated | CVE-2022-1392 MISC MISC |
| wordpress — donorbox_plugin |
The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed | 2022-04-25 | not yet calculated | CVE-2022-1396 MISC MISC |
| delta_electronics — asda-soft |
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. | 2022-04-29 | not yet calculated | CVE-2022-1402 MISC |
| delta_electronics — asda-soft |
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition. | 2022-04-29 | not yet calculated | CVE-2022-1403 MISC |
| mruby — mruby |
Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited. | 2022-04-23 | not yet calculated | CVE-2022-1427 CONFIRM MISC |
| yarkeev — yarkeev |
Command Injection vulnerability in [email protected] in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a `–upload-pack` command-line argument feature of git is also supported for `git clone`, which would then allow for any operating system command to be spawned by the attacker. | 2022-04-22 | not yet calculated | CVE-2022-1440 MISC CONFIRM |
| gpac — gpac |
MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow. | 2022-04-25 | not yet calculated | CVE-2022-1441 MISC MISC |
| radareorg — radare2 |
heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service. | 2022-04-23 | not yet calculated | CVE-2022-1444 CONFIRM MISC |
| snipe — snipe-it |
Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie. | 2022-04-24 | not yet calculated | CVE-2022-1445 MISC CONFIRM |
| radareorg — radare2 |
Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html). | 2022-04-24 | not yet calculated | CVE-2022-1451 CONFIRM MISC |
| radareorg — radare2 |
Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html). | 2022-04-24 | not yet calculated | CVE-2022-1452 CONFIRM MISC |
| facturascripts — facturascripts |
Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user’s machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account. | 2022-04-25 | not yet calculated | CVE-2022-1457 CONFIRM MISC |
| openemr — openemr |
Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1. | 2022-04-25 | not yet calculated | CVE-2022-1458 MISC CONFIRM |
| openemr — openemr |
Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1. | 2022-04-25 | not yet calculated | CVE-2022-1459 MISC CONFIRM |
| openemr — openemr | Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1. | 2022-04-25 | not yet calculated | CVE-2022-1461 MISC CONFIRM |
| getsimple — content_management_system |
Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted. | 2022-04-26 | not yet calculated | CVE-2022-1466 MISC MISC MISC |
| getsimple — content_management_system | A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like <script>alert(1)</script> leads to cross site scripting. The attack may be launched remotely but requires authentication. Expoit details have been disclosed within the advisory. | 2022-04-27 | not yet calculated | CVE-2022-1503 MISC MISC |
| microweber — microweber |
XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks. | 2022-04-27 | not yet calculated | CVE-2022-1504 CONFIRM MISC |
| chafa — chafa |
chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. | 2022-04-27 | not yet calculated | CVE-2022-1507 MISC CONFIRM |
| hestiacp — hestiacp |
Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context. | 2022-04-28 | not yet calculated | CVE-2022-1509 CONFIRM MISC |
| snipe — snipe-it |
Improper Access Control in GitHub repository snipe/snipe-it prior to 5.4.4. | 2022-04-28 | not yet calculated | CVE-2022-1511 CONFIRM MISC |
| facturascripts — facturascripts |
Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user’s machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account. | 2022-04-28 | not yet calculated | CVE-2022-1514 MISC CONFIRM |
| emlog — emlog_pro |
A vulnerability, which was classified as problematic, was found in Emlog Pro up to 1.2.2. This affects the POST parameter handling of articles. The manipulation with the input <script>alert(1);</script> leads to cross site scripting. It is possible to initiate the attack remotely but it requires a signup and login by the attacker. The exploit has been disclosed to the public and may be used. | 2022-04-29 | not yet calculated | CVE-2022-1526 MISC MISC |
| livehelperchat — livehelperchat |
Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Attacker can execute malicious JS on Application 🙂 | 2022-04-29 | not yet calculated | CVE-2022-1530 MISC CONFIRM |
| rtx — rtx |
SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in GitHub repository rtxteam/rtx prior to checkpoint_2022-04-20 . This vulnerability is critical as it can lead to remote code execution and thus complete server takeover. | 2022-04-29 | not yet calculated | CVE-2022-1531 MISC CONFIRM |
| libmobi — libmobi |
Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. This vulnerability is capable of arbitrary code execution. | 2022-04-29 | not yet calculated | CVE-2022-1533 CONFIRM MISC |
| libmobi — libmobi |
Buffer Over-read at parse_rawml.c:1416 in GitHub repository bfabiszewski/libmobi prior to 0.11. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. | 2022-04-29 | not yet calculated | CVE-2022-1534 MISC CONFIRM |
| automad — automad |
A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home</title><script>alert(“home”)</script><title> leads to a cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit details have disclosed to the public and may be used. | 2022-04-29 | not yet calculated | CVE-2022-1536 N/A N/A |
| scoold — scoold |
Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server. | 2022-04-29 | not yet calculated | CVE-2022-1543 CONFIRM MISC |
| sonicwall — sonicos |
Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable. | 2022-04-27 | not yet calculated | CVE-2022-22275 CONFIRM |
| sonicwall — sonicos |
A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user. | 2022-04-27 | not yet calculated | CVE-2022-22276 CONFIRM |
| sonicwall — sonicos |
A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext. | 2022-04-27 | not yet calculated | CVE-2022-22277 CONFIRM |
| sonicwall — sonicos_cfs |
A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack | 2022-04-27 | not yet calculated | CVE-2022-22278 CONFIRM |
| ibm — security_identity_manager |
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 217369. | 2022-04-27 | not yet calculated | CVE-2022-22312 CONFIRM XF |
| ibm — urbancode_deploy |
IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper handling of permissions. IBM X-Force ID: 217955. | 2022-04-27 | not yet calculated | CVE-2022-22315 CONFIRM XF |
| ibm — infosphere_information_server |
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218370. | 2022-04-28 | not yet calculated | CVE-2022-22322 CONFIRM XF |
| ibm — security_identity_manager |
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 218379. | 2022-04-27 | not yet calculated | CVE-2022-22323 XF CONFIRM |
| ibm — qradar |
IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220041. | 2022-04-27 | not yet calculated | CVE-2022-22345 XF CONFIRM |
| ibm — planning_analytics_local |
IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 222066. | 2022-04-25 | not yet calculated | CVE-2022-22392 XF CONFIRM |
| ibm — infosphere_information_server |
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223720. | 2022-04-28 | not yet calculated | CVE-2022-22427 XF CONFIRM |
| ibm — infosphere_information_server | IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. IBM X-Force ID: 224426. | 2022-04-28 | not yet calculated | CVE-2022-22441 XF CONFIRM |
| ibm — infosphere_information_server | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224440. | 2022-04-28 | not yet calculated | CVE-2022-22443 XF CONFIRM |
| miele — benchmark_programming_tool |
In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed by users with administrative privileges. An attacker could thereby obtain higher permissions. The attacker must already have access to the corresponding local system to be able to exchange the files. | 2022-04-27 | not yet calculated | CVE-2022-22521 MISC FULLDISC MISC |
| zoom — client_for_meetings |
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor updating an unsuspecting user’s currently installed version to a less secure version. | 2022-04-28 | not yet calculated | CVE-2022-22781 MISC |
| zoom — client_for_meetings |
The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user’s host machine. | 2022-04-28 | not yet calculated | CVE-2022-22782 MISC |
| zoom — on-premise_meeting_connector_controller |
A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker. | 2022-04-28 | not yet calculated | CVE-2022-22783 MISC |
| esapi — esapi |
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the ‘input’ path. This vulnerability is patched in release 2.3.0.0 of ESAPI. As a workaround, it is possible to write one’s own implementation of the Validator interface. However, maintainers do not recommend this. | 2022-04-25 | not yet calculated | CVE-2022-23457 MISC MISC CONFIRM |
| xilinx — xilinx |
In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue. | 2022-04-27 | not yet calculated | CVE-2022-23822 MISC MISC |
| apache — doris |
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure. | 2022-04-26 | not yet calculated | CVE-2022-23942 CONFIRM MLIST MLIST |
| linysys — linksys |
Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share. | 2022-04-27 | not yet calculated | CVE-2022-24372 MISC MISC MISC |
| solar — appscreener |
Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document. | 2022-04-28 | not yet calculated | CVE-2022-24449 MISC MISC |
| apache — couchdb |
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations. | 2022-04-26 | not yet calculated | CVE-2022-24706 MISC MISC MLIST |
| redis — redis |
Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules. | 2022-04-27 | not yet calculated | CVE-2022-24735 MISC CONFIRM MISC MISC |
| redis — redis |
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules. | 2022-04-27 | not yet calculated | CVE-2022-24736 MISC CONFIRM MISC MISC |
| pjsip — pjsip |
PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository. As a workaround, apps can reject a WAV file received from an unknown source or validate the file first. | 2022-04-25 | not yet calculated | CVE-2022-24792 MISC CONFIRM |
| discourse — discourse-assign |
Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the whole User / Group object, which leaked some private information. The data was only being serialized to people who could view assignment info, which is limited to staff by default. For the vast majority of sites, this data was only leaked to trusted staff member, but for sites with assign features enabled publicly, the data was accessible to more people than just staff. Version 1.0.1 contains a patch. There are currently no known workarounds. | 2022-04-26 | not yet calculated | CVE-2022-24866 MISC CONFIRM |
| shopware — shopware |
Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin. | 2022-04-28 | not yet calculated | CVE-2022-24873 MISC MISC CONFIRM |
| shopware — shopware | Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 are vulnerable to malfunction of cross-site request forgery (CSRF) token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin. | 2022-04-28 | not yet calculated | CVE-2022-24879 CONFIRM MISC MISC |
| tethik — tethik |
flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he `captcha.validate()` function would return `None` if passed no value (e.g. by submitting an having an empty form). If implementing users were checking the return value to be **False**, the captcha verification check could be bypassed. Version 1.2.1 fixes the issue. Users can workaround the issue by not explicitly checking that the value is False. Checking the return value less explicitly should still work. | 2022-04-25 | not yet calculated | CVE-2022-24880 MISC MISC MISC CONFIRM |
| ballcat — ballcat |
Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but input verification is not done. The fault is rectified in version 1.0.0.beta.2. | 2022-04-26 | not yet calculated | CVE-2022-24881 MISC CONFIRM MISC |
| freerdp — freerdp |
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds. | 2022-04-26 | not yet calculated | CVE-2022-24882 MISC MISC CONFIRM MISC |
| freerdp — freerdp |
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left. | 2022-04-26 | not yet calculated | CVE-2022-24883 MISC CONFIRM MISC MISC |
| nextcloud — android |
Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are currently no known workarounds. | 2022-04-27 | not yet calculated | CVE-2022-24885 MISC MISC CONFIRM |
| nextcloud — android |
Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. Version 3.19.0 contains a fix for this issue. There are currently no known workarounds. | 2022-04-27 | not yet calculated | CVE-2022-24886 MISC MISC CONFIRM |
| nextcloud — talk |
Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds. | 2022-04-27 | not yet calculated | CVE-2022-24887 MISC MISC CONFIRM |
| nextcloud — server |
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders that have these characters in the middle of their names, so this might be an opportunity for injection. This issue is fixed in versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1. There are currently no known workarounds. | 2022-04-27 | not yet calculated | CVE-2022-24888 MISC MISC CONFIRM |
| nextcloud — server |
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling “recommended” apps for the Nextcloud server that they do not need, thus expanding their attack surface unnecessarily. This issue is fixed in versions 21.0.8 , 22.2.4, and 23.0.1. | 2022-04-27 | not yet calculated | CVE-2022-24889 CONFIRM MISC MISC |
| esapi — esapi |
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for “onsiteURL” in the **antisamy-esapi.xml** configuration file that can cause “javascript:” URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration files to change the “onsiteURL” regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers’ release notes and security bulletin. | 2022-04-27 | not yet calculated | CVE-2022-24891 MISC CONFIRM MISC |
| shopware — shopware |
Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an attacker to take over the victim’s account if they somehow gain access to the victims email account and find an unused password reset token in the emails. This issue is fixed in version 5.7.9. | 2022-04-28 | not yet calculated | CVE-2022-24892 MISC MISC CONFIRM |
| xwiki — xwiki |
org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Starting in version 2.7 and prior to versions 12.10.10, 13.4.4, and 13.8-rc-1, it is possible for a script to access any file accessing to the user running XWiki application server with XML External Entity Injection through the XML script service. The problem has been patched in versions 12.10.10, 13.4.4, and 13.8-rc-1. There is no easy workaround for fixing this vulnerability other than upgrading and being careful when giving Script rights. | 2022-04-28 | not yet calculated | CVE-2022-24898 MISC MISC CONFIRM |
| piano_led — piano_led |
Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The `os.path.join` call is unsafe for use with untrusted input. When the `os.path.join` call encounters an absolute path, it ignores all the parameters it has encountered till that point and starts working with the new absolute path. Since the “malicious” parameter represents an absolute path, the result of `os.path.join` ignores the static directory completely. Hence, untrusted input is passed via the `os.path.join` call to `flask.send_file` can lead to path traversal attacks. A patch with a fix is available on the `master` branch of the GitHub repository. This can also be fixed by preventing flow of untrusted data to the vulnerable `send_file` function. In case the application logic necessiates this behaviour, one can either use the `flask.safe_join` to join untrusted paths or replace `flask.send_file` calls with `flask.send_from_directory` calls. | 2022-04-29 | not yet calculated | CVE-2022-24900 MISC CONFIRM MISC MISC MISC |
| lexmark — multiple_products |
Lexmark products through 2022-02-10 have Incorrect Access Control. | 2022-04-28 | not yet calculated | CVE-2022-24935 MISC MISC |
| tagify — tagify |
This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload. | 2022-04-29 | not yet calculated | CVE-2022-25854 CONFIRM CONFIRM CONFIRM CONFIRM |
| czproject — czproject |
The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable($url, array $refs = NULL) function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection. | 2022-04-25 | not yet calculated | CVE-2022-25866 CONFIRM CONFIRM CONFIRM |
| nextcloud — android |
The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server. | 2022-04-25 | not yet calculated | CVE-2022-26111 MISC MISC |
| hoteldruid — hotel_management_software |
HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php. | 2022-04-26 | not yet calculated | CVE-2022-26564 MISC MISC |
| liferay — liferay |
Cross-site scripting (XSS) vulnerability in Journal module’s web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via web content template names. | 2022-04-25 | not yet calculated | CVE-2022-26596 MISC |
| liferay — liferay |
Cross-site scripting (XSS) vulnerability in the Layout module’s Open Graph integration in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the site name. | 2022-04-25 | not yet calculated | CVE-2022-26597 MISC |
| element-plus — element-plus |
element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column. | 2022-04-25 | not yet calculated | CVE-2022-27103 MISC MISC MISC |
| adobe — xpdf |
xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary. | 2022-04-25 | not yet calculated | CVE-2022-27135 MISC MISC MISC |
| cifa-utils — cifa-utils |
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. | 2022-04-27 | not yet calculated | CVE-2022-27239 MISC MISC MISC MISC MISC |
| hms — hms |
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php. | 2022-04-26 | not yet calculated | CVE-2022-27299 MISC |
| amro — amro |
Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL. | 2022-04-25 | not yet calculated | CVE-2022-27311 MISC |
| zammad — zammad |
An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users. | 2022-04-27 | not yet calculated | CVE-2022-27331 MISC |
| zammad — zammad |
An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS). | 2022-04-27 | not yet calculated | CVE-2022-27332 MISC |
| seacms — seacms |
Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php. | 2022-04-27 | not yet calculated | CVE-2022-27336 MISC |
| mcms — mcms |
MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data. | 2022-04-22 | not yet calculated | CVE-2022-27340 MISC MISC |
| tenda — tenda |
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot. | 2022-04-25 | not yet calculated | CVE-2022-27374 MISC |
| tenda — tenda | Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet. | 2022-04-25 | not yet calculated | CVE-2022-27375 MISC |
| gallerycms — gallerycms |
A stored cross-site scripting (XSS) vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the album_name parameter. | 2022-04-25 | not yet calculated | CVE-2022-27428 MISC |
| jizhicms — jizhicms |
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html. | 2022-04-25 | not yet calculated | CVE-2022-27429 MISC |
| monstaftp — monstaftp |
Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to execute arbitrary code via a crafted file uploaded to the web server. | 2022-04-26 | not yet calculated | CVE-2022-27468 MISC MISC |
| monstaftp — monstaftp |
Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF). | 2022-04-26 | not yet calculated | CVE-2022-27469 MISC MISC |
| wordpress — wordpress |
Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko’s Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher role via &wpt_test_page_submit_button_caption parameter. | 2022-04-26 | not yet calculated | CVE-2022-27854 CONFIRM CONFIRM |
| wordpress — shea_bunge_footer_text |
Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge’s Footer Text plugin <= 2.0.3 on WordPress. | 2022-04-28 | not yet calculated | CVE-2022-27860 CONFIRM CONFIRM |
| palantir — palantir |
Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information (session tokens). This issue was fixed in 2.249.1. | 2022-04-26 | not yet calculated | CVE-2022-27888 MISC |
| controlup — real-time_agent |
In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this. | 2022-04-27 | not yet calculated | CVE-2022-27905 MISC |
| cuppacms — cuppacms |
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php. | 2022-04-26 | not yet calculated | CVE-2022-27984 MISC MISC |
| cuppacms — cuppacms | CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. | 2022-04-26 | not yet calculated | CVE-2022-27985 MISC MISC |
| typemill — typemill |
Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2022-04-25 | not yet calculated | CVE-2022-28053 MISC |
| verydows — verydows |
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\file_controller.php. | 2022-04-26 | not yet calculated | CVE-2022-28058 MISC MISC |
| verydows — verydows |
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\database_controller.php. | 2022-04-26 | not yet calculated | CVE-2022-28059 MISC MISC |
| victor_cms — victor_cms |
SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php. | 2022-04-28 | not yet calculated | CVE-2022-28060 MISC MISC MISC |
| htmldoc — htmldoc |
A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS). | 2022-04-27 | not yet calculated | CVE-2022-28085 MISC MISC |
| scbs — online_sports_venue_reservation_system | SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a local file inclusion vulnerability which allow attackers to execute arbitrary code via a crafted PHP file. | 2022-04-25 | not yet calculated | CVE-2022-28093 MISC MISC MISC |
| scbs — online_sports_venue_reservation_system | SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the fid parameter at booking.php. | 2022-04-25 | not yet calculated | CVE-2022-28094 MISC MISC MISC |
| turtlapp — turtle_note |
Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing attackers to execute HTML injection. | 2022-04-28 | not yet calculated | CVE-2022-28101 MISC MISC |
| php — mysql_admin_panel_generator |
A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php. | 2022-04-28 | not yet calculated | CVE-2022-28102 MISC MISC |
| dscms — dscms |
DSCMS v3.0 was discovered to contain an arbitrary file deletion vulnerability via /controller/Adv.php. | 2022-04-28 | not yet calculated | CVE-2022-28114 MISC |
| navigate_cms — navigate_cms |
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter. | 2022-04-28 | not yet calculated | CVE-2022-28117 MISC MISC |
| nvidia — jetson_linux_driver |
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality. | 2022-04-27 | not yet calculated | CVE-2022-28193 MISC |
| nvidia — jetson_linux_driver |
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where, if TFTP is enabled, a local attacker can cause a memory buffer overflow, which may lead to code execution, loss of Integrity, limited denial of service, and some impact to confidentiality. | 2022-04-27 | not yet calculated | CVE-2022-28194 MISC |
| nvidia — jetson_linux_driver |
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. | 2022-04-27 | not yet calculated | CVE-2022-28195 MISC |
| nvidia — jetson_linux_driver |
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and limited denial of service. | 2022-04-27 | not yet calculated | CVE-2022-28196 MISC |
| nvidia — jetson_linux_driver |
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult- to-exploit vulnerability may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. | 2022-04-27 | not yet calculated | CVE-2022-28197 MISC |
| nvidia — omniverse_nucleus_and_cache |
NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact confidentiality, integrity, and availability. | 2022-04-29 | not yet calculated | CVE-2022-28198 MISC |
| ciphermail — webmail_messenger |
An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys (found in a Roundcube configuration file) that are used to protect Webmail user passwords and two-factor authentication (2FA). | 2022-04-26 | not yet calculated | CVE-2022-28218 MISC MISC MISC |
| wordpress — country_selector_plugin |
Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request | 2022-04-25 | not yet calculated | CVE-2022-28290 MISC |
| mediawiki — mediawiki |
An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported, | 2022-04-30 | not yet calculated | CVE-2022-28323 MISC MISC MISC |
| nopsolutions — nopcommerce | nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info. | 2022-04-26 | not yet calculated | CVE-2022-28448 MISC |
| nopsolutions — nopcommerce |
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system. | 2022-04-26 | not yet calculated | CVE-2022-28449 MISC |
| nopsolutions — nopcommerce |
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the “Text” parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser. | 2022-04-26 | not yet calculated | CVE-2022-28450 MISC |
| lms_red_planet_laundry_management_system — lms_red_planet_laundry_management_system |
Red Planet Laundry Management System 1.0 is vulnerable to SQL Injection. | 2022-04-29 | not yet calculated | CVE-2022-28452 MISC MISC MISC MISC |
| limbas — limbas |
Limbas 4.3.36.1319 is vulnerable to Cross Site Scripting (XSS). | 2022-04-28 | not yet calculated | CVE-2022-28454 MISC MISC MISC |
| apifox — apifox |
Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code execution. | 2022-04-27 | not yet calculated | CVE-2022-28464 MISC |
| wbce — wbce |
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS). | 2022-04-28 | not yet calculated | CVE-2022-28477 MISC MISC |
| allmediaserver — allmediaserver |
ALLMediaServer 1.6 is vulnerable to Buffer Overflow via MediaServer.exe. | 2022-04-29 | not yet calculated | CVE-2022-28480 MISC |
| giflib — giflb |
There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45. | 2022-04-25 | not yet calculated | CVE-2022-28506 MISC MISC MISC |
| zcms — zcms | ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=sp_set_config. | 2022-04-26 | not yet calculated | CVE-2022-28521 MISC MISC |
| zcms — zcms | ZCMS v20170206 was discovered to contain a stored cross-site scripting (XSS) vulnerability via index.php?m=home&c=message&a=add. | 2022-04-26 | not yet calculated | CVE-2022-28522 MISC MISC |
| hongcms — hongcms |
HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete. | 2022-04-26 | not yet calculated | CVE-2022-28523 MISC |
| ed01-cms — ed01-cms |
ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.php. | 2022-04-26 | not yet calculated | CVE-2022-28524 MISC |
| ed01-cms — ed01-cms |
ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edit_user&id=1. | 2022-04-26 | not yet calculated | CVE-2022-28525 MISC |
| dhcms — dhcms |
dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del. | 2022-04-26 | not yet calculated | CVE-2022-28527 MISC |
| bloofox — bloofoxcms |
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit. | 2022-04-26 | not yet calculated | CVE-2022-28528 MISC |
| hoosk — hoosk |
XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars. | 2022-04-25 | not yet calculated | CVE-2022-28586 MISC |
| qualys — assetview |
Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege. | 2022-04-28 | not yet calculated | CVE-2022-28719 MISC MISC |
| f-secure — atlant |
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the fsicapd component used in certain F-Secure products while scanning larger packages/fuzzed files consume too much memory eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker. | 2022-04-25 | not yet calculated | CVE-2022-28871 MISC |
| mahara — mahara |
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable. | 2022-04-28 | not yet calculated | CVE-2022-28892 MISC |
| greencms — greencms |
GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=. | 2022-04-26 | not yet calculated | CVE-2022-28918 MISC |
| smallsrv — smallsrv |
Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request. | 2022-04-29 | not yet calculated | CVE-2022-28994 MISC |
| rippled — rippled | A heap-based buffer overflow exists in rippled before 1.8.5. The vulnerability allows attackers to cause a crash or execute commands remotely on a rippled node, which may lead to XRPL mainnet DoS or compromise. This exposes all digital assets on the XRPL to a security threat. | 2022-04-25 | not yet calculated | CVE-2022-29077 MISC MISC MISC |
| ejs — ejs_for_node.js |
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation). | 2022-04-25 | not yet calculated | CVE-2022-29078 MISC MISC |
| zoho — manageengine_access_manager_plus |
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring. | 2022-04-28 | not yet calculated | CVE-2022-29081 MISC MISC |
| ericom — powerterm_webconnect |
The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an XSS payload from the AppPortal cookie into the page. | 2022-04-28 | not yet calculated | CVE-2022-29152 MISC MISC |
| coreboot — coreboot |
An issue was discovered in coreboot 4.13 through 4.16. On APs, arbitrary code execution in SMM may occur. | 2022-04-25 | not yet calculated | CVE-2022-29264 MISC MISC |
| apache — nifi |
Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: – EvaluateXPath – EvaluateXQuery – ValidateXml Apache NiFi flow configurations that include these Processors are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services. | 2022-04-30 | not yet calculated | CVE-2022-29265 CONFIRM MISC |
| wordpress — hermit_plugin |
Authenticated SQL Injection (SQLi) vulnerability in Mufeng’s Hermit ????? plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids). | 2022-04-28 | not yet calculated | CVE-2022-29410 CONFIRM CONFIRM |
| wordpress — hermit_plugin |
SQL Injection (SQLi) vulnerability in Mufeng’s Hermit ????? plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id). | 2022-04-28 | not yet calculated | CVE-2022-29411 CONFIRM CONFIRM |
| wordpress — hermit_plugin |
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit ????? plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source. | 2022-04-28 | not yet calculated | CVE-2022-29412 CONFIRM CONFIRM |
| wordpress — hermit_plugin |
Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng’s Hermit ????? plugin <= 3.1.6 on WordPress via &title parameter. | 2022-04-28 | not yet calculated | CVE-2022-29413 CONFIRM CONFIRM |
| wpkube — subscribe_to_comments_reloaded_plugin |
Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube’s Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subscription. | 2022-04-29 | not yet calculated | CVE-2022-29414 CONFIRM CONFIRM |
| wordpress — ravpage_plugin |
Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in Mati Skiba @ Rav Messer’s Ravpage plugin <= 2.16 at WordPress. | 2022-04-28 | not yet calculated | CVE-2022-29415 CONFIRM CONFIRM |
| wordpress — shortpixel_adaptive_images_plugin |
Plugin Settings Update vulnerability in ShortPixel’s ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings. | 2022-04-25 | not yet calculated | CVE-2022-29417 CONFIRM CONFIRM |
| wordpress — night_mode_plugin |
Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) in Mark Daniels Night Mode plugin <= 1.0.0 on WordPress via vulnerable parameters: &ntmode_page_setting[enable-me], &ntmode_page_setting[bg-color], &ntmode_page_setting[txt-color], &ntmode_page_setting[anc_color]. | 2022-04-25 | not yet calculated | CVE-2022-29418 CONFIRM CONFIRM |
| wordpress — 3xsocializer_plugin |
SQL Injection (SQLi) vulnerability in Don Crowther’s 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher. | 2022-04-25 | not yet calculated | CVE-2022-29419 CONFIRM CONFIRM |
| wordpress — rara_one_click_demo_import_plugin |
Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory. | 2022-04-29 | not yet calculated | CVE-2022-29451 CONFIRM CONFIRM |
| mitel — mivoice_connect |
The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA. | 2022-04-26 | not yet calculated | CVE-2022-29499 CONFIRM |
| line_corporation — line_for_windows |
Due to build misconfiguration in openssl dependency, LINE for Windows before 7.8 is vulnerable to DLL injection that could lead to privilege escalation. | 2022-04-27 | not yet calculated | CVE-2022-29505 MISC |
| htmlunit — nekohtml_parser | HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product. | 2022-04-25 | not yet calculated | CVE-2022-29546 CONFIRM |
| northern.tech –mender_enterprise | The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking. | 2022-04-28 | not yet calculated | CVE-2022-29555 MISC MISC |
| northern.tech — mender_enterprise | The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints. | 2022-04-28 | not yet calculated | CVE-2022-29556 MISC MISC |
| mahara — mahara |
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action. | 2022-04-28 | not yet calculated | CVE-2022-29584 MISC MISC |
| mahara — mahara |
In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of). | 2022-04-28 | not yet calculated | CVE-2022-29585 MISC MISC |
| universis — universis-api |
A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to a vulnerable endpoint (such as /api/students/me/messages/) to, for example, retrieve personal information or change grades. | 2022-04-25 | not yet calculated | CVE-2022-29603 MISC MISC |
| zammad — zammad |
A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification. | 2022-04-27 | not yet calculated | CVE-2022-29700 MISC |
| zammad — zammad |
A lack of rate limiting in the ‘forgot password’ feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | 2022-04-27 | not yet calculated | CVE-2022-29701 MISC |
| zoneminder — zoneminder |
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability. | 2022-04-26 | not yet calculated | CVE-2022-29806 MISC MISC MISC MISC |
| hashicorp — go-getter |
The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile. | 2022-04-27 | not yet calculated | CVE-2022-29810 MISC MISC MISC |
| jetbrains — hub |
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible. | 2022-04-28 | not yet calculated | CVE-2022-29811 MISC |
| jetbrains — intellij_idea |
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient | 2022-04-28 | not yet calculated | CVE-2022-29812 MISC |
| jetbrains — intellij_idea |
In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible | 2022-04-28 | not yet calculated | CVE-2022-29813 MISC |
| jetbrains — intellij_idea |
In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible | 2022-04-28 | not yet calculated | CVE-2022-29814 MISC |
| jetbrains — intellij_idea |
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible | 2022-04-28 | not yet calculated | CVE-2022-29815 MISC |
| jetbrains — intellij_idea |
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible | 2022-04-28 | not yet calculated | CVE-2022-29816 MISC |
| jetbrains — intellij_idea |
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible | 2022-04-28 | not yet calculated | CVE-2022-29817 MISC |
| jetbrains — intellij_idea |
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed | 2022-04-28 | not yet calculated | CVE-2022-29818 MISC |
| jetbrains — intellij_idea |
In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible | 2022-04-28 | not yet calculated | CVE-2022-29819 MISC |
| jetbrains — pycharm |
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible | 2022-04-28 | not yet calculated | CVE-2022-29820 MISC |
| jetbrains — rider |
In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible | 2022-04-28 | not yet calculated | CVE-2022-29821 MISC |
| automation_anywhere — automation360_22 |
A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages. | 2022-04-29 | not yet calculated | CVE-2022-29856 MISC MISC |
| ambiot — amb1_sdk |
component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for Ameba1) before 2022-03-11 mishandles data structures for DHCP packet data. | 2022-04-27 | not yet calculated | CVE-2022-29859 MISC |
| cif-utils — cifs_utils |
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. | 2022-04-28 | not yet calculated | CVE-2022-29869 MISC MISC |
| mdeiawiki — private_domains | The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension’s configuration. The attacker must trigger a POST request to Special:PrivateDomains. | 2022-04-29 | not yet calculated | CVE-2022-29903 MISC MISC |
| mediawiki — semanticdrilldown |
The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain ‘-‘ and ‘_’ constraints. | 2022-04-29 | not yet calculated | CVE-2022-29904 MISC MISC |
| mediawiki — fanboxes |
The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF. | 2022-04-29 | not yet calculated | CVE-2022-29905 MISC MISC |
| mediawiki — quizgame |
The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user. | 2022-04-29 | not yet calculated | CVE-2022-29906 MISC MISC |
| mediawiki_nimbus_skin |
The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages. | 2022-04-29 | not yet calculated | CVE-2022-29907 MISC MISC |
| oracle — usu_oracle_optimization |
USU Oracle Optimization before 5.17.5 lacks Polkit authentication, which allows smartcollector users to achieve root access via pkexec. NOTE: this is not an Oracle Corporation product. | 2022-04-29 | not yet calculated | CVE-2022-29934 MISC |
| oracle — usu_oracle_optimization |
USU Oracle Optimization before 5.17.5 allows attackers to discover the quantum credentials via an agent-installer download. NOTE: this is not an Oracle Corporation product. | 2022-04-29 | not yet calculated | CVE-2022-29935 MISC |
| oracle — usu_oracle_optimization |
USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. NOTE: this is not an Oracle Corporation product. | 2022-04-29 | not yet calculated | CVE-2022-29936 MISC |
| oracle — usu_oracle_optimization |
USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product. | 2022-04-29 | not yet calculated | CVE-2022-29937 MISC |
| dji — aeroscope |
DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator’s physical location via the AeroScope protocol. | 2022-04-29 | not yet calculated | CVE-2022-29945 MISC MISC MISC |
| woodpecker — woodpecker |
Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping. | 2022-04-29 | not yet calculated | CVE-2022-29947 MISC MISC |
| glewlwyd — glewlwyd |
static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6.2 allows directory traversal. | 2022-04-29 | not yet calculated | CVE-2022-29967 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.
