US-CERT Bulletin (SB22-017):Vulnerability Summary for the Week of January 10, 2022
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| agoric — realms-shim | All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector. | 2022-01-10 | 7.5 | CVE-2021-23543 MISC MISC |
| agoric — realms-shim | All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector. | 2022-01-10 | 7.5 | CVE-2021-23594 MISC MISC |
| checkpoint — endpoint_security | Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges. | 2022-01-10 | 7.2 | CVE-2021-30360 MISC MISC |
| chshcms — cscms | cscms v4.1 allows for SQL injection via the “page_del” function. | 2022-01-11 | 7.5 | CVE-2020-28103 MISC |
| chshcms — cscms | cscms v4.1 allows for SQL injection via the “js_del” function. | 2022-01-11 | 7.5 | CVE-2020-28102 MISC |
| cisco — unified_contact_center_express | A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator. This vulnerability is due to the lack of server-side validation of user permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to a vulnerable system. A successful exploit could allow the attacker to create Administrator accounts. With these accounts, the attacker could access and modify telephony and user resources across all the Unified platforms that are associated to the vulnerable Cisco Unified CCMP. To successfully exploit this vulnerability, an attacker would need valid Advanced User credentials. | 2022-01-14 | 8.5 | CVE-2022-20658 CISCO |
| eggjs — extend2 | The package extend2 before 1.0.1 are vulnerable to Prototype Pollution via the extend function due to unsafe recursive merge. | 2022-01-10 | 7.5 | CVE-2021-23568 MISC MISC MISC MISC |
| fanuc — r-30ia_firmware | The FANUC R-30iA and R-30iB series controllers are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. INIT START/restore from backup required. | 2022-01-10 | 10 | CVE-2021-32998 MISC |
| fanuc — r-30ia_firmware | The FANUC R-30iA and R-30iB series controllers are vulnerable to integer coercion errors, which cause the device to crash. A restart is required. | 2022-01-10 | 7.8 | CVE-2021-32996 MISC |
| google — android | In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-203847542 | 2022-01-14 | 7.2 | CVE-2021-39620 MISC |
| google — android | In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-192663648 | 2022-01-14 | 7.2 | CVE-2021-39622 MISC |
| google — android | In jit_memory_region.cc, there is a possible bypass of memory restrictions due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-200284993 | 2022-01-14 | 7.2 | CVE-2021-0959 MISC |
| google — android | In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-196855999 | 2022-01-14 | 7.2 | CVE-2021-39618 MISC |
| google — android | In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to invoke an arbitrary broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-12Android ID: A-195668284 | 2022-01-14 | 7.2 | CVE-2021-1035 MISC |
| google — android | In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194105348 | 2022-01-14 | 10 | CVE-2021-39623 MISC |
| huawei — emui | There is an Integer overflow vulnerability with ACPU in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access. | 2022-01-10 | 7.5 | CVE-2021-39993 MISC |
| huawei — harmonyos | There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExService a in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart. | 2022-01-10 | 7.8 | CVE-2021-39998 MISC MISC |
| huawei — harmonyos | The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitation of this vulnerability may result in malicious code execution. | 2022-01-10 | 7.5 | CVE-2021-40010 MISC |
| huawei — harmonyos | There is a Heap-based buffer overflow vulnerability with the NFC module in smartphones. Successful exploitation of this vulnerability may cause memory overflow. | 2022-01-10 | 7.5 | CVE-2021-39996 MISC MISC |
| laundry_booking_management_system_project — laundry_booking_management_system | Laundry Booking Management System 1.0 (Latest) and previous versions are affected by a remote code execution (RCE) vulnerability in profile.php through the “image” parameter that can execute a webshell payload. | 2022-01-10 | 7.5 | CVE-2021-45003 MISC |
| libexpat_project — libexpat | defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | 2022-01-10 | 7.5 | CVE-2022-22824 MISC |
| libexpat_project — libexpat | build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | 2022-01-10 | 7.5 | CVE-2022-22823 MISC |
| libexpat_project — libexpat | addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | 2022-01-10 | 7.5 | CVE-2022-22822 MISC |
| microsoft — 365_apps | Microsoft Excel Remote Code Execution Vulnerability. | 2022-01-11 | 9.3 | CVE-2022-21841 MISC |
| microsoft — exchange_server | Microsoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21855, CVE-2022-21969. | 2022-01-11 | 8.3 | CVE-2022-21846 MISC |
| microsoft — exchange_server | Microsoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21846, CVE-2022-21969. | 2022-01-11 | 7.7 | CVE-2022-21855 MISC |
| microsoft — sharepoint_foundation | Microsoft SharePoint Server Remote Code Execution Vulnerability. | 2022-01-11 | 9 | CVE-2022-21837 MISC |
| microsoft — windows_10 | Active Directory Domain Services Elevation of Privilege Vulnerability. | 2022-01-11 | 9 | CVE-2022-21857 MISC |
| microsoft — windows_10 | Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21850. | 2022-01-11 | 9.3 | CVE-2022-21851 MISC |
| microsoft — windows_10 | Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21851. | 2022-01-11 | 9.3 | CVE-2022-21850 MISC |
| microsoft — windows_10 | Windows IKE Extension Remote Code Execution Vulnerability. | 2022-01-11 | 9.3 | CVE-2022-21849 MISC |
| microsoft — windows_10 | Windows IKE Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-21843, CVE-2022-21883, CVE-2022-21889, CVE-2022-21890. | 2022-01-11 | 7.1 | CVE-2022-21848 MISC |
| microsoft — windows_10 | Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability. | 2022-01-11 | 7.2 | CVE-2022-21834 MISC |
| microsoft — windows_10 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability. | 2022-01-11 | 7.2 | CVE-2022-21835 MISC |
| microsoft — windows_10 | Windows Certificate Spoofing Vulnerability. | 2022-01-11 | 7.2 | CVE-2022-21836 MISC |
| microsoft — windows_10 | Windows Cleanup Manager Elevation of Privilege Vulnerability. | 2022-01-11 | 7.2 | CVE-2022-21838 MISC MISC |
| microsoft — windows_10 | Windows DWM Core Library Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21896, CVE-2022-21902. | 2022-01-11 | 7.2 | CVE-2022-21852 MISC |
| microsoft — windows_10 | Windows Bind Filter Driver Elevation of Privilege Vulnerability. | 2022-01-11 | 7.2 | CVE-2022-21858 MISC |
| microsoft — windows_10 | Task Flow Data Engine Elevation of Privilege Vulnerability. | 2022-01-11 | 7.2 | CVE-2022-21861 MISC |
| microsoft — windows_10 | Virtual Machine IDE Drive Elevation of Privilege Vulnerability. | 2022-01-11 | 7.2 | CVE-2022-21833 MISC |
| online_thesis_archiving_system_project — online_thesis_archiving_system | Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL Injection. An attacker can bypass admin authentication and gain access to admin panel using SQL Injection | 2022-01-10 | 7.5 | CVE-2021-45334 MISC MISC |
| solarwinds — serv-u | Serv-U web login screen was allowing characters that were not sanitized by the authentication mechanism. SolarWinds has updated the authentication mechanism to remedy this issue and prevent unauthorized parameters to be used in the Serv-U login screen With the Log4j issue in the wild, input fields across the internet have been tested for vulnerability. Although Serv-U was not affected by the log4j issue, It was discovered that better input validation could be implemented. | 2022-01-10 | 7.5 | CVE-2021-35247 MISC |
| trendmicro — apex_one | A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2022-01-10 | 7.2 | CVE-2021-45441 MISC MISC |
| trendmicro — apex_one | A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2022-01-10 | 7.2 | CVE-2021-45440 MISC MISC |
| trendmicro — apex_one | A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2022-01-10 | 7.2 | CVE-2021-45231 MISC MISC |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| accu-time — maximus_firmware | Accu-Time Systems MAXIMUS 1.0 telnet service suffers from a remote buffer overflow which causes the telnet service to crash | 2022-01-10 | 5 | CVE-2021-45856 MISC |
| adobe — experience_manager | AEM’s Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a reflected Cross-Site Scripting (XSS) vulnerability via the itemResourceType parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser | 2022-01-13 | 4.3 | CVE-2021-44178 MISC |
| adobe — experience_manager | AEM’s Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2022-01-13 | 4.3 | CVE-2021-43765 MISC |
| adobe — experience_manager | AEM’s Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2022-01-13 | 4.3 | CVE-2021-44177 MISC |
| adobe — experience_manager | AEM’s Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2022-01-13 | 4.3 | CVE-2021-44176 MISC |
| adobe — incopy | Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-13 | 6.8 | CVE-2021-45055 MISC |
| adobe — incopy | Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-13 | 6.8 | CVE-2021-45056 MISC |
| adobe — incopy | Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-13 | 6.8 | CVE-2021-45053 MISC |
| adobe — incopy | Adobe InCopy version 16.4 (and earlier) is affected by a use-after-free vulnerability in the processing of a JPEG2000 file that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-13 | 4.3 | CVE-2021-45054 MISC |
| adobe — indesign | Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious JPEG file. | 2022-01-13 | 6.8 | CVE-2021-45058 MISC |
| adobe — indesign | Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious JPEG2000 file. | 2022-01-13 | 6.8 | CVE-2021-45057 MISC |
| adobe — indesign | Adobe InDesign version 16.4 (and earlier) is affected by a use-after-free vulnerability in the processing of a JPEG2000 file that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-13 | 4.3 | CVE-2021-45059 MISC |
| apache — guacamole | Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user’s active use of that same connection. | 2022-01-11 | 4 | CVE-2021-41767 CONFIRM MLIST |
| apache — guacamole | Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user. | 2022-01-11 | 6 | CVE-2021-43999 CONFIRM MLIST |
| atlassian — data_center | Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature. The affected versions are before version 4.21.0. | 2022-01-10 | 4 | CVE-2021-43951 MISC |
| atlassian — data_center | Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature. The affected versions are before version 4.21.0. | 2022-01-10 | 4 | CVE-2021-43949 MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14883. | 2022-01-13 | 4.3 | CVE-2021-34910 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14865. | 2022-01-13 | 6.8 | CVE-2021-34898 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14862. | 2022-01-13 | 6.8 | CVE-2021-34895 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14863. | 2022-01-13 | 6.8 | CVE-2021-34896 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15052. | 2022-01-13 | 4.3 | CVE-2021-34944 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15051. | 2022-01-13 | 4.3 | CVE-2021-34943 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14894. | 2022-01-13 | 4.3 | CVE-2021-34916 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14828. | 2022-01-13 | 6.8 | CVE-2021-34876 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14695. | 2022-01-13 | 6.8 | CVE-2021-34871 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14737. | 2022-01-13 | 6.8 | CVE-2021-34872 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14696. | 2022-01-13 | 6.8 | CVE-2021-34873 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14736. | 2022-01-13 | 6.8 | CVE-2021-34874 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14827. | 2022-01-13 | 6.8 | CVE-2021-34875 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14864. | 2022-01-13 | 6.8 | CVE-2021-34897 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14830. | 2022-01-13 | 6.8 | CVE-2021-34878 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14900. | 2022-01-13 | 6.8 | CVE-2021-34922 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14885. | 2022-01-13 | 6.8 | CVE-2021-34912 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14892. | 2022-01-13 | 6.8 | CVE-2021-34914 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14899. | 2022-01-13 | 6.8 | CVE-2021-34921 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14882. | 2022-01-13 | 6.8 | CVE-2021-34909 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14867. | 2022-01-13 | 6.8 | CVE-2021-34900 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. Crafted data in a BMP file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14876. | 2022-01-13 | 6.8 | CVE-2021-34903 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14877. | 2022-01-13 | 6.8 | CVE-2021-34904 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14878. | 2022-01-13 | 6.8 | CVE-2021-34905 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14879. | 2022-01-13 | 6.8 | CVE-2021-34906 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14880. | 2022-01-13 | 6.8 | CVE-2021-34907 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14881. | 2022-01-13 | 6.8 | CVE-2021-34908 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14884. | 2022-01-13 | 6.8 | CVE-2021-34911 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14898. | 2022-01-13 | 6.8 | CVE-2021-34920 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14838. | 2022-01-13 | 6.8 | CVE-2021-34885 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14831. | 2022-01-13 | 6.8 | CVE-2021-34913 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14866. | 2022-01-13 | 6.8 | CVE-2021-34899 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. Crafted data in a J2K file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14893. | 2022-01-13 | 6.8 | CVE-2021-34915 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14895. | 2022-01-13 | 6.8 | CVE-2021-34917 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. Crafted data in a JP2 file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14896. | 2022-01-13 | 6.8 | CVE-2021-34918 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14897. | 2022-01-13 | 6.8 | CVE-2021-34919 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14833. | 2022-01-13 | 6.8 | CVE-2021-34880 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14832. | 2022-01-13 | 6.8 | CVE-2021-34879 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14844. | 2022-01-13 | 6.8 | CVE-2021-34891 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15039. | 2022-01-13 | 6.8 | CVE-2021-34940 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15040. | 2022-01-13 | 6.8 | CVE-2021-34941 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14842. | 2022-01-13 | 4.3 | CVE-2021-34889 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14996. | 2022-01-13 | 6.8 | CVE-2021-34939 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14905. | 2022-01-13 | 6.8 | CVE-2021-34927 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14906. | 2022-01-13 | 6.8 | CVE-2021-34928 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14907. | 2022-01-13 | 6.8 | CVE-2021-34929 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14845. | 2022-01-13 | 6.8 | CVE-2021-34892 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14910. | 2022-01-13 | 6.8 | CVE-2021-34932 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15054. | 2022-01-13 | 6.8 | CVE-2021-34945 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14911. | 2022-01-13 | 6.8 | CVE-2021-34933 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14909. | 2022-01-13 | 6.8 | CVE-2021-34931 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14913. | 2022-01-13 | 6.8 | CVE-2021-34935 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14914. | 2022-01-13 | 6.8 | CVE-2021-34936 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14915. | 2022-01-13 | 6.8 | CVE-2021-34937 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14995. | 2022-01-13 | 6.8 | CVE-2021-34938 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14912. | 2022-01-13 | 6.8 | CVE-2021-34934 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15041. | 2022-01-13 | 6.8 | CVE-2021-34942 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14908. | 2022-01-13 | 6.8 | CVE-2021-34930 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15055. | 2022-01-13 | 6.8 | CVE-2021-34946 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14835. | 2022-01-13 | 4.3 | CVE-2021-34882 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14846. | 2022-01-13 | 6.8 | CVE-2021-34893 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14847. | 2022-01-13 | 6.8 | CVE-2021-34894 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14829. | 2022-01-13 | 6.8 | CVE-2021-34877 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14901. | 2022-01-13 | 6.8 | CVE-2021-34923 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14903. | 2022-01-13 | 6.8 | CVE-2021-34925 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14904. | 2022-01-13 | 6.8 | CVE-2021-34926 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14834. | 2022-01-13 | 4.3 | CVE-2021-34881 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14836. | 2022-01-13 | 4.3 | CVE-2021-34883 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14875. | 2022-01-13 | 4.3 | CVE-2021-34902 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14837. | 2022-01-13 | 4.3 | CVE-2021-34884 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14839. | 2022-01-13 | 4.3 | CVE-2021-34886 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14840. | 2022-01-13 | 4.3 | CVE-2021-34887 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14841. | 2022-01-13 | 4.3 | CVE-2021-34888 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14902. | 2022-01-13 | 6.8 | CVE-2021-34924 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14843. | 2022-01-13 | 4.3 | CVE-2021-34890 MISC MISC |
| bentley — bentley_view | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14874. | 2022-01-13 | 4.3 | CVE-2021-34901 MISC MISC |
| daybydaycrm — daybyday | In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed. | 2022-01-13 | 5.5 | CVE-2022-22113 MISC MISC |
| dst-admin_project — dst-admin | An issue was discovered in dst-admin v1.3.0. The product has an unauthorized arbitrary file download vulnerability that can expose sensitive information. | 2022-01-10 | 5 | CVE-2021-44586 MISC |
| fastlinemedia — beaver_builder | In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API. | 2022-01-10 | 5 | CVE-2021-42748 MISC MISC |
| fastlinemedia — beaver_themer | In Beaver Themer, attackers can bypass conditional logic controls (for hiding content) when viewing the post archives. Exploitation requires that a Themer layout is applied to the archives, and that the post excerpt field is not set. | 2022-01-10 | 5 | CVE-2021-42749 MISC MISC |
| framasoft — peertube | peertube is vulnerable to Improper Access Control | 2022-01-10 | 5 | CVE-2022-0133 CONFIRM MISC |
| framasoft — peertube | peertube is vulnerable to Server-Side Request Forgery (SSRF) | 2022-01-10 | 5 | CVE-2022-0132 MISC CONFIRM |
| google — android | An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution. | 2022-01-10 | 4.6 | CVE-2022-22265 MISC |
| google — android | In showCarrierAppInstallationNotification of EuiccNotificationManager.java, there is a possible way to gain an access to MediaProvider content due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194695347 | 2022-01-14 | 6.9 | CVE-2021-39625 MISC |
| google — android | An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information. | 2022-01-10 | 4.3 | CVE-2022-22270 MISC |
| google — google-protobuf | An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions. | 2022-01-10 | 4.3 | CVE-2021-22569 MISC MISC MLIST MLIST |
| gpac — gpac | A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fileio_check function, which could cause a Denial of Service. | 2022-01-10 | 4.3 | CVE-2021-46049 MISC |
| gpac — gpac | A buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4 file in the svc_parse_slice function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | 2022-01-13 | 6.8 | CVE-2021-40568 MISC MISC |
| gpac — gpac | The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the mpgviddmx_process function in reframe_mpgvid.c, which allows attackers to cause a denial of service. This vulnerability is possibly due to an incomplete fix for CVE-2021-40566. | 2022-01-13 | 4.3 | CVE-2021-40575 MISC MISC |
| gpac — gpac | A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media_IsSelfContained function, which could cause a Denial of Service. . | 2022-01-10 | 4.3 | CVE-2021-46051 MISC |
| gpac — gpac | A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_size function, which could cause a Denial of Service (context-dependent). | 2022-01-10 | 4.3 | CVE-2021-46046 MISC |
| gpac — gpac | A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hinter_finalize function. | 2022-01-10 | 4.3 | CVE-2021-46047 MISC |
| gpac — gpac | The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1.c, which allows attackers to cause a denial of service. | 2022-01-13 | 4.3 | CVE-2021-40572 MISC MISC |
| gpac — gpac | The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the gf_isom_get_payt_count function in hint_track.c, which allows attackers to cause a denial of service. | 2022-01-13 | 4.3 | CVE-2021-40576 MISC MISC |
| gpac — gpac | GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial of service (context-dependent). | 2022-01-10 | 4.3 | CVE-2021-46045 MISC |
| gpac — gpac | The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_list_del function in list.c, which allows attackers to cause a denial of service. | 2022-01-13 | 4.3 | CVE-2021-40573 MISC MISC |
| gpac — gpac | The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | 2022-01-13 | 6.8 | CVE-2021-40574 MISC MISC |
| gpac — gpac | The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerability in the iloc_entry_del funciton in box_code_meta.c, which allows attackers to cause a denial of service. | 2022-01-13 | 4.3 | CVE-2021-40569 MISC MISC |
| gpac — gpac | A Segmentation fault casued by heap use after free vulnerability exists in Gpac through 1.0.1 via the mpgviddmx_process function in reframe_mpgvid.c when using mp4box, which causes a denial of service. | 2022-01-12 | 4.3 | CVE-2021-40566 MISC MISC |
| gpac — gpac | A Segmentation fault caused by a null pointer dereference vulnerability exists in Gpac through 1.0.1 via the gf_avc_parse_nalu function in av_parsers.c when using mp4box, which causes a denial of service. | 2022-01-12 | 4.3 | CVE-2021-40565 MISC MISC |
| gpac — gpac | A Segmentation fault caused by null pointer dereference vulnerability eists in Gpac through 1.0.2 via the avc_parse_slice function in av_parsers.c when using mp4box, which causes a denial of service. | 2022-01-12 | 4.3 | CVE-2021-40564 MISC MISC |
| gpac — gpac | A Segmentation fault exists casued by null pointer dereference exists in Gpac through 1.0.1 via the naludmx_create_avc_decoder_config function in reframe_nalu.c when using mp4box, which causes a denial of service. | 2022-01-12 | 4.3 | CVE-2021-40563 MISC MISC |
| gpac — gpac | A Segmentation fault caused by a floating point exception exists in Gpac through 1.0.1 using mp4box via the naludmx_enqueue_or_dispatch function in reframe_nalu.c, which causes a denial of service. | 2022-01-12 | 4.3 | CVE-2021-40562 MISC MISC |
| gpac — gpac | A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmx_parse_nal_avc function in reframe_nalu, which allows a denail of service. | 2022-01-12 | 4.3 | CVE-2021-40559 MISC |
| gpac — gpac | The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | 2022-01-13 | 6.8 | CVE-2021-40571 MISC MISC |
| gpac — gpac | The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | 2022-01-13 | 6.8 | CVE-2021-40570 MISC MISC |
| gpac — gpac | A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in the gf_isom_dovi_config_get function in MP4Box, which causes a denial of service or execute arbitrary code via a crafted file. | 2022-01-12 | 6.8 | CVE-2021-36417 MISC |
| gpac — gpac | Segmentation fault vulnerability exists in Gpac through 1.0.1 via the gf_odf_size_descriptor function in desc_private.c when using mp4box, which causes a denial of service. | 2022-01-13 | 4.3 | CVE-2021-40567 MISC MISC |
| htmldoc_project — htmldoc | A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file. | 2022-01-10 | 6.8 | CVE-2021-43579 MISC MISC MISC MISC |
| huawei — emui | There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity. | 2022-01-10 | 5 | CVE-2021-40031 MISC |
| huawei — emui | There is an Out-of-bounds array read vulnerability in the security storage module in smartphones. Successful exploitation of this vulnerability may affect service confidentiality. | 2022-01-10 | 5 | CVE-2021-40020 MISC |
| huawei — emui | There is an Uncontrolled resource consumption vulnerability in the display module in smartphones. Successful exploitation of this vulnerability may affect service integrity. | 2022-01-10 | 6.4 | CVE-2021-40011 MISC |
| huawei — harmonyos | The bone voice ID TA has a vulnerability in information management,Successful exploitation of this vulnerability may affect data confidentiality. | 2022-01-10 | 5 | CVE-2021-40032 MISC |
| huawei — harmonyos | The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end. | 2022-01-10 | 5.8 | CVE-2021-40000 MISC |
| huawei — harmonyos | The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data integrity. | 2022-01-10 | 5 | CVE-2021-40028 MISC |
| huawei — harmonyos | The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of this vulnerability may affect data confidentiality. | 2022-01-10 | 5 | CVE-2021-40027 MISC |
| huawei — harmonyos | There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity. | 2022-01-10 | 5 | CVE-2021-40026 MISC MISC |
| huawei — harmonyos | The eID module has a vulnerability that causes the memory to be used without being initialized,Successful exploitation of this vulnerability may affect data confidentiality. | 2022-01-10 | 5 | CVE-2021-40025 MISC |
| huawei — harmonyos | The weaver module has a vulnerability in parameter type verification,Successful exploitation of this vulnerability may affect data confidentiality. | 2022-01-10 | 5 | CVE-2021-40022 MISC |
| huawei — harmonyos | There is an Out-of-bounds write vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity. | 2022-01-10 | 5 | CVE-2021-40009 MISC MISC |
| huawei — harmonyos | The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data confidentiality. | 2022-01-10 | 5 | CVE-2021-40021 MISC |
| huawei — harmonyos | There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity. | 2022-01-10 | 5 | CVE-2021-40038 MISC MISC |
| huawei — harmonyos | There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability. | 2022-01-10 | 5 | CVE-2021-40029 MISC MISC |
| huawei — harmonyos | There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity. | 2022-01-10 | 5 | CVE-2021-40039 MISC MISC |
| huawei — harmonyos | There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability. | 2022-01-10 | 5 | CVE-2021-40035 MISC MISC |
| huawei — harmonyos | HwPCAssistant has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | 2022-01-10 | 5 | CVE-2021-40003 MISC |
| huawei — harmonyos | The distributed data service component has a vulnerability in data access control. Successful exploitation of this vulnerability may affect data confidentiality. | 2022-01-10 | 5 | CVE-2021-40005 MISC |
| huawei — harmonyos | The CaasKit module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the MeeTime application to be unavailable. | 2022-01-10 | 5 | CVE-2021-40001 MISC |
| huawei — harmonyos | There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart. | 2022-01-10 | 4.9 | CVE-2021-40037 MISC MISC |
| huawei — harmonyos | The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | 2022-01-10 | 5 | CVE-2021-40014 MISC |
| huawei — harmonyos | The cellular module has a vulnerability in permission management. Successful exploitation of this vulnerability may affect data confidentiality. | 2022-01-10 | 5 | CVE-2021-40004 MISC |
| huawei — harmonyos | The eID module has a null pointer reference vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | 2022-01-10 | 5 | CVE-2021-40018 MISC |
| huawei — harmonyos | The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end. | 2022-01-10 | 5.8 | CVE-2021-40002 MISC |
| ibm — security_verify_access | IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040. | 2022-01-10 | 5 | CVE-2021-38957 CONFIRM XF |
| ibm — security_verify_access | IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067. | 2022-01-10 | 5 | CVE-2021-38921 CONFIRM XF |
| ibm — security_verify_access | IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 212038 | 2022-01-10 | 5 | CVE-2021-38956 XF CONFIRM |
| ibm — security_verify_access | IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515. | 2022-01-10 | 4 | CVE-2021-38894 CONFIRM XF |
| ibm — vios | IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952. | 2022-01-10 | 4.6 | CVE-2021-38990 XF CONFIRM CONFIRM |
| kentico — kentico_cms | Kentico Xperience 13.0.44 allows XSS via an XML document to the Media Libraries subsystem. | 2022-01-10 | 4.3 | CVE-2021-46163 MISC |
| kubernetes — kubernetes | kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events. | 2022-01-07 | 5.8 | CVE-2021-25743 CONFIRM |
| libexpat_project — libexpat | lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | 2022-01-10 | 6.8 | CVE-2022-22825 MISC |
| libexpat_project — libexpat | nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | 2022-01-10 | 6.8 | CVE-2022-22826 MISC |
| libexpat_project — libexpat | storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | 2022-01-10 | 6.8 | CVE-2022-22827 MISC |
| libmeshb_project — libmeshb | A buffer overflow in the GmfOpenMesh() function of libMeshb v7.61 allows attackers to cause a Denial of Service (DoS) via a crafted MESH file. | 2022-01-12 | 4.3 | CVE-2021-46225 MISC MISC |
| mediawiki — mediawiki | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A denial of service (resource consumption) can be accomplished by searching for a very long key in a Language Name Search. | 2022-01-10 | 5 | CVE-2021-46149 MISC MISC |
| mediawiki — mediawiki | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. MassEditRegex allows CSRF. | 2022-01-10 | 6.8 | CVE-2021-46147 MISC MISC |
| mediawiki — mediawiki | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Some unprivileged users can view confidential information (e.g., IP addresses and User-Agent headers for election traffic) on a testwiki SecurePoll instance. | 2022-01-10 | 4 | CVE-2021-46148 MISC MISC MISC |
| metagauss — registrationmagic | The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue | 2022-01-10 | 6.5 | CVE-2021-24862 MISC |
| microsoft — excel | Microsoft Office Remote Code Execution Vulnerability. | 2022-01-11 | 6.8 | CVE-2022-21840 MISC |
| microsoft — sharepoint_enterprise_server | Microsoft Word Remote Code Execution Vulnerability. | 2022-01-11 | 6.8 | CVE-2022-21842 MISC |
| microsoft — windows_10 | Windows IKE Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-21848, CVE-2022-21883, CVE-2022-21889, CVE-2022-21890. | 2022-01-11 | 4.3 | CVE-2022-21843 MISC |
| microsoft — windows_10 | Windows Push Notifications Apps Elevation Of Privilege Vulnerability. | 2022-01-11 | 6.9 | CVE-2022-21867 MISC |
| microsoft — windows_10 | Windows Accounts Control Elevation of Privilege Vulnerability. | 2022-01-11 | 6.9 | CVE-2022-21859 MISC |
| microsoft — windows_10 | Windows Hyper-V Denial of Service Vulnerability. | 2022-01-11 | 4.9 | CVE-2022-21847 MISC |
| microsoft — windows_10 | Windows Devices Human Interface Elevation of Privilege Vulnerability. | 2022-01-11 | 6.9 | CVE-2022-21868 MISC |
| microsoft — windows_10 | Windows StateRepository API Server file Elevation of Privilege Vulnerability. | 2022-01-11 | 6.9 | CVE-2022-21863 MISC |
| microsoft — windows_10 | Windows Application Model Core API Elevation of Privilege Vulnerability. | 2022-01-11 | 6.9 | CVE-2022-21862 MISC |
| mitre — caldera | An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded “SVG” parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be leveraged for XXE attacks (e.g., File Exfiltration, Server Side Request Forgery, Out of Band Exfiltration, etc.). | 2022-01-12 | 6.5 | CVE-2021-42560 MISC MISC |
| philips — engage | The affected product is vulnerable to an improper access control, which may allow an authenticated user to gain unauthorized access to sensitive data. | 2022-01-10 | 4 | CVE-2021-23173 MISC |
| pluginus — woocommerce_currency_switcher | The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape the custom_prices parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue | 2022-01-10 | 4.3 | CVE-2021-25043 CONFIRM MISC |
| qnap — qts | A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QuTS hero h4.5.4.1771 build 20210825 and later QTS 4.5.4.1787 build 20210910 and later QuTScloud c4.5.7.1864 and later | 2022-01-07 | 4.3 | CVE-2021-38674 MISC |
| qualcomm — apq8009w_firmware | Possible denial of service due to incorrectly decoding hex data for the SIB2 OTA message and assigning a garbage value to choice when processing the SRS configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | 2022-01-13 | 5 | CVE-2021-30300 CONFIRM |
| qualcomm — ar8031_firmware | Improper validation of memory region in Hypervisor can lead to incorrect region mapping in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 2022-01-13 | 4.6 | CVE-2021-30285 CONFIRM |
| qualcomm — ar8035_firmware | Possible assertion due to improper validation of symbols configured for PDCCH monitoring in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-01-13 | 5 | CVE-2021-30287 CONFIRM |
| qualcomm — ar8035_firmware | Possible denial of service due to improper validation of DNS response when DNS client requests with PTR, NAPTR or SRV query type in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT | 2022-01-13 | 5 | CVE-2021-30307 CONFIRM |
| qualcomm — ar8035_firmware | Possible denial of service due to out of memory while processing RRC and NAS OTA message in Snapdragon Auto, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-01-13 | 5 | CVE-2021-30301 CONFIRM |
| rubyonrails — rails | A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a “X-Forwarded-Host” headers in combination with certain “allowed host” formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. | 2022-01-10 | 5.8 | CVE-2021-44528 MISC |
| siemens — comos | A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS uses a flawed implementation of CSRF prevention. An attacker could exploit this vulnerability to perform Cross-Site-Request-Forgery attacks. | 2022-01-11 | 6.8 | CVE-2021-37198 MISC |
| siemens — comos | A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability could allow an attacker to store files in any folder accessible by the COMOS Web webservice. | 2022-01-11 | 4 | CVE-2021-37196 MISC |
| siemens — comos | A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS is vulnerable to SQL injections. This could allow an attacker to execute arbitrary SQL statements. | 2022-01-11 | 6.5 | CVE-2021-37197 MISC |
| siemens — comos | A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to inject malicious code that is executed when loading the attachment. | 2022-01-11 | 4.3 | CVE-2021-37195 MISC |
| sismics — teedy | In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting (XSS). The “search term” search functionality is not sufficiently sanitized while displaying the results of the search, which can be leveraged to inject arbitrary scripts. These scripts are executed in a victim’s browser when they enter the crafted URL. In the worst case, the victim who inadvertently triggers the attack is a highly privileged administrator. The injected scripts can extract the Session ID, which can lead to full Account Takeover of the administrator, by an unauthenticated attacker. | 2022-01-10 | 4.3 | CVE-2022-22114 MISC MISC |
| snipeitapp — snipe-it | snipe-it is vulnerable to Improper Access Control | 2022-01-12 | 4.9 | CVE-2022-0179 CONFIRM MISC |
| soketi_project — soketi | soketi is an open-source WebSockets server. There is an unhandled case when reading POST requests which results in the server crashing if it could not read the body of a request. In the event that a POST request is sent to any endpoint of the server with an empty body, even unauthenticated with the Pusher Protocol, it will crash the server. All users that run the server are affected by this vulnerability and it’s highly recommended to upgrade to the latest patch. There are no workarounds for this issue. | 2022-01-10 | 5 | CVE-2022-21667 MISC CONFIRM MISC |
| sphinxsearch — sphinx | SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx. | 2022-01-10 | 5 | CVE-2020-29050 MISC MISC MLIST |
| trendmicro — apex_one | A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2022-01-10 | 6.6 | CVE-2021-44024 MISC MISC |
| trendmicro — apex_one | A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2022-01-10 | 6.6 | CVE-2021-45442 MISC MISC |
| ultimaker — ultimaker_s3_firmware | In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver can be used for clickjacking. This includes the settings page. | 2022-01-10 | 6.8 | CVE-2021-34087 MISC MISC MISC |
| ultimaker — ultimaker_s3_firmware | In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver hosts APIs vulnerable to CSRF. They do not verify incoming requests. | 2022-01-10 | 6.8 | CVE-2021-34086 MISC MISC MISC MISC |
| vim — vim | vim is vulnerable to Heap-based Buffer Overflow | 2022-01-10 | 4.3 | CVE-2022-0158 CONFIRM MISC FEDORA MLIST |
| vim — vim | vim is vulnerable to Use After Free | 2022-01-10 | 4.3 | CVE-2022-0156 MISC CONFIRM FEDORA MLIST |
| vmware — spring_framework | In Spring Framework versions 5.3.0 – 5.3.13, 5.2.0 – 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase. | 2022-01-10 | 4 | CVE-2021-22060 MISC |
| webassembly — binaryen | A Stack Overflow vulnerability exists in Binaryen 103 via the printf_common function. | 2022-01-10 | 4.3 | CVE-2021-46050 MISC |
| webassembly — binaryen | A Denial of Service vulnerability exists in Binaryen 103. The program terminates with signal SIGKILL. | 2022-01-10 | 4.3 | CVE-2021-46053 MISC |
| webassembly — binaryen | A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::readFunctions. | 2022-01-10 | 4.3 | CVE-2021-46048 MISC |
| webassembly — binaryen | A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate. | 2022-01-10 | 4.3 | CVE-2021-46052 MISC |
| webassembly — binaryen | A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*). | 2022-01-10 | 4.3 | CVE-2021-46054 MISC |
| webassembly — binaryen | A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*). | 2022-01-10 | 4.3 | CVE-2021-46055 MISC |
| wow-company — button_generator | The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE. | 2022-01-10 | 5.1 | CVE-2021-25052 CONFIRM MISC |
| wow-company — modal_window | The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE. | 2022-01-10 | 5.1 | CVE-2021-25051 MISC CONFIRM |
| wow-company — wp_coder | The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE. | 2022-01-10 | 5.1 | CVE-2021-25053 CONFIRM MISC |
| wow-company — wpcalc | The WPcalc WordPress plugin through 2.1 does not sanitize user input into the ‘did’ parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability. | 2022-01-10 | 6.5 | CVE-2021-25054 MISC |
| zohocorp — manageengine_desktop_central | Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module. | 2022-01-10 | 6.5 | CVE-2021-46164 MISC |
| zohocorp — manageengine_desktop_central | Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file’s path might not be properly defined. | 2022-01-10 | 4.6 | CVE-2021-46165 MISC |
| zohocorp — manageengine_desktop_central | Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page. | 2022-01-10 | 4 | CVE-2021-46166 MISC |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe — experience_manager | AEM’s Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2022-01-13 | 3.5 | CVE-2021-43764 MISC |
| fit2cloud — halo | In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article title. An authenticated attacker can inject arbitrary javascript code that will execute on a victim’s server. | 2022-01-13 | 3.5 | CVE-2022-22123 MISC MISC MISC |
| fit2cloud — halo | In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the profile image. An authenticated attacker can upload a carefully crafted SVG file that will trigger arbitrary javascript to run on a victim’s browser. | 2022-01-13 | 3.5 | CVE-2022-22124 MISC MISC MISC |
| google — android | Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity. | 2022-01-10 | 2.1 | CVE-2022-22263 MISC |
| google — android | Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without permission. | 2022-01-10 | 3.6 | CVE-2022-22264 MISC |
| google — android | In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-189575031 | 2022-01-14 | 2.1 | CVE-2021-39628 MISC |
| google — android | Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode. | 2022-01-10 | 3.6 | CVE-2022-22268 MISC |
| google — android | (Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission. | 2022-01-10 | 2.1 | CVE-2022-22266 MISC |
| google — android | Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information. | 2022-01-10 | 2.1 | CVE-2022-22267 MISC |
| google — android | Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address. | 2022-01-10 | 2.1 | CVE-2022-22269 MISC |
| google — android | A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory. | 2022-01-10 | 2.1 | CVE-2022-22271 MISC |
| google — android | Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission | 2022-01-10 | 2.1 | CVE-2022-22272 MISC |
| huawei — harmonyos | The fingerprint module has a security risk of brute force cracking. Successful exploitation of this vulnerability may affect data confidentiality. | 2022-01-10 | 2.1 | CVE-2021-40006 MISC |
| huawei — ws318n-21_firmware | There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n product when processing network settings. Due to insufficient validation of user input, a local authenticated attacker could exploit this vulnerability by injecting special characters. Successful exploit could cause certain information disclosure. Affected product versions include: WS318n-21 10.0.2.2, 10.0.2.5 and 10.0.2.6. | 2022-01-10 | 1.9 | CVE-2021-40041 MISC |
| ibm — security_verify_access | IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209563. | 2022-01-10 | 3.5 | CVE-2021-38895 XF CONFIRM |
| ivanti — workspace_control | A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector. | 2022-01-10 | 2.1 | CVE-2022-21823 MISC |
| mediawiki — mediawiki | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Special:CheckUserLog allows CheckUser XSS because of date mishandling, as demonstrated by an XSS payload in MediaWiki:October. | 2022-01-10 | 3.5 | CVE-2021-46150 MISC MISC |
| mediawiki — mediawiki | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file. | 2022-01-10 | 3.5 | CVE-2021-46146 MISC MISC |
| microsoft — windows_10 | Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability. | 2022-01-11 | 2.1 | CVE-2022-21839 MISC |
| phoronix-media — phoronix_test_suite | phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 2022-01-10 | 3.5 | CVE-2022-0157 CONFIRM MISC |
| rangerstudio — directus | In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged attacker can upload a crafted HTML file as a profile avatar, and when an admin or another user opens it, the XSS payload gets triggered. | 2022-01-10 | 3.5 | CVE-2022-22117 MISC MISC |
| rangerstudio — directus | In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim’s browser when they open the image URL. | 2022-01-10 | 3.5 | CVE-2022-22116 MISC MISC |
| sismics — teedy | In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Site Scripting (XSS) in the name of a created Tag. Since the Tag name is not being sanitized properly in the edit tag page, a low privileged attacker can store malicious scripts in the name of the Tag. In the worst case, the victim who inadvertently triggers the attack is a highly privileged administrator. The injected scripts can extract the Session ID, which can lead to full Account Takeover of the administrator, and privileges escalation. | 2022-01-10 | 3.5 | CVE-2022-22115 MISC MISC |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 10web_social_photo_feed — 10web_social_photo_feed |
The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affected by a reflected Cross-Site Scripting (XSS) vulnerability in the wdi_apply_changes admin page, allowing an attacker to perform such attack against any logged in users | 2022-01-10 | not yet calculated | CVE-2021-25047 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-44704 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-44712 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in application denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-44713 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Violation of Secure Design Principles that could lead to a Security feature bypass. Acrobat Reader DC displays a warning message when a user clicks on a PDF file, which could be used by an attacker to mislead the user. In affected versions, this warning message does not include custom protocols when used by the sender. User interaction is required to abuse this vulnerability as they would need to click ‘allow’ on the warning message of a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-44714 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a heap overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-44709 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-44715 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-44707 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a heap overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-44708 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-44710 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-44706 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-45063 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a stack buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-44703 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-44740 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-44701 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-44742 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-45060 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-45061 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-45062 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-44741 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-45064 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-45067 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-45068 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-44705 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-44711 MISC |
| adobe — acrobat_reader_dc_activex_control |
Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page. | 2022-01-14 | not yet calculated | CVE-2021-44739 MISC |
| adobe — acrobat_reader_dc_activex_control |
Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page. | 2022-01-14 | not yet calculated | CVE-2021-44702 MISC |
| adobe — adobe_experience_manager |
AEM’s Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a dispatcher bypass vulnerability that could be abused to evade security controls. Sensitive areas of the web application may be exposed through exploitation of the vulnerability. | 2022-01-13 | not yet calculated | CVE-2021-43762 MISC |
| adobe — adobe_experience_manager |
AEM’s Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2022-01-13 | not yet calculated | CVE-2021-43761 MISC |
| adobe — bridge |
Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-44743 MISC |
| adobe — bridge |
Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an use-after-free vulnerability in the processing of Format event actions that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-45051 MISC |
| adobe — bridge |
Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file. | 2022-01-14 | not yet calculated | CVE-2021-45052 MISC |
| adobe — experience_manager |
AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE. | 2022-01-13 | not yet calculated | CVE-2021-40722 MISC |
| adobe — illustrator |
Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-43752 MISC |
| adobe — illustrator |
Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-01-14 | not yet calculated | CVE-2021-44700 MISC |
| apache — dubbo |
A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protocol, during Hessian catch unexpected exceptions, Hessian will log out some imformation for users, which may cause remote command execution. This issue affects Apache Dubbo Apache Dubbo 2.6.x versions prior to 2.6.12; Apache Dubbo 2.7.x versions prior to 2.7.15; Apache Dubbo 3.0.x versions prior to 3.0.5. | 2022-01-10 | not yet calculated | CVE-2021-43297 MISC |
| arista — eos |
An issue has recently been discovered in Arista EOS where the incorrect use of EOS’s AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration. | 2022-01-14 | not yet calculated | CVE-2021-28500 MISC |
| arista — eos |
An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent. | 2022-01-14 | not yet calculated | CVE-2021-28507 MISC |
| arista — eos |
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device. | 2022-01-14 | not yet calculated | CVE-2021-28506 MISC |
| arista — eos |
An issue has recently been discovered in Arista EOS where the incorrect use of EOS’s AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration. | 2022-01-14 | not yet calculated | CVE-2021-28501 MISC |
| arm — mali_gpu_kernel_driver |
Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 through r34p0, and Valhall r19p0 through r34p0) allows a non-privileged user to achieve write access to read-only memory, and possibly obtain root privileges, corrupt memory, and modify the memory of other processes. | 2022-01-14 | not yet calculated | CVE-2021-44828 MISC |
| asus — rt-ax56u |
ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files. | 2022-01-14 | not yet calculated | CVE-2022-22054 MISC |
| authzed — spicedb |
SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch of an `exclusion` or within an `intersection` operation will see `Lookup`/`LookupResources` return a resource as “accessible” if it is *not* accessible by virtue of the inclusion of the wildcard in the intersection or the right side of the exclusion. In `v1.3.0`, the wildcard is ignored entirely in lookup’s dispatch, resulting in the `banned` wildcard being ignored in the exclusion. Version 1.4.0 contains a patch for this issue. As a workaround, don’t make use of wildcards on the right side of intersections or within exclusions. | 2022-01-11 | not yet calculated | CVE-2022-21646 MISC MISC CONFIRM MISC |
| bentley — contextcapture |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley ContextCapture 10.18.0.232. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14785. | 2022-01-13 | not yet calculated | CVE-2021-34985 MISC MISC |
| bentley — contextcapture |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley ContextCapture 10.18.0.232. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14784. | 2022-01-13 | not yet calculated | CVE-2021-34984 MISC MISC |
| bytecode_viewer — bytecode_viewer |
Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Versions of the package prior to 2.11.0 are vulnerable to Arbitrary File Write via Archive Extraction (AKA “Zip Slip”). The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The Zip Slip vulnerability can affect numerous archive formats, including zip, jar, tar, war, cpio, apk, rar and 7z. The attacker can then overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine. The impact of a Zip Slip vulnerability would allow an attacker to create or overwrite existing files on the filesystem. In the context of a web application, a web shell could be placed within the application directory to achieve code execution. All users should upgrade to BCV v2.11.0 when possible to receive a patch. There are no recommended workarounds aside from upgrading. | 2022-01-12 | not yet calculated | CVE-2022-21675 MISC CONFIRM MISC MISC |
| checkmk — checkmk |
A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title. | 2022-01-15 | not yet calculated | CVE-2020-28919 MISC MISC MISC MISC |
| china_mobile — an_lianbao_wf-1_router |
China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface /api/ZRUsb/pop_usb_device component. | 2022-01-14 | not yet calculated | CVE-2021-33962 MISC MISC MISC MISC |
| china_mobile — an_lianbao_wf-1_router |
China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands. | 2022-01-15 | not yet calculated | CVE-2021-33963 MISC MISC MISC MISC |
| chronoforms — chronoforms |
ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary files. | 2022-01-12 | not yet calculated | CVE-2021-28376 MISC |
| chronoforums — chronoforums |
ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files. | 2022-01-12 | not yet calculated | CVE-2021-28377 MISC |
| cisco — ip_phone_models |
A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks. | 2022-01-14 | not yet calculated | CVE-2022-20660 CISCO FULLDISC |
| cisco — multiple_products |
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | 2022-01-11 | not yet calculated | CVE-2021-1573 CISCO |
| cisco — multiple_products |
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | 2022-01-11 | not yet calculated | CVE-2021-34704 CISCO |
| cisco — security_manager |
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2022-01-14 | not yet calculated | CVE-2022-20643 CISCO |
| cisco — security_manager |
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2022-01-14 | not yet calculated | CVE-2022-20636 CISCO |
| cisco — security_manager |
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2022-01-14 | not yet calculated | CVE-2022-20635 CISCO |
| cisco — security_manager |
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2022-01-14 | not yet calculated | CVE-2022-20646 CISCO |
| cisco — security_manager |
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2022-01-14 | not yet calculated | CVE-2022-20645 CISCO |
| cisco — security_manager |
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2022-01-14 | not yet calculated | CVE-2022-20647 CISCO |
| cisco — security_manager |
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2022-01-14 | not yet calculated | CVE-2022-20642 CISCO |
| cisco — security_manager |
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2022-01-14 | not yet calculated | CVE-2022-20644 CISCO |
| cisco — security_manager |
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2022-01-14 | not yet calculated | CVE-2022-20640 CISCO |
| cisco — security_manager |
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2022-01-14 | not yet calculated | CVE-2022-20639 CISCO |
| cisco — security_manager |
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2022-01-14 | not yet calculated | CVE-2022-20637 CISCO |
| cisco — security_manager |
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2022-01-14 | not yet calculated | CVE-2022-20641 CISCO |
| cisco — security_manager |
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2022-01-14 | not yet calculated | CVE-2022-20638 CISCO |
| clam_antivirus_software — vlam_antivirus_software |
A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. | 2022-01-14 | not yet calculated | CVE-2022-20698 CISCO |
| colors.js — colors.js |
The package colors after 1.4.0 are vulnerable to Denial of Service (DoS) that was introduced through an infinite loop in the americanFlag module. Unfortunately this appears to have been a purposeful attempt by a maintainer of colors to make the package unusable, other maintainers’ controls over this package appear to have been revoked in an attempt to prevent them from fixing the issue. Vulnerable Code js for (let i = 666; i < Infinity; i++;) { Alternative Remediation Suggested * Pin dependancy to 1.4.0 | 2022-01-14 | not yet calculated | CVE-2021-23567 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| commvault — commcell |
This vulnerability allows remote attackers to bypass authentication on affected installations of Commvault CommCell 11.22.22. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CVSearchService service. The issue results from the lack of proper validation prior to authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-13706. | 2022-01-13 | not yet calculated | CVE-2021-34993 MISC |
| commvault — commcell |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DataProvider class. The issue results from the lack of proper validation of a user-supplied string before executing it as JavaScript code. An attacker can leverage this vulnerability to escape the JavaScript sandbox and execute Java code in the context of NETWORK SERVICE. Was ZDI-CAN-13755. | 2022-01-13 | not yet calculated | CVE-2021-34994 MISC |
| commvault — commcell |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DownloadCenterUploadHandler class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-13756. | 2022-01-13 | not yet calculated | CVE-2021-34995 MISC |
| commvault — commcell |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Demo_ExecuteProcessOnGroup workflow. By creating a workflow, an attacker can specify an arbitrary command to be executed. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-13889. | 2022-01-13 | not yet calculated | CVE-2021-34996 MISC |
| commvault — commcell |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AppStudioUploadHandler class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-13894. | 2022-01-13 | not yet calculated | CVE-2021-34997 MISC |
| coreftp — server |
CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request. | 2022-01-10 | not yet calculated | CVE-2022-22836 MISC MISC |
| corenlp — corenlp |
corenlp is vulnerable to Improper Restriction of XML External Entity Reference | 2022-01-13 | not yet calculated | CVE-2022-0198 MISC CONFIRM |
| cortex_xdr — cortex_xdr |
A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9. | 2022-01-12 | not yet calculated | CVE-2022-0015 MISC |
| cortex_xdr — cortex_xdr |
A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2. | 2022-01-12 | not yet calculated | CVE-2022-0013 MISC |
| cortex_xdr — cortex_xdr |
An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2. | 2022-01-12 | not yet calculated | CVE-2022-0014 MISC |
| cortex_xdr — cortex_xdr |
An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2. | 2022-01-12 | not yet calculated | CVE-2022-0012 MISC |
| crater — crater |
crater is vulnerable to Unrestricted Upload of File with Dangerous Type | 2022-01-12 | not yet calculated | CVE-2021-4080 CONFIRM MISC |
| crestron — multiple_devices |
An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields. | 2022-01-15 | not yet calculated | CVE-2022-23178 MISC |
| crow — crow |
This affects the package Crow before 0.3+4. It is possible to traverse directories to fetch arbitrary files from the server. | 2022-01-13 | not yet calculated | CVE-2021-23514 CONFIRM CONFIRM CONFIRM |
| crow — crow |
This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting (XSS) vulnerability, assuming an attacker can influence the value entered into the template. If the template is used to render user-generated content, this vulnerability may escalate to a persistent XSS vulnerability. | 2022-01-13 | not yet calculated | CVE-2021-23824 MISC MISC MISC |
| cyberark — endpoint_privilege_manager |
CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user’s Temp directory. | 2022-01-15 | not yet calculated | CVE-2021-44049 CONFIRM MISC MISC MISC |
| dahua — multiple_products |
Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords. | 2022-01-13 | not yet calculated | CVE-2021-33046 MISC CONFIRM CONFIRM |
| daybyday — crm |
In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an application-wide Client-Side Template Injection (CSTI). A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser. | 2022-01-13 | not yet calculated | CVE-2022-22112 MISC MISC |
| discourse — discourse |
Discourse is an open source discussion platform. Versions prior to 2.7.13 in `stable`, 2.8.0.beta11 in `beta`, and 2.8.0.beta11 in `tests-passed` allow some users to log in to a community before they should be able to do so. A user invited via email to a forum with `must_approve_users` enabled is going to be automatically logged in, bypassing the check that does not allow unapproved users to sign in. They will be able to do everything an approved user can do. If they logout, they cannot log back in. This issue is patched in the `stable` version 2.7.13, `beta` version 2.8.0.beta11, and `tests-passed` version 2.8.0.beta11. One may disable invites as a workaround. Administrators can increase `min_trust_level_to_allow_invite` to reduce the attack surface to more trusted users. | 2022-01-13 | not yet calculated | CVE-2022-21684 MISC CONFIRM MISC |
| discourse — discourse |
Discourse is an open source discussion platform. Prior to version 2.8.0.beta11 in the `tests-passed` branch, version 2.8.0.beta11 in the `beta` branch, and version 2.7.13 in the `stable` branch, the bios of users who made their profiles private were still visible in the `<meta>` tags on their users’ pages. The problem is patched in `tests-passed` version 2.8.0.beta11, `beta` version 2.8.0.beta11, and `stable` version 2.7.13 of Discourse. | 2022-01-13 | not yet calculated | CVE-2022-21678 MISC CONFIRM MISC |
| discourse — discourse |
Discourse is an open source discussion platform. Discourse groups can be configured with varying visibility levels for the group as well as the group members. By default, a newly created group has its visibility set to public and the group’s members visibility set to public as well. However, a group’s visibility and the group’s members visibility can be configured such that it is restricted to logged on users, members of the group or staff users. A vulnerability has been discovered in versions prior to 2.7.13 and 2.8.0.beta11 where the group advanced search option does not respect the group’s visibility and members visibility level. As such, a group with restricted visibility or members visibility can be revealed through search with the right search option. This issue is patched in `stable` version 2.7.13, `beta` version 2.8.0.beta11, and `tests-passed` version 2.8.0.beta11 versions of Discourse. There are no workarounds aside from upgrading. | 2022-01-14 | not yet calculated | CVE-2022-21677 MISC CONFIRM |
| django — django_cms |
Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user. | 2022-01-12 | not yet calculated | CVE-2021-44649 MISC MISC |
| dnslib — dnslib |
The dnslib package through 0.9.16 for Python does not verify that the ID value in a DNS reply matches an ID value in a query. | 2022-01-10 | not yet calculated | CVE-2022-22846 MISC |
| docker — docker_desktop |
Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user’s machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the user’s local files. | 2022-01-12 | not yet calculated | CVE-2021-45449 MISC |
| dolibarr — dolibarr |
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command | 2022-01-14 | not yet calculated | CVE-2022-0224 MISC CONFIRM |
| dolibarr — dolibarr |
dolibarr is vulnerable to Business Logic Errors | 2022-01-10 | not yet calculated | CVE-2022-0174 MISC CONFIRM |
| download_monitor — download_monitor |
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6). | 2022-01-14 | not yet calculated | CVE-2021-36920 CONFIRM CONFIRM |
| edgerover — desktop |
File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. | 2022-01-13 | not yet calculated | CVE-2022-22988 MISC |
| element-it — http_commander |
A cross-site scripting (XSS) vulnerability in the “Zip content” feature in Element-IT HTTP Commander 3.1.9 allows remote authenticated users to inject arbitrary web script or HTML via filenames. | 2022-01-13 | not yet calculated | CVE-2021-40813 MISC MISC |
| elementor-pro — elementor-pro |
The Plus Addons for Elementor – Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tp_get_dl_post_info_ajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts | 2022-01-10 | not yet calculated | CVE-2021-24948 MISC MISC |
| elementor-pro — elementor-pro |
The “WP Search Filters” widget of The Plus Addons for Elementor – Pro WordPress plugin before 5.0.7 does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection | 2022-01-10 | not yet calculated | CVE-2021-24949 MISC MISC |
| eyoucms — eyoucms |
eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename. | 2022-01-14 | not yet calculated | CVE-2021-46255 MISC |
| fig2dev — fig2dev |
A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c. | 2022-01-12 | not yet calculated | CVE-2021-37530 MISC |
| fig2dev — fig2dev |
A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent). | 2022-01-12 | not yet calculated | CVE-2021-37529 MISC |
| flatpak — flatpak |
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn’t properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there’s a null byte in the metadata file of an app. Therefore apps can grant themselves permissions without the consent of the user. Flatpak shows permissions to the user during install by reading them from the “xa.metadata” key in the commit metadata. This cannot contain a null terminator, because it is an untrusted GVariant. Flatpak compares these permissions to the *actual* metadata, from the “metadata” file to ensure it wasn’t lied to. However, the actual metadata contents are loaded in several places where they are read as simple C-style strings. That means that, if the metadata file includes a null terminator, only the content of the file from *before* the terminator gets compared to xa.metadata. Thus, any permissions that appear in the metadata file after a null terminator are applied at runtime but not shown to the user. So maliciously crafted apps can give themselves hidden permissions. Users who have Flatpaks installed from untrusted sources are at risk in case the Flatpak has a maliciously crafted metadata file, either initially or in an update. This issue is patched in versions 1.12.3 and 1.10.6. As a workaround, users can manually check the permissions of installed apps by checking the metadata file or the xa.metadata key on the commit metadata. | 2022-01-12 | not yet calculated | CVE-2021-43860 MISC MISC MISC MISC CONFIRM MISC MISC MISC FEDORA |
| flatpak — flatpak |
Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory will have the full access that is specified in the manifest, so running `flatpak build` against it will gain those permissions. Normally this will not be done, so this is not problem. However, if `–mirror-screenshots-url` is specified, then flatpak-builder will launch `flatpak build –nofilesystem=host appstream-utils mirror-screenshots` after finalization, which can lead to issues even with the `–nofilesystem=host` protection. In normal use, the only issue is that these empty directories can be created wherever the user has write permissions. However, a malicious application could replace the `appstream-util` binary and potentially do something more hostile. This has been resolved in Flatpak 1.12.3 and 1.10.6 by changing the behaviour of `–nofilesystem=home` and `–nofilesystem=host`. | 2022-01-13 | not yet calculated | CVE-2022-21682 CONFIRM MISC MISC FEDORA |
| follow-redirects — follow-redirects |
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor | 2022-01-10 | not yet calculated | CVE-2022-0155 CONFIRM MISC |
| formpipe — lasernet |
Formpipe Lasernet before 9.13.3 allows file inclusion in Client Web Services (either by an authenticated attacker, or in a configuration that does not require authentication). | 2022-01-10 | not yet calculated | CVE-2022-22847 CONFIRM |
| gcc — gcc |
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources. | 2022-01-14 | not yet calculated | CVE-2021-46195 MISC |
| gnome — gnome |
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12. | 2022-01-12 | not yet calculated | CVE-2021-44648 MISC MISC |
| gnu — recutils |
An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. | 2022-01-14 | not yet calculated | CVE-2021-46021 MISC |
| gnu — recutils |
An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. | 2022-01-14 | not yet calculated | CVE-2021-46022 MISC |
| gnu — recutils |
An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. | 2022-01-14 | not yet calculated | CVE-2021-46019 MISC |
| gnu_c_library — gnu_c_library |
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | 2022-01-14 | not yet calculated | CVE-2022-23218 MISC |
| gnu_c_library — gnu_c_library |
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | 2022-01-14 | not yet calculated | CVE-2022-23219 MISC |
| google — android |
In inotify_cb of events.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-202159709 | 2022-01-14 | not yet calculated | CVE-2021-39632 MISC |
| google — android |
In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency calling due to an unhandled exception. In rare instances, this could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-208267659 | 2022-01-14 | not yet calculated | CVE-2021-39659 MISC |
| google — android |
In mgm_alloc_page of memory_group_manager.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-201677538References: N/A | 2022-01-14 | not yet calculated | CVE-2021-39682 MISC |
| google — android |
In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202003354References: N/A | 2022-01-14 | not yet calculated | CVE-2021-39683 MISC |
| google — android |
In target_init of gs101/abl/target/slider/target.c, there is a possible allocation of RWX memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-203250788References: N/A | 2022-01-14 | not yet calculated | CVE-2021-39684 MISC |
| google — android |
In <TBD> of <TBD>, there is a possible bypass of Factory Reset Protection due to <TBD>. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-171742549References: N/A | 2022-01-14 | not yet calculated | CVE-2021-39678 MISC |
| google — android |
In init of vendor_graphicbuffer_meta.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188745089References: N/A | 2022-01-14 | not yet calculated | CVE-2021-39679 MISC |
| google — android |
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194695497 | 2022-01-14 | not yet calculated | CVE-2021-39626 MISC |
| google — android |
In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150694665References: Upstream kernel | 2022-01-14 | not yet calculated | CVE-2021-39633 MISC |
| google — android |
In delete_protocol of main.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200251074References: N/A | 2022-01-14 | not yet calculated | CVE-2021-39681 MISC |
| google — android |
In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-202768292 | 2022-01-14 | not yet calculated | CVE-2021-39630 MISC |
| google — android |
In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-197353344 | 2022-01-14 | not yet calculated | CVE-2021-39629 MISC |
| google — android |
In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-185126549 | 2022-01-14 | not yet calculated | CVE-2021-39627 MISC |
| google — android |
In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-185126319 | 2022-01-14 | not yet calculated | CVE-2021-39621 MISC |
| google — android |
Hacker one bug ID: 1343975Product: AndroidVersions: Android SoCAndroid ID: A-204256722 | 2022-01-14 | not yet calculated | CVE-2021-1049 MISC |
| google — android |
The broadcast that DevicePickerFragment sends when a new device is paired doesn’t have any permission checks, so any app can register to listen for it. This lets apps keep track of what devices are paired without requesting BLUETOOTH permissions.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-162951906 | 2022-01-14 | not yet calculated | CVE-2021-1037 MISC |
| google — android |
In LocationSettingsActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-182812255 | 2022-01-14 | not yet calculated | CVE-2021-1036 MISC |
| google — android |
In fs/eventpoll.c, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204450605References: Upstream kernel | 2022-01-14 | not yet calculated | CVE-2021-39634 MISC |
| google — android |
In sec_SHA256_Transform of sha256_core.c, there is a possible way to read heap data due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-197965864References: N/A | 2022-01-14 | not yet calculated | CVE-2021-39680 MISC |
| gpac — gpac |
GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_list_last(). This vulnerability allows attackers to cause a Denial of Service (DoS). | 2022-01-14 | not yet calculated | CVE-2021-45760 MISC |
| gpac — gpac |
GPAC 1.1.0 was discovered to contain an invalid memory address dereference via the function lsr_read_id(). This vulnerability can lead to a Denial of Service (DoS). | 2022-01-14 | not yet calculated | CVE-2021-45767 MISC |
| gpac — gpac |
A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via media.c, which allows attackers to cause a denial of service or execute arbitrary code via a crafted file. | 2022-01-10 | not yet calculated | CVE-2021-36414 MISC |
| gpac — gpac |
A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via the gp_rtp_builder_do_mpeg12_video function, which allows attackers to possibly have unspecified other impact via a crafted file in the MP4Box command, | 2022-01-10 | not yet calculated | CVE-2021-36412 MISC |
| gpac — gpac |
GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_sg_vrml_mf_reset(). This vulnerability allows attackers to cause a Denial of Service (DoS). | 2022-01-14 | not yet calculated | CVE-2021-45762 MISC |
| gpac — gpac |
GPAC v1.1.0 was discovered to contain an invalid call in the function gf_node_changed(). This vulnerability can lead to a Denial of Service (DoS). | 2022-01-14 | not yet calculated | CVE-2021-45763 MISC |
| gpac — gpac |
GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function shift_chunk_offsets.isra(). | 2022-01-14 | not yet calculated | CVE-2021-45764 MISC |
| h2database — h2databse |
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution. | 2022-01-10 | not yet calculated | CVE-2021-42392 MISC MISC |
| halo — halo |
In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server. | 2022-01-13 | not yet calculated | CVE-2022-22125 MISC MISC MISC |
| hermes — hermes |
By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. This could result in segmentation fault as a consequence of type confusion error, with a low chance of RCE. This issue affects Hermes versions prior to v0.10.0. | 2022-01-15 | not yet calculated | CVE-2021-24044 CONFIRM |
| hp — designjet_products |
Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing and downloading of print job previews. | 2022-01-14 | not yet calculated | CVE-2021-3965 MISC |
| ibm — aix_and_vios |
IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. IBM X-Force ID: 212953. | 2022-01-11 | not yet calculated | CVE-2021-38991 XF CONFIRM |
| ibm — extended_dynamic_remote_sql_server |
The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a specially crafted request and cause a denial of service. IBM X-Force ID: 214537. | 2022-01-13 | not yet calculated | CVE-2021-39056 XF CONFIRM |
| ibm — multiple_products |
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authenticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID: 200657. | 2022-01-11 | not yet calculated | CVE-2021-29701 CONFIRM XF |
| ibm — planning analytics_and_planning_analytics_workspace |
IBM Planning Analytics 2.0 and IBM Planning Analytics Workspace 2.0 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote threat actor who can access (without previous authentication) a valid PA endpoint to read and write files to the IBM Planning Analytics system. Depending on file system permissions up to path traversal and possibly remote code execution. IBM X-Force ID: 209511. | 2022-01-12 | not yet calculated | CVE-2021-38892 XF CONFIRM |
| ibm — sterling_gentran:server_for_windows |
IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 213962. | 2022-01-14 | not yet calculated | CVE-2021-39032 XF CONFIRM |
| imperva — web_application_firewall |
Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use “Content-Encoding: gzip” to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF. | 2022-01-14 | not yet calculated | CVE-2021-45468 MISC |
| jenkins — jenkins | Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | 2022-01-12 | not yet calculated | CVE-2022-23110 CONFIRM MLIST |
| jenkins — jenkins |
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job’s SCM repository. | 2022-01-12 | not yet calculated | CVE-2022-20617 CONFIRM MLIST |
| jenkins — jenkins |
Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 2022-01-12 | not yet calculated | CVE-2022-20621 CONFIRM MLIST |
| jenkins — jenkins |
Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. | 2022-01-12 | not yet calculated | CVE-2022-20620 CONFIRM MLIST |
| jenkins — jenkins |
A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 2022-01-12 | not yet calculated | CVE-2022-20619 CONFIRM MLIST |
| jenkins — jenkins |
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set. | 2022-01-12 | not yet calculated | CVE-2022-20612 CONFIRM MLIST |
| jenkins — jenkins |
Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations. | 2022-01-12 | not yet calculated | CVE-2022-23105 CONFIRM MLIST |
| jenkins — jenkins |
Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token. | 2022-01-12 | not yet calculated | CVE-2022-23106 CONFIRM MLIST |
| jenkins — jenkins |
Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system. | 2022-01-12 | not yet calculated | CVE-2022-23107 CONFIRM MLIST |
| jenkins — jenkins |
Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 2022-01-12 | not yet calculated | CVE-2022-23108 CONFIRM MLIST |
| jenkins — jenkins |
A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. | 2022-01-12 | not yet calculated | CVE-2022-23111 CONFIRM MLIST |
| jenkins — jenkins |
A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials. | 2022-01-12 | not yet calculated | CVE-2022-23112 CONFIRM MLIST |
| jenkins — jenkins |
A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. | 2022-01-12 | not yet calculated | CVE-2022-20618 CONFIRM MLIST |
| jenkins — jenkins |
Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files. | 2022-01-12 | not yet calculated | CVE-2022-23113 CONFIRM MLIST |
| jenkins — jenkins |
Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed. | 2022-01-12 | not yet calculated | CVE-2022-23109 CONFIRM MLIST |
| jenkins — jenkins |
A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname. | 2022-01-12 | not yet calculated | CVE-2022-20613 CONFIRM MLIST |
| jenkins — jenkins |
Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it’s a zip file. | 2022-01-12 | not yet calculated | CVE-2022-20616 CONFIRM MLIST |
| jenkins — jenkins |
Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller. | 2022-01-12 | not yet calculated | CVE-2022-23118 CONFIRM MLIST |
| jenkins — jenkins |
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller. | 2022-01-12 | not yet calculated | CVE-2022-23117 CONFIRM MLIST |
| jenkins — jenkins |
Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 2022-01-12 | not yet calculated | CVE-2022-23114 CONFIRM MLIST |
| jenkins — jenkins |
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method. | 2022-01-12 | not yet calculated | CVE-2022-23116 CONFIRM MLIST |
| jenkins — jenkins |
Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. | 2022-01-12 | not yet calculated | CVE-2022-20615 CONFIRM MLIST |
| jenkins — jenkins |
A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname. | 2022-01-12 | not yet calculated | CVE-2022-20614 CONFIRM MLIST |
| jenkins — jenkins |
Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task. | 2022-01-12 | not yet calculated | CVE-2022-23115 CONFIRM MLIST |
| jerryscript — jerryscript |
An issue was discovered in JerryScript commit a6ab5e9. There is an Use-After-Free in lexer_compare_identifier_to_string in js-lexer.c file. | 2022-01-14 | not yet calculated | CVE-2021-46170 MISC |
| jpress — jpress |
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code. | 2022-01-13 | not yet calculated | CVE-2021-45806 MISC MISC MISC |
| jpress — jpress |
jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall. | 2022-01-13 | not yet calculated | CVE-2021-45807 MISC MISC MISC |
| keystonejs — keystone |
keystone is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 2022-01-12 | not yet calculated | CVE-2022-0087 CONFIRM MISC |
| le-yan — dental_management_system |
The Le-yan dental management system contains a hard-coded credentials vulnerability in the web page source code, which allows an unauthenticated remote attacker to acquire administrator’s privilege and control the system or disrupt service. | 2022-01-14 | not yet calculated | CVE-2022-22056 MISC |
| le-yan — dental_management_system |
The Le-yan dental management system contains an SQL-injection vulnerability. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to acquire administrator’s privilege and perform arbitrary operations on the system or disrupt service. | 2022-01-14 | not yet calculated | CVE-2022-22055 MISC |
| lens — lens |
In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user’s shell. Arguments can be provided which cause arbitrary shell commands to run on the system. | 2022-01-10 | not yet calculated | CVE-2021-23154 MISC |
| lens — lens |
Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim’s browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the Lens user. | 2022-01-10 | not yet calculated | CVE-2021-44458 MISC |
| libreswan — libreswan |
Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6. | 2022-01-15 | not yet calculated | CVE-2022-23094 MISC MISC DEBIAN |
| libtiff — libtiff |
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. | 2022-01-10 | not yet calculated | CVE-2022-22844 MISC MISC |
| linux — kernel |
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types. | 2022-01-14 | not yet calculated | CVE-2022-23222 MISC MLIST |
| linux — linux_kernel |
nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace. | 2022-01-11 | not yet calculated | CVE-2021-46283 MISC MISC MISC |
| livehelperchat — livehelperchat |
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) | 2022-01-14 | not yet calculated | CVE-2022-0226 CONFIRM MISC |
| livehelperchat — livehelperchat |
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) | 2022-01-14 | not yet calculated | CVE-2022-0231 MISC CONFIRM |
| lorensberg — connect |
** DISPUTED ** Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability. Exploitation requires administrator privileges and is performed through the Wizard editor of the application. The attack requires an administrator to go into the Wizard editor and enter an XSS payload within the Page title, Page Instructions, Text before, Text after, or Text on side box. Once this has been done, the administrator must click save and finally wait until any user of the application performs a booking for rental items in the booking area of the application, where the XSS triggers. NOTE: another perspective is that the administrator may require JavaScript to customize any aspect of the page rendering. There is no effective way for the product to defend users in the face of a malicious administrator. | 2022-01-12 | not yet calculated | CVE-2021-43960 MISC MISC |
| lua — lua |
Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service. | 2022-01-11 | not yet calculated | CVE-2021-44647 MISC MISC |
| make-ca — make-ca |
make-ca is a utility to deliver and manage a complete PKI configuration for workstations and servers. Starting with version 0.9 and prior to version 1.10, make-ca misinterprets Mozilla certdata.txt and treats explicitly untrusted certificates like trusted ones, causing those explicitly untrusted certificates trusted by the system. The explicitly untrusted certificates were used by some CAs already hacked. Hostile attackers may perform a MIM attack exploiting them. Everyone using the affected versions of make-ca should upgrade to make-ca-1.10, and run `make-ca -f -g` as the `root` user to regenerate the trusted store immediately. As a workaround, users may delete the untrusted certificates from /etc/pki/tls and /etc/ssl/certs manually (or by a script), but this is not recommended because the manual changes will be overwritten next time running make-ca to update the trusted anchor. | 2022-01-10 | not yet calculated | CVE-2022-21672 CONFIRM MISC MISC MISC |
| markdown-it — markdown-it |
markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading. | 2022-01-10 | not yet calculated | CVE-2022-21670 MISC CONFIRM |
| markedjs — marked |
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources. | 2022-01-14 | not yet calculated | CVE-2022-21680 CONFIRM MISC MISC |
| markedjs — marked |
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources. | 2022-01-14 | not yet calculated | CVE-2022-21681 CONFIRM MISC |
| martdevelopers_inc — iresturant |
MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed. | 2022-01-12 | not yet calculated | CVE-2021-43436 MISC MISC |
| mattermost — focalboard |
In Mattermost Focalboard, versions prior to v0.7.5, v0.8.4, v0.9.5, v0.10.1 and v0.11.0-rc1; as used respectively in Mattermost, versions prior to v5.37.6, v5.39.3, v6.0.4, v6.1.1 and v6.2.0, are vulnerable to Insufficient Session Expiration. When a user initiates a logout, their session is not invalidated properly. In addition, user sessions are stored in the browser’s local storage, which by default does not have an expiration time. This makes it possible for an attacker to steal and reuse the cookies using techniques such as XSS attacks, to completely take over a victim account. | 2022-01-13 | not yet calculated | CVE-2022-22122 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| mcafee — techcheck |
Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system user. This was achieved through placing the malicious DLL in the same directory that the process was run from. | 2022-01-11 | not yet calculated | CVE-2022-0129 CONFIRM |
| micro_focus — arcsight_enterprise_security_manager |
Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS). | 2022-01-14 | not yet calculated | CVE-2021-38126 MISC |
| micro_focus — arcsight_enterprise_security_manager |
Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS). | 2022-01-14 | not yet calculated | CVE-2021-38127 MISC |
| microsoft — .net_framework |
.NET Framework Denial of Service Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21911 MISC |
| microsoft — dynamics_365_customer_engagement |
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21932 MISC |
| microsoft — dynamics_365_sales |
Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21891 MISC |
| microsoft — edge |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21930, CVE-2022-21931. | 2022-01-11 | not yet calculated | CVE-2022-21929 MISC |
| microsoft — edge |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21970. | 2022-01-11 | not yet calculated | CVE-2022-21954 MISC |
| microsoft — edge |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21929, CVE-2022-21931. | 2022-01-11 | not yet calculated | CVE-2022-21930 MISC |
| microsoft — edge |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21929, CVE-2022-21930. | 2022-01-11 | not yet calculated | CVE-2022-21931 MISC |
| microsoft — edge |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21954. | 2022-01-11 | not yet calculated | CVE-2022-21970 MISC |
| microsoft — exchange_server |
Microsoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21846, CVE-2022-21855. | 2022-01-11 | not yet calculated | CVE-2022-21969 MISC |
| microsoft — hevc_video_extensions |
HEVC Video Extensions Remote Code Execution Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21917 MISC |
| microsoft — windows | Windows IKE Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-21843, CVE-2022-21848, CVE-2022-21889, CVE-2022-21890. | 2022-01-11 | not yet calculated | CVE-2022-21883 MISC |
| microsoft — windows |
Windows GDI Elevation of Privilege Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21903 MISC |
| microsoft — windows |
DirectX Graphics Kernel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21912. | 2022-01-11 | not yet calculated | CVE-2022-21898 MISC |
| microsoft — windows |
Windows GDI+ Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21880. | 2022-01-11 | not yet calculated | CVE-2022-21915 MISC |
| microsoft — windows |
Windows Extensible Firmware Interface Security Feature Bypass Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21899 MISC MISC |
| microsoft — windows |
Windows Hyper-V Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-21905. | 2022-01-11 | not yet calculated | CVE-2022-21900 MISC |
| microsoft — windows |
Windows DWM Core Library Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21852, CVE-2022-21896. | 2022-01-11 | not yet calculated | CVE-2022-21902 MISC |
| microsoft — windows |
Windows Modern Execution Server Remote Code Execution Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21888 MISC |
| microsoft — windows |
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21885. | 2022-01-11 | not yet calculated | CVE-2022-21914 MISC |
| microsoft — windows |
Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass. | 2022-01-11 | not yet calculated | CVE-2022-21913 MISC |
| microsoft — windows |
DirectX Graphics Kernel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21898. | 2022-01-11 | not yet calculated | CVE-2022-21912 MISC |
| microsoft — windows |
Windows Geolocation Service Remote Code Execution Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21878 MISC |
| microsoft — windows |
Microsoft Cluster Port Driver Elevation of Privilege Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21910 MISC |
| microsoft — windows |
Windows Installer Elevation of Privilege Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21908 MISC |
| microsoft — windows |
HTTP Protocol Stack Remote Code Execution Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21907 MISC MISC MISC |
| microsoft — windows |
Windows GDI Information Disclosure Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21904 MISC |
| microsoft — windows |
Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21916. | 2022-01-11 | not yet calculated | CVE-2022-21897 MISC |
| microsoft — windows |
Windows Kerberos Elevation of Privilege Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21920 MISC |
| microsoft — windows |
Storage Spaces Controller Information Disclosure Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21877 MISC MISC |
| microsoft — windows |
Windows IKE Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-21843, CVE-2022-21848, CVE-2022-21883, CVE-2022-21889. | 2022-01-11 | not yet calculated | CVE-2022-21890 MISC |
| microsoft — windows |
Remote Procedure Call Runtime Remote Code Execution Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21922 MISC |
| microsoft — windows |
Windows User Profile Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21919. | 2022-01-11 | not yet calculated | CVE-2022-21895 MISC MISC |
| microsoft — windows |
Windows Defender Credential Guard Security Feature Bypass Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21921 MISC |
| microsoft — windows |
Secure Boot Security Feature Bypass Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21894 MISC |
| microsoft — windows |
Windows DWM Core Library Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21852, CVE-2022-21902. | 2022-01-11 | not yet calculated | CVE-2022-21896 MISC |
| microsoft — windows |
Remote Desktop Protocol Remote Code Execution Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21893 MISC |
| microsoft — windows |
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21928, CVE-2022-21958, CVE-2022-21959, CVE-2022-21960, CVE-2022-21961, CVE-2022-21962, CVE-2022-21963. | 2022-01-11 | not yet calculated | CVE-2022-21892 MISC |
| microsoft — windows |
Windows IKE Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-21843, CVE-2022-21848, CVE-2022-21883, CVE-2022-21890. | 2022-01-11 | not yet calculated | CVE-2022-21889 MISC |
| microsoft — windows |
Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21925 MISC |
| microsoft — windows |
Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21897. | 2022-01-11 | not yet calculated | CVE-2022-21916 MISC |
| microsoft — windows |
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21958, CVE-2022-21959, CVE-2022-21960, CVE-2022-21961, CVE-2022-21962, CVE-2022-21963. | 2022-01-11 | not yet calculated | CVE-2022-21928 MISC |
| microsoft — windows |
DirectX Graphics Kernel File Denial of Service Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21918 MISC |
| microsoft — windows |
Windows Event Tracing Elevation of Privilege Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21872 MISC |
| microsoft — windows |
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21928, CVE-2022-21958, CVE-2022-21959, CVE-2022-21960, CVE-2022-21961, CVE-2022-21963. | 2022-01-11 | not yet calculated | CVE-2022-21962 MISC |
| microsoft — windows |
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21928, CVE-2022-21958, CVE-2022-21959, CVE-2022-21960, CVE-2022-21962, CVE-2022-21963. | 2022-01-11 | not yet calculated | CVE-2022-21961 MISC |
| microsoft — windows |
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21928, CVE-2022-21958, CVE-2022-21959, CVE-2022-21960, CVE-2022-21961, CVE-2022-21962. | 2022-01-11 | not yet calculated | CVE-2022-21963 MISC |
| microsoft — windows |
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21928, CVE-2022-21958, CVE-2022-21959, CVE-2022-21961, CVE-2022-21962, CVE-2022-21963. | 2022-01-11 | not yet calculated | CVE-2022-21960 MISC |
| microsoft — windows |
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21928, CVE-2022-21958, CVE-2022-21960, CVE-2022-21961, CVE-2022-21962, CVE-2022-21963. | 2022-01-11 | not yet calculated | CVE-2022-21959 MISC |
| microsoft — windows |
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21928, CVE-2022-21959, CVE-2022-21960, CVE-2022-21961, CVE-2022-21962, CVE-2022-21963. | 2022-01-11 | not yet calculated | CVE-2022-21958 MISC |
| microsoft — windows |
Windows Hyper-V Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-21900. | 2022-01-11 | not yet calculated | CVE-2022-21905 MISC |
| microsoft — windows |
Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21964 MISC |
| microsoft — windows |
Clipboard User Service Elevation of Privilege Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21869 MISC |
| microsoft — windows |
Win32k Information Disclosure Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21876 MISC MISC |
| microsoft — windows |
Windows Storage Elevation of Privilege Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21875 MISC |
| microsoft — windows |
Windows Security Center API Remote Code Execution Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21874 MISC |
| microsoft — windows |
Tile Data Repository Elevation of Privilege Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21873 MISC |
| microsoft — windows |
Windows User Profile Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21895. | 2022-01-11 | not yet calculated | CVE-2022-21919 MISC |
| microsoft — windows |
Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21871 MISC |
| microsoft — windows |
Windows GDI+ Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21915. | 2022-01-11 | not yet calculated | CVE-2022-21880 MISC |
| microsoft — windows |
Windows Defender Application Control Security Feature Bypass Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21906 MISC |
| microsoft — windows |
Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21882. | 2022-01-11 | not yet calculated | CVE-2022-21887 MISC |
| microsoft — windows |
Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21887. | 2022-01-11 | not yet calculated | CVE-2022-21882 MISC |
| microsoft — windows |
Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21870 MISC |
| microsoft — windows |
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21879. | 2022-01-11 | not yet calculated | CVE-2022-21881 MISC |
| microsoft — windows |
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21884 MISC |
| microsoft — windows |
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21881. | 2022-01-11 | not yet calculated | CVE-2022-21879 MISC |
| microsoft — windows |
Windows AppContracts API Server Elevation of Privilege Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21860 MISC |
| microsoft — windows |
Windows UI Immersive Server API Elevation of Privilege Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21864 MISC |
| microsoft — windows |
Connected Devices Platform Service Elevation of Privilege Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21865 MISC |
| microsoft — windows |
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21914. | 2022-01-11 | not yet calculated | CVE-2022-21885 MISC |
| microsoft — windows |
Windows System Launcher Elevation of Privilege Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21866 MISC |
| microsoft — windows |
Windows Hyper-V Elevation of Privilege Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21901 MISC |
| microsoft — workstation |
Workstation Service Remote Protocol Security Feature Bypass Vulnerability. | 2022-01-11 | not yet calculated | CVE-2022-21924 MISC |
| mirantis — container_runtime |
When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service. | 2022-01-10 | not yet calculated | CVE-2021-23218 MISC |
| mitre — caldera |
An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting in non-admin users having access to read and modify configuration or other components that should only be accessible by admin users. | 2022-01-12 | not yet calculated | CVE-2021-42562 MISC MISC |
| mitre — caldera |
An issue was discovered in CALDERA 2.8.1. It contains multiple reflected, stored, and self XSS vulnerabilities that may be exploited by authenticated and unauthenticated attackers. | 2022-01-12 | not yet calculated | CVE-2021-42558 MISC MISC |
| mitre — caldera |
An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python “os.system” function. This allows attackers to use shell metacharacters (e.g., backticks ““” or dollar parenthesis “$()” ) in order to escape the current command and execute arbitrary shell commands. | 2022-01-12 | not yet calculated | CVE-2021-42561 MISC MISC |
| mitre — caldera |
An issue was discovered in CALDERA 2.8.1. It contains multiple startup “requirements” that execute commands when starting the server. Because these commands can be changed via the REST API, an authenticated user can insert arbitrary commands that will execute when the server is restarted. | 2022-01-12 | not yet calculated | CVE-2021-42559 MISC MISC |
| mitsubishi_electric — melsec_f_series_firmware |
Improper initialization vulnerability in MELSEC-F series FX3U-ENET Firmware version 1.16 and prior, FX3U-ENET-L Firmware version 1.16 and prior and FX3U-ENET-P502 Firmware version 1.16 and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in communication function of the product by sending specially crafted packets. Control by MELSEC-F series PLC is not affected by this vulnerability, but system reset is required for recovery. | 2022-01-14 | not yet calculated | CVE-2021-20613 MISC MISC MISC |
| mitsubishi_electric — melsec_f_series_firmware |
Lack of administrator control over security vulnerability in MELSEC-F series FX3U-ENET Firmware version 1.14 and prior, FX3U-ENET-L Firmware version 1.14 and prior and FX3U-ENET-P502 Firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in communication function of the product or other unspecified effects by sending specially crafted packets to an unnecessary opening of TCP port. Control by MELSEC-F series PLC is not affected by this vulnerability, but system reset is required for recovery. | 2022-01-14 | not yet calculated | CVE-2021-20612 MISC MISC MISC |
| modex — modex |
Modex v2.11 was discovered to contain an Use-After-Free vulnerability via the component tcache. | 2022-01-14 | not yet calculated | CVE-2021-46169 MISC |
| modex — modex |
Modex v2.11 was discovered to contain a NULL pointer dereference in set_create_id() at xtract.c. | 2022-01-14 | not yet calculated | CVE-2021-46171 MISC |
| mp4box-gpac — mp4box-gpac |
A Null pointer dereference vulnerability exits in MP4Box – GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_id function, which causes a denial of service. | 2022-01-10 | not yet calculated | CVE-2020-25427 MISC MISC |
| mruby — mruby |
An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can lead to a segmentation fault or application crash. | 2022-01-14 | not yet calculated | CVE-2021-46020 MISC |
| my_cloud — os_5 |
A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts. | 2022-01-13 | not yet calculated | CVE-2022-22990 MISC |
| my_cloud — os_5 |
A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP. | 2022-01-13 | not yet calculated | CVE-2022-22991 MISC |
| my_cloud — os_5 |
My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service. Addressed the vulnerability by adding defenses against stack overflow issues. | 2022-01-13 | not yet calculated | CVE-2022-22989 MISC |
| mzautomation — lib60870 |
A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec60870/cs104/cs104_slave.c of lib60870 commit 0d5e76e can lead to a segmentation fault or application crash. | 2022-01-14 | not yet calculated | CVE-2021-45773 MISC |
| mzautomation — libiec61870 |
A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segmentation fault or application crash. | 2022-01-14 | not yet calculated | CVE-2021-45769 MISC |
| nanoid — nanoid |
The package nanoid before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated. | 2022-01-14 | not yet calculated | CVE-2021-23566 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| netbiblio — webopac |
Cross-site Scripting (XSS) vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site Scripting attack. This issue affects: AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320; versions later than 4.0.0.328. This issue does not affect: AlCoda NetBiblio WebOPAC version 4.0.0.335 and later versions. | 2022-01-14 | not yet calculated | CVE-2021-42551 CONFIRM |
| netgear — r6260_routers |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13512. | 2022-01-13 | not yet calculated | CVE-2021-34979 MISC MISC |
| netgear — r6260_routers |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. A crafted SOAP request can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13511. | 2022-01-13 | not yet calculated | CVE-2021-34978 MISC MISC |
| netgear — r6260_routers |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. When parsing the SOAP_LOGIN_TOKEN environment variable, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14107. | 2022-01-13 | not yet calculated | CVE-2021-34980 MISC MISC |
| netgear — r7000_routers |
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7000 1.0.11.116_10.2.100 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP requests. The issue results from the lack of proper authentication verification before performing a password reset. An attacker can leverage this vulnerability to reset the admin password. Was ZDI-CAN-13483. | 2022-01-13 | not yet calculated | CVE-2021-34977 MISC MISC |
| nocobd — nocobd |
In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn’t registered within the system. This allows attackers to enumerate the registered users’ email addresses. | 2022-01-10 | not yet calculated | CVE-2022-22120 MISC MISC |
| nocobd — nocobd |
In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed. | 2022-01-10 | not yet calculated | CVE-2022-22121 MISC MISC |
| nuuo — nvrmini2 |
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root. | 2022-01-14 | not yet calculated | CVE-2022-23227 MISC MISC MISC MISC |
| nvidia — nemo |
NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available. | 2022-01-10 | not yet calculated | CVE-2022-22821 MISC |
| october_cms — october_cms |
October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents PHP execution in the CMS templates.The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround. | 2022-01-14 | not yet calculated | CVE-2021-32650 CONFIRM MISC |
| october_cms — october_cms |
October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with “create, modify and delete website pages” privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround. | 2022-01-14 | not yet calculated | CVE-2021-32649 CONFIRM MISC |
| omron — cx-one |
Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based buffer overflow while processing specific project files, which may allow an attacker to execute arbitrary code. | 2022-01-14 | not yet calculated | CVE-2022-21137 MISC |
| open_design_alliance — drawings_sdk |
Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process. | 2022-01-15 | not yet calculated | CVE-2022-23095 MISC |
| opensuse — opensuse |
A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1. | 2022-01-14 | not yet calculated | CVE-2021-36781 CONFIRM |
| orchardcore — orchardcore |
orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 2022-01-12 | not yet calculated | CVE-2022-0159 CONFIRM MISC |
| owncloud — owncloud |
The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that have been uploaded to a public share) are supposed to be deleted upon detection. | 2022-01-15 | not yet calculated | CVE-2021-33828 MISC MISC |
| owncloud — owncloud |
The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings. | 2022-01-15 | not yet calculated | CVE-2021-33827 MISC MISC |
| owncloud — owncloud_client |
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution. | 2022-01-15 | not yet calculated | CVE-2021-44537 MISC |
| panda_security — free_antivirus |
This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Free Antivirus 20.2.0.0. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the use of named pipes. The issue results from allowing an untrusted process to impersonate the client of a pipe. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-14208. | 2022-01-13 | not yet calculated | CVE-2021-34998 MISC MISC |
| paritytech — frontier |
Frontier is Substrate’s Ethereum compatibility layer. Prior to commit number `8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664`, a bug in Frontier’s MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds (and production WebAssembly binaries), the impact is limited as it can only cause a normal EVM out-of-gas. Users who do not use MODEXP precompile in their runtime are not impacted. A patch is available in pull request #549. | 2022-01-14 | not yet calculated | CVE-2022-21685 CONFIRM MISC MISC |
| partkeeper — partkeeper |
PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the ‘file://’ URI scheme, allowing an authenticated user to read local files. | 2022-01-10 | not yet calculated | CVE-2022-22701 MISC MISC |
| partkeepr — partkeepr |
PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration. | 2022-01-10 | not yet calculated | CVE-2022-22702 MISC MISC |
| peertube — peertube |
peertube is vulnerable to Improper Access Control | 2022-01-11 | not yet calculated | CVE-2022-0170 CONFIRM MISC |
| pexip_infinity — pexip_infinity |
Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 1 of 2). | 2022-01-15 | not yet calculated | CVE-2021-33498 MISC |
| pexip_infinity — pexip_infinity |
Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 2 of 2). | 2022-01-15 | not yet calculated | CVE-2021-33499 MISC |
| pexip_infinity — pexip_infinity |
Pexip Infinity before 26.2 allows temporary remote Denial of Service (abort) because of missing call-setup input validation. | 2022-01-15 | not yet calculated | CVE-2021-42555 CONFIRM |
| pexip_infinity — pexip_infinity |
Pexip Infinity before 26 allows temporary remote Denial of Service (abort) because of missing call-setup input validation. | 2022-01-15 | not yet calculated | CVE-2021-35969 MISC |
| pexip_infinity — pexip_infinity |
Pexip Infinity before 26 allows remote denial of service because of missing RTMP input validation. | 2022-01-15 | not yet calculated | CVE-2021-32545 MISC |
| phoronix-test-suite — phoronix-test-suite |
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) | 2022-01-13 | not yet calculated | CVE-2022-0196 CONFIRM MISC |
| phoronix-test-suite — phoronix-test-suite |
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) | 2022-01-13 | not yet calculated | CVE-2022-0197 CONFIRM MISC |
| php_everywhere — php_everywhere |
Cross-Site Request Forgery (CSRF) vulnerability discovered in PHP Everywhere (WordPress plugin) versions (<= 2.0.2). | 2022-01-13 | not yet calculated | CVE-2021-23227 CONFIRM CONFIRM |
| pillow — pillow |
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. | 2022-01-10 | not yet calculated | CVE-2022-22817 MISC |
| pillow — pillow |
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. | 2022-01-10 | not yet calculated | CVE-2022-22816 MISC MISC |
| pillow — pillow |
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. | 2022-01-10 | not yet calculated | CVE-2022-22815 MISC MISC |
| publishpress_capabilities — publishpress_capabilities |
The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin’s settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any new registered user with an administrator role. | 2022-01-10 | not yet calculated | CVE-2021-25032 CONFIRM MISC |
| puddingbot — puddingbot |
PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new version is already running on the server. As of time of publication, the maintainers are planning to update code to reflect this change at a later date. | 2022-01-11 | not yet calculated | CVE-2022-21669 CONFIRM |
| pypa — pipenv |
pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv’s parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims who use pipenv to install the requirements file to download dependencies from a package index server controlled by the attacker. By embedding malicious code in packages served from their malicious index server, the attacker can trigger arbitrary remote code execution (RCE) on the victims’ systems. If an attacker is able to hide a malicious `–index-url` option in a requirements file that a victim installs with pipenv, the attacker can embed arbitrary malicious code in packages served from their malicious index server that will be executed on the victim’s host during installation (remote code execution/RCE). When pip installs from a source distribution, any code in the setup.py is executed by the install process. This issue is patched in version 2022.1.8. The GitHub Security Advisory contains more information about this vulnerability. | 2022-01-10 | not yet calculated | CVE-2022-21668 MISC CONFIRM MISC |
| qnap — multiple_nas_devices |
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later | 2022-01-14 | not yet calculated | CVE-2021-38691 CONFIRM |
| qnap — multiple_nas_devices |
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later | 2022-01-14 | not yet calculated | CVE-2021-38692 CONFIRM |
| qnap — multiple_nas_devices |
An open redirect vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later | 2022-01-14 | not yet calculated | CVE-2021-38678 CONFIRM |
| qnap — multiple_nas_devices |
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later | 2022-01-14 | not yet calculated | CVE-2021-38690 CONFIRM |
| qnap — multiple_nas_devices |
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later | 2022-01-14 | not yet calculated | CVE-2021-38689 CONFIRM |
| qnap — multiple_nas_devices |
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 and later QTS 5.0.0: QVR Guard 2.1.3.0 and later | 2022-01-14 | not yet calculated | CVE-2021-38682 CONFIRM |
| qnap — qcalagent |
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later | 2022-01-14 | not yet calculated | CVE-2021-38677 CONFIRM |
| qualcomm — multiple_products | Use after free condition can occur in wired connectivity due to a race condition while creating and deleting folders in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-01-13 | not yet calculated | CVE-2021-30313 CONFIRM |
| qualcomm — multiple_products |
Possible buffer overflow while printing the HARQ memory partition detail due to improper validation of buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-01-13 | not yet calculated | CVE-2021-30308 CONFIRM |
| qualcomm — multiple_products |
Improper validation of function pointer type with actual function signature can lead to assertion in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | 2022-01-13 | not yet calculated | CVE-2021-30353 CONFIRM |
| qualcomm — multiple_products |
Lack of validation for third party application accessing the service can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2022-01-13 | not yet calculated | CVE-2021-30314 CONFIRM |
| qualcomm — multiple_products |
Possible integer overflow due to improper validation of command length parameters while processing WMI command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 2022-01-13 | not yet calculated | CVE-2021-30319 CONFIRM |
| qualcomm — multiple_products |
Possible null pointer dereference due to improper validation of APE clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | 2022-01-13 | not yet calculated | CVE-2021-30330 CONFIRM |
| qualcomm — multiple_products |
Possible heap overflow due to lack of index validation before allocating and writing to heap buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-01-13 | not yet calculated | CVE-2021-30311 CONFIRM |
| qxip_sipcature — homer |
QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736-d56064a5b415 JWT secret key across different customers’ installations. | 2022-01-10 | not yet calculated | CVE-2022-22845 MISC MISC MISC MISC |
| radare2 — radare2 |
radare2 is vulnerable to Out-of-bounds Read | 2022-01-11 | not yet calculated | CVE-2022-0173 CONFIRM MISC |
| ray-ban — stories |
A logic flaw in Ray-Ban® Stories device software allowed some parameters like video capture duration limit to be modified through the Facebook View application. This issue affected versions of device software before 2107460.6810.0. | 2022-01-14 | not yet calculated | CVE-2021-24046 CONFIRM |
| repirse — license_manager |
Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process “count” parameter via GET. No authentication is required. | 2022-01-13 | not yet calculated | CVE-2021-45422 MISC MISC MISC |
| replit — crosis |
@replit/crosis is a JavaScript client that speaks Replit’s container protocol. A vulnerability that involves exposure of sensitive information exists in versions prior to 7.3.1. When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are multiple failed attempts to contact Replit through a WebSocket, the library will attempt to communicate using a fallback poll-based proxy. The URL of the proxy has changed, so any communication done to the previous URL could potentially reach a server that is outside of Replit’s control and the token used to connect to the Repl could be obtained by an attacker, leading to full compromise of that Repl (not of the account). This was patched in version 7.3.1 by updating the address of the fallback WebSocket polling proxy to the new one. As a workaround, a user may specify the new address for the polling host (`gp-v2.replit.com`) in the `ConnectArgs`. More information about this workaround is available in the GitHub Security Advisory. | 2022-01-11 | not yet calculated | CVE-2022-21671 CONFIRM MISC |
| ropium — ropium |
ROPium v3.1 was discovered to contain an invalid memory address dereference via the find() function. | 2022-01-14 | not yet calculated | CVE-2021-45761 MISC |
| samba — samba |
All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. | 2022-01-11 | not yet calculated | CVE-2021-43566 MISC MISC MISC |
| samsung — android_applications |
A vulnerability using PendingIntent in Reminder prior to version 12.2.05.0 in Android R(11.0) and 12.3.02.1000 in Android S(12.0) allows attackers to execute privileged action by hijacking and modifying the intent. | 2022-01-10 | not yet calculated | CVE-2022-22285 MISC |
| samsung — android_applications |
A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0) allows attackers to execute privileged action by hijacking and modifying the intent. | 2022-01-10 | not yet calculated | CVE-2022-22286 MISC |
| samsung — email |
Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isolated data in sandbox. | 2022-01-10 | not yet calculated | CVE-2022-22287 MISC |
| samsung — galaxy |
Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist. | 2022-01-10 | not yet calculated | CVE-2022-22288 MISC |
| samsung — health |
Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging out from Samsung Health App. | 2022-01-10 | not yet calculated | CVE-2022-22283 MISC |
| samsung — internet |
Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page. | 2022-01-14 | not yet calculated | CVE-2022-22290 MISC |
| samsung — internet |
Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication | 2022-01-10 | not yet calculated | CVE-2022-22284 MISC |
| samsung — s_assistant |
Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotely get senstive information. | 2022-01-10 | not yet calculated | CVE-2022-22289 MISC |
| sap — business+_one |
SAP Business One – version 10.0, extended log stores information that can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. | 2022-01-14 | not yet calculated | CVE-2021-44234 MISC MISC |
| sap — enterprise_threat_detection |
SAP Enterprise Threat Detection (ETD) – version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability. The UIs in ETD are using SAP UI5 standard controls, the UI5 framework provides automated output encoding for its standard controls. This output encoding prevents stored malicious user input from being executed when it is reflected in the UI. | 2022-01-14 | not yet calculated | CVE-2022-22529 MISC MISC |
| sap — f0743_create_single_payment |
The F0743 Create Single Payment application of SAP S/4HANA – versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being modified or completely compromise the availability of the application. | 2022-01-14 | not yet calculated | CVE-2022-22530 MISC MISC |
| sap — f0743_create_single_payment |
The F0743 Create Single Payment application of SAP S/4HANA – versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified. | 2022-01-14 | not yet calculated | CVE-2022-22531 MISC MISC |
| sap — netweaver |
In SAP NetWeaver AS for ABAP and ABAP Platform – versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information alteration or denial of service is possible. | 2022-01-14 | not yet calculated | CVE-2021-42067 MISC MISC |
| sensormatics_electronics — videoedge |
Running a vulnerability scanner against VideoEdge NVRs can cause some functionality to stop. | 2022-01-14 | not yet calculated | CVE-2021-36199 CERT CONFIRM |
| shelljs — shelljs |
shelljs is vulnerable to Improper Privilege Management | 2022-01-11 | not yet calculated | CVE-2022-0144 CONFIRM MISC |
| siemens — cp-8000_master_module |
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links. | 2022-01-11 | not yet calculated | CVE-2021-45034 MISC |
| siemens — cp-8000_master_module |
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device. | 2022-01-11 | not yet calculated | CVE-2021-45033 MISC |
| siemens — sicam_pq_analyzer |
A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system (“backdoors”) or cause a denial of service. | 2022-01-11 | not yet calculated | CVE-2021-45460 MISC |
| siemens — siprotec_5_multiple_devices |
A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions < V8.83). An improper input validation vulnerability in the web server could allow an unauthenticated user to access device information. | 2022-01-11 | not yet calculated | CVE-2021-41769 MISC |
| smarty-php — smarty |
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch. | 2022-01-10 | not yet calculated | CVE-2021-21408 MISC MISC CONFIRM MISC |
| smarty-php — smarty |
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch. | 2022-01-10 | not yet calculated | CVE-2021-29454 MISC CONFIRM MISC MISC MISC MISC |
| snipe-it — snipe-it |
snipe-it is vulnerable to Improper Access Control | 2022-01-13 | not yet calculated | CVE-2022-0178 CONFIRM MISC |
| socket.io — engine.io |
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package starting from version `4.0.0`, including those who uses depending packages like `socket.io`. Versions prior to `4.0.0` are not impacted. A fix has been released for each major branch, namely `4.1.2` for the `4.x.x` branch, `5.2.1` for the `5.x.x` branch, and `6.1.1` for the `6.x.x` branch. There is no known workaround except upgrading to a safe version. | 2022-01-12 | not yet calculated | CVE-2022-21676 CONFIRM MISC MISC MISC MISC MISC MISC |
| sonicos — firmware |
A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions. | 2022-01-10 | not yet calculated | CVE-2021-20048 CONFIRM |
| sonicos — firmware |
A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions. | 2022-01-10 | not yet calculated | CVE-2021-20046 CONFIRM |
| sourcecodetester — printable_staff_id_card_creator_system |
In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database via SQLi, an attacker can log in and leverage an arbitrary file upload vulnerability to obtain remote code execution. | 2022-01-12 | not yet calculated | CVE-2021-45411 MISC MISC |
| sourceforge — salonerp |
In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using ‘sql’ parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password. | 2022-01-14 | not yet calculated | CVE-2021-45406 MISC MISC MISC |
| spin — spin |
Spin v6.5.1 was discovered to contain an out-of-bounds write in lex() at spinlex.c. | 2022-01-14 | not yet calculated | CVE-2021-46168 MISC |
| strukturag — libde265 |
A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265. | 2022-01-10 | not yet calculated | CVE-2021-36410 MISC |
| strukturag — libde265 |
An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service. | 2022-01-10 | not yet calculated | CVE-2021-36411 MISC |
| strukturag — libde265 |
An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc. | 2022-01-10 | not yet calculated | CVE-2021-35452 MISC |
| strukturag — libde265 |
There is an Assertion `scaling_list_pred_matrix_id_delta==1′ failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact. | 2022-01-10 | not yet calculated | CVE-2021-36409 MISC |
| strukturag — libde265 |
An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265. | 2022-01-10 | not yet calculated | CVE-2021-36408 MISC |
| suitecrm — suitecrm |
SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive. | 2022-01-12 | not yet calculated | CVE-2021-41597 MISC MISC MISC MISC MISC |
| sysaid — itil |
A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter. | 2022-01-11 | not yet calculated | CVE-2021-43971 MISC MISC MISC |
| sysaid — itil |
An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root (with an arbitrary filename) via the tempFile and fileName parameters in the HTTP POST body. | 2022-01-11 | not yet calculated | CVE-2021-43972 MISC MISC MISC |
| sysaid — itil |
An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST body. A successful request returns the absolute, server-side filesystem path of the uploaded file. | 2022-01-11 | not yet calculated | CVE-2021-43973 MISC MISC MISC |
| sysaid — itil |
An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register end users anonymously, but does not respect the server-side setting that determines if anonymous users are allowed to register new accounts. Configuring the server-side setting to disable anonymous user registration only hides the client-side registration form. An attacker can still post registration data to create new accounts without prior authentication. | 2022-01-11 | not yet calculated | CVE-2021-43974 MISC MISC MISC |
| teamviewer — teamviewer |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TVS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13606. | 2022-01-13 | not yet calculated | CVE-2021-34858 MISC MISC |
| tenable.sc — tenable.sc |
Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances. An attacker would first have to stage a specific file type in the web server root of the Tenable.sc host prior to remote exploitation. | 2022-01-14 | not yet calculated | CVE-2022-0130 MISC |
| tibco_software_inc — multiple products |
The Data Virtualization Server component of TIBCO Software Inc.’s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user’s permissions on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below. | 2022-01-12 | not yet calculated | CVE-2021-35500 CONFIRM CONFIRM |
| tibco_software_inc — multiple_products |
The eFTL Server component of TIBCO Software Inc.’s TIBCO eFTL – Community Edition, TIBCO eFTL – Developer Edition, and TIBCO eFTL – Enterprise Edition contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO eFTL – Community Edition: versions 6.7.2 and below, TIBCO eFTL – Developer Edition: versions 6.7.2 and below, and TIBCO eFTL – Enterprise Edition: versions 6.7.2 and below. | 2022-01-11 | not yet calculated | CVE-2021-43055 CONFIRM CONFIRM |
| tibco_software_inc — multiple_products |
The Realm Server component of TIBCO Software Inc.’s TIBCO FTL – Community Edition, TIBCO FTL – Developer Edition, and TIBCO FTL – Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the affected system. Affected releases are TIBCO Software Inc.’s TIBCO FTL – Community Edition: versions 6.7.2 and below, TIBCO FTL – Developer Edition: versions 6.7.2 and below, and TIBCO FTL – Enterprise Edition: versions 6.7.2 and below. | 2022-01-11 | not yet calculated | CVE-2021-43052 CONFIRM CONFIRM |
| tibco_software_inc — multiple_products |
The Realm Server component of TIBCO Software Inc.’s TIBCO FTL – Community Edition, TIBCO FTL – Developer Edition, and TIBCO FTL – Enterprise Edition contains a difficult to exploit vulnerability that allows an unauthenticated attacker with network access to obtain the cluster secret of another application connected to the realm server. Affected releases are TIBCO Software Inc.’s TIBCO FTL – Community Edition: versions 6.7.2 and below, TIBCO FTL – Developer Edition: versions 6.7.2 and below, and TIBCO FTL – Enterprise Edition: versions 6.7.2 and below. | 2022-01-11 | not yet calculated | CVE-2021-43053 CONFIRM CONFIRM |
| tibco_software_inc — multiple_products |
The eFTL Server component of TIBCO Software Inc.’s TIBCO eFTL – Community Edition, TIBCO eFTL – Developer Edition, and TIBCO eFTL – Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to generate API tokens that can access any other channel with arbitrary permissions. Affected releases are TIBCO Software Inc.’s TIBCO eFTL – Community Edition: versions 6.7.2 and below, TIBCO eFTL – Developer Edition: versions 6.7.2 and below, and TIBCO eFTL – Enterprise Edition: versions 6.7.2 and below. | 2022-01-11 | not yet calculated | CVE-2021-43054 CONFIRM CONFIRM |
| trusted_firmware — trusted_firmware |
Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. NSPE can access a secure key (held by the Crypto service) based solely on knowledge of its key ID. For example, there is no authorization check associated with the relationship between a caller and a key owner. | 2022-01-13 | not yet calculated | CVE-2021-40327 MISC MISC CONFIRM |
| ubiquiti — unifi_network |
An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53 and earlier (Log4J CVE-2021-44228) allows a malicious actor to control the application. | 2022-01-14 | not yet calculated | CVE-2021-44530 MISC |
| unisys — clearpath_mcp_tcp-icp_networking_services |
Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 has an Infinite Loop. | 2022-01-12 | not yet calculated | CVE-2021-45445 MISC MISC |
| useful_simple_open-source_cms — useful_simple_open-source_cms |
Useful Simple Open-Source CMS (USOC) is a content management system (CMS) for programmers. Versions prior to Pb2.4Bfx3 allowed Sql injection in usersearch.php only for users with administrative privileges. Users should replace the file `admin/pages/useredit.php` with a newer version. USOC version Pb2.4Bfx3 contains a fixed version of `admin/pages/useredit.php`. | 2022-01-10 | not yet calculated | CVE-2022-21666 MISC MISC CONFIRM |
| vim — vim |
vim is vulnerable to Heap-based Buffer Overflow | 2022-01-14 | not yet calculated | CVE-2022-0213 CONFIRM MISC MLIST |
| wecon — levistudiou |
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code. | 2022-01-14 | not yet calculated | CVE-2021-23138 MISC |
| wecon — levistudiou |
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code. | 2022-01-14 | not yet calculated | CVE-2021-23157 MISC |
| weseek — growi |
growi is vulnerable to Authorization Bypass Through User-Controlled Key | 2022-01-12 | not yet calculated | CVE-2021-3852 CONFIRM MISC |
| z-wave — multiple_devices |
Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate or encrypt FIND_NODE_IN_RANGE frames, allowing a remote, unauthenticated attacker to inject a FIND_NODE_IN_RANGE frame with an invalid random payload, denying service by blocking the processing of upcoming events. | 2022-01-10 | not yet calculated | CVE-2020-10137 MISC CERT-VN MISC MISC CERT-VN |
| z-wave — multiple_devices |
Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages. | 2022-01-10 | not yet calculated | CVE-2020-9061 MISC CERT-VN MISC MISC CERT-VN |
| z-wave — multiple_devices |
Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level. | 2022-01-10 | not yet calculated | CVE-2020-9059 MISC CERT-VN MISC MISC CERT-VN |
| z-wave — multiple_devices |
Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages. | 2022-01-10 | not yet calculated | CVE-2020-9060 MISC CERT-VN MISC MISC CERT-VN |
| z-wave — multiple_devices |
Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable. | 2022-01-10 | not yet calculated | CVE-2020-9057 MISC CERT-VN MISC MISC CERT-VN |
| z-wave — multiple_devices |
Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection. | 2022-01-10 | not yet calculated | CVE-2020-9058 MISC CERT-VN MISC MISC CERT-VN |
| zabbix — zabbix |
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default). | 2022-01-13 | not yet calculated | CVE-2022-23131 MISC |
| zabbix — zabbix |
During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level | 2022-01-13 | not yet calculated | CVE-2022-23132 MISC |
| zabbix — zabbix |
An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation, the XSS payload will fire and the actor can steal session cookies and perform session hijacking to impersonate users or take over their accounts. | 2022-01-13 | not yet calculated | CVE-2022-23133 MISC |
| zabbix — zabbix |
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. | 2022-01-13 | not yet calculated | CVE-2022-23134 MISC |
| zoho — manageengine_0365_manager_plus |
Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component. | 2022-01-12 | not yet calculated | CVE-2021-44652 MISC |
| zoho — manageengine_applications_manager |
A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request. | 2022-01-10 | not yet calculated | CVE-2020-28679 MISC |
| zoho — manageengine_cloudsecurityplus |
Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175. | 2022-01-12 | not yet calculated | CVE-2021-44651 MISC |
| zoho — mangeengine_m365_manager_plus |
Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components. | 2022-01-12 | not yet calculated | CVE-2021-44650 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.
