US-CERT Bulletin (SB22-192):Vulnerability Summary for the Week of July 4, 2022

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
gitlab — gitlab A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where it was possible for an unauthorised user to execute arbitrary code on the server using the project import feature. 2022-07-01 7.5 CVE-2022-2185
CONFIRM
MISC
MISC
hospital_management_system_project — hospital_management_system Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php. 2022-07-01 7.5 CVE-2022-32093
MISC
hospital_management_system_project — hospital_management_system Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php. 2022-07-01 7.5 CVE-2022-32094
MISC
hospital_management_system_project — hospital_management_system Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php. 2022-07-01 7.5 CVE-2022-32095
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule. 2022-07-01 10 CVE-2022-32032
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand. 2022-07-01 7.8 CVE-2022-32030
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetRouteStatic. 2022-07-01 7.8 CVE-2022-32031
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the function formSetVirtualSer. 2022-07-01 7.8 CVE-2022-32033
MISC
tendacn — m3_firmware Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist. 2022-07-01 7.8 CVE-2022-32034
MISC
tendacn — m3_firmware Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng. 2022-07-01 7.8 CVE-2022-32035
MISC
tendacn — m3_firmware Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters in the function formSetStoreWeb. 2022-07-01 7.8 CVE-2022-32036
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
college_management_system_project — college_management_system College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file. 2022-07-01 6.8 CVE-2022-32420
MISC
gitlab — gitlab Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP address restrictions were configured. 2022-07-01 4 CVE-2022-1983
MISC
CONFIRM
ibm — infosphere_information_server An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system that may contain non-sensitive debugging information like stack traces. IBM X-Force ID: 221323. 2022-07-01 5.5 CVE-2022-22373
XF
CONFIRM
libmobi_project — libmobi NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11. 2022-07-01 4.3 CVE-2022-2279
CONFIRM
MISC
vim — vim Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. 2022-07-01 6.8 CVE-2022-2264
MISC
CONFIRM
vim — vim Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. 2022-07-02 6.8 CVE-2022-2284
CONFIRM
MISC
vim — vim Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. 2022-07-02 6.8 CVE-2022-2285
MISC
CONFIRM
vim — vim Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. 2022-07-02 6.8 CVE-2022-2286
CONFIRM
MISC
vim — vim Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. 2022-07-02 5.8 CVE-2022-2287
MISC
CONFIRM
Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
gitlab — gitlab Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions 2022-07-01 3.5 CVE-2022-2227
MISC
MISC
CONFIRM
ibm — urbancode_deploy IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106. 2022-07-01 2.1 CVE-2022-22366
CONFIRM
XF
ibm — urbancode_deploy IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008. 2022-07-01 2.1 CVE-2022-22367
CONFIRM
XF
microweber — microweber Cross-site Scripting (XSS) – Stored in GitHub repository microweber/microweber prior to 1.2.19. 2022-07-01 3.5 CVE-2022-2280
MISC
CONFIRM
Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adminlte — adminlte
 
AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like `<script>alert(“XSS”)</script>` in the field marked with “Domain to look for” and hitting <kbd>enter</kbd> (or clicking on any of the buttons) will execute the script. The user must be logged in to use this vulnerability. Usually only administrators have login access to pi-hole, minimizing the risks. Users are advised to upgrade. There are no known workarounds for this issue. 2022-07-07 not yet calculated CVE-2022-31029
CONFIRM
MISC
agilepoint — agilepoint_nx
 
Editable SQL Queries behind Base64 encoding sending from the Client-Side to The Server-Side for a particular API used in legacy Work Center module. The attack is available for any authenticated user, in any kind of rule. under the function : /AgilePointServer/Extension/FetchUsingEncodedData in the parameter: EncodedData 2022-07-06 not yet calculated CVE-2022-30619
MISC
akashi — akashi
 
Akashi is an open source server implementation of the Attorney Online video game based on the Ace Attorney universe. Affected versions of Akashi are subject to a denial of service attack. An attacker can use a specially crafted evidence packet to make an illegal modification, causing a server crash. This can be used to mount a denial-of-service exploit. Users are advised to upgrade. There is no known workaround for this issue. 2022-07-07 not yet calculated CVE-2022-31135
CONFIRM
MISC
apache — commons_configuration
 
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is “${prefix:name}”, where “prefix” is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: – “script” – execute expressions using the JVM script execution engine (javax.script) – “dns” – resolve dns records – “url” – load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default. 2022-07-06 not yet calculated CVE-2022-33980
CONFIRM
apache — druid In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header. 2022-07-07 not yet calculated CVE-2022-28889
MISC
apache — druid
 
In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks. 2022-07-07 not yet calculated CVE-2021-44791
MISC
apache — superset
 
Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics. 2022-07-06 not yet calculated CVE-2021-37839
MISC
asus — rt-a88u
 
ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device. 2022-07-05 not yet calculated CVE-2021-43702
MISC
MISC
atlassian — jira The Appfire Jira Misc Custom Fields (JMCF) app 2.4.6 for Atlassian Jira allows XSS via a crafted project name to the Add Auto Indexing Rule function. 2022-07-07 not yet calculated CVE-2022-32567
MISC
MISC
atoms183_cms — atoms183_cms
 
SQL Injection vulnerability in product_admin.php in atoms183 CMS 1.0, allows attackers to execute arbitrary commands via the Name, Fname, and ID parameters to search.php. 2022-07-07 not yet calculated CVE-2021-35283
MISC
beego — beego The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk. 2022-07-05 not yet calculated CVE-2022-31836
MISC
bookwyrm — bookwyrm
 
Bookwyrm is an open source social reading and reviewing program. Versions of Bookwyrm prior to 0.4.1 did not properly sanitize html being rendered to users. Unprivileged users are able to inject scripts into user profiles, book descriptions, and statuses. These vulnerabilities may be exploited as cross site scripting attacks on users viewing these fields. Users are advised to upgrade to version 0.4.1. There are no known workarounds for this issue. 2022-07-07 not yet calculated CVE-2022-31136
CONFIRM
MISC
burp_suite — burp_suite A URL disclosure issue was discovered in Burp Suite before 2022.6. If a user views a crafted response in the Repeater or Intruder, it may be incorrectly interpreted as a redirect. 2022-07-08 not yet calculated CVE-2022-35406
MISC
check_point — endpoint Check Point Endpoint before version E86.50 failed to protect against specific registry change which allowed to disable endpoint protection by a local administrator. 2022-07-07 not yet calculated CVE-2022-23744
MISC

cisco — expressway_series_and_telepresence_video_communication_server

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory. 2022-07-06 not yet calculated CVE-2022-20813
CISCO
cisco — expressway_series_and_telepresence_video_communication_server
 
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory. 2022-07-06 not yet calculated CVE-2022-20812
CISCO
cisco — smart_software_manager_onprem
 
A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect handling of multiple simultaneous device registrations on Cisco SSM On-Prem. An attacker could exploit this vulnerability by sending multiple device registration requests to Cisco SSM On-Prem. A successful exploit could allow the attacker to cause a DoS condition on an affected device. 2022-07-06 not yet calculated CVE-2022-20808
CISCO
cisco — telepresence_collaboration_endpoint_and_roomos
 
A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the RoomOS Cloud, an attacker would need valid Administrator-level credentials. 2022-07-06 not yet calculated CVE-2022-20768
CISCO
cisco — unified_communications_manager_and_unity_connection
 
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sensitive system password. 2022-07-06 not yet calculated CVE-2022-20752
CISCO
cisco —  unified_communications_manager
 
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the operating system. 2022-07-06 not yet calculated CVE-2022-20862
CISCO
cisco —  unified_communications_manager_and_unified_communications_manager_im_and_presence_service A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM and Presence Service (Unified CM IM and P) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the API to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability. 2022-07-06 not yet calculated CVE-2022-20791
CISCO
cisco —  unified_communications_manager_and_unified_communications_manager_im_and_presence_service
 
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. 2022-07-06 not yet calculated CVE-2022-20815
CISCO
cisco —  unified_communications_manager_and_unified_communications_manager_im_and_presence_service
 
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. 2022-07-06 not yet calculated CVE-2022-20800
CISCO
cisco —  unified_communications_manager_and_unified_communications_manager_im_and_presence_service
 
A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to. 2022-07-06 not yet calculated CVE-2022-20859
CISCO
codoforum — codoforum Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel. 2022-07-07 not yet calculated CVE-2022-31854
MISC
MISC
curl — curl When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. 2022-07-07 not yet calculated CVE-2022-32208
MISC
curl — curl When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. 2022-07-07 not yet calculated CVE-2022-32207
MISC
curl — curl curl < 7.84.0 supports “chained” HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable “links” in this “decompression chain” was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a “malloc bomb”, makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. 2022-07-07 not yet calculated CVE-2022-32206
MISC
curl — curl A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven’t expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a “sister server” to effectively cause a denial of service for a sibling site on the same second level domain using this method. 2022-07-07 not yet calculated CVE-2022-32205
MISC
cybozu — garoon Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin. 2022-07-04 not yet calculated CVE-2022-29471
MISC
MISC
cybozu — garoon Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS). 2022-07-04 not yet calculated CVE-2022-29892
MISC
MISC
cybozu — garoon Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product. 2022-07-04 not yet calculated CVE-2022-28713
MISC
MISC
cybozu — garoon Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script. 2022-07-04 not yet calculated CVE-2022-29513
MISC
MISC
cybozu — garoon Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space. 2022-07-04 not yet calculated CVE-2022-29484
MISC
MISC
cybozu — garoon Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address. 2022-07-04 not yet calculated CVE-2022-29467
MISC
MISC
cybozu — garoon Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin. 2022-07-04 not yet calculated CVE-2022-28718
MISC
MISC
cybozu — garoon Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link. 2022-07-04 not yet calculated CVE-2022-26054
MISC
MISC
cybozu — garoon Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler. 2022-07-04 not yet calculated CVE-2022-28692
MISC
MISC
cybozu — garoon Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow. 2022-07-04 not yet calculated CVE-2022-27661
MISC
MISC
cybozu — garoon Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories. 2022-07-04 not yet calculated CVE-2022-27807
MISC
MISC
cybozu — garoon Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal. 2022-07-04 not yet calculated CVE-2022-26051
MISC
MISC
cybozu — garoon Cross-site scripting vulnerability in Organization’s Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user’s web browser. 2022-07-04 not yet calculated CVE-2022-27627
MISC
MISC
cybozu — garoon Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space. 2022-07-04 not yet calculated CVE-2022-27803
MISC
MISC
cybozu — garoon Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet. 2022-07-04 not yet calculated CVE-2022-26368
MISC
MISC
dell — cloud_mobility_for_dell_emc_storage
 
Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a critical issue; so Dell recommends customers to upgrade at the earliest opportunity. 2022-07-07 not yet calculated CVE-2022-33936
CONFIRM
dell — powerprotect_cyber_recovery Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user can chain docker commands to escalate privileges to root leading to complete system takeover. 2022-07-07 not yet calculated CVE-2022-32481
CONFIRM
devolutions — devolutions_server HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site. 2022-07-06 not yet calculated CVE-2022-2316
MISC
devolutions — devolutions_server Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user. 2022-07-07 not yet calculated CVE-2022-33996
MISC
MISC
dice — dice An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file. 2022-07-05 not yet calculated CVE-2022-32413
MISC
digital_guardian_agent — digital_guardian_agent
 
Digital Guardian Agent 7.7.4.0042 allows an administrator (who ordinarily does not have a supported way to uninstall the product) to disable some of the agent functionality and then exfiltrate files to an external USB device. 2022-07-08 not yet calculated CVE-2022-35412
MISC
MISC
django — django
 
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. 2022-07-04 not yet calculated CVE-2022-34265
CONFIRM
MISC
MISC
eclipse — eclipse_jetty
 
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario. 2022-07-07 not yet calculated CVE-2022-2047
CONFIRM
eclipse — eclipse_jetty
 
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. 2022-07-07 not yet calculated CVE-2022-2048
CONFIRM
eclipse — eclipse_lyo
 
In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. This allows an attacker to cause an external DTD to be retrieved. 2022-07-07 not yet calculated CVE-2021-41042
CONFIRM
eclipse — eclipse_p2
 
In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the local machine via touchpoints during installation. Those touchpoints can, for example, alter the command-line used to start the application, injecting things like agent or other settings that usually require particular attention in term of security. Although p2 has built-in strategies to ensure artifacts are signed and then to help establish trust, there is no such strategy for the metadata part that does configure such touchpoints. As a result, it’s possible to install a unit that will run malicious code during installation without user receiving any warning about this installation step being risky when coming from untrusted source. 2022-07-08 not yet calculated CVE-2021-41037
CONFIRM
eclipse — jetty
 
In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths. 2022-07-07 not yet calculated CVE-2022-2191
CONFIRM
eidogo — eidogo
 
EidoGo is susceptible to Cross-Site Scripting (XSS) attacks via maliciously crafted SGF input. 2022-07-06 not yet calculated CVE-2015-3172
MISC
MISC
elastic — endpoint_security_for_windows A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. 2022-07-06 not yet calculated CVE-2022-23714
MISC
MISC
elastic — kibana A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser. 2022-07-06 not yet calculated CVE-2022-23713
MISC
MISC
eqs_group — eqs_integrity_line
 
EQS Integrity Line through 2022-07-01 allows a stored XSS via a crafted whistleblower entry. 2022-07-07 not yet calculated CVE-2022-34007
MISC
MISC
MISC
MISC
MISC
gallagher — command_centre
 
Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions. 2022-07-06 not yet calculated CVE-2022-26348
MISC
gallagher — controller_6000
 
Gallagher Controller 6000 is vulnerable to a Denial of Service attack via conflicting ARP packets with a duplicate IP address. This issue affects: Gallagher Gallagher Controller 6000 vCR8.60 versions prior to 220303a; vCR8.50 versions prior to 220303a; vCR8.40 versions prior to 220303a; vCR8.30 versions prior to 220303a. 2022-07-06 not yet calculated CVE-2022-26078
MISC
gfi_software — mail_archiver
 
File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317. 2022-07-07 not yet calculated CVE-2021-29281
MISC
MISC
MISC
MISC
MISC
giftpd — giftpd
 
An issue was discovered in glFTPd 2.11a that allows remote attackers to cause a denial of service via exceeding the connection limit. 2022-07-07 not yet calculated CVE-2021-31645
MISC
MISC
gitlab — gitlab_ee
 
An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains, that allow-list may be bypassed if a Maintainer uses the ‘Invite a group’ feature to invite a group that has members that don’t comply with domain allow-list. 2022-07-01 not yet calculated CVE-2022-1981
MISC
MISC
CONFIRM
gnu — grub2
 
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. 2022-07-06 not yet calculated CVE-2021-3697
MISC
gnu — grub2
 
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. 2022-07-06 not yet calculated CVE-2021-3695
MISC
gnu — grub2
 
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it’s very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. 2022-07-06 not yet calculated CVE-2021-3696
MISC
gnupg — gnupg
 
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim’s keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. 2022-07-01 not yet calculated CVE-2022-34903
MISC
MISC
MISC
MLIST
DEBIAN
FEDORA
google — android In Autoboot, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06713894; Issue ID: ALPS06713894. 2022-07-06 not yet calculated CVE-2022-21777
MISC
google — android In TEEI driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641388; Issue ID: ALPS06641388. 2022-07-06 not yet calculated CVE-2022-21773
MISC
google — android In TEEI driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641447; Issue ID: ALPS06641447. 2022-07-06 not yet calculated CVE-2022-21774
MISC
google — android In sched driver, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479032; Issue ID: ALPS06479032. 2022-07-06 not yet calculated CVE-2022-21775
MISC
google — android In MDP, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06545450; Issue ID: ALPS06545450. 2022-07-06 not yet calculated CVE-2022-21776
MISC
google — android In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704462. 2022-07-06 not yet calculated CVE-2022-21784
MISC
google — android In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704393. 2022-07-06 not yet calculated CVE-2022-21779
MISC
google — android In CCCI, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641673; Issue ID: ALPS06641687. 2022-07-06 not yet calculated CVE-2022-21769
MISC
google — android In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06807363; Issue ID: ALPS06807363. 2022-07-06 not yet calculated CVE-2022-21785
MISC
google — android In audio DSP, there is a possible memory corruption due to improper casting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558822; Issue ID: ALPS06558822. 2022-07-06 not yet calculated CVE-2022-21786
MISC
google — android In audio DSP, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558844; Issue ID: ALPS06558844. 2022-07-06 not yet calculated CVE-2022-21787
MISC
google — android In CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641673; Issue ID: ALPS06641673. 2022-07-06 not yet calculated CVE-2022-21765
MISC
google — android
 
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704508. 2022-07-06 not yet calculated CVE-2022-21782
MISC
google — android
 
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704526. 2022-07-06 not yet calculated CVE-2022-21780
MISC
google — android
 
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704433. 2022-07-06 not yet calculated CVE-2022-21781
MISC
google — android
 
In TEEI driver, there is a possible type confusion due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06493842; Issue ID: ALPS06493842. 2022-07-06 not yet calculated CVE-2022-21772
MISC
google — android
 
In GED driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641585; Issue ID: ALPS06641585. 2022-07-06 not yet calculated CVE-2022-21771
MISC
google — android
 
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784351; Issue ID: ALPS06784351. 2022-07-06 not yet calculated CVE-2022-21768
MISC
google — android
 
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704482. 2022-07-06 not yet calculated CVE-2022-21783
MISC
google — android
 
In CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641673; Issue ID: ALPS06641653. 2022-07-06 not yet calculated CVE-2022-21766
MISC
google — android
 
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784430; Issue ID: ALPS06784430. 2022-07-06 not yet calculated CVE-2022-21767
MISC
google — android
 
In telecom service, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07044717; Issue ID: ALPS07044708. 2022-07-06 not yet calculated CVE-2022-21763
MISC
google — android
 
In sound driver, there is a possible information disclosure due to symlink following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558663; Issue ID: ALPS06558663. 2022-07-06 not yet calculated CVE-2022-21770
MISC
google — android
 
In telecom service, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07044717; Issue ID: ALPS07044717. 2022-07-06 not yet calculated CVE-2022-21764
MISC
google — google_login_plugin
 
The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification. 2022-07-07 not yet calculated CVE-2015-5298
MISC
MISC
gpu — gpu
 
In GPU, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07044730; Issue ID: ALPS07044730. 2022-07-06 not yet calculated CVE-2022-20082
MISC
hcl_technologies — hcl_launch HCL Launch stores user credentials in plain clear text which can be read by a local user. 2022-07-06 not yet calculated CVE-2022-27548
MISC
hcl_technologies — hcl_launch HCL Launch may store certain data for recurring activities in a plain text format. 2022-07-06 not yet calculated CVE-2022-27549
MISC
heroic_labs — nakama
 
Old session tokens can be used to authenticate to the application and send authenticated requests. 2022-07-05 not yet calculated CVE-2022-2306
MISC
CONFIRM
heroiclabs — nakama Improper Restriction of Excessive Authentication Attempts in GitHub repository heroiclabs/nakama prior to 3.13.0. This results in login brute-force attacks. 2022-07-05 not yet calculated CVE-2022-2321
CONFIRM
MISC
hewlett_packard_enterprise — flexnetwork_and_flexfabric
 
A potential security vulnerability has been identified in certain HPE FlexNetwork and FlexFabric switch products. The vulnerability could be remotely exploited to allow cross site scripting (XSS). HPE has made the following software updates to resolve the vulnerability. HPE FlexNetwork 5130EL_7.10.R3507P02 and HPE FlexFabric 5945_7.10.R6635. 2022-07-08 not yet calculated CVE-2022-28624
MISC
hewlett_packard_enterprise — icewall_sso
 
Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL and HPE IceWall SSO version 10.0 certd library Patch 9 for HP-UX. 2022-07-08 not yet calculated CVE-2022-28623
MISC
hex-rays — hex-rays-ida-pro
 
A memory corruption in Hex Rays Ida Pro v6.6 allows attackers to cause a Denial of Service (DoS) via a crafted file. Related to Data from Faulting Address controls subsequent Write Address starting at msvcrt!memcpy+0x0000000000000056. 2022-07-07 not yet calculated CVE-2022-32441
MISC
hpjansson — chafa Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3. 2022-07-04 not yet calculated CVE-2022-2301
MISC
CONFIRM
humhub — humhub
 
HumHub is an Open Source Enterprise Social Network. Affected versions of HumHub are vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, the attacker would need a permission to administer the Spaces feature. The names of individual “spaces” are not properly escaped and so an attacker with sufficient privilege could insert malicious javascript into a space name and exploit system users who visit that space. It is recommended that the HumHub is upgraded to 1.11.4, 1.10.5. There are no known workarounds for this issue. 2022-07-07 not yet calculated CVE-2022-31133
MISC
MISC
MISC
CONFIRM
ibm — app_connect_enterprise_certified_container IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221. 2022-07-05 not yet calculated CVE-2022-31770
CONFIRM
XF
ibm — cics_tx_standard_and_advanced IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site. IBM X-Force ID: 229330. 2022-07-08 not yet calculated CVE-2022-34160
CONFIRM
CONFIRM
XF
ibm — cics_tx_standard_and_advanced IBM CICS TX Standard and Advanced 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229430. 2022-07-08 not yet calculated CVE-2022-34166
CONFIRM
XF
CONFIRM
ibm — cics_tx_standard_and_advanced IBM CICS TX Standard and Advanced 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229432. 2022-07-08 not yet calculated CVE-2022-34167
CONFIRM
XF
CONFIRM
ibm — cics_tx_standard_and_advanced IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229435. 2022-07-08 not yet calculated CVE-2022-34306
XF
CONFIRM
CONFIRM
ibm — security_access_manager_appliance
 
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions. IBM X-Force ID: 225082. 2022-07-08 not yet calculated CVE-2022-22465
CONFIRM
XF
ibm — security_access_manager_appliance
 
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081. 2022-07-08 not yet calculated CVE-2022-22464
CONFIRM
XF
ibm — security_access_manager_appliance
 
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 225079. 2022-07-08 not yet calculated CVE-2022-22463
CONFIRM
XF
ibm — security_verify_access
 
IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221194. 2022-07-08 not yet calculated CVE-2022-22370
CONFIRM
XF
ibm — websphere_application_server_liberty_and_open_liberty
 
IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604. 2022-07-08 not yet calculated CVE-2022-22476
CONFIRM
XF
immersive_labs — centos_web_panel The password reset token in CWP v0.9.8.1126 is generated using known or predictable values. 2022-07-07 not yet calculated CVE-2022-25047
MISC
immersive_labs — centos_web_panel Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root user. 2022-07-07 not yet calculated CVE-2022-25048
MISC
immersive_labs — centos_web_panel A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request. 2022-07-07 not yet calculated CVE-2022-25046
MISC
ingredient_stock_management_system — ingredient_stock_management_system An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over user accounts via a crafted POST request to /isms/classes/Users.php. 2022-07-05 not yet calculated CVE-2022-32310
MISC
ingredient_stock_management_system — ingredient_stock_management_system Ingredient Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /isms/admin/stocks/view_stock.php. 2022-07-05 not yet calculated CVE-2022-32311
MISC
iobit — advanced_system_care
 
In IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService’s named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to connect to the attacker which will lead to either escalation of privileges (through token manipulation and ImpersonateNamedPipeClient() ) from ADMIN -> SYSTEM or from Local ADMIN-> Domain ADMIN depending on the user and named pipe that is used. 2022-07-06 not yet calculated CVE-2022-24139
MISC
MISC
MISC
iobit — advanced_system_care_and_action_download_center
 
IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has “rwx” permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with a malicious executable thus gaining code execution as a high privilege user (Low Privilege -> high integrity ADMIN). 2022-07-06 not yet calculated CVE-2022-24138
MISC
MISC
MISC
iobit — itop_vpn The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient(). 2022-07-06 not yet calculated CVE-2022-24141
MISC
MISC
MISC
iobit — multiple_products
 
IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot sends HTTP requests in their update procedure in order to download a config file. After downloading the config file, the products will parse the HTTP location of the update from the file and will try to install the update automatically with ADMIN privileges. An attacker Intercepting this communication can supply the product a fake config file with malicious locations for the updates thus gaining a remote code execution on an endpoint. 2022-07-06 not yet calculated CVE-2022-24140
MISC
MISC
MISC
jfrog — jfrog_artifactory
 
JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.36.1 versions prior to 7.29.8; JFrog Artifactory versions before 6.23.41 versions prior to 6.23.38. 2022-07-06 not yet calculated CVE-2021-45721
MISC
MISC
jfrog — jfrog_artifactory
 
JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.31.10 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x. 2022-07-06 not yet calculated CVE-2021-46687
MISC
MISC
jfrog — jfrog_artifactory
 
JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.33.6 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x. 2022-07-06 not yet calculated CVE-2021-23163
MISC
MISC
kddi_corporation — home_spot_cube2 HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the product. 2022-07-04 not yet calculated CVE-2022-33948
MISC
MISC
keycloak — keycloak
 
A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could allow a client to gain unauthorized access to additional services. 2022-07-08 not yet calculated CVE-2022-1245
MISC
known — known Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack. 2022-07-08 not yet calculated CVE-2022-33011
MISC
MISC
MISC
MISC
known — known A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field. 2022-07-08 not yet calculated CVE-2022-31290
MISC
MISC
MISC
MISC
known — known
 
An issue in the isSVG() function of Known v1.2.2+2020061101 allows attackers to execute arbitrary code via a crafted SVG file. 2022-07-08 not yet calculated CVE-2022-32115
MISC
MISC
MISC
known — known
 
Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR). 2022-07-08 not yet calculated CVE-2022-30852
MISC
MISC
MISC
linux — hyperledger_fabric
 
Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error to the consensus client should the message be missing. Users are advised to upgrade to versions 2.2.7 or v2.4.5. There are no known workarounds for this issue. 2022-07-07 not yet calculated CVE-2022-31121
MISC
MISC
MISC
CONFIRM
linux — linux_kernel There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. 2022-07-06 not yet calculated CVE-2022-2318
MISC
linux — linux_kernel
 
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. 2022-07-04 not yet calculated CVE-2022-34918
MISC
MISC
MISC
MLIST
lxml — lxml
 
NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn’t be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered. 2022-07-05 not yet calculated CVE-2022-2309
CONFIRM
MISC
magnolia_cms — magnolia_cms
 
Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. 2022-07-07 not yet calculated CVE-2022-33098
MISC
mat2 — mat2
 
mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive. 2022-07-08 not yet calculated CVE-2022-35410
MISC
MISC
MISC
mediatek — modem_2g_and_3g_cc
 
In Modem 2G/3G CC, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when decoding combined FACILITY with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00803883; Issue ID: MOLY00803883. 2022-07-06 not yet calculated CVE-2022-20083
MISC
mediatek — modem_2g_rr
 
In Modem 2G RR, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when decoding GPRS Packet Neighbour Cell Data (PNCD) improper neighbouring cell size with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00810064; Issue ID: ALPS06641626. 2022-07-06 not yet calculated CVE-2022-21744
MISC
mediawiki — mediawiki An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won’t be escaped. 2022-07-02 not yet calculated CVE-2022-34912
MISC
mediawiki — mediawiki
 
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to “Welcome” followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text(). 2022-07-02 not yet calculated CVE-2022-34911
MISC
microsoft — edge Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638, CVE-2022-33639. 2022-07-07 not yet calculated CVE-2022-33680
N/A
microweber — microweber Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user. 2022-07-09 not yet calculated CVE-2022-2353
MISC
CONFIRM
microweber — microweber Cross-site Scripting (XSS) – Stored in GitHub repository microweber/microweber prior to 1.2.19. 2022-07-04 not yet calculated CVE-2022-2300
CONFIRM
MISC
mini-tmall — mini-tmall
 
Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper. 2022-07-06 not yet calculated CVE-2022-30929
MISC
MISC
moment — moment
 
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input. 2022-07-06 not yet calculated CVE-2022-31129
MISC
MISC
CONFIRM
MISC
nacos — nacos
 
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login. 2022-07-05 not yet calculated CVE-2021-43116
MISC
MISC
nesote_technologies — inout_homestay_script
 
Inout Homestay v2.2 was discovered to contain a SQL injection vulnerability via the guests parameter at /index.php?page=search/rentals. 2022-07-07 not yet calculated CVE-2022-32055
MISC
nextauth.js — nextauth.js
 
NextAuth.js is a complete open source authentication solution for Next.js applications. An attacker can pass a compromised input to the e-mail [signin endpoint](https://next-auth.js.org/getting-started/rest-api#post-apiauthsigninprovider) that contains some malicious HTML, tricking the e-mail server to send it to the user, so they can perform a phishing attack. Eg.: `[email protected], <a href=”http://attacker.com”>Before signing in, claim your money!</a>`. This was previously sent to `[email protected]`, and the content of the email containing a link to the attacker’s site was rendered in the HTML. This has been remedied in the following releases, by simply not rendering that e-mail in the HTML, since it should be obvious to the receiver what e-mail they used: next-auth v3 users before version 3.29.8 are impacted. (We recommend upgrading to v4, as v3 is considered unmaintained. next-auth v4 users before version 4.9.0 are impacted. If for some reason you cannot upgrade, the workaround requires you to sanitize the `email` parameter that is passed to `sendVerificationRequest` and rendered in the HTML. If you haven’t created a custom `sendVerificationRequest`, you only need to upgrade. Otherwise, make sure to either exclude `email` from the HTML body or efficiently sanitize it. 2022-07-06 not yet calculated CVE-2022-31127
MISC
CONFIRM
MISC
MISC
MISC
nextcloud — nextcloud_mail
 
Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended that the Nextcloud Mail app is upgraded to 1.12.2. There are no known workarounds for this issue. ### Workarounds No workaround available ### References * [Pull request](https://github.com/nextcloud/mail/pull/6600) * [HackerOne](https://hackerone.com/reports/1579820) ### For more information If you have any questions or comments about this advisory: * Create a post in [nextcloud/security-advisories](https://github.com/nextcloud/security-advisories/discussions) * Customers: Open a support ticket at [support.nextcloud.com](https://support.nextcloud.com) 2022-07-06 not yet calculated CVE-2022-31131
MISC
CONFIRM
MISC
nextcloud — nextcloud_server
 
Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection. The impact varies based on which commands are supported by the backend SMTP server. However, the main risk here is that the attacker can then hijack an already-authenticated SMTP session and run arbitrary SMTP commands as the email user, such as sending emails to other users, changing the FROM user, and so on. As before, this depends on the configuration of the server itself, but newlines should be sanitized to mitigate such arbitrary SMTP command injection. It is recommended that the Nextcloud Server is upgraded to 22.2.8 , 23.0.5 or 24.0.1. There are no known workarounds for this issue. 2022-07-05 not yet calculated CVE-2022-31014
CONFIRM
MISC
MISC
nocodb — nocodb With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it’s contents. This attack can lead to leak of sensitive information. 2022-07-07 not yet calculated CVE-2022-2339
CONFIRM
MISC
northern.tech — mender
 
The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead of only the localhost interface. Therefore, any client on the same network can connect to this TCP port and send HTTP requests. The Mender Client will forward these requests to the Mender Server. Additionally, if mTLS is set up, the Mender Client will connect to the Mender Server using the device’s client certificate, making it possible for the attacker to bypass mTLS authentication and send requests to the Mender Server without direct access to the client certificate and related private key. Accessing the HTTP proxy from the local network doesn’t represent a direct threat, because it doesn’t expose any device or server-specific data. However, it increases the attack surface and can be a potential vector to exploit other vulnerabilities both on the Client and the Server. 2022-07-06 not yet calculated CVE-2022-32290
MISC
MISC
nvidia — dgx_a100_firmware NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure. 2022-07-04 not yet calculated CVE-2022-31601
CONFIRM
nvidia — dgx_a100_firmware NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information disclosure. 2022-07-04 not yet calculated CVE-2022-31603
CONFIRM
nvidia — dgx_a100_firmware NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to code execution, denial of service, data integrity impact, and information disclosure. 2022-07-04 not yet calculated CVE-2022-31602
CONFIRM
nvidia — dgx_a100_firmware NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading to code execution, escalation of privileges, denial of service, compromised integrity, and information disclosure. The scope of impact can extend to other components. 2022-07-04 not yet calculated CVE-2022-31600
CONFIRM
nvidia — dgx_a100_firmware
 
NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. 2022-07-02 not yet calculated CVE-2022-28200
MISC
nvidia — dgx_a100_firmware
 
NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. 2022-07-04 not yet calculated CVE-2022-31599
CONFIRM
omron — machine_automation_controller
 
Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software ‘Sysmac Studio’ all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller. 2022-07-04 not yet calculated CVE-2022-34151
MISC
MISC
omron — machine_automation_controller
 
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow an adjacent attacker who can analyze the communication between the controller and the specific software used by OMRON internally to cause a denial-of-service (DoS) condition or execute a malicious program. 2022-07-04 not yet calculated CVE-2022-33971
MISC
MISC
omron — machine_automation_controller_nj_series_and_nx_series
 
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software ‘Sysmac Studio’ all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software ‘Sysmac Studio’ and/or a Programmable Terminal (PT) to access the controller. 2022-07-04 not yet calculated CVE-2022-33208
MISC
MISC
online_accreditation_management — online_accreditation_management
 
Online Accreditation Management v1.0 was discovered to contain a SQL injection vulnerability via the USERNAME parameter at process.php. 2022-07-07 not yet calculated CVE-2022-32056
MISC
opencart — newsletter_module Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php. 2022-07-05 not yet calculated CVE-2022-31856
MISC
opencti — opencti
 
A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will then be executed by a victim when they open the file location. 2022-07-05 not yet calculated CVE-2022-30289
MISC
MISC
opencti — opencti
 
In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through the interface, legitimately. 2022-07-05 not yet calculated CVE-2022-30290
MISC
MISC
openssh_key_parser — openssh_key_parser
 
openssh_key_parser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker able to modify the declared length of a key’s sensitive field can thus expose the raw value of that field. Users are advised to upgrade to version 0.0.6, which no longer includes the raw field value in the error message. There are no known workarounds for this issue. 2022-07-06 not yet calculated CVE-2022-31124
MISC
CONFIRM
MISC
MISC
MISC
openssl — openssl
 
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue. 2022-07-01 not yet calculated CVE-2022-2274
CONFIRM
CONFIRM
CONFIRM
openssl — openssl
 
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn’t written. In the special case of “in place” encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). 2022-07-05 not yet calculated CVE-2022-2097
CONFIRM
CONFIRM
CONFIRM
FEDORA
openvpn — openvpn_access_server The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password 2022-07-06 not yet calculated CVE-2022-33737
MISC
openvpn — openvpn_access_server OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal 2022-07-06 not yet calculated CVE-2022-33738
MISC
openvpn — openvpn_access_server
 
OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack. 2022-07-06 not yet calculated CVE-2021-4234
MISC
otfcc — otfcc OTFCC v0.10.4 was discovered to contain a heap buffer overflow after free via otfccbuild.c. 2022-07-06 not yet calculated CVE-2022-33047
MISC
MISC
outline — outline Cross-site Scripting (XSS) – Stored in GitHub repository outline/outline prior to v0.64.4. 2022-07-07 not yet calculated CVE-2022-2342
MISC
CONFIRM
parity_technologies — frontier
 
Frontier is Substrate’s Ethereum compatibility layer. In affected versions the truncation done when converting between EVM balance type and Substrate balance type was incorrectly implemented. This leads to possible discrepancy between appeared EVM transfer value and actual Substrate value transferred. It is recommended that an emergency upgrade to be planned and EVM execution temporarily paused in the mean time. The issue is patched in Frontier master branch commit fed5e0a9577c10bea021721e8c2c5c378e16bf66 and polkadot-v0.9.22 branch commit e3e427fa2e5d1200a784679f8015d4774cedc934. This vulnerability affects only EVM internal states, but not Substrate balance states or node. You can temporarily pause EVM execution (by setting up a Substrate `CallFilter` that disables `pallet-evm` and `pallet-ethereum` calls before the patch can be applied. 2022-07-06 not yet calculated CVE-2022-31111
MISC
CONFIRM
MISC
MISC
pescms — pescms
 
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that allows attackers to delete admin and other members’ account numbers. 2022-07-06 not yet calculated CVE-2021-31679
MISC
MISC
MISC
pescms — pescms
 
A reflected XSS was discovered in PESCMS-V2.3.3. When combined with CSRF in the same file, they can cause bigger destruction. 2022-07-06 not yet calculated CVE-2021-31676
MISC
MISC
MISC
pescms — pescms
 
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can delete import information about a user’s company. 2022-07-06 not yet calculated CVE-2021-31678
MISC
MISC
MISC
pescms — pescms
 
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can modify admin and other members’ passwords. 2022-07-06 not yet calculated CVE-2021-31677
MISC
MISC
MISC
priority — priority This vulnerability affect user that even not allowed to access via the web interface. First of all, the attacker needs to access the “Login menu – demo site” then he can see in this menu all the functionality of the application. If the attacker will try to click on one of the links, he will get an answer that he is not authorized because he needs to log in with credentials. after he performed log in to the system there are some functionalities that the specific user is not allowed to perform because he was configured with low privileges however all the attacker need to do in order to achieve his goals is to change the value of the prog step parameter from 0 to 1 or more and then the attacker could access to some of the functionality the web application that he couldn’t perform it before the parameter changed. 2022-07-06 not yet calculated CVE-2022-23173
MISC
priority — priority An attacker can access to “Forgot my password” button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user. This way you can verify which users are in the system and which are not. 2022-07-06 not yet calculated CVE-2022-23172
MISC
redhat — cloudforms
 
A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x. 2022-07-06 not yet calculated CVE-2014-8164
MISC
redhat — icedtea-web
 
It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet’s actual origin, this allowed malicious site to bypass SOP via spoofed codebase value. 2022-07-07 not yet calculated CVE-2015-5236
MISC
redhat — openshift_origin
 
In Openshift Origin 3 the cookies being set in console have no ‘secure’, ‘HttpOnly’ attributes. 2022-07-07 not yet calculated CVE-2015-3207
MISC
MISC
MISC
roxy-wi — roxy-wi Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Attackers need not be authenticated to exploit this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2022-07-08 not yet calculated CVE-2022-31137
CONFIRM
MISC
roxy-wi — roxy-wi
 
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a specially crafted HTTP request to /app/options.py file. This affects Roxy-wi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue. 2022-07-06 not yet calculated CVE-2022-31126
CONFIRM
roxy-wi — roxy-wi
 
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and access admin functionality by sending a specially crafted HTTP request. This affects Roxywi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue. 2022-07-06 not yet calculated CVE-2022-31125
CONFIRM
rpc.py — rpc.py
 
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the “serializer: pickle” HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle. 2022-07-08 not yet calculated CVE-2022-35411
MISC
MISC
MISC
snipe_it — snipe_it_asset_management An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file. 2022-07-07 not yet calculated CVE-2022-32060
MISC
snipe_it — snipe_it_asset_management An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file. 2022-07-07 not yet calculated CVE-2022-32061
MISC
so_filter_shop — so_filter_shop
 
So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id , manu_value_id , opt_value_id , and subcate_value_id parameters at /index.php?route=extension/module/so_filter_shop_by/filter_data. 2022-07-05 not yet calculated CVE-2022-34972
MISC
symantec — symantec_advanced_secure_gateway_and_proxysg
 
Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 2022-07-07 not yet calculated CVE-2021-46825
MISC
synology — photo_station Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors. 2022-07-06 not yet calculated CVE-2022-22681
CONFIRM
t:mon — h3c_magic_r100_router
 
The udpserver in H3C Magic R100 V200R004 and V100R005 has the 9034 port opened, allowing attackers to execute arbitrary commands. 2022-07-06 not yet calculated CVE-2022-34598
MISC
t:mon — h3c_magic_r100_v200r004_and_v100r005
 
SQL Injection vulnerability in admin interface (/vicidial/admin.php) of VICIdial via modify_email_accounts, access_recordings, and agentcall_email parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555. 2022-07-05 not yet calculated CVE-2022-34876
CONFIRM
MISC
taocms — taocms
 
Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category. 2022-07-05 not yet calculated CVE-2021-44915
MISC
tenda — ac10 Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution (RCE) vulnerability via the lanIp parameter. 2022-07-07 not yet calculated CVE-2022-32054
MISC
tenda — ac1803 Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting. 2022-07-06 not yet calculated CVE-2022-34596
MISC
tenda — ac1803 Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status. 2022-07-06 not yet calculated CVE-2022-34595
MISC
tenda — ac1806 Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting. 2022-07-06 not yet calculated CVE-2022-34597
MISC
tenda — ac23 Tenda AC23 v16.03.07.44 is vulnerable to Stack Overflow that will allow for the execution of arbitrary code (remote). 2022-07-06 not yet calculated CVE-2022-32385
MISC
MISC
MISC
MISC
tenda — ac23 Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the AdvSetMacMtuWan function. 2022-07-06 not yet calculated CVE-2022-32383
MISC
MISC
tenda — ac23 Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow via fromAdvSetMacMtuWan. 2022-07-06 not yet calculated CVE-2022-32386
MISC
MISC
MISC
MISC
totolink — ex300_firmware TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet. 2022-07-07 not yet calculated CVE-2022-32449
MISC
totolink — multiple_products Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability. 2022-07-06 not yet calculated CVE-2022-28935
MISC
MISC
tp-link — tp-link_tl-wr741n_router_and_tl-wr742n_router
 
An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-WR742N V1/V2/V3_130415 allows attackers to cause a Denial of Service (DoS) via a crafted packet. 2022-07-07 not yet calculated CVE-2022-32058
MISC
ultrajson — ultrajson UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. This issue has been resolved in version 5.4.0 and all users should upgrade to UltraJSON 5.4.0. There are no known workarounds for this issue. 2022-07-05 not yet calculated CVE-2022-31117
CONFIRM
MISC
ultrajson — ultrajson
 
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key confusion and value overwriting in dictionaries. All users parsing JSON from untrusted sources are vulnerable. From version 5.4.0, UltraJSON decodes lone surrogates in the same way as the standard library’s `json` module does, preserving them in the parsed output. Users are advised to upgrade. There are no known workarounds for this issue. 2022-07-05 not yet calculated CVE-2022-31116
MISC
CONFIRM
vicidial — vicidial Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_archived_data parameters. This issue affects: VICIdial 2.14b0.5 versions prior to 3555. 2022-07-05 not yet calculated CVE-2022-34879
CONFIRM
vicidial — vicidial
 
SQL Injection vulnerability in User Stats interface (/vicidial/user_stats.php) of VICIdial via the file_download parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. 2022-07-05 not yet calculated CVE-2022-34878
CONFIRM
MISC
vicidial — vicidial
 
SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555. 2022-07-05 not yet calculated CVE-2022-34877
CONFIRM
MISC
vim — vim Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. 2022-07-08 not yet calculated CVE-2022-2344
MISC
CONFIRM
vim — vim Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. 2022-07-08 not yet calculated CVE-2022-2343
CONFIRM
MISC
vim — vim Use After Free in GitHub repository vim/vim prior to 9.0. 2022-07-03 not yet calculated CVE-2022-2289
MISC
CONFIRM
vim — vim Use After Free in GitHub repository vim/vim prior to 9.0.0046. 2022-07-08 not yet calculated CVE-2022-2345
CONFIRM
MISC
vim — vim Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. 2022-07-03 not yet calculated CVE-2022-2288
CONFIRM
MISC
vim — vim Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. 2022-07-05 not yet calculated CVE-2022-2304
MISC
CONFIRM
wavlink — wavlink_wl-wn575a3_extender
 
Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw. This vulnerability allows attackers to execute arbitrary commands via a crafted POST request. 2022-07-07 not yet calculated CVE-2022-34592
MISC
webswing — webswing
 
Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The {clientIp} variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to store an arbitrary value that is used to replace the clientIp variable (without sanitization). A client can thus inject multiple arguments into the session startup. Systems that do not use the clientIP variable in the configuration are not vulnerable. The vulnerability is fixed in these versions: 20.1.16, 20.2.19, 21.1.8, 21.2.12, and 22.1.3. 2022-07-08 not yet calculated CVE-2022-34914
MISC
MISC
wordpress — wordpress The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE 2022-07-04 not yet calculated CVE-2022-2268
MISC
wordpress — wordpress
 
The Gallery WordPress plugin before 2.0.0 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue 2022-07-04 not yet calculated CVE-2022-1946
MISC
wordpress — wordpress
 
The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-07-04 not yet calculated CVE-2021-25066
MISC
wordpress — wordpress
 
The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed 2022-07-04 not yet calculated CVE-2022-1301
MISC
wordpress — wordpress
 
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests. 2022-07-07 not yet calculated CVE-2015-1784
MISC
MISC
wordpress — wordpress
 
The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-07-04 not yet calculated CVE-2021-25056
MISC
wordpress — wordpress
 
The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting 2022-07-04 not yet calculated CVE-2022-0250
MISC
wordpress — wordpress
 
custom-content-type-manager WordPress plugin can be used by an administrator to achieve arbitrary PHP remote code execution. 2022-07-06 not yet calculated CVE-2015-3173
MISC
MISC
MISC
wordpress — wordpress
 
The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin’s settings. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues 2022-07-04 not yet calculated CVE-2022-1967
MISC
wordpress — wordpress
 
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests. 2022-07-07 not yet calculated CVE-2015-1785
MISC
MISC
xen — xen Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests’ memory pages. 2022-07-05 not yet calculated CVE-2022-33744
MISC
CONFIRM
MLIST
xen — xen
 
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don’t zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn’t allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). 2022-07-05 not yet calculated CVE-2022-33742
MISC
CONFIRM
MLIST
xen — xen
 
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don’t zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn’t allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). 2022-07-05 not yet calculated CVE-2022-33741
MISC
CONFIRM
MLIST
xen — xen
 
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don’t zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn’t allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). 2022-07-05 not yet calculated CVE-2022-33740
MISC
CONFIRM
MLIST
xen — xen
 
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don’t zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn’t allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). 2022-07-05 not yet calculated CVE-2022-26365
MISC
CONFIRM
MLIST
xen — xen
 
network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. 2022-07-05 not yet calculated CVE-2022-33743
MISC
CONFIRM
MLIST
yokogawa — wide_area_communication_router_aw810d
 
Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of YOKOGAWA Wide Area Communication Router (WAC Router) AW810D, which may allow a remote attacker to cause denial-of-service (DoS) condition by sending a specially crafted packet. 2022-07-04 not yet calculated CVE-2022-32284
MISC
MISC
MISC
MISC
zabbix — zabbix An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. 2022-07-06 not yet calculated CVE-2022-35229
CONFIRM
zabbix — zabbix An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. 2022-07-06 not yet calculated CVE-2022-35230
CONFIRM
zadam — trilium Cross-site Scripting (XSS) – Reflected in GitHub repository zadam/trilium prior to 0.52.4, 0.53.1-beta. 2022-07-03 not yet calculated CVE-2022-2290
MISC
CONFIRM
zoho_manageengine — adselfservice_plus Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API. 2022-07-04 not yet calculated CVE-2022-34829
MISC
zoho_manageengine — servicedesk_plus Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml). 2022-07-02 not yet calculated CVE-2022-32551
MISC
zoo_management_system — zoo_management_system
 
A stored cross-site scripting (XSS) vulnerability in the Add Classification function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via unspecified vectors. 2022-07-05 not yet calculated CVE-2022-33075
MISC
MISC
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

CISA recently updated an anonymous product survey;they’d welcome your feedback.


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon using the button below

Digital Patreon Wordmark FieryCoralv2

To keep up to date follow us on the below channels.

join
Click Above for Telegram
discord
Click Above for Discord
reddit
Click Above for Reddit