US-CERT Bulletin (SB22-164):Vulnerability Summary for the Week of June 6, 2022

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
demokratian — demokratian A vulnerability was found in Demokratian. It has been rated as critical. Affected by this issue is some unknown functionality of the file basicos_php/genera_select.php. The manipulation of the argument id_provincia with the input -1%20union%20all%20select%201,2,3,4,database() leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. 2022-06-07 7.5 CVE-2020-36541
MISC
MISC
MISC
demokratian — demokratian A vulnerability classified as critical has been found in Demokratian. This affects an unknown part of the file install/install3.php. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. 2022-06-07 7.5 CVE-2020-36542
MISC
MISC
MISC
google — android Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. 2022-06-07 9.4 CVE-2022-30710
MISC
google — android Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. 2022-06-07 9.4 CVE-2022-30711
MISC
google — android Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. 2022-06-07 9.4 CVE-2022-30713
MISC
google — android Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account. 2022-06-07 7.5 CVE-2022-30722
MISC
logicoycreativo — logico_y_creativo A vulnerability was found in Lógico y Creativo 1.0 and classified as critical. This issue affects some unknown processing. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. 2022-06-07 7.5 CVE-2020-36539
MISC
neetai — neetai_tech A vulnerability, which was classified as critical, was found in Neetai Tech. Affected is an unknown function of the file /product.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2022-06-07 7.5 CVE-2020-36540
MISC
realnetworks — realplayer In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). This leads to arbitrary code execution. 2022-06-03 7.5 CVE-2022-32269
MISC
MISC
realnetworks — realplayer In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder (DLL planting could also occur). 2022-06-03 7.5 CVE-2022-32270
MISC
MISC
starwindsoftware — starwind_san_\&_nas StarWind SAN and NAS v0.2 build 1914 allow remote code execution. 2022-06-03 9 CVE-2022-32268
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adbyby_project — adbyby adbyby v2.7 allows external users to make connections via port 8118. This can cause a program logic error and lead to a Denial of Service (DoS) via high CPU usage due to a large number of connections. 2022-06-03 4 CVE-2022-29767
MISC
facturascripts — facturascripts Cross-site Scripting (XSS) – Generic in GitHub repository neorazorx/facturascripts prior to 2022.09. 2022-06-03 4.3 CVE-2022-1988
MISC
CONFIRM
google — android Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. 2022-06-07 6.4 CVE-2022-30712
MISC
google — android Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. 2022-06-07 5 CVE-2022-30709
MISC
google — android Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window. 2022-06-07 5 CVE-2022-30715
MISC
google — android Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device. 2022-06-07 5 CVE-2022-30716
MISC
google — android Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink. 2022-06-07 5 CVE-2022-30717
MISC
google — android Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. 2022-06-07 5 CVE-2022-30719
MISC
google — android Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. 2022-06-07 5 CVE-2022-30720
MISC
google — android Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. 2022-06-07 5 CVE-2022-30721
MISC
google — android Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence. 2022-06-07 4.6 CVE-2022-30726
MISC
libmobi_project — libmobi Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. 2022-06-03 5.8 CVE-2022-1987
CONFIRM
MISC
samsung — account Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission. 2022-06-07 5 CVE-2022-30743
MISC
samsung — account Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. 2022-06-07 5 CVE-2022-30733
MISC
samsung — account Implicit Intent hijacking vulnerability in Samsung Account prior to version 13.2.00.6 allows attackers to get email ID. 2022-06-07 5 CVE-2022-30737
MISC
samsung — account Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission. 2022-06-07 5 CVE-2022-30736
MISC
samsung — account Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the access_token without permission. 2022-06-07 5 CVE-2022-30735
MISC
samsung — account Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. 2022-06-07 5 CVE-2022-30734
MISC
samsung — account Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via onActivityResult. 2022-06-07 5 CVE-2022-30732
MISC
samsung — account Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get an user email or phone number with a normal level permission. 2022-06-07 4 CVE-2022-30739
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
akeles — countdown_timer A vulnerability classified as problematic was found in Countdown Timer. This vulnerability affects unknown code of the component Macro Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2022-06-07 3.5 CVE-2020-36526
MISC
MISC
aptis-solutions — server_status A vulnerability, which was classified as problematic, has been found in Server Status. This issue affects some unknown processing of the component HTTP Status/SMTP Status. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2022-06-07 3.5 CVE-2020-36527
MISC
MISC
avono — plantuml A vulnerability was found in PlantUML 6.43. It has been declared as problematic. Affected by this vulnerability is the component Database Information Macro. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2022-06-07 3.5 CVE-2020-36523
MISC
MISC
google — android Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. 2022-06-07 3.3 CVE-2022-30723
MISC
google — android Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. 2022-06-07 3.3 CVE-2022-30724
MISC
google — android Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. 2022-06-07 3.3 CVE-2022-30725
MISC
google — android Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information. 2022-06-07 2.1 CVE-2022-28794
MISC
google — android Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. 2022-06-07 2.1 CVE-2022-30714
MISC
google — android Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space. 2022-06-07 2.1 CVE-2022-30727
MISC
google — android Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. 2022-06-07 2.1 CVE-2022-30728
MISC
google — android Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner. 2022-06-07 2.1 CVE-2022-30729
MISC
refined — refined_toolkit A vulnerability was found in Refined Toolkit. It has been rated as problematic. Affected by this issue is some unknown functionality of the component UI-Image/UI-Button. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2022-06-07 3.5 CVE-2020-36524
MISC
MISC
servicerocket — linking A vulnerability classified as problematic has been found in Linking. This affects an unknown part of the component New Windows Macro. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2022-06-07 3.5 CVE-2020-36525
MISC
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
0day.today — opennetadmin
 
A vulnerability was found in OpenNetAdmin 18.1.1. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2022-06-09 not yet calculated CVE-2019-25065
MISC
MISC
ajenti — ajenti
 
A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.32 is able to address this issue. The name of the patch is 7aa146b724e0e20cfee2c71ca78fafbf53a8767c. It is recommended to upgrade the affected component. 2022-06-09 not yet calculated CVE-2019-25066
MISC
MISC
MISC
aleksis — aleksis-core
 
An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set. 2022-06-03 not yet calculated CVE-2022-29773
MISC
MISC
alibaba — fastjson
 
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode). 2022-06-10 not yet calculated CVE-2022-25845
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apache — dubbo
 
bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability. 2022-06-09 not yet calculated CVE-2022-24969
MISC
apache — http_server
 
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. 2022-06-09 not yet calculated CVE-2022-30556
MLIST
MISC
apache — http_server
 
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. 2022-06-09 not yet calculated CVE-2022-29404
MLIST
MISC
apache — http_server
 
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. 2022-06-09 not yet calculated CVE-2022-30522
MISC
MLIST
apache — http_server
 
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. 2022-06-09 not yet calculated CVE-2022-31813
MISC
MLIST
apache — http_server
 
Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module. 2022-06-09 not yet calculated CVE-2022-28330
MLIST
MISC
apache — http_server
 
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. 2022-06-09 not yet calculated CVE-2022-28614
MLIST
MISC
apache — http_server
 
Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’) vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions. 2022-06-09 not yet calculated CVE-2022-26377
MLIST
MISC
apache — http_server
 
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. 2022-06-09 not yet calculated CVE-2022-28615
MISC
MLIST
atlassian — multiple_server
 
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1. 2022-06-03 not yet calculated CVE-2022-26134
MISC
MISC
MISC
MISC
MISC
avantune — genialcloud_proj
 
A reflected cross-site scripting (XSS) vulnerability in the login portal of Avantune Genialcloud ProJ – 10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. 2022-06-06 not yet calculated CVE-2022-29296
MISC
MISC
axigen — mobile_webmail
 
An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content. 2022-06-07 not yet calculated CVE-2022-31470
MISC
MISC
axiomatic_systems — bento4
 
An issue was discovered in Bento4 1.2. The allocator is out of memory in /Source/C++/Core/Ap4Array.h. 2022-06-10 not yet calculated CVE-2022-31285
MISC
axiomatic_systems — bento4
 
An issue was discovered in Bento4 v1.2. There is an allocation size request error in /Ap4RtpAtom.cpp. 2022-06-10 not yet calculated CVE-2022-31287
MISC
axiomatic_systems — bento4_mp4dump
 
Bento4 MP4Dump v1.2 was discovered to contain a segmentation violation via an unknown address at /Source/C++/Core/Ap4DataBuffer.cpp:175. 2022-06-10 not yet calculated CVE-2022-31282
MISC
axios_italia — axios_re
 
A vulnerability classified as critical was found in Axios Italia Axios RE 1.7.0/7.0.0. This vulnerability affects unknown code of the file REDefault.aspx of the component Connection Handler. The manipulation of the argument DBIDX leads to privilege escalation. The attack can be initiated remotely. 2022-06-09 not yet calculated CVE-2019-25068
MISC
axios_italia — axios_re
 
A vulnerability, which was classified as problematic, has been found in Axios Italia Axios RE 1.7.0/7.0.0. This issue affects some unknown processing of the component Error Message Handler. The manipulation leads to information disclosure (ASP.NET). The attack may be initiated remotely. 2022-06-09 not yet calculated CVE-2019-25069
MISC
MISC
bbge — netwave_ip
 
There is a memory dump vulnerability on Netwave IP camera devices at //proc/kcore that allows an unauthenticated attacker to exfiltrate sensitive information from the network configuration (e.g., username and password). 2022-06-10 not yet calculated CVE-2018-17240
MISC
MISC
MISC
brandbugle — brandbugle
 
A vulnerability was found in Brandbugle. It has been rated as critical. Affected by this issue is some unknown functionality of the file /main.php. The manipulation leads to sql injection. The attack may be launched remotely. 2022-06-07 not yet calculated CVE-2020-36536
MISC
caphyon_ltd — advanced_installer
 
Caphyon Ltd Advanced Installer 19.2 was discovered to contain a remote code execution (RCE) vulnerability via the Update Check function. 2022-06-06 not yet calculated CVE-2022-27438
MISC
MISC
MISC
carrier — multiple_products
 
An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The attacker needs to have a properly signed and encrypted binary, loading the firmware to the device ultimately triggers a reboot. 2022-06-06 not yet calculated CVE-2022-31480
MISC
carrier — multiple_products
 
An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. The injected commands only get executed during start up or when unsafe calls regarding the hostname are used. This allows the attacker to gain remote access to the device and can make their persistence permanent by modifying the filesystem. 2022-06-06 not yet calculated CVE-2022-31479
MISC
carrier — multiple_products
 
An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.271. This allows a malicious actor to overwrite sensitive system files and install a startup service to gain remote access to the underlaying Linux operating system with root privileges. 2022-06-06 not yet calculated CVE-2022-31483
MISC
carrier — multiple_products
 
An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The overflowed data can allow the attacker to manipulate the “normal” code execution to that of their choosing. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. 2022-06-06 not yet calculated CVE-2022-31481
MISC
carrier — multiple_products
 
An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of this vulnerability is that an unauthenticated attacker could restrict access to the web interface to legitimate users and potentially requiring them to use the default user dip switch procedure to gain access back. 2022-06-06 not yet calculated CVE-2022-31484
MISC
carrier — multiple_products
 
An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303 for the LP series and 1.297 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. 2022-06-06 not yet calculated CVE-2022-31486
MISC
carrier — multiple_products
 
An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. 2022-06-06 not yet calculated CVE-2022-31485
MISC
carrier — multiple_products
 
An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless. 2022-06-06 not yet calculated CVE-2022-31482
MISC
chshcms — cscms
 
A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator’s username and password. 2022-06-09 not yet calculated CVE-2022-30898
MISC
churchcrm — churchcrm
 
There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the ‘PersonID’ field in /churchcrm/WhyCameEditor.php. 2022-06-08 not yet calculated CVE-2022-31325
MISC
cla-assistant — cla-assistant
 
Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application. 2022-06-06 not yet calculated CVE-2022-29617
MISC
cms_made_simple — cms_made_siple
 
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the ‘. 2022-06-09 not yet calculated CVE-2021-40961
MISC
MISC
MISC
containerd — containerd
 
containerd is an open source container runtime. A bug was found in the containerd’s CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd’s CRI implementation; `ExecSync` may be used when running probes or when executing processes via an “exec” facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used. 2022-06-09 not yet calculated CVE-2022-31030
CONFIRM
MLIST
MISC
convert-svg-core — convert-svg-core
 
The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file. 2022-06-10 not yet calculated CVE-2022-24429
CONFIRM
CONFIRM
CONFIRM
convert-svg-core — convert-svg-core
 
The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file. 2022-06-10 not yet calculated CVE-2022-24278
CONFIRM
CONFIRM
CONFIRM
CONFIRM
cookiecutter — cookiecutter
 
The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection. 2022-06-08 not yet calculated CVE-2022-24065
MISC
MISC
MISC
corehr — core_portal
 
A vulnerability was found in CoreHR Core Portal up to 27.0.7. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. Upgrading to version 27.0.8 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-09 not yet calculated CVE-2019-25064
MISC
couchbase — sync_gateway
 
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, the admin credentials provided to the Admin REST API are ignored, resulting in privilege escalation for unauthenticated users. The Public REST API is not impacted by this issue. A workaround is to replace X.509 certificate based authentication with Username and Password authentication inside the bootstrap configuration. 2022-06-10 not yet calculated CVE-2022-32563
MISC
MISC
cyberthoth — fast_food_order_system A vulnerability classified as problematic has been found in Fast Food Ordering System 1.0. Affected is the file Master.php of the Master List. The manipulation of the argument Description with the input foo “><img src=”” onerror=”alert(document.cookie)”> leads to cross site scripting. It is possible to launch the attack remotely but it requires authentication. Exploit details have been disclosed to the public. 2022-06-07 not yet calculated CVE-2022-1991
MISC
MISC
d-link — dir-890L
 
** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter ‘descriptor’ at SetVirtualServerSettings.php. 2022-06-03 not yet calculated CVE-2022-29778
MISC
MISC
dell — supportassist_client_consumer
 
Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system. 2022-06-10 not yet calculated CVE-2022-29092
CONFIRM
dell — supportassist_client_consumer
 
Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system. 2022-06-10 not yet calculated CVE-2022-29095
CONFIRM
dell — supportassist_client_consumer
 
Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files on the system. 2022-06-10 not yet calculated CVE-2022-29094
CONFIRM
dell — supportassist_client_consumer
 
Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system. 2022-06-10 not yet calculated CVE-2022-29093
CONFIRM
discourse — discourse
 
Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the `stable` branch and 2.9.0beta5 on the `beta` and `tests-passed` branches, inviting users on sites that use single sign-on could bypass the `must_approve_users` check and invites by staff are always approved automatically. The issue is patched in Discourse version 2.8.4 on the `stable` branch and version `2.9.0.beta5` on the `beta` and `tests-passed` branches. As a workaround, disable invites or increase `min_trust_level_to_allow_invite` to reduce the attack surface to more trusted users. 2022-06-07 not yet calculated CVE-2022-31025
CONFIRM
MISC
MISC
MISC
MISC
django-s3file — django-s3file
 
django-s3file is a lightweight file upload input for Django and Amazon S3 . In versions prior to 5.5.1 it was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. If the `AWS_LOCATION` setting was set, traversal was limited to that location only. The issue was discovered by the maintainer. There were no reports of the vulnerability being known to or exploited by a third party, prior to the release of the patch. The vulnerability has been fixed in version 5.5.1 and above. There is no feasible workaround. We must urge all users to immediately updated to a patched version. 2022-06-09 not yet calculated CVE-2022-24840
MISC
CONFIRM
dolibarr — dolibarr
 
Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page. 2022-06-08 not yet calculated CVE-2022-30875
MISC
MISC
drupal — saml_sp_2.0_single_sign_on_-_saml_service_provide
 
Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Single Sign On (SSO) – SAML Service Provider in certain non-default configurations allow a malicious user to login as any chosen user. The vulnerability is mitigated by the module’s default settings which require the options “Either sign SAML assertions” and “x509 certificate”. This issue affects: Drupal SAML SP 2.0 Single Sign On (SSO) – SAML Service Provider 8.x version 8.x-2.24 and prior versions; 7.x version 7.x-2.57 and prior versions. 2022-06-03 not yet calculated CVE-2022-26493
CONFIRM
dynamicmarkt — dynamicmarkt
 
dynamicMarkt <= 3.10 is affected by SQL injection in the parent parameter of index.php. 2022-06-10 not yet calculated CVE-2021-41754
MISC
MISC
dynamicmarkt — dynamicmarkt
 
dynamicMarkt <= 3.10 is affected by SQL injection in the kat parameter of index.php. 2022-06-10 not yet calculated CVE-2021-41756
MISC
MISC
dynamicmarkt — dynamicmarkt
 
dynamicMarkt <= 3.10 is affected by SQL injection in the kat1 parameter of index.php. 2022-06-10 not yet calculated CVE-2021-41755
MISC
MISC
easyii_cms — easyii_cms
 
A vulnerability was found in easyii CMS. It has been classified as problematic. Affected is an unknown function of the file /admin/sign/out. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2022-06-07 not yet calculated CVE-2020-36534
MISC
MISC
eatan_cms — eatan_cms
 
A vulnerability was found in Eatan CMS. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The attack can be launched remotely. 2022-06-07 not yet calculated CVE-2020-36538
MISC
elastic — elasticsearch
 
A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request. 2022-06-06 not yet calculated CVE-2022-23712
MISC
MISC
emicklei — go-restful
 
Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0. 2022-06-08 not yet calculated CVE-2022-1996
CONFIRM
MISC
emlog_pro — emlog_pro
 
Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background management. 2022-06-09 not yet calculated CVE-2021-40610
MISC
envoy_proxy — envoy
 
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an intermediate buffer before overwriting the body in the decode/encodeBody. This may allow an attacker to zip bomb the decompressor by sending a small highly compressed payload. Maliciously constructed zip files may exhaust system memory and cause a denial of service. Users are advised to upgrade. Users unable to upgrade may consider disabling decompression. 2022-06-09 not yet calculated CVE-2022-29225
CONFIRM
MISC
envoy_proxy — envoy
 
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions. continueDecoding() shouldn’t ever be called from filters after a local reply has been sent. Users are advised to upgrade. There are no known workarounds for this issue. 2022-06-09 not yet calculated CVE-2022-29228
CONFIRM
MISC
envoy_proxy — envoy
 
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mechanism for validating access tokens, so by design when the HMAC signed cookie is missing a full authentication flow should be triggered. However, the current implementation assumes that access tokens are always validated thus allowing access in the presence of any access token attached to the request. Users are advised to upgrade. There is no known workaround for this issue. 2022-06-09 not yet calculated CVE-2022-29226
MISC
CONFIRM
envoy_proxy — envoy
 
Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the request Envoy sends a local reply when the redirect headers are processed, the downstream state indicates that the downstream stream is not complete. On sending the local reply, Envoy will attempt to reset the upstream stream, but as it is actually complete, and deleted, this result in a use-after-free. Users are advised to upgrade. Users unable to upgrade are advised to disable internal redirects if crashes are observed. 2022-06-09 not yet calculated CVE-2022-29227
CONFIRM
MISC
envoy_proxy — envoy
 
Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold� (prevent removal) upstream hosts obtained via service discovery until configured active health checking fails. If an attacker controls an upstream host and also controls service discovery of that host (via DNS, the EDS API, etc.), an attacker can crash Envoy by forcing removal of the host from service discovery, and then failing the gRPC health check request. This will crash Envoy via a null pointer dereference. Users are advised to upgrade to resolve this vulnerability. Users unable to upgrade may disable gRPC health checking and/or replace it with a different health checking type as a mitigation. 2022-06-09 not yet calculated CVE-2022-29224
CONFIRM
MISC
everywhere_cms — everywhere_cms
 
A vulnerability was found in Everywhere CMS. It has been classified as critical. Affected is an unknown function. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. 2022-06-07 not yet calculated CVE-2020-36537
MISC
fex-team — kity_minder
 
Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the init function at ImageCapture.class.php. 2022-06-09 not yet calculated CVE-2022-31830
MISC
filerun — afian_filerun
 
In Afian Filerun 20220202, lack of sanitization of the POST parameter “metadata[]” in `/?module=fileman&section=get&page=grid` leads to SQL injection. 2022-06-06 not yet calculated CVE-2022-30469
MISC
MISC
filezilla — filezilla
 
** DISPUTED ** FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via a memory dump.- NOTE: the vendor does not consider this a vulnerability. 2022-06-07 not yet calculated CVE-2022-29620
MISC
MISC
MISC
firejail — firejail
 
A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker’s control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo. 2022-06-09 not yet calculated CVE-2022-31214
MISC
MISC
flatcore — flatcore-cms
 
FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tags and content sections. 2022-06-06 not yet calculated CVE-2021-42245
MISC
francoisjacquet — rosariosis
 
Cross-site Scripting (XSS) – Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0. 2022-06-08 not yet calculated CVE-2022-1997
CONFIRM
MISC
francoisjacquet — rosariosis
 
Cross-site Scripting (XSS) – Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. 2022-06-09 not yet calculated CVE-2022-2036
MISC
CONFIRM
fudforum — fudforum
 
FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel. 2022-06-06 not yet calculated CVE-2022-30860
MISC
fudforum — fudforum
 
FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel. 2022-06-06 not yet calculated CVE-2022-30863
MISC
fudforum — fudforum
 
FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature. 2022-06-06 not yet calculated CVE-2022-30861
MISC
gatsby — gatsby
 
The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible when passing input in both webpack (MDX files in src/pages or MDX file imported as a component in frontend / React code) and data mode (querying MDX nodes via GraphQL). Workaround: If an older version of gatsby-plugin-mdx must be used, input passed into the plugin should be sanitized ahead of processing. 2022-06-10 not yet calculated CVE-2022-25863
CONFIRM
CONFIRM
CONFIRM
CONFIRM
git-promise — git-promise
 
All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this package. **Note:** Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue. 2022-06-10 not yet calculated CVE-2022-24376
CONFIRM
CONFIRM
gitlab — ce/ee
 
When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows users with the Developer role to open terminals on other Developers’ running jobs 2022-06-06 not yet calculated CVE-2022-1944
MISC
CONFIRM
gitlab — ce/ee
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers to add new members to a project within their group, through the REST API, even after their group owner enabled a setting to prevent members from being added to projects within that group. 2022-06-06 not yet calculated CVE-2022-1783
CONFIRM
MISC
MISC
gitlab — ce/ee
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group. 2022-06-06 not yet calculated CVE-2022-1821
CONFIRM
MISC
gitlab — ee
 
A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim’s behalf via specially crafted Jira Issues 2022-06-06 not yet calculated CVE-2022-1940
MISC
MISC
CONFIRM
gitlab — ee
 
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token to misuse it from any location even when IP address restrictions were configured 2022-06-06 not yet calculated CVE-2022-1935
MISC
CONFIRM
gitlab — ee
 
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP address restrictions were configured 2022-06-06 not yet calculated CVE-2022-1936
MISC
CONFIRM
gitlab — gitlab_ee
 
An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature (available only on Premium+ subscriptions) may allow any owner of a Premium group to invite arbitrary users through their username and email, then change those users’ email addresses via SCIM to an attacker controlled email address and thus – in the absence of 2FA – take over those accounts. It is also possible for the attacker to change the display name and username of the targeted account. 2022-06-06 not yet calculated CVE-2022-1680
MISC
CONFIRM
gitlab — gitlab_runner
 
In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs 2022-06-06 not yet calculated CVE-2021-39947
MISC
CONFIRM
glpl-project — glpl GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to version 10.0.1 it is possible to add extra information by SQL injection on search pages. In order to exploit this vulnerability a user must be logged in. 2022-06-09 not yet calculated CVE-2022-29250
CONFIRM
glpl_project — glpl
 
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Kanban is a GLPI view to display Projects, Tickets, Changes or Problems on a task board. In versions prior to 10.0.1 a user can exploit a cross site scripting vulnerability in Kanban by injecting HTML code in its user name. Users are advised to upgrade. There are no known workarounds for this issue. 2022-06-09 not yet calculated CVE-2022-24876
CONFIRM
MISC
gogs — gogs Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes `DisplayName` prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users’ display names for malicious characters. 2022-06-09 not yet calculated CVE-2022-31038
MISC
MISC
CONFIRM
gogs — gogs
 
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9. 2022-06-09 not yet calculated CVE-2022-1986
CONFIRM
MISC
gogs — gogs
 
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. 2022-06-09 not yet calculated CVE-2022-1992
MISC
CONFIRM
gogs — gogs
 
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. 2022-06-09 not yet calculated CVE-2022-1993
MISC
CONFIRM
google — android
 
The Android application HTTP File Server (Version 1.4.1) by ‘slowscript’ is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write. 2022-06-09 not yet calculated CVE-2021-40668
MISC
MISC
gosecure– phone_system
 
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of “<space><space> followed by <shift><enter>” mishandling. 2022-06-07 not yet calculated CVE-2019-9972
MISC
MISC
gosecure– phone_system
 
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z (aka postrotate-command) option to tcpdump can be unsafe when used in conjunction with sudo. 2022-06-07 not yet calculated CVE-2019-9971
MISC
MISC
MISC
gpac — gpac
 
GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition (‘infinite loop’) vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file. 2022-06-08 not yet calculated CVE-2021-40592
MISC
MISC
gradle_enterprise — gradle_enterprise
 
Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure. 2022-06-06 not yet calculated CVE-2022-30587
MISC
MISC
gradle_enterprise — gradle_enterprise
 
Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution. 2022-06-06 not yet calculated CVE-2022-30586
MISC
MISC
grafana — grafana
 
Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor’/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. 2022-06-06 not yet calculated CVE-2022-32275
MISC
MISC
MISC
gunet — open_eclass
 
GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter. 2022-06-11 not yet calculated CVE-2021-44266
MISC
MISC
MISC
guzzle — guzzle Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Authorization` header on. This is much the same as to how we don’t forward on the header if the host changes. Prior to this fix, `https` to `http` downgrades did not result in the `Authorization` header being removed, only changes to the host. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach which would be to use their own redirect middleware. Alternately users may simply disable redirects all together if redirects are not expected or required. 2022-06-10 not yet calculated CVE-2022-31043
CONFIRM
MISC
MISC
CONFIRM
guzzle — guzzle  Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward the `Cookie` header on. Prior to this fix, only cookies that were managed by our cookie middleware would be safely removed, and any `Cookie` header manually added to the initial request would not be stripped. We now always strip it, and allow the cookie middleware to re-add any cookies that it deems should be there. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach to use your own redirect middleware, rather than ours. If you do not require or expect redirects to be followed, one should simply disable redirects all together. 2022-06-10 not yet calculated CVE-2022-31042
CONFIRM
MISC
MISC
CONFIRM
h3c — magic_r100_r100v100r005
 
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddMacList parameter at /goform/aspForm. 2022-06-08 not yet calculated CVE-2022-30925
MISC
h3c — magic_r100_r100v100r005
 
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnet parameter at /goform/aspForm. 2022-06-08 not yet calculated CVE-2022-30918
MISC
h3c — magic_r100_r100v100r005
 
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the CMD parameter at /goform/aspForm. 2022-06-08 not yet calculated CVE-2022-30909
MISC
h3c — magic_r100_r100v100r005
 
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID_5G parameter at /goform/aspForm. 2022-06-08 not yet calculated CVE-2022-30919
MISC
h3c — magic_r100_r100v100r005
 
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTimingtimeWifiAndLed parameter at /goform/aspForm. 2022-06-08 not yet calculated CVE-2022-30923
MISC
h3c — magic_r100_r100v100r005
 
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddWlanMacList parameter at /goform/aspForm. 2022-06-08 not yet calculated CVE-2022-30917
MISC
h3c — magic_r100_r100v100r005
 
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnetDebug parameter at /goform/aspForm. 2022-06-08 not yet calculated CVE-2022-30916
MISC
h3c — magic_r100_r100v100r005
 
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID parameter at /goform/aspForm. 2022-06-08 not yet calculated CVE-2022-30920
MISC
h3c — magic_r100_r100v100r005
 
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateSnat parameter at /goform/aspForm. 2022-06-08 not yet calculated CVE-2022-30915
MISC
h3c — magic_r100_r100v100r005
 
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateMacClone parameter at /goform/aspForm. 2022-06-08 not yet calculated CVE-2022-30914
MISC
h3c — magic_r100_r100v100r005
 
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the ipqos_set_bandwidth parameter at /goform/aspForm. 2022-06-08 not yet calculated CVE-2022-30913
MISC
h3c — magic_r100_r100v100r005
 
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the GO parameter at /goform/aspForm. 2022-06-08 not yet calculated CVE-2022-30910
MISC
h3c — magic_r100_r100v100r005
 
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateWanParams parameter at /goform/aspForm. 2022-06-08 not yet calculated CVE-2022-30912
MISC
h3c — magic_r100_r100v100r005
 
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditMacList parameter at /goform/aspForm. 2022-06-08 not yet calculated CVE-2022-30926
MISC
h3c — magic_r100_r100v100r005
 
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetAPWifiorLedInfoById parameter at /goform/aspForm. 2022-06-08 not yet calculated CVE-2022-30924
MISC
h3c — magic_r100_r100v100r005
 
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditWlanMacList parameter at /goform/aspForm. 2022-06-08 not yet calculated CVE-2022-30922
MISC
h3c — magic_r100_r100v100r005
 
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetMobileAPInfoById parameter at /goform/aspForm. 2022-06-08 not yet calculated CVE-2022-30921
MISC
hcl_software — onetest_server
 
Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and server to see if the request is allowed. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information when the Access-Control-Allow-Credentials is enabled. 2022-06-09 not yet calculated CVE-2021-27786
MISC
hitachi_energy — txpert_hub_coretec
 
A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. 2022-06-07 not yet calculated CVE-2021-35532
CONFIRM
hitachi_energy — txpert_hub_coretec
 
Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. 2022-06-07 not yet calculated CVE-2021-35531
CONFIRM
hitachi_energy — txpert_hub_coretec
 
A vulnerability in the application authentication and authorization mechanism in Hitachi Energy’s TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0 2.1.0; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. 2022-06-07 not yet calculated CVE-2021-35530
CONFIRM
humhub — humhub

 
A vulnerability was found in HumHub up to 1.0.1 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting (DOM). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-09 not yet calculated CVE-2017-20027
MISC
MISC
humhub — humhub

 
A vulnerability was found in HumHub 0.20.1/1.0.0-beta.3. It has been classified as critical. This affects an unknown part. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-09 not yet calculated CVE-2017-20028
MISC
MISC
humhub — humhub
 
A vulnerability has been found in HumHub up to 1.0.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting (Reflected). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-09 not yet calculated CVE-2017-20026
MISC
MISC
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. 2022-06-06 not yet calculated CVE-2022-31768
CONFIRM
XF
ibm — spectrum_copy_data_management
 
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow a remote attacker to view product configuration information stored in PostgreSQL, which could be used in further attacks against the system. IBM X-Force ID: 228219. 2022-06-10 not yet calculated CVE-2022-31769
XF
CONFIRM
ibm — spectrum_copy_data_management
 
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using some fields of the form in the portal UI to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. IBM X-Force ID: 227364. 2022-06-10 not yet calculated CVE-2022-30611
XF
CONFIRM
ibm — spectrum_copy_data_management
 
IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could exploit this vulnerability to bypass authentication and gain unauthorized access to the Spectrum Copy Data Management catalog which contains metadata. IBM X-Force ID: 223718. 2022-06-10 not yet calculated CVE-2022-22426
XF
CONFIRM
ibm — spectrum_copy_data_management
 
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 227363. 2022-06-10 not yet calculated CVE-2022-30610
XF
CONFIRM
ibm — spectrum_copy_data_management
 
IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 225887. 2022-06-10 not yet calculated CVE-2022-22479
XF
CONFIRM
ibm — spectrum_protect_plus
 
Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are not printed. IBM X-Force ID: 222231. 2022-06-06 not yet calculated CVE-2022-22396
CONFIRM
XF
ideaco.ir — idealms IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID= pathname. 2022-06-10 not yet calculated CVE-2022-31788
MISC
MISC
igel — universal_management_suite An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key. 2022-06-09 not yet calculated CVE-2022-25807
MISC
MISC
igel — universal_management_suite
 
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. The transmission of cleartext LDAP bind credentials by the cmd_mgt_load_mgt_tree command allows an attacker (who can intercept or inspect traffic between an authenticated UMS client and server) to compromise those LDAP bind credentials. 2022-06-09 not yet calculated CVE-2022-25805
MISC
MISC
igel — universal_management_suite
 
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key. 2022-06-09 not yet calculated CVE-2022-25806
MISC
MISC
igel — universal_management_suite
 
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Insecure permissions for the serverconfig registry key (under JavaSoft\Prefs\de\igel\rm\config in HKEY_LOCAL_MACHINE\SOFTWARE) allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the UMS superuser. 2022-06-09 not yet calculated CVE-2022-25804
MISC
MISC
ihb_eg_flexnow — ihb_eg_flexnow
 
An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by changing the student ID parameter in the HTTP POST request to the FrontControllerSS endpoint. 2022-06-09 not yet calculated CVE-2022-30760
MISC
MISC
intelliants — subrion_cms
 
An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute. 2022-06-11 not yet calculated CVE-2021-41502
MISC
istio — istio
 
Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an Istio ingress Gateway exposed to external traffic. This vulnerability has been resolved in versions 1.12.8, 1.13.5, and 1.14.1. Users are advised to upgrade. There are no known workarounds for this issue. 2022-06-09 not yet calculated CVE-2022-31045
CONFIRM
MISC
itarian — endpoint_manage_communication_client
 
The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Due to this setting, a malicious actor with low privileges access to a system can escalate his privileges to SYSTEM abusing an insecure openssl.conf lookup. 2022-06-09 not yet calculated CVE-2022-25153
CONFIRM
CONFIRM
itarian — saas/on-premise
 
Within the Service Desk module of the ITarian platform (SAAS and on-premise), a remote attacker can obtain sensitive information, caused by the failure to set the HTTP Only flag. A remote attacker could exploit this vulnerability to gain access to the management interface by using this vulnerability in combination with a successful Cross-Site Scripting attack on a user. 2022-06-09 not yet calculated CVE-2022-25151
CONFIRM
CONFIRM
itarian — saas/on-premise
 
The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures. It is possible to require a mandatory approval process. Due to a vulnerability in the approval process, present in any version prior to 6.35.37347.20040, a malicious actor (with a valid session token) can create a procedure, bypass approval, and execute the procedure. This results in the ability for any user with a valid session token to perform arbitrary code execution and full system take-over on all agents. 2022-06-09 not yet calculated CVE-2022-25152
CONFIRM
CONFIRM
itop_hub — itop
 
ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php. 2022-06-10 not yet calculated CVE-2022-31402
MISC
MISC
MISC
jamf — private_access
 
Jamf Private Access before 2022-05-16 has Incorrect Access Control, in which an unauthorized user can reach a system in the internal infrastructure, aka WND-44801. 2022-06-07 not yet calculated CVE-2022-29564
MISC
MISC
jgraph — drawio
 
Cross-site Scripting (XSS) – Stored in GitHub repository jgraph/drawio prior to 19.0.2. 2022-06-09 not yet calculated CVE-2022-2015
MISC
CONFIRM
jgraph — drawio
 
Code Injection in GitHub repository jgraph/drawio prior to 19.0.2. 2022-06-09 not yet calculated CVE-2022-2014
MISC
CONFIRM
jizhicms — jizhicms
 
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php. 2022-06-09 not yet calculated CVE-2022-31390
MISC
jizhicms — jizhicms
 
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php. 2022-06-09 not yet calculated CVE-2022-31393
MISC
jodd_http — jodd_http
 
Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequest#set and `jodd.http.HttpRequest#send. These vulnerabilities allow attackers to execute Server-Side Request Forgery (SSRF) via a crafted TCP payload. 2022-06-06 not yet calculated CVE-2022-29631
MISC
MISC
joy_ebike — joy_ebike
 
joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authentication Bypass by Capture-replay. 2022-06-07 not yet calculated CVE-2022-30466
MISC
jupyter_hub — oauthenticator
 
OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowed_idps configuration trait of CILogonOAuthenticator is documented to be a list of domains that indicate the institutions whose users are authorized to access this JupyterHub. This authorization is validated by ensuring that the *email* field provided to us by CILogon has a *domain* that matches one of the domains listed in `allowed_idps`.If `allowed_idps` contains `berkeley.edu`, you might expect only users with valid current credentials provided by University of California, Berkeley to be able to access the JupyterHub. However, CILogonOAuthenticator does *not* verify which provider is used by the user to login, only the email address provided. So a user can login with a GitHub account that has email set to `<something>@berkeley.edu`, and that will be treated exactly the same as someone logging in using the UC Berkeley official Identity Provider. The patch fixing this issue makes a *breaking change* in how `allowed_idps` is interpreted. It’s no longer a list of domains, but configuration representing the `EntityID` of the IdPs that are allowed, picked from the [list maintained by CILogon](https://cilogon.org/idplist/). Users are advised to upgrade. 2022-06-09 not yet calculated CVE-2022-31027
CONFIRM
kromitgmbh — titra
 
Cross-site Scripting (XSS) – Stored in GitHub repository kromitgmbh/titra prior to 0.77.0. 2022-06-09 not yet calculated CVE-2022-2026
CONFIRM
MISC
kromitgmbh — titra
 
Cross-site Scripting (XSS) – DOM in GitHub repository kromitgmbh/titra prior to 0.77.0. 2022-06-09 not yet calculated CVE-2022-2029
CONFIRM
MISC
kromitgmbh — titra
 
Cross-site Scripting (XSS) – Generic in GitHub repository kromitgmbh/titra prior to 0.77.0. 2022-06-09 not yet calculated CVE-2022-2028
CONFIRM
MISC
kromitgmbh — titra
 
Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0. 2022-06-09 not yet calculated CVE-2022-2027
MISC
CONFIRM
laravel
— laravel
 
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution (RCE) via an unserialized pop chain in __destruct in Illuminate\Broadcasting\PendingBroadcast.php and __call in Faker\Generator.php. 2022-06-07 not yet calculated CVE-2022-31279
MISC
lepin — ep-kp001 Due to an insecure design, the Lepin EP-KP001 flash drive through KP001_V19 is vulnerable to an authentication bypass attack that enables an attacker to gain access to the stored encrypted data. Normally, the encrypted disk partition with this data is unlocked by entering the correct passcode (6 to 14 digits) via the keypad and pressing the Unlock button. This authentication is performed by an unknown microcontroller. By replacing this microcontroller on a target device with one from an attacker-controlled Lepin EP-KP001 whose passcode is known, it is possible to successfully unlock the target device and read the stored data in cleartext. 2022-06-10 not yet calculated CVE-2022-29948
MISC
FULLDISC
libjpeg — libjpeg
 
There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan. 2022-06-10 not yet calculated CVE-2022-32978
MISC
MISC
librehealth — lh-ehr_base
 
Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username. 2022-06-06 not yet calculated CVE-2022-31492
MISC
MISC
MISC
librehealth — lh-ehr_base
 
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS. 2022-06-06 not yet calculated CVE-2022-31494
MISC
MISC
MISC
librehealth — lh-ehr_base
 
LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS. 2022-06-06 not yet calculated CVE-2022-31498
MISC
MISC
MISC
librehealth — lh-ehr_base
 
LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS. 2022-06-08 not yet calculated CVE-2022-31497
MISC
MISC
MISC
librehealth — lh-ehr_base
 
LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access. 2022-06-09 not yet calculated CVE-2022-31496
MISC
MISC
MISC
librehealth — lh-ehr_base
 
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS. 2022-06-07 not yet calculated CVE-2022-31495
MISC
MISC
MISC
librehealth — lh-ehr_base
 
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS. 2022-06-06 not yet calculated CVE-2022-31493
MISC
MISC
MISC
lighttpd — lighttpd
 
Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers. 2022-06-11 not yet calculated CVE-2022-30780
MISC
MISC
MISC
MISC
linux — kernel
 
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. 2022-06-05 not yet calculated CVE-2022-32296
MISC
MISC
linux — kernel
 
An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. 2022-06-10 not yet calculated CVE-2022-32981
MISC
linux — kernel
 
A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system. 2022-06-09 not yet calculated CVE-2022-1998
MISC
MISC
linux — kernel
 
A use-after-free vulnerability was found in the Linux kernel’s Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue. 2022-06-06 not yet calculated CVE-2022-1966
MISC
MISC
MISC
FEDORA
FEDORA
mechanize — mechanize
 
The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to 2.8.5 the Authorization header is leaked after a redirect to a different port on the same site. Users are advised to upgrade to Mechanize v2.8.5 or later. There are no known workarounds for this issue. 2022-06-09 not yet calculated CVE-2022-31033
CONFIRM
MISC
mediatek — apusys_driver
 
In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06477946; Issue ID: ALPS06477946. 2022-06-06 not yet calculated CVE-2022-21762
MISC
mediatek — apusys_driver
 
In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479532; Issue ID: ALPS06479532. 2022-06-06 not yet calculated CVE-2022-21761
MISC
mediatek — apusys_driver
 
In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479562; Issue ID: ALPS06479562. 2022-06-06 not yet calculated CVE-2022-21760
MISC
mediatek — ccu
 
In ccu, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06439600; Issue ID: ALPS06439600. 2022-06-06 not yet calculated CVE-2022-21758
MISC
mediatek — imgsensor
 
In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479698; Issue ID: ALPS06479698. 2022-06-06 not yet calculated CVE-2022-21746
MISC
mediatek — imgsensor
 
In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478078; Issue ID: ALPS06478078. 2022-06-06 not yet calculated CVE-2022-21747
MISC
mediatek — telephony
 
In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06511030; Issue ID: ALPS06511030. 2022-06-06 not yet calculated CVE-2022-21748
MISC
mediatek — telephony
 
In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06511058; Issue ID: ALPS06511058. 2022-06-06 not yet calculated CVE-2022-21749
MISC
mediatek — wifi_firmware
 
In WIFI Firmware, there is a possible memory corruption due to a use after free. This could lead to remote escalation of privilege, when devices are connecting to the attacker-controllable Wi-Fi hotspot, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468872; Issue ID: ALPS06468872. 2022-06-06 not yet calculated CVE-2022-21745
MISC
mediatek — wifi_firmware
 
In WIFI Firmware, there is a possible system crash due to a missing count check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468894; Issue ID: ALPS06468894. 2022-06-06 not yet calculated CVE-2022-21757
MISC
mediatek — wlan_driver
 
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521283; Issue ID: ALPS06521283. 2022-06-06 not yet calculated CVE-2022-21750
MISC
mediatek — wlan_driver
 
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06493873; Issue ID: ALPS06493873. 2022-06-06 not yet calculated CVE-2022-21752
MISC
mediatek — wlan_driver
 
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06493873; Issue ID: ALPS06493899. 2022-06-06 not yet calculated CVE-2022-21753
MISC
mediatek — wlan_driver
 
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06535953; Issue ID: ALPS06535953. 2022-06-06 not yet calculated CVE-2022-21754
MISC
mediatek — wlan_driver
 
In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06545464; Issue ID: ALPS06545464. 2022-06-06 not yet calculated CVE-2022-21755
MISC
mediatek — wlan_driver
 
In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06535950; Issue ID: ALPS06535950. 2022-06-06 not yet calculated CVE-2022-21756
MISC
mediatek — wlan_driver
 
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06511132; Issue ID: ALPS06511132. 2022-06-06 not yet calculated CVE-2022-21751
MISC
mediatek –android
 
In power service, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419106; Issue ID: ALPS06419077. 2022-06-06 not yet calculated CVE-2022-21759
MISC
minio — minio
 
MinIO is a multi-cloud object storage solution. Starting with version RELEASE.2019-09-25T18-25-51Z and ending with version RELEASE.2022-06-02T02-11-04Z, MinIO is vulnerable to an unending go-routine buildup while keeping connections established due to HTTP clients not closing the connections. Public-facing MinIO deployments are most affected. Users should upgrade to RELEASE.2022-06-02T02-11-04Z to receive a patch. One possible workaround is to use a reverse proxy to limit the number of connections being attempted in front of MinIO, and actively rejecting connections from such malicious clients. 2022-06-07 not yet calculated CVE-2022-31028
CONFIRM
MISC
MISC
MISC
minmax — minmax
 
A vulnerability classified as critical has been found in MINMAX. This affects an unknown part of the file /newsDia.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. 2022-06-07 not yet calculated CVE-2020-36535
MISC
mitsubishi — multiple_products
 
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications. 2022-06-08 not yet calculated CVE-2022-24296
MISC
MISC
MISC
modzero — klapp_app
 
A vulnerability has been found in Klapp App and classified as problematic. This vulnerability affects unknown code of the component Authorization. The manipulation leads to information disclosure (Credentials). The attack can be initiated remotely. It is recommended to upgrade the affected app. 2022-06-07 not yet calculated CVE-2020-36532
MISC
MISC
modzero — klapp_app
 
A vulnerability was found in Klapp App and classified as problematic. This issue affects some unknown processing of the JSON Web Token Handler. The manipulation leads to weak authentication. The attack may be initiated remotely. 2022-06-07 not yet calculated CVE-2020-36533
MISC
MISC
monstaftp — monstaftp
 
MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function performFetchRequest at HTTPFetcher.php. 2022-06-09 not yet calculated CVE-2022-31827
MISC
monyog_ultimate — monyog_ultimate
 
A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This affects an unknown part of the component Cookie Handler. The manipulation of the argument HasServerEdit/IsAdmin leads to privilege escalation. It is possible to initiate the attack remotely. 2022-06-09 not yet calculated CVE-2016-15002
MISC
MISC
nbnbk_cms — nbnbk_cms
 
A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter. 2022-06-09 not yet calculated CVE-2022-31386
MISC
neorazorx — facturascripts
 
Cross-site Scripting (XSS) – Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1. 2022-06-09 not yet calculated CVE-2022-2016
MISC
CONFIRM
next_generation_of_genealogy_sitebuilding — next_generation_of_genealogy_sitebuilding
 
A vulnerability, which was classified as critical, has been found in The Next Generation of Genealogy Sitebuilding up to 11.1.0. This issue affects some unknown processing of the file /timeline2.php. The manipulation of the argument primaryID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.1.1 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-08 not yet calculated CVE-2017-20017
MISC
nocodb — nocodb
 
Cross-site Scripting (XSS) – Stored in GitHub repository nocodb/nocodb prior to 0.91.7. 2022-06-07 not yet calculated CVE-2022-2022
MISC
CONFIRM
open_edx — open_edx
 
Open edX platform before 2022-06-06 allows XSS via the “next” parameter in the logout URL. 2022-06-09 not yet calculated CVE-2022-32195
MISC
MISC
opswat — metadefender_core
 
As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server. 2022-06-08 not yet calculated CVE-2022-32273
MISC
MISC
opswat — metadefender_core
 
OPSWAT MetaDefender Core (MDCore) before 5.1.2 has incorrect access control, resulting in privilege escalation. 2022-06-09 not yet calculated CVE-2022-32272
MISC
MISC
oracle — multiple_products
 
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). 2022-06-09 not yet calculated CVE-2022-21499
MISC
owncloud — core
 
ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer. 2022-06-09 not yet calculated CVE-2022-31649
MISC
MISC
partkeepr — partkeepr
 
A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the ‘name’ field in /api/part_categories. 2022-06-08 not yet calculated CVE-2022-30899
MISC
phplist — phplist A vulnerability was found in PHPList 3.2.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Subscription. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-10 not yet calculated CVE-2017-20032
MISC
MISC
phplist — phplist
 
A vulnerability, which was classified as problematic, was found in PHPList 3.2.6. Affected is an unknown function of the file /lists/admin/ of the component Bounce Rule. The manipulation leads to cross site scripting (Persistent). It is possible to launch the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-10 not yet calculated CVE-2017-20036
MISC
MISC
phplist — phplist
 
A vulnerability was found in PHPList 3.2.6 and classified as critical. This issue affects some unknown processing of the file /lists/index.php of the component Edit Subscription. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-10 not yet calculated CVE-2017-20029
MISC
MISC
phplist — phplist
 
A vulnerability was found in PHPList 3.2.6. It has been classified as critical. Affected is an unknown function of the file /lists/admin/ of the component Sending Campain. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-10 not yet calculated CVE-2017-20030
MISC
MISC
phplist — phplist
 
A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting (Persistent). The attack may be initiated remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-10 not yet calculated CVE-2017-20035
MISC
MISC
phplist — phplist
 
A vulnerability was found in PHPList 3.2.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument sortby with the input password leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-10 not yet calculated CVE-2017-20031
MISC
MISC
phplist — phplist
 
A vulnerability classified as problematic has been found in PHPList 3.2.6. This affects an unknown part of the file /lists/admin/. The manipulation of the argument page with the input send\’\”;><script>alert(8)</script> leads to cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-10 not yet calculated CVE-2017-20033
MISC
MISC
phplist — phplist
 
A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting (Persistent). The attack can be initiated remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-10 not yet calculated CVE-2017-20034
MISC
MISC
pjsip — pjsip
 
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue. 2022-06-09 not yet calculated CVE-2022-31031
MISC
CONFIRM
platinum_mobile — platinum_mobile
 
A vulnerability, which was classified as critical, was found in Platinum Mobile 1.0.4.850. Affected is /MobileHandler.ashx which leads to broken access control. The attack requires authentication. Upgrading to version 1.0.4.851 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-07 not yet calculated CVE-2020-36528
MISC
MISC
podman — podman
 
A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2022-06-09 not yet calculated CVE-2019-25067
MISC
MISC
publiccms — publiccms
 
PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java. 2022-06-03 not yet calculated CVE-2022-29784
MISC
MISC
pyil — pypl
 
The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2. 2022-06-08 not yet calculated CVE-2022-30877
MISC
MISC
MISC
pyil — pypl
 
pyanxdns package in PyPI version 0.2 is vulnerable to code execution backdoor. The impact is: execute arbitrary code (remote). When installing the pyanxdns package of version 0.2, the request package will be installed. 2022-06-08 not yet calculated CVE-2022-30882
MISC
MISC
MISC
pypl — pypl
 
api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor in the request package. 2022-06-08 not yet calculated CVE-2022-31313
MISC
MISC
MISC
razer — sila_gaming_router
 
A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request. 2022-06-09 not yet calculated CVE-2022-29013
MISC
MISC
MISC
razer — sila_gaming_router
 
A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files. 2022-06-09 not yet calculated CVE-2022-29014
MISC
MISC
MISC
realnetworks — real_player
 
In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname (for a DLL file) in a RAM file. 2022-06-05 not yet calculated CVE-2022-32291
MISC
realvnc — vnc_server
 
RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM. 2022-06-10 not yet calculated CVE-2022-27502
MISC
MISC
redhat — cri-o
 
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability. 2022-06-07 not yet calculated CVE-2022-1708
MISC
MISC
MISC
riverbed — appresponse
 
Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a (when configured to use local, RADIUS, or TACACS authentication) logs usernames and passwords if either is entered incorrectly. If a user enters an incorrect username and/or password when logging into the WebUI, these attempted credentials are included in an error message that is logged in the WebUI log file. A log entry does not appear if the username and password provided correctly match a valid set of credentials. This also does not happen if AppResponse is configured to use SAML authentication. The WebUI log file is included in subsequent diagnostic system dumps that are generated. (Only users with Full Control access to the System Configuration permission can generate system dumps. By default, only System Administrators have Full Control access to the System Configuration permission.) 2022-06-03 not yet calculated CVE-2021-43271
MISC
samsung_mobile — find_my_mobile
 
Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permissio to get sim card information through device log. 2022-06-07 not yet calculated CVE-2022-30742
MISC
samsung_mobile — find_my_mobile
 
Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log. 2022-06-07 not yet calculated CVE-2022-30741
MISC
samsung_mobile — internet
 
Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers. 2022-06-07 not yet calculated CVE-2022-30740
MISC
samsung_mobile — internet
 
Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script. 2022-06-07 not yet calculated CVE-2022-30738
MISC
samsung_mobile — kies
 
DLL hijacking vulnerability in KiesWrapper in Samsung Kies prior to version 2.6.4.22043_1 allows attacker to execute arbitrary code. 2022-06-07 not yet calculated CVE-2022-30744
MISC
samsung_mobile — members
 
Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity. 2022-06-07 not yet calculated CVE-2022-30748
MISC
samsung_mobile — my_files
 
Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application. 2022-06-07 not yet calculated CVE-2022-30731
MISC
samsung_mobile — pass
 
Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication. 2022-06-07 not yet calculated CVE-2022-30730
MISC
samsung_mobile — quick_share
 
Improper access control vulnerability in Quick Share prior to version 13.1.2.4 allows attacker to access internal files in Quick Share. 2022-06-07 not yet calculated CVE-2022-30745
MISC
samsung_mobile — smart_things
 
Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity. 2022-06-07 not yet calculated CVE-2022-30749
MISC
samsung_mobile — smart_things
 
PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent. 2022-06-07 not yet calculated CVE-2022-30747
MISC
samsung_mobile — smart_things
 
Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API. 2022-06-07 not yet calculated CVE-2022-30746
MISC
sap — sap_business_objects_business_intelligence_platform
 
BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active. 2022-06-06 not yet calculated CVE-2020-6220
MISC
MISC
seeddms — seeddms The “Add category” functionality inside the “Global Keywords” menu in “SeedDMS” version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code. 2022-06-06 not yet calculated CVE-2022-28051
MISC
MISC
MISC
seeddms — seeddms
 
SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the “Role management” menu and then trigger the payload by loading the “Users management” menu 2022-06-06 not yet calculated CVE-2022-28479
MISC
MISC
seeddms — seeddms
 
SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The “Remove file” functionality inside the “Log files management” menu does not sanitize user input allowing attackers with admin privileges to delete arbitrary files on the remote system. 2022-06-06 not yet calculated CVE-2022-28478
MISC
MISC
semantic-release — semantic-release
 
semantic-release is an open source npm package for automated version management and package publishing. In affected versions secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that are excluded from uri encoding by `encodeURI`. Occurrence is further limited to execution contexts where push access to the related repository is not available without modifying the repository url to inject credentials. Users are advised to upgrade. Users unable to upgrade should ensure that secrets that do not contain characters that are excluded from encoding with `encodeURI` when included in a URL are already masked properly. 2022-06-09 not yet calculated CVE-2022-31051
CONFIRM
MISC
MISC
MISC
sevone — network_management_system
 
A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely. 2022-06-07 not yet calculated CVE-2020-36529
MISC
MISC
sevone — network_management_system
 
A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely. 2022-06-07 not yet calculated CVE-2020-36531
MISC
MISC
sevone — network_management_system
 
A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated remotely. 2022-06-07 not yet calculated CVE-2020-36530
MISC
MISC
sialweb_cms — sialweb_cms

 
A vulnerability has been found in SialWeb CMS and classified as problematic. This vulnerability affects unknown code of the component Search Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2022-06-08 not yet calculated CVE-2020-36544
MISC
MISC
sialweb_cms — sialweb_cms
 
A vulnerability, which was classified as critical, was found in SialWeb CMS. This affects an unknown part of the file /about.php. The manipulation of the argument Id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2022-06-08 not yet calculated CVE-2020-36543
MISC
MISC
sicunet — access_controller
 
A vulnerability has been found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument c leads to privilege escalation. The attack can be launched remotely. 2022-06-11 not yet calculated CVE-2017-20037
N/A
N/A
sicunet — access_controller
 
A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this issue is some unknown functionality of the file card_scan_decoder.php. The manipulation of the argument No/door leads to privilege escalation. The attack may be launched remotely. 2022-06-11 not yet calculated CVE-2017-20038
N/A
N/A
sicunet — access_controller
 
A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been classified as very critical. This affects an unknown part. The manipulation leads to weak authentication. It is possible to initiate the attack remotely. 2022-06-11 not yet calculated CVE-2017-20039
N/A
N/A
sicunet — access_controller
 
A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been declared as problematic. This vulnerability affects unknown code of the component Password Storage. The manipulation leads to weak encryption. Attacking locally is a requirement. 2022-06-11 not yet calculated CVE-2017-20040
N/A
N/A
silver_stripe — silverstripe-ominpay
 
silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as completed without payment being taken. This is mitigated by the fact that most payment gateways hide this information from users, however some issuing banks offer flawed 3DSecure implementations that may inadvertently expose this data. The following versions have been patched to fix this issue: `2.5.2`, `3.0.2`, `3.1.4`, and `3.2.1`. There are no known workarounds for this vulnerability. 2022-06-09 not yet calculated CVE-2022-29254
MISC
CONFIRM
snyk — jpeg-js The package jpeg-js before 0.4.4 are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return. 2022-06-10 not yet calculated CVE-2022-25851
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
snyk — posix
 
This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with type-check. 2022-06-10 not yet calculated CVE-2022-21211
CONFIRM
snyk — metacalc
 
The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript’s Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript’s Function constructor. 2022-06-08 not yet calculated CVE-2022-21122
MISC
MISC
MISC
solare_datensysteme — solar-log A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-09 not yet calculated CVE-2017-20020
MISC
MISC
solare_datensysteme — solar-log
 
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-09 not yet calculated CVE-2017-20024
MISC
MISC
solare_datensysteme — solar-log
 
A vulnerability classified as problematic was found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this vulnerability is an unknown functionality of the component Config Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-09 not yet calculated CVE-2017-20019
MISC
MISC
solare_datensysteme — solar-log
 
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privilege escalation. The attack may be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-09 not yet calculated CVE-2017-20023
MISC
MISC
solare_datensysteme — solar-log
 
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipulation leads to privilege escalation. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-09 not yet calculated CVE-2017-20025
MISC
MISC
solare_datensysteme — solar-log
 
A vulnerability has been found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-09 not yet calculated CVE-2017-20022
MISC
MISC
solare_datensysteme — solar-log
 
A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-09 not yet calculated CVE-2017-20021
MISC
MISC
sonicwall — ssl-vpn_sma100
 
Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack. 2022-06-08 not yet calculated CVE-2022-1703
CONFIRM
sourcecodester — money_transfer_management_system
 
A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1.0, which allows a remote malicious user to gain elevated privileges to the Admin role via any URL. 2022-06-10 not yet calculated CVE-2021-44582
MISC
MISC
sourcecodester — prison_management_system
 
A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Affected is an unknown function of the file /admin/?page=inmates/view_inmate of the component Inmate Handler. The manipulation of the argument id with the input 1%27%20and%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,0,database(),2,3,4,5,6,7,8,9,0,1,2,3,4–+ leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2022-06-09 not yet calculated CVE-2022-2018
MISC
MISC
sourcecodester — prison_management_system
 
A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php?f=save of the component New User Creation. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2022-06-09 not yet calculated CVE-2022-2019
MISC
MISC
sourcecodester — prison_management_system
 
A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input <img src=”” onerror=”alert(1)”> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2022-06-09 not yet calculated CVE-2022-2020
MISC
MISC
sourcecodester — prison_management_system
 
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pms/admin/visits/view_visit.php of the component Visit Handler. The manipulation of the argument id with the input 2%27and%201=2%20union%20select%201,2,3,4,5,6,7,user(),database()–+ leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2022-06-09 not yet calculated CVE-2022-2017
MISC
MISC
sourcecodester — siple_task_scheduling_system
 
A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable “id” parameter. 2022-06-06 not yet calculated CVE-2022-30927
MISC
MISC
MISC
sricam — ip_cctv_camera
 
A vulnerability was found in Sricam IP CCTV Camera and classified as critical. This issue affects some unknown processing of the component Device Viewer. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. 2022-06-08 not yet calculated CVE-2019-25062
MISC
MISC
sricam — ip_cctv_camera
 
A vulnerability was found in Sricam IP CCTV Camera. It has been classified as critical. Affected is an unknown function of the component Device Viewer. The manipulation leads to memory corruption. Local access is required to approach this attack. 2022-06-08 not yet calculated CVE-2019-25063
MISC
stackoverflow — jmespath.rb
 
jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable. 2022-06-06 not yet calculated CVE-2022-32511
MISC
MISC
MISC
tenable — scorm_engive
 
A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim’s browser. 2022-06-09 not yet calculated CVE-2022-2035
MISC
thales_group — safenet_keysecure
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in SafeNet KeySecure allows an authenticated user to read arbitrary files from the underlying system on which the product is deployed. 2022-06-10 not yet calculated CVE-2021-42811
MISC
thedaylightstudio — fuel_cms
 
A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4. 2022-06-10 not yet calculated CVE-2021-44117
MISC
MISC
tigera — multiple_products Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod. 2022-06-06 not yet calculated CVE-2022-28224
MISC
toaruos — toaruos
 
ToaruOS 1.99.2 is affected by incorrect access control via the kernel. Improper MMU management and having a low GDT address allows it to be mapped in userland. A call gate can then be written to escalate to CPL 0. 2022-06-08 not yet calculated CVE-2021-36710
MISC
tooljet — tooljet
 
Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0. 2022-06-09 not yet calculated CVE-2022-2037
MISC
CONFIRM
totolink –ex1200t
 
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization. 2022-06-03 not yet calculated CVE-2021-42891
MISC
totolink –ex1200t
 
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg. 2022-06-03 not yet calculated CVE-2021-42893
MISC
totolink –ex1200t
 
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware. 2022-06-03 not yet calculated CVE-2021-42892
MISC
tp-linnk — router_ax50
 
In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation. 2022-06-09 not yet calculated CVE-2022-30075
MISC
MISC
MISC
trend_micro — security_2021_and_2022
 
Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected machine. 2022-06-09 not yet calculated CVE-2022-30702
MISC
MISC
trend_micro — security_2021_and_2022
 
Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for privilege escalation. 2022-06-09 not yet calculated CVE-2022-30703
MISC
MISC
trilogy – trilogy
 
Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers. 2022-06-09 not yet calculated CVE-2022-31026
CONFIRM
MISC
tuleap — tuleap
 
Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this vulnerability to retrieve the name of a tracker they cannot access as well as the name of the fields used in reports. 2022-06-09 not yet calculated CVE-2022-24896
MISC
CONFIRM
MISC
MISC
u-boot — u-boot
 
Das U-Boot 2022.01 has a Buffer Overflow. 2022-06-08 not yet calculated CVE-2022-30552
MISC
MISC
uboot — uboot
 
Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552. 2022-06-08 not yet calculated CVE-2022-30790
MISC
MISC
vapor — vapor
 
Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: `curl -d “array[_0][0][array][_0][0][array]$(for f in $(seq 1100); do echo -n ‘[_0][0][array]’; done)[string][_0]=hello%20world” http://localhost:8080/foo`. The issue is unbounded, attacker controlled stack growth which will at some point lead to a stack overflow and a process crash. This issue has been fixed in version 4.61.1. 2022-06-09 not yet calculated CVE-2022-31019
CONFIRM
MISC
verbatim — multiple_products
 
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they can be unlocked by an attacker who can then gain unauthorized access to the stored data. The attacker can simply use an undocumented IOCTL command that retrieves the correct password. This affects Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 and Fingerprint Secure Portable Hard Drive Part Number #53650. 2022-06-08 not yet calculated CVE-2022-28387
MISC
MISC
FULLDISC
FULLDISC
verbatim — multiple_products
 
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode (Electronic Codebook, aka ECB), an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB mode. This operation mode of block ciphers (e.g., AES) always encrypts identical plaintext data, in this case blocks of 16 bytes, to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion, within ECB, can leak sensitive information even in encrypted data. Thus, the use of the ECB operation mode can put the confidentiality of specific information at risk, even in an encrypted form. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store ‘n’ Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650. 2022-06-08 not yet calculated CVE-2022-28382
MISC
MISC
MISC
MISC
FULLDISC
FULLDISC
FULLDISC
FULLDISC
verbatim — multiple_products
 
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to insufficient firmware validation, an attacker can store malicious firmware code for the USB-to-SATA bridge controller on the USB drive (e.g., by leveraging physical access during the supply chain). This code is then executed. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store ‘n’ Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650. 2022-06-08 not yet calculated CVE-2022-28383
MISC
MISC
MISC
MISC
FULLDISC
FULLDISC
FULLDISC
FULLDISC
verbatim — multiple_products
 
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they allow an offline brute-force attack for determining the correct passcode, and thus gaining unauthorized access to the stored encrypted data. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store ‘n’ Go Secure Portable HDD GD25LK01-3637-C VER4.0. 2022-06-08 not yet calculated CVE-2022-28384
MISC
MISC
FULLDISC
FULLDISC
verbatim — multiple_products
 
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to missing integrity checks, an attacker can manipulate the content of the emulated CD-ROM drive (containing the Windows and macOS client software). The content of this emulated CD-ROM drive is stored as an ISO-9660 image in the hidden sectors of the USB drive, that can only be accessed using special IOCTL commands, or when installing the drive in an external disk enclosure. By manipulating this ISO-9660 image or replacing it with another one, an attacker is able to store malicious software on the emulated CD-ROM drive. This software may get executed by an unsuspecting victim when using the device. For example, an attacker with temporary physical access during the supply chain could program a modified ISO-9660 image on a device that always accepts an attacker-controlled password for unlocking the device. If the attacker later on gains access to the used USB drive, he can simply decrypt all contained user data. Storing arbitrary other malicious software is also possible. This affects Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 and Fingerprint Secure Portable Hard Drive Part Number #53650. 2022-06-08 not yet calculated CVE-2022-28385
MISC
MISC
FULLDISC
FULLDISC
verbatim — multiple_products
 
An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout (e.g., requiring a reformat of the drive after 20 failed unlock attempts) does not work as specified. More than 20 attempts may be made. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store ‘n’ Go Secure Portable HDD GD25LK01-3637-C VER4.0. 2022-06-08 not yet calculated CVE-2022-28386
MISC
MISC
FULLDISC
FULLDISC
vim — vim
 
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. 2022-06-09 not yet calculated CVE-2022-2000
CONFIRM
MISC
vim — vim
 
Use After Free in GitHub repository vim/vim prior to 8.2. 2022-06-10 not yet calculated CVE-2022-2042
CONFIRM
MISC
virtua_software — cobranca
 
Virtua Cobranca before 12R allows SQL Injection on the login page. 2022-06-07 not yet calculated CVE-2021-37589
MISC
MISC
vyperlang — vyper
 
Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address (including side effects) could be evaluated twice. This may result in incorrect outcomes for contracts. This issue has been addressed in v0.3.4. 2022-06-09 not yet calculated CVE-2022-29255
CONFIRM
MISC
watchguard — multiple_products WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to delete arbitrary files from a limited set of directories on the system. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. 2022-06-07 not yet calculated CVE-2022-25361
MISC
MISC
wolfcms — wolfcms
 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS up to 0.8.3.1. It has been rated as problematic. This issue affects some unknown processing of the file /wolfcms/?/admin/user/add of the component User Add. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-06-09 not yet calculated CVE-2019-25070
MISC
MISC
wolterskulwer — teammate+_audit
 
A blind SQL injection vulnerability in search form in TeamMate+ Audit version 28.0.19.0 allows any authenticated user to create malicious SQL injections, which can result in complete database compromise, gaining information about other users, unauthorized access to audit data etc. 2022-06-06 not yet calculated CVE-2021-41932
MISC
wordpress — amtythumb_wordpress_plugin
 
The amtyThumb WordPress plugin through 4.2.0 does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user (and not just Author+ like the original advisory mention) due to the fact that they can execute shortcodes via an AJAX action 2022-06-08 not yet calculated CVE-2022-1683
MISC
MISC
wordpress — cp_image_store_with_slideshow_wordpress_plugin
 
The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack 2022-06-08 not yet calculated CVE-2022-1692
MISC
MISC
wordpress — cube_slider_wordpress_plugin
 
The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users such as admin 2022-06-08 not yet calculated CVE-2022-1684
MISC
MISC
wordpress — database_backup_for_wordpress_plugin
 
The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails to themselves, which contain more details. Or disable the automatic backup schedule 2022-06-08 not yet calculated CVE-2022-1577
MISC
wordpress — fibosearch_wordpress_plugin
 
The FiboSearch WordPress plugin before 1.17.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed 2022-06-08 not yet calculated CVE-2022-1469
MISC
wordpress — files_download_delay_wordpress_plugin
 
The Files Download Delay WordPress plugin before 1.0.7 does not have authorisation and CSRF checks when reseting its settings, which could allow any authenticated users, such as subscriber to perform such action. 2022-06-08 not yet calculated CVE-2022-1570
MISC
wordpress — five_minute_webshop_wordpress_plugin
 
The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection 2022-06-08 not yet calculated CVE-2022-1686
MISC
MISC
wordpress — five_minute_webshop_wordpress_plugin
 
The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection 2022-06-08 not yet calculated CVE-2022-1685
MISC
MISC
wordpress — formcraft_wordpress_plugin
 
The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-06-08 not yet calculated CVE-2022-1647
MISC
wordpress — livesync_for_wordpress_plugin
 
The LiveSync for WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack 2022-06-08 not yet calculated CVE-2022-1712
MISC
wordpress — logo_slider_wordpress_plugin
 
The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection 2022-06-08 not yet calculated CVE-2022-1687
MISC
MISC
wordpress — multiple_plugins
 
The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed 2022-06-08 not yet calculated CVE-2022-1569
MISC
wordpress — note_press_wordpress_plugin
 
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection 2022-06-08 not yet calculated CVE-2022-1690
MISC
MISC
wordpress — note_press_wordpress_plugin
 
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection 2022-06-08 not yet calculated CVE-2022-1689
MISC
MISC
wordpress — note_press_wordpress_plugin
 
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections 2022-06-08 not yet calculated CVE-2022-1688
MISC
MISC
wordpress — photo_gallery_by_10wev_wordpress_plugin
 
The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed 2022-06-08 not yet calculated CVE-2022-1394
MISC
wordpress — realty_workstation_wordpress_plugin
 
The Realty Workstation WordPress plugin through 1.0.6 does not sanitise and escape the trans_edit parameter before using it in a SQL statement when an agent edit a transaction, leading to an SQL injection 2022-06-08 not yet calculated CVE-2022-1691
MISC
MISC
wordpress — throws_spam_away_wordpress_plugin
 
The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF checks in place when deleting comments (either all, spam, or pending), allowing attackers to make a logged in admin delete comments via a CSRF attack 2022-06-08 not yet calculated CVE-2022-1709
MISC
wordpress — user_meta_wordpress_plugin
 
The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads 2022-06-08 not yet calculated CVE-2022-0779
MISC
wordpress — video_slider_wordpress_plugin
 
The Video Slider WordPress plugin before 1.4.8 does not sanitize or escape some of its video settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed 2022-06-08 not yet calculated CVE-2022-1541
MISC
wordpress — woocommerce_green_wallet_gateway_wordpress_plugin
 
The WooCommerce Green Wallet Gateway WordPress plugin before 1.0.2 does not escape the error_envision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting vulnerability. 2022-06-08 not yet calculated CVE-2022-1673
MISC
wordpress — wp_born_babies_wordpress_plugin
 
The WP Born Babies WordPress plugin through 1.0 does not sanitise and escape some of its fields, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks 2022-06-08 not yet calculated CVE-2022-1506
MISC
wordpress — wp_fundraising_donation_and_crowdfunding_platform_wordpress_plugin
 
The WP Fundraising Donation and Crowdfunding Platform WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via one of it’s REST route, leading to an SQL injection exploitable by unauthenticated users 2022-06-08 not yet calculated CVE-2022-0788
MISC
wordpress — wp_siple_adsense_insertion_wordpress_plugin
 
The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form. 2022-06-08 not yet calculated CVE-2022-1695
MISC
wordpress — wp_statistics_wordpress_plugin
 
The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters 2022-06-08 not yet calculated CVE-2022-1005
MISC
wordpress — wpqa_builder_wordpress_plugin
 
The WPQA Builder WordPress plugin before 5.4 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site. 2022-06-08 not yet calculated CVE-2022-1598
MISC
wordpress — wpqa_builder_wordpress_plugin
 
The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks 2022-06-08 not yet calculated CVE-2022-1597
MISC
wpscan — ask_me_wordpress_theme
 
The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site. 2022-06-08 not yet calculated CVE-2022-1424
MISC
wpscan — ask_me_wordpress_theme
 
The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues 2022-06-08 not yet calculated CVE-2022-1241
MISC
wpscan — discy_wordpress_theme
 
The Discy WordPress theme before 5.2 does not check for CSRF tokens in the AJAX action discy_reset_options, allowing an attacker to trick an admin into resetting the site settings back to defaults. 2022-06-08 not yet calculated CVE-2022-1422
MISC
wpscan — discy_wordpress_theme
 
The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary ‘s settings including payment methods via a CSRF attack 2022-06-08 not yet calculated CVE-2022-1421
MISC
xampp — xampp
 
A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component Installer. The manipulation leads to privilege escalation. It is possible to launch the attack remotely. 2022-06-09 not yet calculated CVE-2017-20018
MISC
MISC
xen_project — xen
 
x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen’s safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited. 2022-06-09 not yet calculated CVE-2022-26362
MLIST
MISC
CONFIRM
xen_project — xen
 
x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen’s safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen’s safety logic doesn’t account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen’s safety logic can incorrectly conclude that the contents of a page is safe. 2022-06-09 not yet calculated CVE-2022-26364
MISC
MLIST
CONFIRM
xen_project — xen
 
x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen’s safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen’s safety logic doesn’t account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen’s safety logic can incorrectly conclude that the contents of a page is safe. 2022-06-09 not yet calculated CVE-2022-26363
MISC
MLIST
CONFIRM
xiaomi — xiaomi
 
A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by out-of-bound read/write and can be exploited by attackers to make denial of service. 2022-06-08 not yet calculated CVE-2020-14125
MISC
xxl-job — xxl-job
 
XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo. 2022-06-03 not yet calculated CVE-2022-29770
MISC
zangband — zangband-data
 
ZAngband zangband-data 2.7.5 is affected by an integer underflow vulnerability in src/tk/plat.c through the variable fileheader.bfOffBits. 2022-06-08 not yet calculated CVE-2021-40589
MISC
zeroshell — zeroshell
 
ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands. 2022-06-11 not yet calculated CVE-2021-41738
MISC
zte — mf297d
 
ZTE’s MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack. 2022-06-09 not yet calculated CVE-2022-23138
MISC
zyxel — gs1200
 
An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack. 2022-06-09 not yet calculated CVE-2022-0823
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

CISA recently updated an anonymous product survey;they’d welcome your feedback.