The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
genians — genian_nac An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability. 2022-03-25 10 CVE-2021-26622
MISC
dlink — dap-1360f1_firmware In DLink DAP-1360 F1 firmware version <=v6.10 in the “webupg” binary, an attacker can use the “file” parameter to execute arbitrary system commands when the parameter is “name=deleteFile” after being authorized. 2022-03-27 10 CVE-2021-44127
MISC
MISC
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_hierarchyHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-25880
CONFIRM
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-25980
CONFIRM
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-26013
CONFIRM
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-26059
CONFIRM
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetLatestDemandNode and GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-26065
CONFIRM
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-26069
CONFIRM
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_hierarchyHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-26338
CONFIRM
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-26349
CONFIRM
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-26514
CONFIRM
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialogECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-26666
CONFIRM
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-26667
CONFIRM
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-26836
CONFIRM
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-26887
CONFIRM
deltaww — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 10 CVE-2022-27175
CONFIRM
netgear — r8500_firmware NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi. 2022-03-26 9 CVE-2022-27945
MISC
netgear — r8500_firmware NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi. 2022-03-26 9 CVE-2022-27946
MISC
netgear — r8500_firmware NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter. 2022-03-26 9 CVE-2022-27947
MISC
cef — fortessa_ftbtld_firmware Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD Smart Lock as of 12-13-2022 allows a remote attacker to disable the lock via an unauthenticated edit to the lock name. 2022-03-25 8.5 CVE-2021-44905
MISC
MISC
impresscms — impresscms ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection. 2022-03-28 7.5 CVE-2021-26599
MISC
MISC
MISC
MISC
impresscms — impresscms ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==). 2022-03-28 7.5 CVE-2021-26600
MISC
MISC
MISC
MISC
netu — mex01_firmware An Buffer Overflow vulnerability leading to remote code execution was discovered in MEX01. Remote attackers can use this vulnerability by using the property that the target program copies parameter values to memory through the strcpy() function. 2022-03-25 7.5 CVE-2021-26621
MISC
predic8 — soa_model An XML External Entity (XXE) vulnerability exists in all versions of soa-model (as of 11.01/2021) in the WSDLParser function. 2022-03-25 7.5 CVE-2021-43090
MISC
totolink — t10_v2_firmware Two Buffer Overflow vulnerabilities exists in T10 V2_Firmware V4.1.8cu.5207_B20210320 in the http_request_parse function when processing host data in the HTTP request process. 2022-03-25 7.5 CVE-2021-43636
MISC
glpi-project — glpi A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated. 2022-03-28 7.5 CVE-2021-44617
MISC
sophos — sfos An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. 2022-03-25 7.5 CVE-2022-1040
CONFIRM
sonicwall — sonicos A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall. 2022-03-25 7.5 CVE-2022-22274
CONFIRM
synology — diskstation_manager Buffer copy without checking size of input (‘Classic Buffer Overflow’) vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. 2022-03-25 7.5 CVE-2022-22687
CONFIRM
westerndigital — my_cloud_pr2100_firmware The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code. 2022-03-25 7.5 CVE-2022-22995
MISC
tuzicms — tuzicms TuziCMS 2.0.6 is affected by SQL injection in \App\Manage\Controller\BannerController.class.php. 2022-03-28 7.5 CVE-2022-23882
MISC
deno — deno Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This vulnerability does not affect users of Deno Deploy. The vulnerability has been patched in Deno 1.20.3. There is no workaround. All users are recommended to upgrade to 1.20.3 immediately. 2022-03-25 7.5 CVE-2022-24783
CONFIRM
notable — notable Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field. 2022-03-27 7.5 CVE-2022-26198
MISC
marky_project — marky Marky commit 3686565726c65756e was discovered to contain a remote code execution (RCE) vulnerability via the Display text fields. This vulnerability allows attackers to execute arbitrary code via injection of a crafted payload. 2022-03-27 7.5 CVE-2022-26205
MISC
dlink — dir-820l_firmware D-Link DIR-820L 1.05B03 was discovered to contain a remote command execution (RCE) vulnerability via the Device Name parameter in /lan.asp. 2022-03-28 7.5 CVE-2022-26258
MISC
MISC
MISC
MISC
xiaohuanxiong_project — xiaohuanxiong Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php. 2022-03-28 7.5 CVE-2022-26268
MISC
eyoucms — eyoucms EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities. 2022-03-28 7.5 CVE-2022-26273
MISC
gradle — enterprise Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API. 2022-03-25 7.5 CVE-2022-27919
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
mruby — mruby User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2. 2022-03-26 6.8 CVE-2022-1071
CONFIRM
MISC
typesettercms — typesetter TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request. 2022-03-25 6.8 CVE-2022-25523
MISC
MISC
MISC
broadcom — tcpreplay tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c. 2022-03-26 6.8 CVE-2022-27940
MISC
broadcom — tcpreplay tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c. 2022-03-26 6.8 CVE-2022-27941
MISC
broadcom — tcpreplay tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c. 2022-03-26 6.8 CVE-2022-27942
MISC
linux — linux_kernel An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system. 2022-03-25 6.6 CVE-2022-0995
MISC
MISC
solarwinds — webhelpdesk SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future. 2022-03-25 6.5 CVE-2021-35254
MISC
MISC
diyhi — bbs A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction.javawhich could let a malicoius user execute arbitrary code. 2022-03-28 6.5 CVE-2021-43097
MISC
diyhi — bbs A File Upload vulnerability exists in bbs v5.3 via QuestionManageAction.java in a getType function. 2022-03-28 6.5 CVE-2021-43098
MISC
diyhi — bbs A File Upload vulnerability exists in bbs 5.3 is via MembershipCardManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. 2022-03-28 6.5 CVE-2021-43101
MISC
diyhi — bbs A File Upload vulnerability exists in bbs 5.3 is via HelpManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. 2022-03-28 6.5 CVE-2021-43102
MISC
diyhi — bbs A File Upload vulnerability exists in bbs 5.3 is via ForumManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. 2022-03-28 6.5 CVE-2021-43103
MISC
moodle — moodle An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default. 2022-03-25 6.5 CVE-2022-0983
MISC
FEDORA
clusterlabs — pcs A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login. 2022-03-25 6.5 CVE-2022-1049
MISC
fork-cms — fork_cms SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1. 2022-03-25 6.5 CVE-2022-1064
MISC
CONFIRM
synology — diskstation_manager Improper neutralization of special elements used in a command (‘Command Injection’) vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors. 2022-03-25 6.5 CVE-2022-22688
CONFIRM
mruby — mruby use after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2. 2022-03-27 6.4 CVE-2022-1106
MISC
CONFIRM
python — pillow Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. 2022-03-28 6.4 CVE-2022-24303
CONFIRM
MISC
alf-banco — alf-banco ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user’s data. Attackers who are able to gain remote or local access to the system are able to read and modify the data. 2022-03-25 6.4 CVE-2022-25577
MISC
duckduckgo — duckduckgo The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window). This could be exploited by tricking users into supplying sensitive information such as credentials, because the address bar would display a legitimate URL, but content would be hosted on the attacker’s web site. 2022-03-25 5.8 CVE-2021-44683
MISC
tinyrise — tinyshop A File Deletion vulnerability exists in TinyShop 3.1.1 in the back_list parameter in controllers\admin.php, which could let a malicious user delete any file such as install.lock to reinstall cms. 2022-03-25 5.5 CVE-2020-21554
MISC
MISC
MISC
MISC
impresscms — impresscms ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal. 2022-03-28 5.5 CVE-2021-26601
MISC
MISC
MISC
MISC
zlib — zlib zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. 2022-03-25 5 CVE-2018-25032
MISC
MISC
MLIST
MLIST
MISC
CONFIRM
MISC
MISC
DEBIAN
MLIST
iptime — nas101_firmware An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s passwords. 2022-03-25 5 CVE-2021-26620
MISC
gnome — caribou A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this flaw to bypass screen-locking applications that leverage Caribou as an input mechanism. The highest threat from this vulnerability is to system availability. 2022-03-25 5 CVE-2021-3567
MISC
yeswiki — yeswiki An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form. 2022-03-25 5 CVE-2021-43091
MISC
MISC
f-secure — safe A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most modern Android OS, dialer application will require user interaction, however, some older Android OS may not need user interaction. 2022-03-25 5 CVE-2021-44751
MISC
deltaww — diaenergie Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product. 2022-03-25 5 CVE-2022-0988
CONFIRM
74cms — 74cms 74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download.php. 2022-03-28 5 CVE-2022-26271
MISC
redhat — keycloak A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak. 2022-03-25 4.3 CVE-2021-20323
MISC
leanote — leanote Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload : <video src=x onerror=(function(){require(‘child_process’).exec(‘calc’);})();> 2022-03-28 4.3 CVE-2021-43721
MISC
spotweb_project — spotweb There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter. 2022-03-28 4.3 CVE-2021-43725
MISC
MISC
open-xchange — ox_app_suite OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat. 2022-03-28 4.3 CVE-2021-44208
MISC
MISC
open-xchange — ox_app_suite OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO. 2022-03-28 4.3 CVE-2021-44209
MISC
MISC
open-xchange — ox_app_suite OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data. 2022-03-28 4.3 CVE-2021-44210
MISC
MISC
open-xchange — ox_app_suite OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring. 2022-03-28 4.3 CVE-2021-44212
MISC
MISC
open-xchange — ox_app_suite OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message. 2022-03-28 4.3 CVE-2021-44213
MISC
MISC
deltaww — cncsoft_screeneditor Delta Electronics CNCSoft (Version 1.01.30) and prior) is vulnerable to an out-of-bounds read while processing a specific project file, which may allow an attacker to disclose information. 2022-03-25 4.3 CVE-2021-44768
CONFIRM
phpipam — phpipam phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality. 2022-03-25 4.3 CVE-2021-46426
MISC
MISC
MISC
mapping_multiple_urls_redirect_same_page_project — mapping_multiple_urls_redirect_same_page The Mapping Multiple URLs Redirect Same Page WordPress plugin through 5.8 does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. 2022-03-28 4.3 CVE-2022-0599
MISC
myceliumdesign — conference_scheduler The Conference Scheduler WordPress plugin before 2.4.3 does not sanitize and escape the tab parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting. 2022-03-28 4.3 CVE-2022-0600
MISC
databasepeek_project — database_peek The Database Peek WordPress plugin through 1.2 does not sanitize and escape the match parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. 2022-03-28 4.3 CVE-2022-0619
MISC
deleteoldorders_project — delete_old_orders The Delete Old Orders WordPress plugin through 0.2 does not sanitize and escape the date parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. 2022-03-28 4.3 CVE-2022-0620
MISC
dtabs_project — dtabs The dTabs WordPress plugin through 1.4 does not sanitize and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. 2022-03-28 4.3 CVE-2022-0621
MISC
ays-pro — popup_like_box The Popup Like box WordPress plugin before 3.6.1 does not sanitize and escape the ays_fb_tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. 2022-03-28 4.3 CVE-2022-0641
MISC
bank_mellat_project — bank_mellat The Bank Mellat WordPress plugin through 1.3.7 does not sanitize and escape the orderId parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. 2022-03-28 4.3 CVE-2022-0643
MISC
bulk_creator_project — bulk_creator The Bulk Creator WordPress plugin through 1.0.1 does not sanitize and escape the post_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. 2022-03-28 4.3 CVE-2022-0647
MISC
statamic — statamic Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user’s password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncover the entire hash. The hash is not present in the response, however the presence or absence of a result confirms if the character is in the right position. The API has throttling enabled by default, making this a time intensive task. Both the REST API and the users endpoint need to be enabled, as they are disabled by default. The issue has been fixed in versions 3.2.39 and above, and 3.3.2 and above. 2022-03-25 4.3 CVE-2022-24784
MISC
MISC
CONFIRM
surveyking — surveyking SurveyKing v0.2.0 was discovered to retain users’ session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application. 2022-03-25 4.3 CVE-2022-25590
MISC
MISC
MISC
simpleajaxchat_project — simple_ajax_chat Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit. 2022-03-25 4.3 CVE-2022-25610
CONFIRM
CONFIRM
yonyou — u8\+ Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp. 2022-03-25 4.3 CVE-2022-26263
MISC
MISC
MISC
maccms — maccms Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters. 2022-03-25 4.3 CVE-2022-26573
MISC
powerdns — authoritative_server In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers. 2022-03-25 4.3 CVE-2022-27227
CONFIRM
CONFIRM
MISC
MISC
MLIST
maccms — maccms Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter. 2022-03-25 4.3 CVE-2022-27884
MISC
maccms — maccms Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters. 2022-03-25 4.3 CVE-2022-27885
MISC
maccms — maccms Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter. 2022-03-25 4.3 CVE-2022-27886
MISC
maccms — maccms Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter. 2022-03-25 4.3 CVE-2022-27887
MISC
mendelson — oftp2 Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To access the vulnerable code path, the attacker has to know one of the configured Odette IDs of the OFTP2 server. An attacker can upload files to the server outside of the intended upload directory. 2022-03-25 4.3 CVE-2022-27906
MISC
MISC
kiwix — libkiwix libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0. 2022-03-25 4.3 CVE-2022-27920
MISC
MISC
FEDORA
libsixel_project — libsixel stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw. 2022-03-26 4.3 CVE-2022-27938
MISC
broadcom — tcpreplay tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c. 2022-03-26 4.3 CVE-2022-27939
MISC
gnu — gcc libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. 2022-03-26 4.3 CVE-2022-27943
MISC
MISC
3cx — 3cx 3CX System through 2022-03-17 stores cleartext passwords in a database. 2022-03-28 4 CVE-2021-45491
MISC
MISC
aapanel — aapanel aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH key(id_rsa). 2022-03-27 4 CVE-2022-26252
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
docker — docker_desktop Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users. 2022-03-25 3.6 CVE-2022-26659
MISC
MISC
MISC
open-xchange — ox_app_suite OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature. 2022-03-28 3.5 CVE-2021-44211
MISC
MISC
student_attendance_management_system_project — student_attendance_management_system A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Student Attendance Management System 1.0 via the couse filed in index.php. 2022-03-29 3.5 CVE-2021-45866
MISC
codedropz — drag_and_drop_multiple_file_upload_-_contact_form_7 The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue 2022-03-28 3.5 CVE-2022-0595
MISC
CONFIRM
shopizer — shopizer A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions v2.0.2 through v2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code. 2022-03-29 3.5 CVE-2022-23059
MISC
MISC
pearadmin — pear_admin_think A Cross Site Scripting (XSS) vulnerability exists in pearadmin pear-admin-think <=5.0.6, which allows a login account to access arbitrary functions and cause stored XSS through a fake User-Agent. 2022-03-29 3.5 CVE-2022-23903
MISC
open-emr — openemr A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0. 2022-03-25 3.5 CVE-2022-24643
MISC
MISC
MISC
douphp — douphp A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file. 2022-03-25 3.5 CVE-2022-25574
MISC
MISC
classcms_project — classcms A stored cross-site scripting (XSS) vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field. 2022-03-25 3.5 CVE-2022-25582
MISC
wp-downloadmanager_project — wp-downloadmanager Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories. 2022-03-25 3.5 CVE-2022-25606
CONFIRM
CONFIRM
press_tigers — simple_event_planner Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][]. 2022-03-25 3.5 CVE-2022-25611
CONFIRM
CONFIRM
press_tigers — simple_event_planner Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact]. 2022-03-25 3.5 CVE-2022-25612
CONFIRM
CONFIRM
joget — joget_dx Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Datalist table. 2022-03-25 3.5 CVE-2022-26197
MISC
MISC
qemu — qemu A flaw was found in the QEMU implementation of VMWare’s paravirtual RDMA device. The issue occurs while handling a “PVRDMA_CMD_CREATE_MR” command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability. 2022-03-25 2.1 CVE-2021-3582
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
iss — blackice_pc_protection
 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipulation as part of POST/PUT/DELETE/OPTIONS Request leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-03-28 not yet calculated CVE-2003-5001
MISC
MISC
MISC
iss — blackice_pc_protection
 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allows cleartext transmission of data. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-03-28 not yet calculated CVE-2003-5002
MISC
iss — blackice_pc_protection
 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection. It has been rated as problematic. Affected by this issue is the Update Handler. The manipulation with an unknown input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-03-28 not yet calculated CVE-2003-5003
MISC
netegrity — siteminder
 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The manipulation of the argument target leads to an open redirect. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-03-28 not yet calculated CVE-2005-10001
MISC
pro2col — stingray_fts
 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in Pro2col Stingray FTS. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-03-28 not yet calculated CVE-2008-10001
MISC
MISC
shemes — grablt
 
A vulnerability, which was classified as problematic, was found in Shemes GrabIt up to 1.7.2 Beta 4. This affects the component NZB Date Parser. The manipulation of the argument date with the input 1000000000000000 as part of a NZB File leads to a denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2022-03-28 not yet calculated CVE-2010-10001
MISC
MISC
MISC
kiddoware — kids_place A vulnerability classified as problematic has been found in Kiddoware Kids Place. This affects the Home Button Protection. A repeated pressing of the button causes a local denial of service. It is recommended to upgrade the affected component. 2022-03-28 not yet calculated CVE-2015-10002
N/A
yubico — ykneo-openpgp
 
Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated. 2022-03-30 not yet calculated CVE-2015-3298
MISC
weka — interest_security_scanner
 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WEKA INTEREST Security Scanner 1.8. It has been rated as problematic. This issue affects some unknown processing of the component HTTP Handler. The manipulation with an unknown input leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-03-28 not yet calculated CVE-2017-20011
MISC
MISC
weka — interest_security_scanner
 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in WEKA INTEREST Security Scanner up to 1.8. Affected is Stresstest Scheme Handler which leads to a denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-03-28 not yet calculated CVE-2017-20012
MISC
MISC
MISC
weka — interest_security_scanner
 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in WEKA INTEREST Security Scanner up to 1.8. Affected by this vulnerability is the Stresstest Configuration Handler. A manipulation leads to a local denial of service. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-03-28 not yet calculated CVE-2017-20013
MISC
MISC
MISC
weka — interest_security_scanner
 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in WEKA INTEREST Security Scanner up to 1.8. Affected by this issue is some unknown functionality of the component Webspider. The manipulation with an unknown input leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-03-28 not yet calculated CVE-2017-20014
MISC
MISC
MISC
weka — interest_security_scanner
 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in WEKA INTEREST Security Scanner up to 1.8. This affects an unknown part of the component LAN Viewer. The manipulation with an unknown input leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-03-28 not yet calculated CVE-2017-20015
MISC
MISC
MISC
weka — interest_security_scanner
 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in WEKA INTEREST Security Scanner up to 1.8 and classified as problematic. This vulnerability affects unknown code of the component Portscan. The manipulation with an unknown input leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-03-28 not yet calculated CVE-2017-20016
MISC
MISC
MISC
mirmay — secure_private_browser_and_file_manager
 
A vulnerability classified as problematic has been found in Mirmay Secure Private Browser and File Manager up to 2.5. Affected is the Auto Lock. A race condition leads to a local authentication bypass. The exploit has been disclosed to the public and may be used. 2022-03-28 not yet calculated CVE-2018-25030
N/A
N/A
MISC
wyze — cam_pan
 
Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32. 2022-03-30 not yet calculated CVE-2019-12266
MISC
linux — business_central_console
 
It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc. 2022-04-01 not yet calculated CVE-2019-14839
MISC
wyze — cam_pan
 
A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32. 2022-03-30 not yet calculated CVE-2019-9564
CONFIRM
inductive_automation — inductive_automation_ignition_7_gateway Sensitive information can be obtained through the handling of serialized data. The issue results from the lack of proper authentication required to query the server 2022-04-01 not yet calculated CVE-2020-14479
MISC
nexusphp — nexusphp
 
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter. 2022-03-30 not yet calculated CVE-2020-24769
MISC
MISC
MISC
nexusphp — nexusphp
 
SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. 2022-03-30 not yet calculated CVE-2020-24770
MISC
MISC
MISC
nexusphp — nexusphp
 
Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content. 2022-03-30 not yet calculated CVE-2020-24771
MISC
MISC
linux — linux
 
A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability. 2022-04-01 not yet calculated CVE-2020-25691
MISC
linux — linux_kernels
 
A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem 2022-03-30 not yet calculated CVE-2020-35501
MISC
android — android
 
In createBluetoothDeviceSlice of ConnectedDevicesSliceProvider.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-185190688 2022-03-30 not yet calculated CVE-2021-1000
MISC
android — android
 
In createGeneralSlice of ConnectedDevicesSliceProvider.java.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-185247656 2022-03-30 not yet calculated CVE-2021-1033
MISC
qualcomm — qualcomm
 
Improper handling of permissions of a shared memory region can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2022-04-01 not yet calculated CVE-2021-1942
CONFIRM
qualcomm — qualcomm
 
Improper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking 2022-04-01 not yet calculated CVE-2021-1950
CONFIRM
linux — linux
 
It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint (port 22623) provides ignition configuration used for bootstrapping Nodes and can include some sensitive data, e.g. registry pull secrets. There are two scenarios where this data can be accessed. The first is on Baremetal, OpenStack, Ovirt, Vsphere and KubeVirt deployments which do not have a separate internal API endpoint and allow access from outside the cluster to port 22623 from the standard OpenShift API Virtual IP address. The second is on cloud deployments when using unsupported network plugins, which do not create iptables rules that prevent to port 22623. In this scenario, the ignition config is exposed to all pods within the cluster and cannot be accessed externally. 2022-04-01 not yet calculated CVE-2021-20238
MISC
linux — linux
 
It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corrected in virt:rhel/qemu-kvm via erratum RHSA-2020:4059 (https://access.redhat.com/errata/RHSA-2020:4059). CVE-2021-20295 was assigned to that Red Hat specific security regression. For more details about the original security issue CVE-2020-10756, refer to bug 1835986 or the CVE page: https://access.redhat.com/security/cve/CVE-2020-10756. 2022-04-01 not yet calculated CVE-2021-20295
MISC
MISC
pfsense — pfsense_ce_and_plus
 
Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL. 2022-03-31 not yet calculated CVE-2021-20729
MISC
MISC
abb — 800xa_control
 
Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite – Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service. 2022-04-01 not yet calculated CVE-2021-22277
MISC
google — data_transfer_project
 
On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other local users on unix-like systems. We recommend upgrading past commit https://github.com/google/data-transfer-project/pull/969 2022-03-29 not yet calculated CVE-2021-22572
CONFIRM
google — data_transfer_project
 
A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine 2022-04-01 not yet calculated CVE-2021-23247
MISC
ipm — intelligent_power_manager
 
The vulnerability exists due to insufficient validation of input of certain resources within the IPM software. This issue affects: Intelligent Power Manager (IPM 1) versions prior to 1.70. 2022-04-01 not yet calculated CVE-2021-23287
MISC
ipp — inteligent_power_protector
 
The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69. 2022-04-01 not yet calculated CVE-2021-23288
MISC
bosch — cpp_firmware
 
A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware. 2022-03-30 not yet calculated CVE-2021-23850
CONFIRM
bosch — cpp_firmware
 
A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware. 2022-03-30 not yet calculated CVE-2021-23851
CONFIRM
wpscan — wpscan
 
The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the “Enable ‘More’ icon” option is enabled (which is the default setting), leading to a Reflected Cross-Site Scripting issue. 2022-03-28 not yet calculated CVE-2021-24746
MISC
wordpress — file_upload_free_and_pro
 
The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution. 2022-03-28 not yet calculated CVE-2021-24962
MISC
CONFIRM
wpscan — osmapper_wordpress_plugin
 
The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named ‘map’ and is registered with the wp_ajax_nopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete is a map one. As a result, unauthenticated user can delete arbitrary posts from the blog 2022-03-28 not yet calculated CVE-2021-24978
MISC
wpscan — pz-linkcard_wordpress
 
The Pz-LinkCard WordPress plugin through 2.4.4.4 does not sanitise and escape multiple parameters before outputting them back in admin dashboard pages, leading to Reflected Cross-Site Scripting issues 2022-03-28 not yet calculated CVE-2021-25012
MISC
wpscan — wow_countdowns_wordpress_plugin
 
The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize user input into the ‘did’ parameter and uses it in a SQL statement, leading to an authenticated SQL Injection. 2022-03-28 not yet calculated CVE-2021-25064
MISC
wpscan — sync_woocommerce_product_feed
 
The Sync WooCommerce Product feed to Google Shopping WordPress plugin through 1.2.4 uses the ‘feed_id’ POST parameter which is not properly sanitized for use in a SQL statement, leading to a SQL injection vulnerability in the admin dashboard 2022-03-28 not yet calculated CVE-2021-25068
MISC
wpscan — black_bad_bots_wordpress_plugin
 
The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue 2022-03-28 not yet calculated CVE-2021-25070
MISC
wpscan — wordpress_plugin
 
The WordPress plugin through 2.0.1 does not sanitise and escape the translation parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting 2022-03-28 not yet calculated CVE-2021-25071
MISC
impresscms — impresscms
 
ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token). 2022-03-28 not yet calculated CVE-2021-26598
MISC
MISC
MISC
MISC
microsoft — bandzip
 
A remote code execution vulnerability due to incomplete check for ‘xheader_decode_path_record’ function’s parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function. 2022-04-01 not yet calculated CVE-2021-26623
MISC
linux — escan_anti-virus_for_ linux
 
An local privilege escalation vulnerability due to a “runasroot” command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to “runasroot” command. This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values. 2022-04-01 not yet calculated CVE-2021-26624
MISC
kaspersky — multiple_products
 
A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS 2022-04-01 not yet calculated CVE-2021-27223
MISC
phillips — vue_pacs
 
Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component. 2022-04-01 not yet calculated CVE-2021-27493
CONFIRM
CONFIRM
phillips — vue_pacs
 
Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. 2022-04-01 not yet calculated CVE-2021-27497
CONFIRM
CONFIRM
phillips — vue_pacs
 
Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities. 2022-04-01 not yet calculated CVE-2021-27501
CONFIRM
CONFIRM
arista — eos_platforms
 
On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field as expected. 2022-04-01 not yet calculated CVE-2021-28504
MISC
snapdragon — multple_products
 
Possible assertion due to improper validation of invalid NR CSI-IM resource configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-04-01 not yet calculated CVE-2021-30328
CONFIRM
snapdragon — multple_products
 
Possible assertion due to improper validation of TCI configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-04-01 not yet calculated CVE-2021-30329
CONFIRM
snapdragon — multple_products
 
Possible buffer overflow due to improper data validation of external commands sent via DIAG interface in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2022-04-01 not yet calculated CVE-2021-30331
CONFIRM
snapdragon — multple_products
 
Possible assertion due to improper validation of OTA configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-04-01 not yet calculated CVE-2021-30332
CONFIRM
snapdragon — multple_products
 
Improper validation of buffer size input to the EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-04-01 not yet calculated CVE-2021-30333
CONFIRM
sick — sick
 
Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system. 2022-04-01 not yet calculated CVE-2021-32503
MISC
mdt_software — mdt_autosave
 
An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument. This could then be leveraged to run a malicious process. 2022-04-01 not yet calculated CVE-2021-32933
CONFIRM
mdt_software — mdt_autosave
 
An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be initiated. 2022-04-01 not yet calculated CVE-2021-32937
CONFIRM
mdt_software — mdt_autosave An attacker could decipher the encryption and gain access to MDT AutoSave versions prior to v6.02.06. 2022-04-01 not yet calculated CVE-2021-32945
CONFIRM
mdt_software — mdt_autosave An attacker could utilize a function in MDT AutoSave versions prior to v6.02.06 that permits changing a designated path to another path and traversing the directory, allowing the replacement of an existing file with a malicious file. 2022-04-01 not yet calculated CVE-2021-32949
CONFIRM
mdt_software — mdt_autosave An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissions, granting the attacker the ability to login. 2022-04-01 not yet calculated CVE-2021-32953
CONFIRM
mdt_software — mdt_autosave
 
A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the executable and is therefore vulnerable to binary hijacking. 2022-04-01 not yet calculated CVE-2021-32957
CONFIRM
rockwell_automation — factorytalk_services_platform
 
Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may allow an attacker to have the same privileges as if they were logged on to the client machine. 2022-04-01 not yet calculated CVE-2021-32960
CONFIRM
CONFIRM
mdt_software — mdt_autosave
 
A getfile function in MDT AutoSave versions prior to v6.02.06 enables a user to supply an optional parameter, resulting in the processing of a request in a special manner. This can result in the execution of an unzip command and place a malicious .exe file in one of the locations the function looks for and get execution capabilities. 2022-04-01 not yet calculated CVE-2021-32961
CONFIRM
moxa — nport
 
Two buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier may allow a remote attacker to cause a denial-of-service condition. 2022-04-01 not yet calculated CVE-2021-32968
CONFIRM
CONFIRM
moxa — nport Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditions. 2022-04-01 not yet calculated CVE-2021-32970
CONFIRM
CONFIRM
moxa — nport Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands. 2022-04-01 not yet calculated CVE-2021-32974
CONFIRM
CONFIRM
moxa — nport Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code. 2022-04-01 not yet calculated CVE-2021-32976
CONFIRM
CONFIRM
phillips — vue_pacs
 
The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information. 2022-04-01 not yet calculated CVE-2021-33018
CONFIRM
CONFIRM
phillips — vue_pacs
 
Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key. 2022-04-01 not yet calculated CVE-2021-33020
CONFIRM
CONFIRM
phillips — vue_pacs
 
Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. 2022-04-01 not yet calculated CVE-2021-33022
CONFIRM
CONFIRM
phillips — vue_pacs
 
Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval. 2022-04-01 not yet calculated CVE-2021-33024
CONFIRM
CONFIRM
blackarrow — mashzone_nextgen The “Register an Ehcache Configuration File” admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file. 2022-03-30 not yet calculated CVE-2021-33208
MISC
MISC
blackarrow — mashzone_nextgen
 
MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occurs in com.idsscheer.ppmmashup.business.jdbc.DriverUploadController. 2022-03-30 not yet calculated CVE-2021-33523
MISC
MISC
blackarrow — mashzone_nextgen MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService. 2022-03-30 not yet calculated CVE-2021-33581
MISC
MISC
sdl — sdl
 
There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution. 2022-04-01 not yet calculated CVE-2021-33657
MISC
splunk — splunk_enterprise
 
The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerability impacts Splunk Enterprise versions before 7.3.9, 8.0 versions before 8.0.9, and 8.1 versions before 8.1.3. It does not impact Universal Forwarders. When Splunk forwarding is secured using TLS or a Token, the attack requires compromising the certificate or token, or both. Implementation of either or both reduces the severity to Medium. 2022-03-25 not yet calculated CVE-2021-3422
MISC
MISC
wordpress — wpanel
 
Multiple Remote Code Execution (RCE) vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to (1) Dashboard’s Avatar image, (2) Posts Folder image, (3) Pages Folder image and (4) Gallery Folder image. 2022-03-31 not yet calculated CVE-2021-34257
MISC
MISC
foreman — salt_plugin
 
An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability. 2022-03-30 not yet calculated CVE-2021-3456
MISC
keycloak — keycloak
 
A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name]. 2022-04-01 not yet calculated CVE-2021-3461
MISC
snapdragon — multple_products
 
Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2022-04-01 not yet calculated CVE-2021-35088
CONFIRM
snapdragon — snapdragon_auto Possible buffer overflow due to lack of input IB amount validation while processing the user command in Snapdragon Auto 2022-04-01 not yet calculated CVE-2021-35089
CONFIRM
snapdragon — multple_products Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2022-04-01 not yet calculated CVE-2021-35103
CONFIRM
snapdragon — multple_products Possible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-04-01 not yet calculated CVE-2021-35105
CONFIRM
snapdragon — multple_products Possible out of bound read due to improper length calculation of WMI message. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-04-01 not yet calculated CVE-2021-35106
CONFIRM
snapdragon — multple_products Possible buffer overflow to improper validation of hash segment of file while allocating memory in Snapdragon Connectivity, Snapdragon Mobile 2022-04-01 not yet calculated CVE-2021-35110
CONFIRM
snapdragon — multple_products Improper handling of multiple session supported by PVM backend can lead to use after free in Snapdragon Auto, Snapdragon Mobile 2022-04-01 not yet calculated CVE-2021-35115
CONFIRM
snapdragon — multple_products
 
An Out of Bounds read may potentially occur while processing an IBSS beacon, in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music 2022-04-01 not yet calculated CVE-2021-35117
CONFIRM
dolibarr — erp_crm An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement. 2022-03-31 not yet calculated CVE-2021-36625
MISC
dolibarr — erp_crm An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service. 2022-03-31 not yet calculated CVE-2021-37517
MISC
mandiant — rsa_archer
 
In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data. 2022-03-30 not yet calculated CVE-2021-38362
MISC
MISC
MISC
linux — linux_kernel
 
An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system. 2022-04-01 not yet calculated CVE-2021-3847
MISC
MISC
android — arraymap
 
In ArrayMap, there is a possible leak of the content of SMS messages due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-184525194 2022-03-30 not yet calculated CVE-2021-39739
MISC
android — messaging
 
In Messaging, there is a possible way to bypass attachment restrictions due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-209965112 2022-03-30 not yet calculated CVE-2021-39740
MISC
android — keymaster
 
In Keymaster, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-173567719 2022-03-30 not yet calculated CVE-2021-39741
MISC
android — voicemail
 
In Voicemail, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-186405602 2022-03-30 not yet calculated CVE-2021-39742
MISC
android — packagemanager
 
In PackageManager, there is a possible way to update the last usage time of another package due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201534884 2022-03-30 not yet calculated CVE-2021-39743
MISC
android — devicepolicymanager
 
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192369136 2022-03-30 not yet calculated CVE-2021-39744
MISC
android — devicepolicymanager
 
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-206127671 2022-03-30 not yet calculated CVE-2021-39745
MISC
android — permissioncontroller
 
In PermissionController, there is a possible way to delete some local files due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194696395 2022-03-30 not yet calculated CVE-2021-39746
MISC
android — settings_provider
 
In Settings Provider, there is a possible way to list values of non-readable global settings due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-208268457 2022-03-30 not yet calculated CVE-2021-39747
MISC
android — inputmethodeditor
 
In InputMethodEditor, there is a possible way to access some files accessible to Settings due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-203777141 2022-03-30 not yet calculated CVE-2021-39748
MISC
android — windowsmanager
 
In WindowManager, there is a possible way to start non-exported and protected activities due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205996115 2022-03-30 not yet calculated CVE-2021-39749
MISC
android — packagemanager
 
In PackageManager, there is a possible way to change the splash screen theme of other apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-206474016 2022-03-30 not yet calculated CVE-2021-39750
MISC
android — settings
 
In Settings, there is a possible way to read Bluetooth device names without proper permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-172838801 2022-03-30 not yet calculated CVE-2021-39751
MISC
android — bubbles
 
In Bubbles, there is a possible way to interfere with Bubbles due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202756848 2022-03-30 not yet calculated CVE-2021-39752
MISC
android — domainverificationservice
 
In DomainVerificationService, there is a possible way to access app domain verification information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200035185 2022-03-30 not yet calculated CVE-2021-39753
MISC
android — contextlmpl
 
In ContextImpl, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:Android ID: A-207133709 2022-03-30 not yet calculated CVE-2021-39754
MISC
android — devicepolicymanager
 
In DevicePolicyManager, there is a possible way to reveal the existence of an installed package without proper query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204995407 2022-03-30 not yet calculated CVE-2021-39755
MISC
android — framework
 
In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-184354287 2022-03-30 not yet calculated CVE-2021-39756
MISC
android — permissionconroller
 
In PermissionController, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-176094662 2022-03-30 not yet calculated CVE-2021-39757
MISC
android — windowmanager
 
In WindowManager, there is a possible way to start a foreground activity from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205130886 2022-03-30 not yet calculated CVE-2021-39758
MISC
android — libstagefright
 
In libstagefright, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-180200830 2022-03-30 not yet calculated CVE-2021-39759
MISC
android — audioservice
 
In AudioService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194110526 2022-03-30 not yet calculated CVE-2021-39760
MISC
android — media
 
In Media, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-179783181 2022-03-30 not yet calculated CVE-2021-39761
MISC
android — tremolo
 
In tremolo, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-210625816 2022-03-30 not yet calculated CVE-2021-39762
MISC
android — settings
 
In Settings, there is a possible way to make the user enable WiFi due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-199176115 2022-03-30 not yet calculated CVE-2021-39763
MISC
android — settings
 
In Settings, there is a possible way to display an incorrect app name due to improper input validation. This could lead to local escalation of privilege via app spoofing with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-170642995 2022-03-30 not yet calculated CVE-2021-39764
MISC
android — gallery
 
In Gallery, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201535427 2022-03-30 not yet calculated CVE-2021-39765
MISC
android — settings
 
In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198296421 2022-03-30 not yet calculated CVE-2021-39766
MISC
android — miniadb
 
In miniadb, there is a possible way to get read/write access to recovery system properties due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201308542 2022-03-30 not yet calculated CVE-2021-39767
MISC
android — settings
 
In Settings, there is a possible way to add an auto-connect WiFi network without the user’s consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202017876 2022-03-30 not yet calculated CVE-2021-39768
MISC
android — device_policy In Device Policy, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-193663287 2022-03-30 not yet calculated CVE-2021-39769
MISC
android — framework
 
In Framework, there is a possible disclosure of the device owner package due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-193033501 2022-03-30 not yet calculated CVE-2021-39770
MISC
android — settings
 
In Settings, there is a possible way to misrepresent which app wants to add a wifi network due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198661951 2022-03-30 not yet calculated CVE-2021-39771
MISC
android — bluetooth
 
In Bluetooth, there is a possible way to access the a2dp audio control switch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-181962322 2022-03-30 not yet calculated CVE-2021-39772
MISC
android — vpnmanagerservice
 
In VpnManagerService, there is a possible disclosure of installed VPN packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191276656 2022-03-30 not yet calculated CVE-2021-39773
MISC
android — bluetooth
 
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205989472 2022-03-30 not yet calculated CVE-2021-39774
MISC
android — people
 
In People, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-206465854 2022-03-30 not yet calculated CVE-2021-39775
MISC
android — nfc
 
In NFC, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192614125 2022-03-30 not yet calculated CVE-2021-39776
MISC
android — telephony
 
In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194743207 2022-03-30 not yet calculated CVE-2021-39777
MISC
android — telecomm
 
In Telecomm, there is a possible way to determine whether an app is installed, without query permissions, due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-196406138 2022-03-30 not yet calculated CVE-2021-39778
MISC
android — getcallstateusingpackage_of_telecom_service
 
In getCallStateUsingPackage of Telecom Service, there is a missing permission check. This could lead to local information disclosure of the call state with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-190400974 2022-03-30 not yet calculated CVE-2021-39779
MISC
android — traceur
 
In Traceur, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204992293 2022-03-30 not yet calculated CVE-2021-39780
MISC
android — smscontroller 
 
In SmsController, there is a possible information disclosure due to a permissions bypass. This could lead to local escalation of privilege and sending sms with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-195311502 2022-03-30 not yet calculated CVE-2021-39781
MISC
android — telephony
 
In Telephony, there is a possible unauthorized modification of the PLMN SIM file due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202760015 2022-03-30 not yet calculated CVE-2021-39782
MISC
android — rcsservice
 
In rcsservice, there is a possible way to modify TTY mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-197960597 2022-03-30 not yet calculated CVE-2021-39783
MISC
android — cellbroadcastreceiver
 
In CellBroadcastReceiver, there is a possible path to enable specific cellular features due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200163477 2022-03-30 not yet calculated CVE-2021-39784
MISC
android — nfc
 
In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192551247 2022-03-30 not yet calculated CVE-2021-39786
MISC
android — systemui
 
In SystemUI, there is a possible arbitrary Activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202506934 2022-03-30 not yet calculated CVE-2021-39787
MISC

android — telecommanager
In TelecomManager, there is a possible way to check if a particular self managed phone account was registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191768014 2022-03-30 not yet calculated CVE-2021-39788
MISC
android — telecom
 
In Telecom, there is a possible leak of TTY mode change due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-203880906 2022-03-30 not yet calculated CVE-2021-39789
MISC
android — dialer
 
In Dialer, there is a possible way to manipulate visual voicemail settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-186405146 2022-03-30 not yet calculated CVE-2021-39790
MISC
android — wallpapermanagerservice
 
In WallpaperManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194112606 2022-03-30 not yet calculated CVE-2021-39791
MISC
gitlab — gitlab
 
In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups. 2022-03-28 not yet calculated CVE-2021-39876
MISC
CONFIRM
MISC
gitlab — gitlab
 
In all versions of GitLab CE/EE, certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI. 2022-04-01 not yet calculated CVE-2021-39908
MISC
CONFIRM
MISC
oasys — oa_system
 
An SQL Injection vulnerability exists in oasys oa_system as of 9/7/2021 in resources/mappers/notice-mapper.xml. 2022-03-30 not yet calculated CVE-2021-40644
MISC
MISC
glorylion — jfinaloa
 
An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController. 2022-03-30 not yet calculated CVE-2021-40645
MISC
MISC
rsa — archer
 
In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint. If the parameters of this request are replaced with empty fields, the attacker achieves access to the precluded functions. 2022-03-30 not yet calculated CVE-2021-41594
MISC
MISC
gitlab — gitlab_ce_ee
 
An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API. 2022-03-28 not yet calculated CVE-2021-4191
MISC
MISC
CONFIRM
pixelimity — pixelimity
 
A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the Site Description field in pixelimity/admin/setting.php 2022-03-31 not yet calculated CVE-2021-42866
MISC
danpros — htmly
 
A Cross Site Scripting (XSS) vulnerability exists in DanPros htmly 2.8.1 via the Description field in (1) admin/config, and (2) index.php pages. 2022-03-31 not yet calculated CVE-2021-42867
MISC
MISC
chikista — patient_management_software
 
A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 in the first_name parameter in (1) patient/insert, (2) patient_report, (3) appointment_report, (4) visit_report, and (5) bill_detail_report pages. . 2022-03-31 not yet calculated CVE-2021-42868
MISC
MISC
chikista — patient_management_software
 
A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 via the last_name parameter in the (1) patient/insert, (2) patient_report, (3) /appointment_report, (4) visit_report, and (5) /bill_detail_report pages. 2022-03-31 not yet calculated CVE-2021-42869
MISC
MISC
draytek — vigor
 
A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code. 2022-03-29 not yet calculated CVE-2021-42911
MISC
htmly — htmly
 
A Cross Site Scripting (XSS) vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page. 2022-03-31 not yet calculated CVE-2021-42946
MISC
cbkhwx — cxuucms Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter. 2022-03-29 not yet calculated CVE-2021-42970
MISC
diyhi — bbs
 
An Archive Extraction (AKA “Zip Slip) vulnerability exists in bbs 5.3 in the UpgradeNow function in UpgradeManageAction.java, which unzips the arbitrary upladed zip file without checking filenames. The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). 2022-03-28 not yet calculated CVE-2021-43099
MISC
diyhi — bbs A File Upload vulnerability exists in bbs 5.3 is via TopicManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. 2022-03-28 not yet calculated CVE-2021-43100
MISC
technitium — dns_server
 
A vulnerability in the bailiwick checking function in Technitium DNS Server <= v7.0 exists that allows specific malicious users to inject `NS` records of any domain (even TLDs) into the cache and conduct a DNS cache poisoning attack. 2022-03-28 not yet calculated CVE-2021-43105
MISC
online_shopping_system — online_shopping_system An SQL Injection vulnerability exits in PuneethReddyHC online-shopping-system as of 11/01/2021 via the p parameter in product.php. 2022-03-29 not yet calculated CVE-2021-43109
MISC
online_shopping_system — online_shopping_system An Access Conrol vulnerability exists in PuneethReddyHC online-shopping-system as of 11/01/2021 in add_products. 2022-03-29 not yet calculated CVE-2021-43110
MISC
draytek — vigor
 
A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious user execute arbitrary code. 2022-03-29 not yet calculated CVE-2021-43118
MISC
joxsaxbeaninput — joxsaxbeaninput
 
An XML External Entity (XXE) vulnerability exists in wuta jox 1.16 in the readObject method in JOXSAXBeanInput. 2022-03-30 not yet calculated CVE-2021-43142
MISC
hoosk — hoosk
 
A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website. 2022-03-31 not yet calculated CVE-2021-43478
MISC
secretary — secretary
 
A Remote Code Execution (RCE) vulnerability exists in The-Secretary 2.5 via install.php. 2022-03-31 not yet calculated CVE-2021-43479
MISC
simple_client_management_system — simple_client_management_system 
 
A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request. 2022-03-31 not yet calculated CVE-2021-43484
MISC
ssocourcecodester — simple_client_management_system
 
Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Management System v1 via (1) Add new Client and (2) Add new invoice. 2022-03-31 not yet calculated CVE-2021-43505
MISC
ssocourcecodester — simple_client_management_system
 
An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in Login.php. 2022-03-31 not yet calculated CVE-2021-43506
MISC
totolink — ex300
 
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp. 2022-03-31 not yet calculated CVE-2021-43661
MISC
totolink — ex300 totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption. 2022-03-31 not yet calculated CVE-2021-43662
MISC
totolink — ex300 totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check. 2022-03-31 not yet calculated CVE-2021-43663
MISC
totolink — ex300
 
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component process&nbsp;forceugpo. 2022-03-30 not yet calculated CVE-2021-43664
MISC
cszcms — cszcms CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters. 2022-03-29 not yet calculated CVE-2021-43701
MISC
MISC
MISC
maccmspro — maccms
 
Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter. 2022-03-31 not yet calculated CVE-2021-43707
MISC
dlink — dir_645
 
D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size. 2022-03-31 not yet calculated CVE-2021-43722
MISC
MISC
open5gs — open5gs
 
A buffer overflow vulnerability exists in the AMF of open5gs 2.1.4. When the length of MSIN in Supi exceeds 24 characters, it leads to AMF denial of service. 2022-03-29 not yet calculated CVE-2021-44081
MISC
pentest — pentest
 
textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request. 2022-03-29 not yet calculated CVE-2021-44082
MISC
MISC
MISC
konga — konga
 
Vertical Privilege Escalation in KONGA 0.14.9 allows attackers to higher privilege users to full administration access. The attack vector is a crafted condition, as demonstrated by the /api/user/{ID} at ADMIN parameter. 2022-03-28 not yet calculated CVE-2021-44103
MISC
MISC
hiby — hiby
 
Hiby Music Hiby OS R3 Pro 1.5 and 1.6 is vulnerable to Directory Traversal. The HTTP Server does not have enough input data sanitization when shown data from SD Card, an attacker can navigate through the device’s File System over HTTP. 2022-03-28 not yet calculated CVE-2021-44124
MISC
MISC
pagekit — pagekit
 
pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing. 2022-04-01 not yet calculated CVE-2021-44135
MISC
firmware_analysis_and_comparison_tool — firmware_analysis_and_comparison_tool
 
An issue was discovered in Firmware Analysis and Comparison Tool v3.2. With administrator privileges, the attacker could perform stored XSS attacks by inserting JavaScript and HTML code in user creation functionality. 2022-03-30 not yet calculated CVE-2021-44310
MISC
firmware_analysis_and_comparison_tool — firmware_analysis_and_comparison_tool
 
An issue was discovered in Firmware Analysis and Comparison Tool v3.2. Logged in administrators could be targeted by a CSRF attack through visiting a crafted web page. 2022-03-30 not yet calculated CVE-2021-44312
MISC
kreado — kreasfero
 
An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter. 2022-03-29 not yet calculated CVE-2021-44581
MISC
MISC
mepsan — usc
 
A vulnerability in MEPSAN’s USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords. 2022-03-30 not yet calculated CVE-2021-45031
CONFIRM
3cx — 3cx_client_for_windows The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation. 2022-03-28 not yet calculated CVE-2021-45490
MISC
MISC
sourcecodester — student_attendance_manageent_system A File Upload vulnerability exists in Sourcecodester Student Attendance Manageent System 1.0 via the file upload functionality. 2022-03-29 not yet calculated CVE-2021-45865
MISC
vivoh — webinar_manager
 
Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. When a user logs in to the administration configuration web portlet, a VIVOH_AUTH cookie is assigned so that they can be uniquely identified. Certain APIs can be successfully executed without proper authentication. This can let an attacker impersonate as victim and make state changing requests on their behalf. 2022-03-30 not yet calculated CVE-2021-45900
MISC
MISC
totolink — a3100r
 
In Totolink A3100R V5.9c.4577, “test.asp” contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication. 2022-03-30 not yet calculated CVE-2021-46006
MISC
MISC
MISC
totolink — a3100r

 
totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the “ping” command, and the input field does not adequately filter special symbols. This can lead to command injection attacks. 2022-03-30 not yet calculated CVE-2021-46007
MISC
MISC
MISC
totolink — a3100r
 
In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on. 2022-03-30 not yet calculated CVE-2021-46008
MISC
MISC
MISC
totolink — a3100r
 
In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies. 2022-03-30 not yet calculated CVE-2021-46009
MISC
MISC
MISC
totolink — a3100r
 
Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSION_ID is predictable. An attacker can hijack a valid session and conduct further malicious operations. 2022-03-30 not yet calculated CVE-2021-46010
MISC
MISC
MISC
fenom_template — fenom
 
In fenom 2.12.1 and before, there is a way in fenom/src/Fenom/Template.php function getTemplateCode()to bypass sandbox to execute arbitrary PHP code when disable_native_funcs is true. 2022-03-28 not yet calculated CVE-2021-46433
MISC
emqx — dashboard
 
** UNSUPPORTED WHEN ASSIGNED ** EMQ X Dashboard V3.0.0 is affected by username enumeration in the “/api /v3/auth” interface. When a user login, the application returns different results depending on whether the account is correct, that allowed an attacker to determine if a given username was valid. 2022-03-28 not yet calculated CVE-2021-46434
MISC
firebase — php
 
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way to use the PHP-JWT library unsafely, but might not be considered a vulnerability in the library itself. 2022-03-29 not yet calculated CVE-2021-46743
MISC
gitlab — gitlab
 
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL certificates for some of external CI services which makes it possible to perform MitM attacks on connections to these external services. 2022-03-28 not yet calculated CVE-2022-0123
CONFIRM
MISC
gitlab — gitlab
 
A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature. 2022-03-28 not yet calculated CVE-2022-0136
MISC
CONFIRM
MISC
gitlab — gitlab
 
A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked. 2022-03-28 not yet calculated CVE-2022-0249
MISC
MISC
CONFIRM
gitlab — gitlab
 
An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the request to the attacker specified URL. 2022-03-28 not yet calculated CVE-2022-0283
MISC
CONFIRM
sophos — sophos_firewall
 
An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older. 2022-03-29 not yet calculated CVE-2022-0331
CONFIRM
zyxel — cgi_program
 
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device. 2022-03-28 not yet calculated CVE-2022-0342
CONFIRM
android — android
 
A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user (typically a developer) manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2 2022-03-29 not yet calculated CVE-2022-0343
MISC
gitlab– gitlab
 
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 14.5.4, all versions starting from 10.1 before 14.6.4, all versions starting from 10.2 before 14.7.1. Private project paths can be disclosed to unauthorized users via system notes when an Issue is closed via a Merge Request and later moved to a public project 2022-03-28 not yet calculated CVE-2022-0344
MISC
CONFIRM
MISC
github — github_repository
 
Cross-site Scripting (XSS) – Stored in GitHub repository vanessa219/vditor prior to 3.8.13. 2022-03-31 not yet calculated CVE-2022-0350
MISC
CONFIRM
gitlab — gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. GitLab search may allow authenticated users to search other users by their respective private emails even if a user set their email to private. 2022-03-28 not yet calculated CVE-2022-0371
MISC
CONFIRM
gitlab — gitlab Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address 2022-04-01 not yet calculated CVE-2022-0373
MISC
MISC
CONFIRM
wpscan — interactive_medical_drawing_of_human_body
 
The Interactive Medical Drawing of Human Body WordPress plugin through 1.0 does not sanitise and escape the Link field, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-03-28 not yet calculated CVE-2022-0388
MISC
gitlab — gitlab
 
Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard. 2022-04-01 not yet calculated CVE-2022-0390
CONFIRM
MISC
MISC
wpscan — wpc_smart_wishlist_for_woocommerce_
wordpress_plugin
The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 does not sanitise and escape the key parameter before outputting it back in the wishlist_quickview AJAX action’s response (available to any authenticated user), leading to a Reflected Cross-Site Scripting 2022-03-28 not yet calculated CVE-2022-0397
MISC
irker — irc_gateway_integration
 
A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks. 2022-04-01 not yet calculated CVE-2022-0425
MISC
CONFIRM
gitlab — jupyter_notebooks
 
Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user’s behalf leading to potential account takeover 2022-03-28 not yet calculated CVE-2022-0427
MISC
CONFIRM
MISC
wpscan — menu_image
 
The Menu Image, Icons made easy WordPress plugin before 3.0.8 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any authenticate users, such as subscriber can update the settings or arbitrary menu and put Cross-Site Scripting payloads in them which will be triggered in the related menu in the frontend 2022-03-28 not yet calculated CVE-2022-0450
MISC
wpscan — popup_builder_wordpress_plugin
 
The Popup Builder WordPress plugin before 4.1.1 does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard, leading to a SQL injection, which could also be used to perform Reflected Cross-Site Scripting attack against a logged in admin opening a malicious link 2022-03-28 not yet calculated CVE-2022-0479
CONFIRM
MISC
gitlab — gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. It was possible to trigger a timeout on a page with markdown by using a specific amount of block-quotes. 2022-03-28 not yet calculated CVE-2022-0488
CONFIRM
MISC
gitlab — gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments. 2022-04-01 not yet calculated CVE-2022-0489
MISC
MISC
CONFIRM
wpscan — string_locator_wordpress_plugin The String locator WordPress plugin before 2.5.0 does not properly validate the path of the files to be searched, allowing high privilege users such as admin to query arbitrary files on the web server via a path traversal vector. Furthermore, due to a flaw in the search, allowing a pattern to be provided, which will be used to output the relevant matches from the matching file, all content of the file can be disclosed. 2022-03-28 not yet calculated CVE-2022-0493
MISC
CONFIRM
wpscan — sermon_browser_wordpress_plugin
 
The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones. 2022-03-28 not yet calculated CVE-2022-0499
MISC
gitlab — gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain conditions, GitLab REST API may allow unprivileged users to add other users to groups even if that is not possible to do through the Web UI. 2022-03-28 not yet calculated CVE-2022-0549
MISC
CONFIRM
wpscan — narnoo_distributor_wordpress_plugin
 
The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path parameter before it is passed into a call to require() via the narnoo_distributor_lib_request AJAX action (available to both unauthenticated and authenticated users) which results in the disclosure of arbitrary files as the content of the file is then displayed in the response as JSON data. This could also lead to RCE with various tricks but depends on the underlying system and it’s configuration. 2022-03-28 not yet calculated CVE-2022-0679
MISC
wpscan — plezi_wordpress_plugin
 
The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing unauthenticated users to update the plz_configuration_tracker_enable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue 2022-03-28 not yet calculated CVE-2022-0680
MISC
wpscan — amelia_wordpress_plugin
 
The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other’s booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it. 2022-03-28 not yet calculated CVE-2022-0720
MISC
gitlab — gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands. 2022-03-28 not yet calculated CVE-2022-0735
CONFIRM
MISC
gitlab — gitlab
 
An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions. 2022-03-28 not yet calculated CVE-2022-0738
MISC
CONFIRM
gitlab — gitlab
 
Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses. 2022-04-01 not yet calculated CVE-2022-0741
MISC
MISC
CONFIRM
gitlab — gitlab
 
Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an attacker to create Snippets with misleading content which could trick unsuspecting users into executing arbitrary commands 2022-03-28 not yet calculated CVE-2022-0751
MISC
CONFIRM
MISC
wpscan — translate_wordpress_with_gtranslate_wordpress_plugin
 
The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in some files, and write debug data such as user’s cookies in a publicly accessible file if a specific parameter is used when requesting them. Combining those two issues, an attacker could gain access to a logged in admin cookies by making them open a malicious link or page 2022-03-28 not yet calculated CVE-2022-0770
MISC
wpscan — title_experiements_free_wordpress_plugin
 
The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection 2022-03-28 not yet calculated CVE-2022-0784
MISC
wpscan — limit_login_attempts_wordpress_plugin
 
The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections 2022-03-28 not yet calculated CVE-2022-0787
MISC
wpscan — woocommerce_affiliate_plugin_wordpress_plugin
 
The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin. 2022-03-28 not yet calculated CVE-2022-0818
MISC
wpscan — church_admin_wordpress_plugin
 
The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the “refresh-backup” action, and simultaneously keep requesting a publicly accessible temporary file generated by the plugin in order to disclose the final backup filename, which can then be fetched by the attacker to download the backup of the plugin’s DB data 2022-03-28 not yet calculated CVE-2022-0833
MISC
wpscan — speakout!_email_petitions_wordpress_plugin
 
The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users 2022-03-28 not yet calculated CVE-2022-0846
MISC
phillips — e_alert
 
The software does not perform any authentication for critical system functionality. 2022-04-01 not yet calculated CVE-2022-0922
MISC
deltaww — diaenergie
 
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-03-29 not yet calculated CVE-2022-0923
CONFIRM
linux — linux_kernel 
 
An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system. 2022-03-30 not yet calculated CVE-2022-0998
MISC
MLIST
rockwell_automation — isagraf
 
When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality. 2022-04-01 not yet calculated CVE-2022-1018
MISC
crater_invoice — crater
 
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6. 2022-03-29 not yet calculated CVE-2022-1032
MISC
CONFIRM
archive — archive
 
Guest driver might execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition. 2022-03-29 not yet calculated CVE-2022-1050
MISC
linux — linux_kernel
 
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 2022-03-29 not yet calculated CVE-2022-1055
CONFIRM
CONFIRM
CONFIRM
libtiff — libtiff
 
Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd. 2022-03-28 not yet calculated CVE-2022-1056
MISC
CONFIRM
MISC
modbus_tools — modbus_slave
 
Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used. 2022-04-01 not yet calculated CVE-2022-1068
CONFIRM
automatic_question_paper_generator — automatic_question_paper_generator
 
A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as critical. An attack leads to privilege escalation. The attack can be launched remotely. 2022-03-29 not yet calculated CVE-2022-1073
MISC
tem — flex
 
A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified as problematic. Using the input <h1>HTML Injection</h1> in the WiFi settings of the dashboard leads to html injection. 2022-03-29 not yet calculated CVE-2022-1074
MISC
college_website_management_system — college_website_management_system
 
A vulnerability was found in College Website Management System 1.0 and classified as problematic. Affected by this issue is the file /cwms/classes/Master.php?f=save_contact of the component Contact Handler. The manipulation leads to persistent cross site scripting. The attack may be launched remotely and requires authentication. 2022-03-29 not yet calculated CVE-2022-1075
MISC
MISC
automatic_question_paper_generator — automatic_question_paper_generator
 
A vulnerability was found in Automatic Question Paper Generator System 1.0. It has been classified as problematic. This affects the file /aqpg/users/login.php of the component My Account Page. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely. 2022-03-29 not yet calculated CVE-2022-1076
MISC
tem — flex
 
A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication. 2022-03-29 not yet calculated CVE-2022-1077
MISC
sourcecodester — college_website_management_system
 
A vulnerability was found in SourceCodester College Website Management System 1.0. It has been classified as critical. Affected is the file /cwms/admin/?page=articles/view_article/. The manipulation of the argument id with the input ‘ and (select * from(select(sleep(10)))Avx) and ‘abc’ = ‘abc with an unknown input leads to sql injection. It is possible to launch the attack remotely and without authentication. 2022-03-29 not yet calculated CVE-2022-1078
MISC
sourcecodester — one_church_management_system
 
A vulnerability classified as problematic has been found in SourceCodester One Church Management System. Affected are multiple files and parameters which are prone to to cross site scripting. It is possible to launch the attack remotely. 2022-03-29 not yet calculated CVE-2022-1079
MISC
sourcecodester — one_church_management_system

 
A vulnerability was found in SourceCodester One Church Management System 1.0. It has been declared as critical. This vulnerability affects code of the file attendancy.php as the manipulation of the argument search2 leads to sql injection. The attack can be initiated remotely. 2022-03-29 not yet calculated CVE-2022-1080
MISC
sourcecodester — microfinance_management_system

 
A vulnerability was found in SourceCodester Microfinance Management System 1.0. It has been declared as problematic. This vulnerability affects the file /mims/app/addcustomerHandler.php. The manipulation of the argument first_name, middle_name, and surname leads to cross site scripting. The attack can be initiated remotely. 2022-03-29 not yet calculated CVE-2022-1081
MISC
sourcecodester — microfinance_management_system
 
A vulnerability was found in SourceCodester Microfinance Management System 1.0. It has been rated as critical. This issue affects the file /mims/login.php of the Login Page. The manipulation of the argument username/password with the input ‘||1=1# leads to sql injection. The attack may be initiated remotely. 2022-03-29 not yet calculated CVE-2022-1082
MISC
sourcecodester — microfinance_management_system
 
A vulnerability classified as critical has been found in Microfinance Management System. The manipulation of arguments like customer_type_number/account_number/account_status_number/account_type_number with the input ‘ and (select * from(select(sleep(10)))Avx) and ‘abc’ = ‘abc leads to sql injection in multiple files. It is possible to launch the attack remotely. 2022-03-29 not yet calculated CVE-2022-1083
MISC
sourcecodester — one_church_management_system
 
A vulnerability classified as critical was found in SourceCodester One Church Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /one_church/userregister.php. The manipulation leads to authentication bypass. The attack can be launched remotely. 2022-03-29 not yet calculated CVE-2022-1084
MISC
cltphp — cltphp
 
A vulnerability was found in CLTPHP up to 6.0. It has been declared as problematic. Affected by this vulnerability is the POST Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2022-03-29 not yet calculated CVE-2022-1085
MISC
dolphinphp — dolphinphp
 
A vulnerability was found in DolphinPHP up to 1.5.0 and classified as problematic. Affected by this issue is the User Management Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2022-03-29 not yet calculated CVE-2022-1086
MISC
MISC
htmly — htmly
 
A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The manipulation of the field Title with script tags leads to persistent cross site scripting. The attack may be initiated remotely and requires an authentication. A simple POC has been disclosed to the public and may be used. 2022-03-29 not yet calculated CVE-2022-1087
MISC
MISC
MISC
deltaww — diaenergie
 
Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges 2022-04-01 not yet calculated CVE-2022-1098
CONFIRM
openjpeg2 — fedora
 
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service. 2022-03-29 not yet calculated CVE-2022-1122
MISC
FEDORA
vim — vim
 
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. 2022-03-30 not yet calculated CVE-2022-1154
CONFIRM
MISC
snipe — snipe
 
Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10. 2022-03-30 not yet calculated CVE-2022-1155
MISC
CONFIRM
rockwell — automation_studio_5000_logix_designer
 
Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user. 2022-04-01 not yet calculated CVE-2022-1159
CONFIRM
vim — vim
 
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. 2022-03-30 not yet calculated CVE-2022-1160
CONFIRM
MISC
minewebs — minewebcms
 
Cross-site Scripting (XSS) – Stored in GitHub repository mineweb/minewebcms prior to next. 2022-03-30 not yet calculated CVE-2022-1163
MISC
CONFIRM
gpac — gpac
 
Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV. 2022-03-30 not yet calculated CVE-2022-1172
MISC
CONFIRM
livehelperchat — livehelperchat
 
Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96. 2022-03-31 not yet calculated CVE-2022-1176
CONFIRM
MISC
openemr — openemr
 
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0. 2022-03-30 not yet calculated CVE-2022-1177
CONFIRM
MISC
openemr — openemr

 
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. 2022-03-30 not yet calculated CVE-2022-1178
CONFIRM
MISC
openemr — openemr
 
Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. 2022-03-30 not yet calculated CVE-2022-1179
MISC
CONFIRM
openemr — openemr
 
Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. 2022-03-30 not yet calculated CVE-2022-1180
MISC
CONFIRM
openemr — openemr
 
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2. 2022-03-30 not yet calculated CVE-2022-1181
MISC
CONFIRM
livehelperchat — livehelperchat
 
SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96. 2022-03-31 not yet calculated CVE-2022-1191
CONFIRM
MISC
mruby — mruby
 
NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system. 2022-04-02 not yet calculated CVE-2022-1201
CONFIRM
MISC
radareorg — radare2
 
Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary. 2022-04-01 not yet calculated CVE-2022-1207
MISC
CONFIRM
android — incfs
 
In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198657657 2022-03-30 not yet calculated CVE-2022-20002
MISC
cocoapods — cocoapods
 
The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function (when using hg), the url (and/or revision, tag, branch) is passed to the hg clone command in a way that additional flags can be set. The additional flags can be used to perform a command injection. 2022-04-01 not yet calculated CVE-2022-21223
MISC
MISC
mastermind — vcs
 
The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection. 2022-04-01 not yet calculated CVE-2022-21235
MISC
MISC
nvidia — cuda_toolkit_sdk
 
NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted file and locally execute cuobjdump against the file. Such an attack may lead to remote code execution that causes complete denial of service and an impact on data confidentiality and integrity. 2022-03-29 not yet calculated CVE-2022-21821
CONFIRM
rocketchat — livechat
 
A blind self XSS vulnerability exists in RocketChat LiveChat <v1.9 that could allow an attacker to trick a victim pasting malicious code in their chat instance. 2022-04-01 not yet calculated CVE-2022-21830
MISC
rancher_desktop — suse_security_incidents
 
A Improper Access Control vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V. 2022-04-01 not yet calculated CVE-2022-21947
CONFIRM
ibm — ibm_security_vertify_access
 
IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens. 2022-03-31 not yet calculated CVE-2022-22311
CONFIRM
XF
ibm — urbancode_deploy
 
IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859. 2022-04-01 not yet calculated CVE-2022-22327
CONFIRM
XF
ibm — sterlingpartner_engagement_manager
 
IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious user to elevate their privileges and perform unintended operations to another users data. IBM X-Force ID: 218871. 2022-04-01 not yet calculated CVE-2022-22328
CONFIRM
XF
ibm — sterlingpartner_engagement_manager
 
IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 219130. 2022-04-01 not yet calculated CVE-2022-22331
CONFIRM
XF
ibm — sterlingpartner_engagement_manager
 
IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. IBM X-Force ID: 219131. 2022-04-01 not yet calculated CVE-2022-22332
XF
CONFIRM
app_connect_enterprise_certified_container_dashboard IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting. 2022-04-01 not yet calculated CVE-2022-22404
XF
CONFIRM
unifi — door_access_reader_lite
 
A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a malicious actor who has gained access to a network to control all connected UA devices. This vulnerability is fixed in Version 3.8.31.13 and later. 2022-04-01 not yet calculated CVE-2022-22570
MISC
tibco — managed_file_transfer_platform_server
 
The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.’s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below. 2022-03-30 not yet calculated CVE-2022-22772
CONFIRM
CONFIRM
saltstack — salt
 
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data. 2022-03-29 not yet calculated CVE-2022-22934
MISC
MISC
MISC
saltstack — salt
 
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master. 2022-03-29 not yet calculated CVE-2022-22935
MISC
MISC
MISC
saltstack — salt
 
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios. 2022-03-29 not yet calculated CVE-2022-22936
MISC
MISC
MISC
saltstack — salt
 
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid, allowing configured users to target any of the minions connected to the syndic with their configured commands. This requires a syndic master combined with publisher_acl configured on the Master-of-Masters, allowing users specified in the publisher_acl to bypass permissions, publishing authorized commands to any configured minion. 2022-03-29 not yet calculated CVE-2022-22941
MISC
MISC
MISC
vmware — vcenter_server
 
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information. 2022-03-29 not yet calculated CVE-2022-22948
MISC
spring_by_vmware — spring_framework
 
n Spring Framework versions 5.3.0 – 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. 2022-04-01 not yet calculated CVE-2022-22950
MISC
spring_by_vmware — spring_cloud_function
 
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. 2022-04-01 not yet calculated CVE-2022-22963
MISC
CISCO
CONFIRM
spring_by_vmware — spring_framework
 
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. 2022-04-01 not yet calculated CVE-2022-22965
MISC
CISCO
CONFIRM
link — nippon_telegraph_and_telephone_east_corporation
 
Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier) allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file. 2022-03-31 not yet calculated CVE-2022-22986
MISC
MISC
MISC
westerndigital — g_raid
 
The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the system user. 2022-03-30 not yet calculated CVE-2022-22996
MISC
zte — home_gateway
 
There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page. 2022-03-30 not yet calculated CVE-2022-23136
MISC
dell — wyse_management_suite
 
Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. A malicious user with admin privileges can exploit this vulnerability in order to execute arbitrary code on the system. 2022-04-01 not yet calculated CVE-2022-23155
CONFIRM
dell — wyse_device_agent
 
Wyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. A malicious user could potentially exploit this vulnerability by providing invalid input in order to obtain a connection to WMS server. 2022-04-01 not yet calculated CVE-2022-23156
CONFIRM
dell — wyse_device_agent
 
Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A authenticated malicious user could potentially exploit this vulnerability in order to view sensitive information from the WMS Server. 2022-04-01 not yet calculated CVE-2022-23157
CONFIRM
dell — wyse_device_agent
 
Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with standard privilege could potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server 2022-04-01 not yet calculated CVE-2022-23158
CONFIRM
link — advanced_custom_fields
 
Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the information on the database without the access permission. 2022-03-31 not yet calculated CVE-2022-23183
MISC
MISC
MISC
joomla — joomla
 
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path. 2022-03-30 not yet calculated CVE-2022-23793
MISC
MISC
joomla — joomla
 
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application. 2022-03-30 not yet calculated CVE-2022-23794
MISC
joomla — joomla
 
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover. 2022-03-30 not yet calculated CVE-2022-23795
MISC
joomla — joomla
 
An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields. 2022-03-30 not yet calculated CVE-2022-23796
MISC
joomla — joomla
 
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection. 2022-03-30 not yet calculated CVE-2022-23797
MISC
joomla — joomla
 
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not. 2022-03-30 not yet calculated CVE-2022-23798
MISC
joomla — joomla
 
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data. 2022-03-30 not yet calculated CVE-2022-23799
MISC
joomla — joomla
 
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components. 2022-03-30 not yet calculated CVE-2022-23800
MISC
joomla — joomla
 
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media. 2022-03-30 not yet calculated CVE-2022-23801
MISC
ruoyi — ruoyi
 
RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file. 2022-03-30 not yet calculated CVE-2022-23868
MISC
ruoyi — ruoyi
 
In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request. 2022-03-30 not yet calculated CVE-2022-23869
MISC
mojang — bedrock_dedicated_server
 
Mojang Bedrock Dedicated Server 1.18.2 is affected by an integer overflow leading to a bound check bypass caused by PurchaseReceiptPacket::_read (packet deserializer). 2022-03-28 not yet calculated CVE-2022-23884
MISC
src/dfa/dead_rules.cc — src/dfa/dead_rules.cc
 
A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc. 2022-03-29 not yet calculated CVE-2022-23901
MISC
wind_riverr — vxworks
 
In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenario. 2022-03-29 not yet calculated CVE-2022-23937
MISC
MISC
snyk — snyk
 
The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-24433](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199) which only patches against the git fetch attack vector. A similar use of the –upload-pack feature of git is also supported for git clone, which the prior fix didn’t cover. 2022-04-01 not yet calculated CVE-2022-24066
CONFIRM
CONFIRM
CONFIRM
CONFIRM
douphp — douphp
 
DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution. 2022-03-30 not yet calculated CVE-2022-24131
MISC
phpshe — phpshe
 
phpshe V1.8 is affected by a denial of service (DoS) attack in the registry’s verification code, which can paralyze the target service. 2022-03-30 not yet calculated CVE-2022-24132
MISC
qingscan — qingscan
 
QingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability in all search functions. 2022-03-30 not yet calculated CVE-2022-24135
MISC
hospital_management_system — hospital_management_system
 
Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it. 2022-03-31 not yet calculated CVE-2022-24136
MISC
pkp — pkp_lib
 
Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header. 2022-04-01 not yet calculated CVE-2022-24181
MISC
pfsense — pfsense
 
Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command. 2022-03-31 not yet calculated CVE-2022-24299
MISC
MISC
dell — command
 
Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation. 2022-04-01 not yet calculated CVE-2022-24426
CONFIRM
cocoapods-downloader — cocoapods-downloader
 
The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocess_options function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection. 2022-04-01 not yet calculated CVE-2022-24440
MISC
MISC
MISC
baicells — nova436
 
Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.) 2022-03-30 not yet calculated CVE-2022-24693
MISC
MISC
MISC
jupyter — notebook
 
The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter notebook version 6.4.x contains a patch for this issue. There are currently no known workarounds. 2022-03-31 not yet calculated CVE-2022-24758
CONFIRM
pjsip — pjsip
 
PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP’s XML parsing in their apps. Users are advised to update. There are no known workarounds. 2022-03-30 not yet calculated CVE-2022-24763
CONFIRM
MISC
orckestra — cms_foundation
 
C1 CMS is an open-source, .NET based Content Management System (CMS). Versions prior to 6.12 allow an authenticated user to exploit Server Side Request Forgery (SSRF) by causing the server to make arbitrary GET requests to other servers in the local network or on localhost. The attacker may also truncate arbitrary files to zero size (effectively delete them) leading to denial of service (DoS) or altering application logic. The authenticated user may unknowingly perform the actions by visiting a specially crafted site. Patched in C1 CMS v6.12, no known workarounds exist. 2022-03-28 not yet calculated CVE-2022-24789
MISC
CONFIRM
puma — puma
 
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard. 2022-03-30 not yet calculated CVE-2022-24790
MISC
CONFIRM
bytecodealliance — wasmtime
 
Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interruption in Wasmtime. If you are not explicitly enabling epoch interruption (it is disabled by default) then you are not affected. If you are explicitly disabling the Wasm reference types proposal (it is enabled by default) then you are also not affected. The use after free is caused by Cranelift failing to emit stack maps when there are safepoints inside cold blocks. Cold blocks occur when epoch interruption is enabled. Cold blocks are emitted at the end of compiled functions, and change the order blocks are emitted versus defined. This reordering accidentally caused Cranelift to skip emitting some stack maps because it expected to emit the stack maps in block definition order, rather than block emission order. When Wasmtime would eventually collect garbage, it would fail to find live references on the stack because of the missing stack maps, think that they were unreferenced garbage, and therefore reclaim them. Then after the collection ended, the Wasm code could use the reclaimed-too-early references, which is a use after free. Patches have been released in versions 0.34.2 and 0.35.2, which fix the vulnerability. All Wasmtime users are recommended to upgrade to these patched versions. If upgrading is not an option for you at this time, you can avoid the vulnerability by either: disabling the Wasm reference types proposal, config.wasm_reference_types(false); or by disabling epoch interruption if you were previously enabling it. config.epoch_interruption(false). 2022-03-31 not yet calculated CVE-2022-24791
CONFIRM
MISC
express_openid — express_openid
 
Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the `requiresAuth` middleware, either directly or through the default `authRequired` option, are vulnerable to an Open Redirect when the middleware is applied to a catch all route. If all routes under `example.com` are protected with the `requiresAuth` middleware, a visit to `http://example.com//google.com` will be redirected to `google.com` after login because the original url reported by the Express framework is not properly sanitized. This vulnerability affects versions prior to 2.7.2. Users are advised to upgrade. There are no known workarounds. 2022-03-31 not yet calculated CVE-2022-24794
MISC
CONFIRM
raspberrymatic — raspberrymatic
 
RaspberryMatic is a free and open-source operating system for running a cloud-free smart-home using the homematicIP / HomeMatic hardware line of IoT devices. A Remote Code Execution (RCE) vulnerability in the file upload facility of the WebUI interface of RaspberryMatic exists. Missing input validation/sanitization in the file upload mechanism allows remote, unauthenticated attackers with network access to the WebUI interface to achieve arbitrary operating system command execution via shell metacharacters in the HTTP query string. Injected commands are executed as root, thus leading to a full compromise of the underlying system and all its components. Versions after `2.31.25.20180428` and prior to `3.63.8.20220330` are affected. Users are advised to update to version `3.63.8.20220330` or newer. There are currently no known workarounds to mitigate the security impact and users are advised to update to the latest version available. 2022-03-31 not yet calculated CVE-2022-24796
CONFIRM
MISC
pomerium — pomerium
 
Pomerium is an identity-aware access proxy. In distributed service mode, Pomerium’s Authenticate service exposes pprof debug and prometheus metrics handlers to untrusted traffic. This can leak potentially sensitive environmental information or lead to limited denial of service conditions. This issue is patched in version v0.17.1 Workarounds: Block access to `/debug` and `/metrics` paths on the authenticate service. This can be done with any L7 proxy, including Pomerium’s own proxy service. 2022-03-31 not yet calculated CVE-2022-24797
CONFIRM
MISC
MISC
irrdnet — irrd
 
Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. IRRd did not always filter password hashes in query responses relating to `mntner` objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perform a brute-force search for the clear-text passphrase, and use these to make unauthorised changes to affected IRR objects. This issue only affected instances that process password hashes, which means it is limited to IRRd instances that serve authoritative databases. IRRd instances operating solely as mirrors of other IRR databases are not affected. This has been fixed in IRRd 4.2.3 and the main branch. Versions in the 4.1.x series never were affected. Users of the 4.2.x series are strongly recommended to upgrade. There are no known workarounds for this issue. 2022-03-31 not yet calculated CVE-2022-24798
MISC
CONFIRM
MISC
deepmerge-ts — deepmerge-ts
 
deepmerge-ts is a typescript library providing functionality to deep merging of javascript objects. deepmerge-ts is vulnerable to Prototype Pollution via file deepmerge.ts, function defaultMergeRecords(). This issue has been patched in version 4.0.2. There are no known workarounds for this issue. 2022-04-01 not yet calculated CVE-2022-24802
CONFIRM
MISC
MISC
asciidoctor — asciidoctor
 
Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when `allow-uri-read` is disabled! The problem has been patched in the referenced commits. 2022-04-01 not yet calculated CVE-2022-24803
MISC
MISC
CONFIRM
shopware — b2b_suite
 
An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based blind, time-based blind, and potentially stacked queries. The vulnerability allows a remote authenticated attacker to dump the underlying database. 2022-03-29 not yet calculated CVE-2022-24956
MISC
MISC
dhc — vision_eqms
 
DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object’s version or history tab will be attacked. 2022-03-29 not yet calculated CVE-2022-24957
MISC
MISC
totolink — ex300
 
totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism. 2022-03-30 not yet calculated CVE-2022-25008
MISC
hitron — chita Hitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulnerability via the Device/DDNS ddnsUsername field. 2022-04-01 not yet calculated CVE-2022-25017
MISC
mitsubishi — electric_melsec
 
Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by replaying an eavesdropped password hash. 2022-04-01 not yet calculated CVE-2022-25155
MISC
MISC
MISC
mitsubishi — electric_melsec
 
Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash. 2022-04-01 not yet calculated CVE-2022-25156
MISC
MISC
MISC
mitsubishi — electric_melsec
 
Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose or tamper with the information in the product by using an eavesdropped password hash. 2022-04-01 not yet calculated CVE-2022-25157
MISC
MISC
MISC
mitsubishi — electric_melsec
 
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote attacker to disclose or tamper with a file in which password hash is saved in cleartext. 2022-04-01 not yet calculated CVE-2022-25158
MISC
MISC
MISC
mitsubishi — electric_melsec
 
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by replay attack. 2022-04-01 not yet calculated CVE-2022-25159
MISC
MISC
MISC
mitsubishi — electric_melsec
 
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user’s product by using previously eavesdropped cleartext information and to counterfeit a legitimate user’s system. 2022-04-01 not yet calculated CVE-2022-25160
MISC
MISC
MISC
deltaww — diaenergie
 
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system. 2022-03-29 not yet calculated CVE-2022-25347
CONFIRM
hibara — attachecase
 
Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. 2022-03-31 not yet calculated CVE-2022-25348
MISC
MISC
ntt — resonate_incorporated_goo_blog_app_web_application
 
NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This vulnerability allows attackers to execute arbitrary code via a crafted HTTP request. 2022-03-29 not yet calculated CVE-2022-25420
MISC
unno — unno
 
UNNO v03.11.00 was discovered to contain access control issue. 2022-03-29 not yet calculated CVE-2022-25521
MISC
MISC
apache — dolphinscheduler
 
Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher. 2022-03-30 not yet calculated CVE-2022-25598
MISC
sambabox — sambabox
 
Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary code. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86. 2022-03-30 not yet calculated CVE-2022-25619
CONFIRM
sambabox — sambabox
 
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute arbitrary codes on the vulnerable server. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86. 2022-03-30 not yet calculated CVE-2022-25620
CONFIRM
apache — apisix
 
In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the body_schema validation in the request-validation plugin. For example, `{“string_payload”:”bad”,”string_payload”:”good”}` can be used to hide the “bad” input. Systems satisfy three conditions below are affected by this attack: 1. use body_schema validation in the request-validation plugin 2. upstream application uses a special JSON library that chooses the first occurred value, like jsoniter or gojay 3. upstream application does not validate the input anymore. The fix in APISIX is to re-encode the validated JSON input back into the request body at the side of APISIX. Improper Input Validation vulnerability in __COMPONENT__ of Apache APISIX allows an attacker to __IMPACT__. This issue affects Apache APISIX Apache APISIX version 2.12.1 and prior versions. 2022-03-28 not yet calculated CVE-2022-25757
CONFIRM
MLIST
elecom — lan_routers
 
Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors. 2022-03-31 not yet calculated CVE-2022-25915
MISC
MISC
omcron — cx_position
 
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code. 2022-04-01 not yet calculated CVE-2022-25959
CONFIRM
pfsense — pfsense
 
Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution. 2022-03-31 not yet calculated CVE-2022-26019
MISC
MISC
omron — cx_position
 
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code. 2022-04-01 not yet calculated CVE-2022-26022
CONFIRM
hms — hms
 
A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the “special” field. 2022-03-30 not yet calculated CVE-2022-26244
MISC
MISC
falcon — falcon_pulse
 
Falcon-plus v0.3 was discovered to contain a SQL injection vulnerability via the parameter grpName in /config/service/host.go. 2022-03-27 not yet calculated CVE-2022-26245
MISC
wowonder — ultimate_php_social_network_platform
 
WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names. 2022-03-27 not yet calculated CVE-2022-26254
MISC
microsoft — clash
 
Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column. 2022-03-28 not yet calculated CVE-2022-26255
MISC
xiongmai — dvr_devices
 
A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows attackers to cause a Denial of Service (DoS) via a crafted RSTP request. 2022-03-28 not yet calculated CVE-2022-26259
MISC
MISC
suzuki– connect
 
Suzuki Connect v1.0.15 allows attackers to tamper with displayed messages via spoofed CAN messages. 2022-03-29 not yet calculated CVE-2022-26269
MISC
MISC
MISC
tenda — ac9
 
Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function. 2022-03-28 not yet calculated CVE-2022-26278
MISC
libarchive — libarchive
 
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. 2022-03-28 not yet calculated CVE-2022-26280
MISC
lrzip — lrzip
 
lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted Irz file. 2022-03-28 not yet calculated CVE-2022-26291
MISC
riscv-boom — riscv-boom
 
BOOM: The Berkeley Out-of-Order RISC-V Processor commit d77c2c3 was discovered to allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. 2022-03-28 not yet calculated CVE-2022-26296
MISC
omron — cx-position
 
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code. 2022-04-01 not yet calculated CVE-2022-26417
CONFIRM
omron — cx-position
 
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbitrary code. 2022-04-01 not yet calculated CVE-2022-26419
CONFIRM
hms — hms
 
Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password. 2022-03-31 not yet calculated CVE-2022-26546
MISC
MISC
kopano — core
 
An issue in provider/libserver/ECKrbAuth.cpp of Kopano-Core v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired. 2022-04-01 not yet calculated CVE-2022-26562
MISC
MISC
totaljs — totaljs
 
A cross-site scripting (XSS) vulnerability in Totaljs commit 95f54a5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name text field when creating a new page. 2022-04-01 not yet calculated CVE-2022-26565
MISC
tp-link — tp-link TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter. 2022-03-28 not yet calculated CVE-2022-26639
MISC
tp-link — tp-link TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter. 2022-03-28 not yet calculated CVE-2022-26640
MISC
tp-link — tp-link
 
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the httpRemotePort parameter. 2022-03-28 not yet calculated CVE-2022-26641
MISC
tp-link — tp-link
 
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter. 2022-03-28 not yet calculated CVE-2022-26642
MISC
sourcecodester — online_banking_system_protect Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via parameters on user profile, system_info and accounts management. 2022-03-30 not yet calculated CVE-2022-26644
MISC
MISC
sourcecodester — online_banking_system_protect A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function. 2022-03-30 not yet calculated CVE-2022-26645
MISC
MISC
sourcecodester — online_banking_system_protect Online Banking System Protect v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the pages parameter. 2022-03-30 not yet calculated CVE-2022-26646
MISC
MISC
deltaww — diaenergie
 
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files. 2022-03-29 not yet calculated CVE-2022-26839
CONFIRM
trend_micro — apex_central
 
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution. 2022-03-29 not yet calculated CVE-2022-26871
MISC
MISC
MISC
MISC
MISC
archerirm_community — archer

 
Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application. 2022-03-30 not yet calculated CVE-2022-26947
MISC
MISC
archerirm_community — rss_feed
 
The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. A malicious attacker may obtain access to credential information to use it in further attacks. 2022-03-30 not yet calculated CVE-2022-26948
MISC
MISC
archerirm_community — archer
 
Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments. A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files that should only be allowed by extra privileges. 2022-03-30 not yet calculated CVE-2022-26949
MISC
MISC
archerirm_community — archer
 
Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims’ credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred. 2022-03-30 not yet calculated CVE-2022-26950
MISC
MISC
archerirm_community — archer
 
Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application. 2022-03-30 not yet calculated CVE-2022-26951
MISC
MISC
teampass — teampass
 
Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO. 2022-03-28 not yet calculated CVE-2022-26980
MISC
MISC
raidrive — raidrive
 
Raidrive before v2021.12.35 allows attackers to arbitrarily move log files by pre-creating a mountpoint and log files before Raidrive is installed. 2022-03-31 not yet calculated CVE-2022-27049
MISC
bitcomet — bitcomet
 
BitComet Service for Windows before version 1.8.6 contains an unquoted service path vulnerability which allows attackers to escalate privileges to the system level. 2022-03-31 not yet calculated CVE-2022-27050
MISC
freeftpd — freetpd
 
FreeFtpd version 1.0.13 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. 2022-03-31 not yet calculated CVE-2022-27052
MISC
netflix — security_bulletins
 
A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2 2022-04-01 not yet calculated CVE-2022-27177
MISC
icehrm — pluck_cms
 
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover. 2022-03-30 not yet calculated CVE-2022-27432
MISC
MISC
zero-channel_bbs_plus — zero-channel_bbs_plus Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors. 2022-03-31 not yet calculated CVE-2022-27496
MISC
MISC
kaspersky — anti-virus
 
Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies). 2022-04-01 not yet calculated CVE-2022-27534
MISC
sap — innovation_management
 
Under certain conditions, SAP Innovation management – version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks. 2022-03-28 not yet calculated CVE-2022-27658
MISC
MISC
springframework — springframework
 
** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer. 2022-03-30 not yet calculated CVE-2022-27772
MISC
waycrate — swhkd
 
SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an information leak or denial of service. 2022-03-30 not yet calculated CVE-2022-27815
MISC
MISC
waycrate — swhkd
 
SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service. 2022-03-30 not yet calculated CVE-2022-27816
MISC
MISC
sonatype — nexus_repository_manager
 
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. 2022-03-30 not yet calculated CVE-2022-27907
MISC
MISC
tesla — tesla
 
** DISPUTED ** Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF signal containing a fixed sequence of approximately one hundred symbols. NOTE: the vendor’s perspective is that the behavior is as intended. 2022-03-27 not yet calculated CVE-2022-27948
MISC
MISC
MISC
linux — linux_kernel
 
In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition. 2022-03-28 not yet calculated CVE-2022-27950
MISC
MISC
MISC
MISC
netsarang — xftp
 
Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. 2022-03-31 not yet calculated CVE-2022-27963
MISC
MISC
netsarang — xmanager
 
Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. 2022-03-31 not yet calculated CVE-2022-27964
MISC
MISC
netsarang — xlpd
 
Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. 2022-03-31 not yet calculated CVE-2022-27965
MISC
MISC
netsarang — xshell Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. 2022-03-31 not yet calculated CVE-2022-27966
MISC
MISC
hibara_software — attachecase Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. 2022-03-31 not yet calculated CVE-2022-28128
MISC
MISC
jenkins — bitbucket_server_integration_plugin
 
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create BitBucket Server consumers. 2022-03-29 not yet calculated CVE-2022-28133
CONFIRM
MLIST
jenkins — bitbucket_server_integration_plugin
 
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers. 2022-03-29 not yet calculated CVE-2022-28134
CONFIRM
MLIST
jenkins — instant-messaging_plugin
 
Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. 2022-03-29 not yet calculated CVE-2022-28135
CONFIRM
MLIST
jenkins — jiratestresultreporter_plugin
 
A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. 2022-03-29 not yet calculated CVE-2022-28136
CONFIRM
MLIST
jenkins — jiratestresultreporter_plugin
 
A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. 2022-03-29 not yet calculated CVE-2022-28137
CONFIRM
MLIST
jenkins — rocketchat_notifier_plugin A cross-site request forgery (CSRF) vulnerability in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credential. 2022-03-29 not yet calculated CVE-2022-28138
CONFIRM
MLIST
jenkins — rocketchat_notifier_plugin
 
A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. 2022-03-29 not yet calculated CVE-2022-28139
CONFIRM
MLIST
jenkins — flaky_test_handler_plugin
 
Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2022-03-29 not yet calculated CVE-2022-28140
CONFIRM
MLIST
jenkins — proxmos_plugin Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. 2022-03-29 not yet calculated CVE-2022-28141
CONFIRM
MLIST
jenkins — proxmos_plugin Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally for the Jenkins controller JVM when configured to ignore SSL/TLS issues. 2022-03-29 not yet calculated CVE-2022-28142
CONFIRM
MLIST
jenkins — proxmos_plugin A cross-site request forgery (CSRF) vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters. 2022-03-29 not yet calculated CVE-2022-28143
CONFIRM
MLIST
jenkins — proxmos_plugin
 
Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters. 2022-03-29 not yet calculated CVE-2022-28144
CONFIRM
MLIST
jenkins — continuous_integration_with_toad_edge_plugin
 
Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting (XSS) exploitable by attackers with Item/Configure permission or otherwise able to control report contents. 2022-03-29 not yet calculated CVE-2022-28145
CONFIRM
MLIST
jenkins — continuous_integration_with_toad_edge_plugin
 
Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller by specifying an input folder on the Jenkins controller as a parameter to its build steps. 2022-03-29 not yet calculated CVE-2022-28146
CONFIRM
MLIST
jenkins — continuous_integration_with_toad_edge_plugin
 
A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. 2022-03-29 not yet calculated CVE-2022-28147
CONFIRM
MLIST
jenkins — continuous_integration_with_toad_edge_plugin The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers. 2022-03-29 not yet calculated CVE-2022-28148
CONFIRM
MLIST
jenkins — job_and_node_ownership_plugin
 
Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-03-29 not yet calculated CVE-2022-28149
CONFIRM
MLIST
jenkins — job_and_node_ownership_plugin
 
A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job. 2022-03-29 not yet calculated CVE-2022-28150
CONFIRM
MLIST
jenkins — job_and_node_ownership_plugin
 
A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job. 2022-03-29 not yet calculated CVE-2022-28151
CONFIRM
MLIST
jenkins — job_and_node_ownership_plugin
 
A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job. 2022-03-29 not yet calculated CVE-2022-28152
CONFIRM
MLIST
jenkins — sitemonitor_plugin
 
Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sites to monitor in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-03-29 not yet calculated CVE-2022-28153
CONFIRM
MLIST
jenkins — coverage_complexity_scatter_plot_plugin Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2022-03-29 not yet calculated CVE-2022-28154
CONFIRM
MLIST
jenkins — pipeline_phonenix_autotest_plugin
 
Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2022-03-29 not yet calculated CVE-2022-28155
CONFIRM
MLIST
jenkins — pipeline_phonenix_autotest_plugin
 
Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to copy arbitrary files and directories from the Jenkins controller to the agent workspace. 2022-03-29 not yet calculated CVE-2022-28156
CONFIRM
MLIST
jenkins — pipeline_phonenix_autotest_plugin
 
Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller via FTP to an attacker-specified FTP server. 2022-03-29 not yet calculated CVE-2022-28157
CONFIRM
MLIST
jenkins — pipeline_phonenix_autotest_plugin
 
A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 2022-03-29 not yet calculated CVE-2022-28158
CONFIRM
MLIST
jenkins — tests_selector_plugin
 
Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-03-29 not yet calculated CVE-2022-28159
CONFIRM
MLIST
jenkins — tests_selector_plugin
 
Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins controller. 2022-03-29 not yet calculated CVE-2022-28160
CONFIRM
MLIST
mediawiki  — mediawiki
 
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete. 2022-03-30 not yet calculated CVE-2022-28202
MISC
mediawiki  — mediawiki An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future. 2022-03-30 not yet calculated CVE-2022-28205
MISC
CONFIRM
mediawiki  — mediawiki An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights. 2022-03-30 not yet calculated CVE-2022-28206
MISC
MISC
mediawiki  — mediawiki
 
An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect. 2022-03-30 not yet calculated CVE-2022-28209
MISC
MISC
tekon — kio
 
Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin. 2022-03-30 not yet calculated CVE-2022-28223
MISC
weechat — weechat
 
WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate. NOTE: this only affects situations where weechat.network.gnutls_ca_system or weechat.network.gnutls_ca_user is changed without a WeeChat restart. 2022-04-02 not yet calculated CVE-2022-28352
MISC
MISC
scala.js — scala.js
 
randomUUID in Scala.js before 1.10.0 generates predictable values. 2022-04-02 not yet calculated CVE-2022-28355
MISC
MISC
linux — linux_kernel
 
In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. 2022-04-02 not yet calculated CVE-2022-28356
MISC
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

CISA recently updated an anonymous product survey;they’d welcome your feedback.