US-CERT Bulletin (SB22-073):Vulnerability Summary for the Week of March 7, 2022

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
a3rev — page_view_count The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks 2022-03-07 7.5 CVE-2022-0434
MISC
bitdefender — antivirus_plus Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.3.146. 2022-03-07 7.2 CVE-2021-4199
CONFIRM
MISC
calibre-web_project — calibre-web Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. 2022-03-07 7.5 CVE-2022-0766
CONFIRM
MISC
dlink — dir-859_firmware D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2022-03-04 7.1 CVE-2022-25106
MISC
MISC
MISC
genieacs — genieacs In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check. 2022-03-06 7.5 CVE-2021-46704
MISC
MISC
linux — linux_kernel A flaw was found in the way the “flags” member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. 2022-03-10 7.2 CVE-2022-0847
MISC
MISC
MISC
MISC
MISC
linux — linux_kernel A flaw was found in the KVM’s AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the “virt_ext” field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. 2022-03-04 7.2 CVE-2021-3656
MISC
MISC
MISC
MISC
mendix — forgot_password A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1), Mendix Forgot Password Appstore module (Mendix 7 compatible) (All versions < V3.2.2). Initial passwords are generated in an insecure manner. This could allow an unauthenticated remote attacker to efficiently brute force passwords in specific situations. 2022-03-08 7.5 CVE-2022-26314
CONFIRM
mi — ax3600_firmware A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code. 2022-03-10 7.2 CVE-2020-14111
MISC
mi — ax3600_firmware A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code. 2022-03-10 10 CVE-2020-14115
MISC
mingsoft — mcms https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${“freemarker.template.utility.Execute”?new()(“calc”)}. ¶¶ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS. 2022-03-04 7.5 CVE-2021-46384
MISC
network_block_device_project — network_block_device In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name. 2022-03-06 7.5 CVE-2022-26496
MISC
MISC
MISC
network_block_device_project — network_block_device In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages. 2022-03-06 7.5 CVE-2022-26495
MISC
MISC
MLIST
part-db_project — part-db OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11. 2022-03-04 10 CVE-2022-0848
CONFIRM
MISC
MISC
pytorchlightning — pytorch_lightning Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0. 2022-03-05 10 CVE-2022-0845
CONFIRM
MISC
secomea — gatemanager This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged in GateManager admin to delete system Files or Directories. 2022-03-04 8.5 CVE-2021-32008
MISC
siemens — ruggedcom_ros A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). Within a third-party component, the process to allocate partition size fails to check memory boundaries. Therefore, if a large amount is requested by an attacker, due to an integer-wrap around, it could result in a small size being allocated instead. 2022-03-08 7.5 CVE-2021-42019
CONFIRM
siemens — ruggedcom_ros A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). Within a third-party component, whenever memory allocation is requested, the out of bound size is not checked. Therefore, if size exceeding the expected allocation is assigned, it could allocate a smaller buffer instead. If an attacker were to exploit this, they could cause a heap overflow. 2022-03-08 7.5 CVE-2021-42018
CONFIRM
siemens — sinumerik_mc_firmware A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files. A specific set of operations using sc could allow local attackers to escalate their privileges to root. 2022-03-08 7.2 CVE-2022-24408
CONFIRM
stylemixthemes — masterstudy_lms The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin 2022-03-07 7.5 CVE-2022-0441
CONFIRM
MISC
symantec — management_agent The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations. 2022-03-04 7.2 CVE-2022-25623
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetProvince. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ProvinceCode parameter. 2022-03-10 7.8 CVE-2022-25558
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. 2022-03-10 7.8 CVE-2022-25566
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the urls parameter. 2022-03-10 7.8 CVE-2022-25557
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the serverName parameter. 2022-03-10 7.8 CVE-2022-25548
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceId parameter. 2022-03-10 7.8 CVE-2022-25554
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsPwd parameter. 2022-03-10 7.8 CVE-2022-25553
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter. 2022-03-10 7.8 CVE-2022-25552
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsDomain parameter. 2022-03-10 7.8 CVE-2022-25551
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsUser parameter. 2022-03-10 7.8 CVE-2022-25546
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. 2022-03-10 7.8 CVE-2022-25547
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceName parameter. 2022-03-10 7.8 CVE-2022-25550
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ntpServer parameter. 2022-03-10 7.8 CVE-2022-25555
MISC
tenda — ax1806_firmware Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsEn parameter. 2022-03-10 7.8 CVE-2022-25549
MISC
tenda — ax3_firmware There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will be splice to stack by function sscanf without any security check,which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data. 2022-03-04 7.5 CVE-2021-46393
MISC
tenda — ax3_firmware There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is directly retrieved from the http request parameter startIp. Then v13 will be splice to stack by function sscanf without any security check, which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data. 2022-03-04 7.5 CVE-2021-46394
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request. 2022-03-10 10 CVE-2021-44622
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 via the /cloud_config/router_post/check_reset_pwd_verify_code interface. 2022-03-10 10 CVE-2021-44623
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/cloud_device/info interface, which allows a malicious user to executee arbitrary code on the system via a crafted post request. 2022-03-10 10 CVE-2021-44625
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reg_verify_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. 2022-03-10 10 CVE-2021-44626
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/register feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. 2022-03-10 10 CVE-2021-44629
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reset_pwd_veirfy_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. 2022-03-10 10 CVE-2021-44627
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerabiltiy exists in TP-LINK WR-886N 20190826 2.3.8 in thee /cloud_config/router_post/login feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. 2022-03-10 10 CVE-2021-44628
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. 2022-03-10 10 CVE-2021-44630
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/reset_cloud_pwd feature, which allows malicous users to execute arbitrary code on the system via a crafted post request. 2022-03-10 10 CVE-2021-44631
MISC
tp-link — tl-wr886n_firmware A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/upgrade_info feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. 2022-03-10 10 CVE-2021-44632
MISC
victor_cms_project — victor_cms Victor CMS v1.0 was discovered to contain a SQL injection vulnerability. 2022-03-04 7.5 CVE-2022-26201
MISC
MISC
wpdeveloper — notificationx The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection 2022-03-07 7.5 CVE-2022-0349
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abcm2ps_project — abcm2ps abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c. 2022-03-10 4.3 CVE-2021-32434
MISC
MISC
abcm2ps_project — abcm2ps An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. 2022-03-10 4.3 CVE-2021-32436
MISC
MISC
abcm2ps_project — abcm2ps Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. 2022-03-10 4.3 CVE-2021-32435
MISC
MISC
adrotate_project — adrotate The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to a SQL injection 2022-03-07 6.5 CVE-2022-0267
MISC
alfresco — alfresco Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2 2022-03-04 4.3 CVE-2020-18327
MISC
MISC
apache — any23 An XML external entity (XXE) injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions < 2.7. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application’s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Any23 2.7. 2022-03-05 6.4 CVE-2022-25312
MISC
MLIST
archivy_project — archivy Open Redirect in GitHub repository archivy/archivy prior to 1.7.0. 2022-03-06 5.8 CVE-2022-0697
CONFIRM
MISC
ayecode — userswp The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar. 2022-03-07 4 CVE-2022-0442
MISC
catchplugins — catch_themes_demo_import The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS constants set to true) 2022-03-07 6.5 CVE-2022-0440
MISC
cerber — wp_cerber_security\,_anti-spam_\&_malware_scan The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability. 2022-03-07 4.3 CVE-2022-0429
MISC
correosexpress_project — correosexpress The CorreosExpress WordPress plugin through 2.6.0 generates log files which are publicly accessible, and contain sensitive information such as sender/receiver names, phone numbers, physical and email addresses 2022-03-07 5 CVE-2021-25009
MISC
custom_content_shortcode_project — custom_content_shortcode The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to display arbitrary files from the filesystem (such as logs, .htaccess etc), as well as perform Local File Inclusion attacks as PHP files will be executed. Please note that such attack is still possible by admin+ in single site blogs by default (but won’t be when either the unfiltered_html or file_edit is disallowed) 2022-03-07 4 CVE-2021-24825
MISC
custom_content_shortcode_project — custom_content_shortcode The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the email address of orders can be retrieved 2022-03-07 4 CVE-2021-24824
MISC
devowl — wordpress_real_cookie_banner The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset them via a CSRF attack 2022-03-07 4.3 CVE-2022-0445
MISC
dlink — dir-x1860_firmware An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote unauthenticated attacker to send a specially crafted HTTP request and gain knowledge of different absolute paths that are being used by the web application. 2022-03-04 5 CVE-2021-46353
MISC
MISC
ericsson — network_manager Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). Users in the same AMOS authorization group can retrieve managed-network that was not set to be accessible to the entire group (i.e., was only set to be accessible to a subset of that group). 2022-03-10 4 CVE-2021-28488
MISC
MISC
MISC
espruino — espruino Espruino 2v11 release was discovered to contain a stack buffer overflow via src/jsvar.c in jsvGetNextSibling. 2022-03-05 6.8 CVE-2022-25465
MISC
espruino — espruino Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString. 2022-03-05 6.8 CVE-2022-25044
MISC
MISC
f-secure — safe A vulnerability affecting F-Secure SAFE browser was discovered whereby browsers loads images automatically this vulnerability can be exploited remotely by an attacker to execute the JavaScript can be used to trigger universal cross-site scripting through the browser. User interaction is required prior to exploitation, such as entering a malicious website to trigger the vulnerability. 2022-03-06 4.3 CVE-2021-44748
MISC
f-secure — safe A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling can be triggered to cause universal cross-site scripting through browsing protection in a SAFE web browser. User interaction is required prior to exploitation. A successful exploitation may lead to arbitrary code execution. 2022-03-06 4.3 CVE-2021-44749
MISC
fatcatapps — easy_pricing_tables The Pricing Tables WordPress Plugin WordPress plugin before 3.1.3 does not verify the CSRF nonce when removing posts, allowing attackers to make a logged in admin remove arbitrary posts from the blog via a CSRF attack, which will be put in the trash 2022-03-07 4.3 CVE-2021-25098
MISC
framasoft — peertube Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1. 2022-03-09 4 CVE-2022-0881
MISC
CONFIRM
golang — go regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. 2022-03-05 5 CVE-2022-24921
CONFIRM
google — android When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010. 2022-03-04 6.9 CVE-2022-23729
MISC
hcltech — bigfix_compliance “TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.” 2022-03-04 4.3 CVE-2021-27756
MISC
hcltech — bigfix_insights ” Insecure password storage issue.The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Since the information is stored in cleartext, attackers could potentially read it and gain access to sensitive information.” 2022-03-04 5 CVE-2021-27757
MISC
hestiacp — control_panel Cross-site Scripting (XSS) – Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9. 2022-03-04 4.3 CVE-2022-0752
MISC
CONFIRM
hestiacp — control_panel Cross-site Scripting (XSS) – Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10. 2022-03-04 4.3 CVE-2022-0838
MISC
CONFIRM
hotscot — contact_form The view submission functionality in the Hotscot Contact Form WordPress plugin before 1.3 makes a get request with the sub_id parameter which not sanitised, escaped or validated before inserting to a SQL statement, leading to an SQL injection. 2022-03-07 6.5 CVE-2021-24777
MISC
icegram — email_subscribers_\&_newsletters The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the `order` and `orderby` parameters to the `ajax_fetch_report_list` action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protection in place for the action, allowing an attacker to trick any logged in user to perform the action by clicking a link. 2022-03-07 6.5 CVE-2022-0439
MISC
intelliants — subrion_cms Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel. 2022-03-04 4.3 CVE-2020-18325
MISC
MISC
MISC
intelliants — subrion_cms Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user. 2022-03-04 6.8 CVE-2020-18326
MISC
MISC
MISC
intelliants — subrion_cms Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template. 2022-03-04 4.3 CVE-2020-18324
MISC
MISC
MISC
libming — ming Ming 0.4.8 has an out-of-bounds read vulnerability in the function decompileIF() in the decompile.c file that causes a direct segmentation fault and leads to denial of service. 2022-03-10 4.3 CVE-2021-34341
MISC
MISC
libming — ming Ming 0.4.8 has an out-of-bounds read vulnerability in the function newVar_N() in decompile.c which causes a huge information leak. 2022-03-10 4.3 CVE-2021-34342
MISC
MISC
libming — ming Ming 0.4.8 has an out-of-bounds buffer access issue in the function decompileINCR_DECR() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. 2022-03-10 4.3 CVE-2021-34340
MISC
MISC
libming — ming Ming 0.4.8 has an out-of-bounds buffer access issue in the function getString() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. 2022-03-10 4.3 CVE-2021-34339
MISC
MISC
libming — ming Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function getName() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. 2022-03-10 4.3 CVE-2021-34338
MISC
MISC
libsixel_project — libsixel saitoha libsixel v1.8.6 was discovered to contain a double free via the component sixel_chunk_destroy at /root/libsixel/src/chunk.c. 2022-03-10 6.8 CVE-2020-36123
MISC
linux — linux_kernel st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. 2022-03-06 4.6 CVE-2022-26490
MISC
linux — linux_kernel A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat. 2022-03-04 4.9 CVE-2021-3428
MISC
MISC
MISC
marktext — marktext Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into /lib/contentState/pasteCtrl.js. 2022-03-05 6.8 CVE-2022-25069
MISC
MISC
mendix — forgot_password A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1). In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts. 2022-03-08 6.8 CVE-2022-26313
CONFIRM
mendix — mendix A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29). When returning the result of a completed Microflow execution call the affected framework does not correctly verify, if the request was initially made by the user requesting the result. Together with predictable identifiers for Microflow execution calls, this could allow a malicious attacker to retrieve information about arbitrary Microflow execution calls made by users within the affected system. 2022-03-08 4 CVE-2022-26317
CONFIRM
mendix — mendix A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29), Mendix Applications using Mendix 8 (All versions < V8.18.16), Mendix Applications using Mendix 9 (All versions). If an entity has an association readable by the user, then in some cases, Mendix Runtime may not apply checks for XPath constraints that parse said associations, within apps running on affected versions. A malicious user could use this to dump and manipulate sensitive data. 2022-03-08 5.5 CVE-2022-24309
CONFIRM
metagauss — registrationmagic The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rm_form_id parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks 2022-03-07 6.5 CVE-2022-0420
MISC
CONFIRM
metaphorcreations — ditty The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability. 2022-03-07 4.3 CVE-2022-0533
CONFIRM
MISC
mi — ax6000_firmware Information Leak Vulnerability exists in the Xiaomi Router AX6000. The vulnerability is caused by incorrect routing configuration. Attackers can exploit this vulnerability to download part of the files in Xiaomi Router AX6000. 2022-03-10 5 CVE-2020-14112
MISC
microweber — microweber Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3. 2022-03-09 6.8 CVE-2022-0896
CONFIRM
MISC
mini-inventory-and-sales-management-system_project — mini-inventory-and-sales-management-system Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF), where an attacker can update/delete items in the inventory. The attacker must be logged into the application create a malicious file for updating the inventory details and items. 2022-03-04 4.3 CVE-2021-44321
MISC
MISC
mybb — mybb MyBB is a free and open source forum software. In affected versions the Admin CP’s Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. MyBB’s Settings module, which allows administrators to add, edit, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (\n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds. 2022-03-09 6.5 CVE-2022-24734
MISC
MISC
CONFIRM
MISC
netapp — storagegrid StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user accounts to access S3 data to which they previously had access. StorageGRID 11.6.0 obtains the user account status from Active Directory or Azure and will block S3 access for disabled user accounts during the subsequent background synchronization. User accounts that are expired or locked for Active Directory or Azure, or user accounts that are disabled, expired, or locked in identity sources other than Active Directory or Azure must be manually removed from group memberships or have their S3 keys manually removed from Tenant Manager in all versions of StorageGRID (formerly StorageGRID Webscale). 2022-03-04 4 CVE-2022-23232
MISC
netapp — storagegrid StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS) of the Local Distribution Router (LDR) service. 2022-03-04 5 CVE-2022-23233
MISC
netgear — wac120_ac_firmware Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking. 2022-03-04 4.3 CVE-2021-46382
MISC
MISC
obtaininfotech — multisite_content_copier\/updater The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.0 does not sanitise and escape the wmcc_content_type, wmcc_source_blog and wmcc_record_per_page parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues 2022-03-07 4.3 CVE-2021-25039
MISC
obtaininfotech — multisite_user_sync\/unsync The WordPress Multisite User Sync/Unsync WordPress plugin before 2.1.2 does not sanitise and escape the wmus_source_blog and wmus_record_per_page parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues 2022-03-07 4.3 CVE-2021-25038
MISC
openexr — openexr A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well. 2022-03-04 5.8 CVE-2021-20303
MISC
MISC
MISC
paloaltonetworks — pan-os Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal (non-FIPS-CC) operational mode. An attacker must have access to the account password hashes to take advantage of this weakness and can acquire those hashes if they are able to gain access to the PAN-OS software configuration. Fixed versions of PAN-OS software use a secure cryptographic algorithm for account password hashes. This issue does not impact Prisma Access firewalls. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.21; All versions of PAN-OS 9.0; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11; PAN-OS 10.0 versions earlier than PAN-OS 10.0.7. 2022-03-09 4.6 CVE-2022-0022
CONFIRM
phpmyadmin — phpmyadmin PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section. 2022-03-10 5 CVE-2022-0813
CONFIRM
CONFIRM
plugins-market — wp_visitor_statistics The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection 2022-03-07 6.5 CVE-2022-0410
MISC
radare — radare2 Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6. 2022-03-05 4.3 CVE-2022-0849
MISC
CONFIRM
readdle — spark Apache Spark supports end-to-end encryption of RPC connections via “spark.authenticate” and “spark.network.crypto.enabled”. In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would allow someone to decrypt plaintext traffic offline. Note that this does not affect security mechanisms controlled by “spark.authenticate.enableSaslEncryption”, “spark.io.encryption.enabled”, “spark.ssl”, “spark.ui.strictTransportSecurity”. Update to Apache Spark 3.1.3 or later 2022-03-10 5 CVE-2021-38296
CONFIRM
readymedia_project — readymedia A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files. 2022-03-06 4.3 CVE-2022-26505
MISC
MISC
MLIST
redhat — coreos-installer An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data, and achieve full access to the node being installed. 2022-03-04 6.8 CVE-2021-20319
MISC
MISC
MISC
rednao — smart_forms The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form’s data, which could include sensitive information such as PII depending on the form. 2022-03-07 4 CVE-2022-0163
MISC
salesagility — suitecrm Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.12.5. 2022-03-07 4 CVE-2022-0755
MISC
CONFIRM
salesagility — suitecrm SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5. 2022-03-07 4 CVE-2022-0754
CONFIRM
MISC
salesagility — suitecrm Improper Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. 2022-03-07 4 CVE-2022-0756
MISC
CONFIRM
schneider-electric — ecostruxure_control_expert A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Process Expert (V2021 and prior), EcoStruxure Control Expert (V15.0 SP1 and prior) 2022-03-09 4.3 CVE-2022-24323
CONFIRM
schneider-electric — ecostruxure_control_expert A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior) 2022-03-09 4.3 CVE-2022-24322
CONFIRM
schneider-electric — ritto_wiser_door A CWE-200: Information Exposure vulnerability exists which could allow a session hijack when the door panel is communicating with the door. Affected Product: Ritto Wiser Door (All versions) 2022-03-09 4.8 CVE-2021-22783
CONFIRM
servmask — one-stop_wp_migration The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files’ extension, which allows administrators to upload PHP files on their site, even on multisite installations. 2022-03-07 6.5 CVE-2021-24216
MISC
CONFIRM
siemens — climatix_pol909_firmware A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The Group Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action. 2022-03-08 4.3 CVE-2021-41541
CONFIRM
siemens — climatix_pol909_firmware A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The User Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action. 2022-03-08 4.3 CVE-2021-41542
CONFIRM
siemens — climatix_pol909_firmware A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files. 2022-03-08 4 CVE-2021-41543
CONFIRM
siemens — polarion_subversion_webclient A vulnerability has been identified in Polarion Subversion Webclient (V21 R1). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges. 2022-03-08 4.3 CVE-2021-44478
CONFIRM
siemens — ruggedcom_ros A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions), RUGGEDCOM ROS RSG2300 (All versions), RUGGEDCOM ROS RSG2300P (All versions), RUGGEDCOM ROS RSG2488 (All versions), RUGGEDCOM ROS RSG907R (All versions), RUGGEDCOM ROS RSG908C (All versions), RUGGEDCOM ROS RSG909R (All versions), RUGGEDCOM ROS RSG910C (All versions), RUGGEDCOM ROS RSG920P (All versions), RUGGEDCOM ROS RSL910 (All versions), RUGGEDCOM ROS RST2228 (All versions), RUGGEDCOM ROS RST2228P (All versions), RUGGEDCOM ROS RST916C (All versions), RUGGEDCOM ROS RST916P (All versions), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords. 2022-03-08 4 CVE-2021-37209
CONFIRM
siemens — ruggedcom_ros A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). A timing attack, in a third-party component, could make the retrieval of the private key possible, used for encryption of sensitive data. If a threat actor were to exploit this, the data integrity and security could be compromised. 2022-03-08 5 CVE-2021-42016
CONFIRM
siemens — ruggedcom_ros A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2. If an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications. 2022-03-08 4.3 CVE-2021-42017
CONFIRM
siemens — ruggedcom_ros A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). The third-party component, in its TFTP functionality fails to check for null terminations in file names. If an attacker were to exploit this, it could result in data corruption, and possibly a hard-fault of the application. 2022-03-08 5 CVE-2021-42020
CONFIRM
siemens — simcenter_star-ccm\+_viewer A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < V2022.1). The starview+.exe contains a memory corruption vulnerability while parsing specially crafted .SCE files. This could allow an attacker to execute code in the context of the current process. 2022-03-08 6.8 CVE-2022-24661
CONFIRM
siemens — sinec_network_management_syste A vulnerability has been identified in SINEC NMS (All versions). A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application. 2022-03-08 6.5 CVE-2022-24281
CONFIRM
siemens — sinec_network_management_system A vulnerability has been identified in SINEC NMS (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation. 2022-03-08 6.5 CVE-2022-25311
CONFIRM
siemens — sinec_network_management_system A vulnerability has been identified in SINEC NMS (All versions). The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a maliciously crafted serialized Java object. This could allow the attacker to execute arbitrary code on the device with root privileges. 2022-03-08 6.5 CVE-2022-24282
CONFIRM
spirit-project — spirit Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3. 2022-03-06 5.8 CVE-2022-0869
CONFIRM
MISC
stripe — stripe_cli Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are `stripe login`, `stripe config -e`, `stripe community`, and `stripe open`. MacOS and Linux are unaffected. An attacker who successfully exploits the vulnerability can run arbitrary code in the context of the current user. The update addresses the vulnerability by throwing an error in these situations before the code can run.Users are advised to upgrade to version 1.7.13. There are no known workarounds for this issue. 2022-03-09 4.4 CVE-2022-24753
MISC
CONFIRM
tatvic — conversios.io The Conversios.io WordPress plugin before 4.6.2 does not sanitise, validate and escape the sync_progressive_data parameter for the tvcajax_product_sync_bantch_wise AJAX action before using it in a SQL statement, allowing any authenticated user to perform SQL injection attacks. 2022-03-07 6.5 CVE-2021-24952
MISC
tinywebgallery — advanced_iframe The Advanced iFrame WordPress plugin before 2022 does not sanitise and escape the ai_config_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue 2022-03-07 4.3 CVE-2021-24953
MISC
uclouvain — openjpeg A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg. 2022-03-04 6.8 CVE-2021-3575
MISC
MISC
MISC
uri.js_project — uri.js Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10. 2022-03-06 5.8 CVE-2022-0868
CONFIRM
MISC
veritas — infoscale_operations_manager An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input data, allowing a remote authenticated administrator to read arbitrary files on the system via Directory Traversal. By manipulating the resource name in GET requests referring to files with absolute paths, it is possible to access arbitrary files stored on the filesystem, including application source code, configuration files, and critical system files. 2022-03-04 6.8 CVE-2022-26484
MISC
video_conferencing_with_zoom_project — video_conferencing_with_zoom The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapi_get_wp_users AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog 2022-03-07 4 CVE-2022-0384
MISC
CONFIRM
videousermanuals — white_label_cms The White Label CMS WordPress plugin before 2.2.9 does not sanitise and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting issue 2022-03-07 4.3 CVE-2022-0422
MISC
CONFIRM
weblate — weblate The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution. 2022-03-04 6.5 CVE-2022-23915
CONFIRM
CONFIRM
CONFIRM
CONFIRM
weblate — weblate Weblate is a web based localization tool with tight version control integration. Prior to version 4.11.1, Weblate didn’t properly sanitize some arguments passed to Git and Mercurial, allowing them to change their behavior in an unintended way. Instances where untrusted users cannot create new components are not affected. The issues were fixed in the 4.11.1 release. 2022-03-04 6.5 CVE-2022-24727
MISC
CONFIRM
MISC
wpaffiliatefeed — tradetracker-store The test parameter of the xmlfeed in the Tradetracker-Store WordPress plugin before 4.6.60 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. 2022-03-07 6.5 CVE-2021-24778
MISC
wpbrigade — loginpress The LoginPress | Custom Login Page Customizer WordPress plugin before 1.5.12 does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting 2022-03-07 4.3 CVE-2022-0347
MISC
wpdownloadmanager — wordpress_download_manager The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensitive information disclosure, such as posts passwords (fixed in 3.2.24) and files Master Keys (fixed in 3.2.25). 2022-03-07 5 CVE-2021-25087
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adtribes — product_feed_pro_for_woocommerce The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 does not escape the rowCount parameter before outputting it back in an attribute via the woosea_categories_dropdown AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting 2022-03-07 3.5 CVE-2022-0426
MISC
CONFIRM
apasionados — customize_login_image A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser and can use an application as the vehicle for the attack. The XSS payload given in the “Custom logo link” executes whenever the user opens the Settings Page of the “Customize Login Image” Plugin. 2022-03-10 3.5 CVE-2021-33851
MISC
bitdefender — antivirus_plus A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. Bitdefender VPN Standalone versions prior to 25.5.0.48. 2022-03-07 3.6 CVE-2021-4198
CONFIRM
MISC
bookstackapp — bookstack Cross-site Scripting (XSS) – Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3. 2022-03-08 3.5 CVE-2022-0877
MISC
CONFIRM
codepeople — wp_time_slots_booking_form The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-03-07 3.5 CVE-2022-0389
MISC
custom_content_shortcode_project — custom_content_shortcode The Custom Content Shortcode WordPress plugin before 4.0.2 does not escape custom fields before outputting them, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. Please note that such attack is still possible by admin+ in single site blogs by default (but won’t be when the unfiltered_html is disallowed) 2022-03-07 3.5 CVE-2021-24826
MISC
dell — enterprise_storage_analytics Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 2022-03-04 3.6 CVE-2021-43590
MISC
dwbooster — cp_blocks The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its “License ID” settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. 2022-03-07 3.5 CVE-2022-0448
MISC
e2pdf — e2pdf The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-03-07 3.5 CVE-2022-0535
MISC
CONFIRM
iptanus — wordpress_file_upload The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be then be used for Cross-Site Scripting attacks 2022-03-07 3.5 CVE-2021-24960
MISC
CONFIRM
iptanus — wordpress_file_upload The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 does not escape some of its shortcode argument, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks 2022-03-07 3.5 CVE-2021-24961
MISC
CONFIRM
linux — linux_kernel A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808. 2022-03-04 2.1 CVE-2021-3744
MISC
MISC
MISC
MISC
MLIST
DEBIAN
linux — linux_kernel An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. 2022-03-04 3.6 CVE-2021-3743
MISC
MISC
MISC
MISC
MISC
MISC
metaphorcreations — post_duplicator A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser and can use an application as the vehicle for the attack. The XSS payload given in the “Duplicate Title” text box executes whenever the user opens the Settings Page of the Post Duplicator Plugin or the application root page after duplicating any of the existing posts. 2022-03-10 3.5 CVE-2021-33852
MISC
nextcloud — talk Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim received a phone call the attacker could gain access to the chat messages and files of the user. It is recommended that the Nextcloud Android Talk App is upgraded to 12.3.0. There are no known workarounds. 2022-03-08 2.1 CVE-2021-41181
CONFIRM
MISC
nicdark — cost_calculator The Cost Calculator WordPress plugin before 1.6 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description fields of a Cost Calculator > Price Settings (which gets injected on the edit page as well as any page that embeds the calculator using the shortcode), as well as the Text Preview field of a Project (injected on the edit project page) 2022-03-07 3.5 CVE-2021-24821
MISC
pimcore — pimcore Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.3.3. 2022-03-04 3.5 CVE-2022-0831
CONFIRM
MISC
pimcore — pimcore Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.3.3. 2022-03-04 3.5 CVE-2022-0832
MISC
CONFIRM
secomea — sitemanager_1129_firmware Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteManager allows a logged in user to store javascript for later execution. This issue affects: Secomea SiteManager Version 9.6.621421014 and all prior versions. 2022-03-10 3.5 CVE-2021-32005
MISC
siemens — ruggedcom_ros A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). Improper neutralization of special characters on the web server configuration page could allow an attacker, in a privileged position, to retrieve sensitive information via cross-site scripting. 2022-03-08 3.5 CVE-2021-37208
CONFIRM
sophos — ssl_vpn_client A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client. 2022-03-08 3.6 CVE-2021-36809
CONFIRM
st — j-safe3_firmware STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform. 2022-03-04 1.9 CVE-2021-43392
MISC
MISC
st — stsafe-j_firmware STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform. 2022-03-04 1.9 CVE-2021-43393
MISC
MISC
veritas — infoscale_operations_manager An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. A reflected cross-site scripting (XSS) vulnerability in admin/cgi-bin/listdir.pl allows authenticated remote administrators to inject arbitrary web script or HTML into an HTTP GET parameter (which reflect the user input without sanitization). 2022-03-04 3.5 CVE-2022-26483
MISC
wp-eventmanager — wp_event_manager The WP Event Manager WordPress plugin before 3.1.23 does not escape some of its Field Editor settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-03-07 3.5 CVE-2021-24810
MISC
yop-poll — yop-poll The YOP Poll WordPress plugin before 6.3.5 does not sanitise and escape some of the settings (available to users with a role as low as author) before outputting them, leading to a Stored Cross-Site Scripting issue 2022-03-07 3.5 CVE-2022-0205
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
/dsadatatest — /dsadatatest
 
It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability. 2022-03-10 not yet calculated CVE-2021-42856
CONFIRM
microsoft — vp9_video_extensions
 
VP9 Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24501. 2022-03-09 not yet calculated CVE-2022-24451
N/A
apc_smart-ups_family — apc_smart-ups_family
 
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior) 2022-03-09 not yet calculated CVE-2022-0715
CONFIRM
linux — linux_kernel_bpf
 
A NULL pointer dereference flaw was found in the Linux kernel’s BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1. 2022-03-10 not yet calculated CVE-2022-0433
MISC
MISC
MISC
easyappointments — easyappointments
 
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3. 2022-03-09 not yet calculated CVE-2022-0482
CONFIRM
MISC
pandora_fms — pandora_api
 
Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL. 2022-03-10 not yet calculated CVE-2022-0507
CONFIRM
CONFIRM
linux — linux_kernel
 
A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4. 2022-03-10 not yet calculated CVE-2022-0516
MISC
DEBIAN
MISC
apple — swift-nio-http2
 
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS or HTTP/2 PUSH_PROMISE frame where the frame contains padding information without any other data. This logical error caused confusion about the size of the frame, leading to a parsing error. This parsing error immediately crashes the entire process. Sending a HEADERS frame or PUSH_PROMISE frame with HTTP/2 padding information does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted frame. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the frame in memory-safe code, so the crash is safe. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz. 2022-03-10 not yet calculated CVE-2022-0618
MISC
calibre_web — calibre_web
 
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. 2022-03-07 not yet calculated CVE-2022-0767
MISC
CONFIRM
keepass — keepass
 
A flaw was found in KeePass. The vulnerability occurs due to logging the plain text passwords in the system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs. 2022-03-10 not yet calculated CVE-2022-0725
MISC
bluez — bluez
 
A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service. 2022-03-10 not yet calculated CVE-2022-0204
MISC
MISC
mcafee — mcafee_webadvisor_chrome
 
Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected. 2022-03-10 not yet calculated CVE-2022-0815
MISC
shopware — shopware
 
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. 2022-03-09 not yet calculated CVE-2022-24744
CONFIRM
nextcloud — nextcloud
 
Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial of service by uploading specially crafted files which will cause the server to allocate too much memory / CPU. It is recommended that the Nextcloud Server is upgraded to 21.0.8 , 22.2.4 or 23.0.1. Users unable to upgrade should disable preview generation with the `’enable_previews’` config flag. 2022-03-09 not yet calculated CVE-2022-24741
MISC
CONFIRM
MISC
alltube — alltube
 
alltube is an html front end for youtube-dl. On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack (depending on how AllTube is configured). The impact is mitigated by the fact the SSRF attack is only possible when the `stream` option is enabled in the configuration. (This option is disabled by default.) 3.0.3 contains a fix for this vulnerability. 2022-03-08 not yet calculated CVE-2022-24739
MISC
CONFIRM
MISC
MISC
microsoft — microsoft 
 
Point-to-Point Tunneling Protocol Denial of Service Vulnerability. 2022-03-09 not yet calculated CVE-2022-23253
N/A
mcafee — mcafee_total_protection
 
A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them. 2022-03-10 not yet calculated CVE-2022-0280
MISC
intel — intel
 
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. 2022-03-11 not yet calculated CVE-2022-0001
MISC
intel — intel
 
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. 2022-03-11 not yet calculated CVE-2022-0002
MISC
microsoft — microsoft
 
Remote Desktop Protocol Client Information Disclosure Vulnerability. 2022-03-09 not yet calculated CVE-2022-24503
N/A
frontend — frontend
 
An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. 2022-03-09 not yet calculated CVE-2022-24919
CONFIRM
frontend — frontend
 
An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. 2022-03-09 not yet calculated CVE-2022-24917
CONFIRM
frontend — frontend
 
The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services). 2022-03-10 not yet calculated CVE-2022-24915
MISC
parse_community — parse_server 
 
Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file `DatabaseController.js`, so it is likely to affect Postgres and any other database backend as well. This vulnerability has been confirmed on Linux (Ubuntu) and Windows. Users are advised to upgrade as soon as possible. The only known workaround is to manually patch your installation with code referenced at the source GHSA-p6h4-93qp-jhcm. 2022-03-12 not yet calculated CVE-2022-24760
CONFIRM
MISC
pjsip — pjsip_project
 
PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to `PJSIP_MD5STRLEN` before passing to PJSIP. 2022-03-11 not yet calculated CVE-2022-24754
MISC
CONFIRM
ultravnc — ultravnc
 
UltraVNC is a free and open source remote pc access software. A vulnerability has been found in versions prior to 1.3.8.0 in which the DSM plugin module, which allows a local authenticated user to achieve local privilege escalation (LPE) on a vulnerable system. The vulnerability has been fixed to allow loading of plugins from the installed directory. Affected users should upgrade their UltraVNC to 1.3.8.0. Users unable to upgrade should not install and run UltraVNC server as a service. It is advisable to create a scheduled task on a low privilege account to launch WinVNC.exe instead. There are no known workarounds if wincnc needs to be started as a service. 2022-03-10 not yet calculated CVE-2022-24750
CONFIRM
MISC
MISC
microsft — remote_desktop_client
 
Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21990. 2022-03-09 not yet calculated CVE-2022-23285
N/A
evmos — evmos
 
Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. In versions of evmos prior to 2.0.1 attackers are able to drain unclaimed funds from user addresses. To do this an attacker must create a new chain which does not enforce signature verification and connects it to the target evmos instance. The attacker can use this joined chain to transfer unclaimed funds. Users are advised to upgrade. There are no known workarounds for this issue. 2022-03-07 not yet calculated CVE-2022-24738
CONFIRM
MISC
MISC
shopware — core
 
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In versions prior to 6.4.8.2 it is possible to modify customers and to create orders without App Permission. This issue is a result of improper api route checking. Users are advised to upgrade to version 6.4.8.2. There are no known workarounds. 2022-03-09 not yet calculated CVE-2022-24748
CONFIRM
MISC
shopware — core
 
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP caches. This issue has been resolved in version 6.4.8.2. There are no known workarounds. 2022-03-09 not yet calculated CVE-2022-24747
MISC
MISC
CONFIRM
shopware — core
 
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions it is possible to inject code via the voucher code form. This issue has been patched in version 6.4.8.1. There are no known workarounds for this issue. 2022-03-09 not yet calculated CVE-2022-24746
MISC
CONFIRM
MISC
shopware — core
 
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected by this issue. This issue has been resolved in version 6.4.8.2. Users unable to upgrade should disable the HTTP Cache. 2022-03-09 not yet calculated CVE-2022-24745
CONFIRM
antaris — razorengine
 
** UNSUPPORTED WHEN ASSIGNED ** In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment (if users can externally control template contents). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-03-06 not yet calculated CVE-2021-46703
MISC
npmjs — npmjs
 
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. 2022-03-11 not yet calculated CVE-2021-46708
MISC
MISC
libcaca — libcaca
 
libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service 2022-03-10 not yet calculated CVE-2022-0856
MISC
httpie — httpie
 
HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn‘t distinguish between cookies and hosts they belonged. This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third party website. Users are advised to upgrade. There are no known workarounds. 2022-03-07 not yet calculated CVE-2022-24737
MISC
MISC
CONFIRM
samsung_mobile_security — applock
 
Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication. 2022-03-10 not yet calculated CVE-2022-24929
MISC
mediatek — btif
 
In btif, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06271186; Issue ID: ALPS06271186. 2022-03-10 not yet calculated CVE-2022-20057
MISC
mediatek — connsyslogger
 
In connsyslogger, there is a possible symbolic link following due to improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06335038; Issue ID: ALPS06335038. 2022-03-10 not yet calculated CVE-2022-20050
MISC
mediatek — ims_service
 
In ims service, there is a possible unexpected application behavior due to incorrect privilege assignment. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219127; Issue ID: ALPS06219127. 2022-03-10 not yet calculated CVE-2022-20051
MISC
mediatek — ims_service
 
In ims service, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219097; Issue ID: ALPS06219097. 2022-03-10 not yet calculated CVE-2022-20053
MISC
mediatek — ims_service
 
In ims service, there is a possible AT command injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219083; Issue ID: ALPS06219083. 2022-03-10 not yet calculated CVE-2022-20054
MISC
mediatek — preloader
 
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160830. 2022-03-10 not yet calculated CVE-2022-20055
MISC
mediatek — preloader
 
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160820. 2022-03-10 not yet calculated CVE-2022-20056
MISC
mediatek — preloader
 
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160485. 2022-03-10 not yet calculated CVE-2022-20058
MISC
mediatek — video_decoder
 
In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917502; Issue ID: ALPS05917502. 2022-03-10 not yet calculated CVE-2022-20048
MISC
mediatek — preloader
 
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160781. 2022-03-10 not yet calculated CVE-2022-20059
MISC
mediatek — preloader
 
In preloader (usb), there is a possible permission bypass due to a missing proper image authentication. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06137462. 2022-03-10 not yet calculated CVE-2022-20060
MISC
madiant — hevc_video_extensions
 
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-23301, CVE-2022-24452, CVE-2022-24453, CVE-2022-24456. 2022-03-09 not yet calculated CVE-2022-22007
N/A
MISC
ipdio — web_interface
 
Persistent cross-site scripting in the web interface of ipDIO allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into a specific parameter. The XSS payload will be executed when a legitimate user attempts to review history. 2022-03-10 not yet calculated CVE-2022-21146
MISC
marktext — marktext
 
A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link (with javascript: scheme) inside the document may allow an attacker to execute an arbitrary script on the PC of the user using marktext. 2022-03-10 not yet calculated CVE-2022-21158
MISC
MISC
madiant — hevc_video_extensions
 
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22007, CVE-2022-23301, CVE-2022-24452, CVE-2022-24453, CVE-2022-24456. 2022-03-09 not yet calculated CVE-2022-22006
N/A
MISC
mediatek — vpu
 
In vpu, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05954679; Issue ID: ALPS05954679. 2022-03-10 not yet calculated CVE-2022-20049
MISC
mediatek — video_decoder
 
In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917489; Issue ID: ALPS05917489. 2022-03-10 not yet calculated CVE-2022-20047
MISC
linux — linux_pv
 
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 2022-03-10 not yet calculated CVE-2022-23042
MISC
ipcomm — ipdio
 
The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the specific web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to review history. 2022-03-10 not yet calculated CVE-2022-22985
MISC
linux — linux_pv
 
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 2022-03-10 not yet calculated CVE-2022-23041
MISC
linux — linux_pv
 
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 2022-03-10 not yet calculated CVE-2022-23040
MISC
linux — linux_pv
 
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 2022-03-10 not yet calculated CVE-2022-23039
MISC
linux — linux_pv
 
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 2022-03-10 not yet calculated CVE-2022-23038
MISC
linux — linux_pv
 
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 2022-03-10 not yet calculated CVE-2022-23037
MISC
linux — linux_pv
 
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 2022-03-10 not yet calculated CVE-2022-23036
MISC
microsoft — hevc_video_extensions
 
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-22007, CVE-2022-23301, CVE-2022-24453, CVE-2022-24456. 2022-03-09 not yet calculated CVE-2022-24452
N/A
microsoft — media_foundation_information_disclosure 
 
Media Foundation Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21977. 2022-03-09 not yet calculated CVE-2022-22010
N/A
schneider-electric — smartconnect_family
 
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior) 2022-03-09 not yet calculated CVE-2022-22806
CONFIRM
schneider-electric — smartconnect_family
 
A CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior) 2022-03-09 not yet calculated CVE-2022-22805
CONFIRM
signiant-manager_agents — signiant-manager_agents
 
Signiant – Manager+Agents XML External Entity (XXE) – Extract internal files of the affected machine An attacker can read all the system files, the product is running with root on Linux systems and nt/authority on windows systems, which allows him to access and extract any file on the systems, such as passwd, shadow, hosts and so on. By gaining access to these files, attackers can steal sensitive information from the victims machine. 2022-03-10 not yet calculated CVE-2022-22795
MISC
zz.inc — keymouse_windows
 
ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affected installation of KeyMouse. 2022-03-10 not yet calculated CVE-2022-24644
MISC
MISC
heindal — heimdal_premium_security
 
Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the “Browse For Folder” window accessible by triggering a “Repair” on the MSI package located in C:\Windows\Installer. 2022-03-10 not yet calculated CVE-2022-24618
MISC
MISC
wago — wago
 
Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised. 2022-03-09 not yet calculated CVE-2022-22511
CONFIRM
ibm — aix
 
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted host. IBM X-Force ID: 220396 2022-03-07 not yet calculated CVE-2022-22351
XF
CONFIRM
samsung_mobile_security — kernel
 
Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP. 2022-03-10 not yet calculated CVE-2022-24928
MISC
zabbix — zabbix
 
An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. 2022-03-09 not yet calculated CVE-2022-24918
CONFIRM
samsung_mobile_security — stretailmodereceiver
 
An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper permission 2022-03-10 not yet calculated CVE-2022-24930
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23930
MISC
lg — lg
 
The public API error causes for the attacker to be able to bypass API access control. 2022-03-11 not yet calculated CVE-2022-23730
MISC
lg — v8_javascript_engine
 
V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models. 2022-03-11 not yet calculated CVE-2022-23731
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23924
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23925
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23926
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23927
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23928
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23929
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23931
MISC
microsoft — raw_image_extension
 
Raw Image Extension Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-23295. 2022-03-09 not yet calculated CVE-2022-23300
N/A
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23932
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23933
MISC
hp — bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 2022-03-11 not yet calculated CVE-2022-23934
MISC
samsung_mobile_security — apkinstaller
 
Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission 2022-03-10 not yet calculated CVE-2022-24931
MISC
zabbix — zabbix_frontend
 
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors – an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim’s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel. 2022-03-09 not yet calculated CVE-2022-24349
CONFIRM
mandiant — heif_image_extensions
 
HEIF Image Extensions Remote Code Execution Vulnerability. 2022-03-09 not yet calculated CVE-2022-24457
N/A
MISC
microsoft — hevc_video_extensions
 
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-22007, CVE-2022-23301, CVE-2022-24452, CVE-2022-24453. 2022-03-09 not yet calculated CVE-2022-24456
N/A
MISC
microsoft — hevc_video_extensions
 
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-22007, CVE-2022-23301, CVE-2022-24452, CVE-2022-24456. 2022-03-09 not yet calculated CVE-2022-24453
N/A
MISC
microsoft — hevc_video_extensions
 
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22006, CVE-2022-22007, CVE-2022-24452, CVE-2022-24453, CVE-2022-24456. 2022-03-09 not yet calculated CVE-2022-23301
N/A
microsft — remote_desktop_client
 
Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-23285. 2022-03-09 not yet calculated CVE-2022-21990
N/A
microsoft — raw_image_extension
 
Raw Image Extension Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-23300. 2022-03-09 not yet calculated CVE-2022-23295
N/A
suletm — pdftron_sdk
 
A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. A crafted PDF can overwrite RIP with data previously allocated on the heap. This issue affects: PDFTron PDFTron SDK 9.2.0 on OSX; 9.2.0 on Linux; 9.2.0 on Windows. 2022-03-10 not yet calculated CVE-2022-24960
MISC
MISC
tenda — tenda_ax3 Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. 2022-03-10 not yet calculated CVE-2022-24995
MISC
printix — printix_secure_cloud_print_management
 
Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition. 2022-03-10 not yet calculated CVE-2022-25090
MISC
MISC
MISC
MISC
foxit — foxit_pdf_reader_and_editor
 
Foxit PDF Reader and Editor before 11.2.1 and PhantomPDF before 10.1.7 allow a NULL pointer dereference during PDF parsing because the pointer is used without proper validation. 2022-03-10 not yet calculated CVE-2022-25108
MISC
tenable — phicomm_k2
 
Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell. 2022-03-10 not yet calculated CVE-2022-25213
MISC
tenable — phicomm_k2
 
Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated remote attacker to obtain the WPA passphrases for the 2.4GHz and 5.0GHz wireless networks. This is particularly dangerous given that the K2G setup wizard presents the user with the option of using the same password for the 2.4Ghz network and the administrative interface, by clicking a checkbox. When Remote Managment is enabled, these endpoints are exposed to the WAN. 2022-03-10 not yet calculated CVE-2022-25214
MISC
tenable — dvdfab_12
 
An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access, by means of an HTTP GET request to http://<IP_ADDRESS>:32080/download/<URL_ENCODED_PATH>. 2022-03-11 not yet calculated CVE-2022-25216
MISC
tenable — localmacconfi.asp
 
Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router itself. 2022-03-10 not yet calculated CVE-2022-25215
MISC
tenable — telnetd_startup
 
Use of a hard-coded cryptographic key pair by the telnetd_startup service allows an attacker on the local area network to obtain a root shell on the device over telnet. The builds of telnetd_startup included in the version 22.5.9.163 of the K2 firmware, and version 32.1.15.93 of the K3C firmware (possibly amongst many other releases) included both the private and public RSA keys. The remaining versions cited here redacted the private key, but left the public key unchanged. An attacker in possession of the leaked private key may, through a scripted exchange of UDP packets, instruct telnetd_startup to spawn an unauthenticated telnet shell as root, by means of which they can then obtain complete control of the device. A consequence of the limited availablility of firmware images for testing is that models and versions not listed here may share this vulnerability. 2022-03-10 not yet calculated CVE-2022-25217
MISC
tenable — telnetd_startup
 
The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the “plaintext” to which an arbitrary blob of ciphertext will be decrypted by OpenSSL’s RSA_public_decrypt() function. This weakness allows the attacker to manipulate the various iterations of the telnetd startup state machine and eventually obtain a root shell on the device, by means of an exchange of crafted UDP packets. In all versions but K2 22.5.9.163 and K3C 32.1.15.93 a successful attack also requires the exploitation of a null-byte interaction error (CVE-2022-25219). 2022-03-10 not yet calculated CVE-2022-25218
MISC
tenable — telnetd_startup
 
A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP packets, an unauthenticated attacker on the local network can leverage this null byte interaction error in such a way as to make those ephemeral passwords predictable (with 1-in-94 odds). Since the attacker must manipulate data processed by the OpenSSL function RSA_public_decrypt(), successful exploitation of this vulnerability depends on the use of an unpadded RSA cipher (CVE-2022-25218). 2022-03-10 not yet calculated CVE-2022-25219
MISC
microsoft — vp9_video_extensions 
 
VP9 Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24451. 2022-03-09 not yet calculated CVE-2022-24501
N/A
samsung_mobile_security — setup_wizard
 
Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard. 2022-03-10 not yet calculated CVE-2022-24932
MISC
abantecart — abantecart
 
Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type). 2022-03-10 not yet calculated CVE-2022-26521
MISC
ace2 — coloros11
 
In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure. 2022-03-11 not yet calculated CVE-2021-23246
MISC
acer — care_center
 
Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority called ACCsvc through a named pipe. In this case, the Named Pipe is also given Read and Write rights to the general user. In addition, the service program does not verify the user when communicating. A thread may exist with a specific command. When the path of the program to be executed is sent, there is a local privilege escalation in which the service program executes the path with system privileges. 2022-03-10 not yet calculated CVE-2022-24285
MISC
acer — quickaccess
 
Acer QuickAccess 2.01.300x before 2.01.3030 and 3.00.30xx before 3.00.3038 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority through a named pipe. In this case, the Named Pipe is also given Read and Write rights to the general user. In addition, the service program does not verify the user when communicating. A thread may exist with a specific command. When the path of the program to be executed is sent, there is a local privilege escalation in which the service program executes the path with system privileges. 2022-03-10 not yet calculated CVE-2022-24286
MISC
adobe — after_effects Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-11 not yet calculated CVE-2022-24095
MISC
adobe — after_effects Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-11 not yet calculated CVE-2022-24094
MISC
adobe — after_effects
 
Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-11 not yet calculated CVE-2022-24097
MISC
adobe — after_effects
 
Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by an Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-11 not yet calculated CVE-2022-24096
MISC
adobe — illustrator
 
Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Illustrator. 2022-03-11 not yet calculated CVE-2022-23187
MISC
adobe — photoshop
 
Adobe Photoshop versions 23.1.1 (and earlier) and 22.5.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-03-11 not yet calculated CVE-2022-24090
MISC
alist — alist
 
Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist. 2022-03-12 not yet calculated CVE-2022-26533
MISC
amd — cpus
 
LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. 2022-03-11 not yet calculated CVE-2021-26401
MISC
amd — cpus
 
Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. 2022-03-11 not yet calculated CVE-2021-26341
MISC
atlassian — jira_server_and_data_center
 
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. 2022-03-08 not yet calculated CVE-2021-43944
N/A
atune — atune
 
atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration. 2022-03-11 not yet calculated CVE-2021-33658
CONFIRM
casaos — casaos
 
CasaOS before v0.2.7 was discovered to contain a command injection vulnerability via the component leave or join zerotier api. 2022-03-10 not yet calculated CVE-2022-24193
MISC
MISC
MISC
MISC
cgi-bin/ej.cgi — cgi-bin/ej.cgi
 
A cross-site scripting (XSS) vulnerability in the component cgi-bin/ej.cgi of Ex libris ALEPH 500 v18.1 and v20 allows attackers to execute arbitrary web scripts or HTML. 2022-03-10 not yet calculated CVE-2022-24177
MISC
citrix — federated_authentication_service
 
Citrix Federated Authentication Service (FAS) 7.17 – 10.6 causes deployments that have been configured to store a registration authority certificate’s private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP). This issue only occurs if PowerShell was used when configuring FAS to store the registration authority certificate’s private key in the TPM. It does not occur if the TPM was not selected for use or if the FAS administration console was used for configuration. 2022-03-10 not yet calculated CVE-2022-26355
MISC
cobbler — cobbler
 
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. 2022-03-11 not yet calculated CVE-2022-0860
CONFIRM
MISC
cockpit — cockpit
 
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality. 2022-03-10 not yet calculated CVE-2021-3698
MISC
cockpit — cockpit
 
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks. 2022-03-10 not yet calculated CVE-2021-3660
MISC
MISC
MISC
contact_form_x — contact_form_x
 
Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4). 2022-03-11 not yet calculated CVE-2022-25601
CONFIRM
CONFIRM
couchbase_operator — couchbase_operator
 
Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to an Unauthorized Actor. Secrets are not redacted in logs collected from Kubernetes environments. 2022-03-10 not yet calculated CVE-2022-26311
CONFIRM
MISC
croogo — croogo
 
A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script. 2022-03-10 not yet calculated CVE-2021-44673
MISC
cx-programmer — cx-programmer Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325. 2022-03-10 not yet calculated CVE-2022-25230
MISC
cx-programmer — cx-programmer Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230. 2022-03-10 not yet calculated CVE-2022-25325
MISC
cx-programmer — cx-programmer
 
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25234. 2022-03-10 not yet calculated CVE-2022-21124
MISC
cx-programmer — cx-programmer
 
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-21124. 2022-03-10 not yet calculated CVE-2022-25234
MISC
cx-programmer — cx-programmer
 
Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. 2022-03-10 not yet calculated CVE-2022-21219
MISC
dell — bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 2022-03-11 not yet calculated CVE-2022-24416
MISC
dell — bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 2022-03-11 not yet calculated CVE-2022-24419
MISC
dell — bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 2022-03-11 not yet calculated CVE-2022-24420
MISC
dell — bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 2022-03-11 not yet calculated CVE-2022-24421
MISC
dell — bios
 
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 2022-03-11 not yet calculated CVE-2022-24415
MISC
f-secure — support_tool
 
An arbitrary code execution vulnerability was found in the F-Secure Support Tool. A standard user can craft a special configuration file, which when run by administrator can execute any commands. 2022-03-10 not yet calculated CVE-2021-44750
MISC
MISC
fedora — fedora
 
A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47. 2022-03-10 not yet calculated CVE-2021-20269
MISC
fiori — launchpad
 
Fiori launchpad – versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 2022-03-10 not yet calculated CVE-2022-26101
MISC
MISC
freetakserver — freetakserver FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges. 2022-03-11 not yet calculated CVE-2022-25510
MISC
freetakserver — freetakserver An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created routes, or create unsafe or false routes for legitimate users. 2022-03-11 not yet calculated CVE-2022-25508
MISC
freetakserver-ui — freetakserver-ui An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system. 2022-03-11 not yet calculated CVE-2022-25511
MISC
freetakserver-ui — freetakserver-ui FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser. 2022-03-11 not yet calculated CVE-2022-25506
MISC
freetakserver-ui — freetakserver-ui
 
FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys. 2022-03-11 not yet calculated CVE-2022-25512
MISC
freetakserver-ui — freetakserver-ui
 
FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Callsign parameter. 2022-03-11 not yet calculated CVE-2022-25507
MISC
gerapy — gerapy
 
An Access Control vunerabiity exists in Gerapy v 0.9.7 via the spider parameter in project_configure function. 2022-03-10 not yet calculated CVE-2021-44597
MISC
go-gitea — gitea
 
Improper Authorization in GitHub repository go-gitea/gitea prior to 1.16.4. 2022-03-10 not yet calculated CVE-2022-0905
CONFIRM
MISC
gogs — gogs
 
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5. 2022-03-11 not yet calculated CVE-2022-0870
MISC
CONFIRM
gogs — gogs
 
Improper Authorization in GitHub repository gogs/gogs prior to 0.12.5. 2022-03-11 not yet calculated CVE-2022-0871
MISC
CONFIRM
gpac — gpac
 
GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be triggered via MP4Box. 2022-03-12 not yet calculated CVE-2022-26967
MISC
grub2 — grub2
 
A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released. 2022-03-10 not yet calculated CVE-2021-3981
MISC
FEDORA
hitachi — aab_power_grids_ellipse_enterprise_asset_management An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session. 2022-03-11 not yet calculated CVE-2021-27416
CONFIRM
CONFIRM
hitachi — aab_power_grids_ellipse_enterprise_asset_management
 
An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials. 2022-03-11 not yet calculated CVE-2021-27414
CONFIRM
CONFIRM
horde — mime_viewer
 
lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering. 2022-03-11 not yet calculated CVE-2022-26874
MISC
MISC
huawei — devices There is a heap-based buffer overflow vulnerability in system components. Successful exploitation of this vulnerability may affect system stability. 2022-03-10 not yet calculated CVE-2021-40064
MISC
MISC
huawei — devices There is a permission control vulnerability in the PMS module. Successful exploitation of this vulnerability can lead to sensitive system information being obtained without authorization. 2022-03-10 not yet calculated CVE-2021-40049
MISC
MISC
huawei — devices There is an unauthorized access vulnerability in system components. Successful exploitation of this vulnerability will affect confidentiality. 2022-03-10 not yet calculated CVE-2021-40051
MISC
MISC
huawei — devices There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability will affect availability. 2022-03-10 not yet calculated CVE-2021-40048
MISC
MISC
huawei — devices There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability. 2022-03-10 not yet calculated CVE-2021-40052
MISC
huawei — devices There is a permission control vulnerability in the Nearby module. Successful exploitation of this vulnerability will affect availability and integrity. 2022-03-10 not yet calculated CVE-2021-40053
MISC
huawei — devices There is an integer underflow vulnerability in the atcmdserver module. Successful exploitation of this vulnerability may affect integrity. 2022-03-10 not yet calculated CVE-2021-40054
MISC
huawei — devices There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity. 2022-03-10 not yet calculated CVE-2021-40055
MISC
MISC
huawei — devices There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability. 2022-03-10 not yet calculated CVE-2021-40056
MISC
huawei — devices There is a heap-based and stack-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability. 2022-03-10 not yet calculated CVE-2021-40057
MISC
huawei — devices There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability. 2022-03-10 not yet calculated CVE-2021-40058
MISC
huawei — devices There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect confidentiality. 2022-03-10 not yet calculated CVE-2021-40059
MISC
huawei — devices There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability. 2022-03-10 not yet calculated CVE-2021-40060
MISC
huawei — devices There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module. Successful exploitation of this vulnerability may affect integrity. 2022-03-10 not yet calculated CVE-2021-40061
MISC
MISC
huawei — devices There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability. 2022-03-10 not yet calculated CVE-2021-40062
MISC
huawei — devices There is an improper access control vulnerability in the video module. Successful exploitation of this vulnerability may affect confidentiality. 2022-03-10 not yet calculated CVE-2021-40063
MISC
MISC
huawei — devices There is an out-of-bounds read vulnerability in the IFAA module. Successful exploitation of this vulnerability may cause stack overflow. 2022-03-10 not yet calculated CVE-2021-40050
MISC
MISC
huawei — devices
 
There is a vulnerability of memory not being released after effective lifetime in the Bastet module. Successful exploitation of this vulnerability may affect integrity. 2022-03-10 not yet calculated CVE-2021-40047
MISC
MISC
ibm — aix_and_vios IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212950. 2022-03-07 not yet calculated CVE-2021-38988
XF
CONFIRM
ibm — aix_and_vios IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212951. 2022-03-07 not yet calculated CVE-2021-38989
XF
CONFIRM
ibm — datapower_gateway
 
IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID: 209824. 2022-03-10 not yet calculated CVE-2021-38910
CONFIRM
XF
ibm — guardium_data_encryption
 
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. IBM X-Force ID: 213858. 2022-03-10 not yet calculated CVE-2021-39022
CONFIRM
XF
ibm — guardium_data_encryption
 
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. IBM X-Force 213863. 2022-03-10 not yet calculated CVE-2021-39025
XF
CONFIRM
icinga_web_2 — icinga_web_2 Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated. 2022-03-08 not yet calculated CVE-2022-24716
CONFIRM
MISC
icinga_web_2 — icinga_web_2 Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration. 2022-03-08 not yet calculated CVE-2022-24715
CONFIRM
MISC
icinga_web_2 — icinga_web_2
 
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may still have access to a collection of content. Note that this only applies if a role has implicitly permitted access to hosts, due to permitted access to at least one of their services. If access to a host is permitted by other means, no sensible information has been disclosed to unauthorized users. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. 2022-03-08 not yet calculated CVE-2022-24714
CONFIRM
MISC
ifilter_ver — ifilter_ver
 
Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication. 2022-03-10 not yet calculated CVE-2022-21170
MISC
MISC
MISC
MISC
MISC
MISC
intel — sgx
 
The pointer-validation logic in util/mem_util.rs in Occlum before 0.26.0 for Intel SGX acts as a confused deputy that allows a local attacker to access unauthorized information via side-channel analysis. 2022-03-10 not yet calculated CVE-2021-44421
CONFIRM
MISC
CONFIRM
MISC
intel — trace_hub
 
Hardware allows activation of test or debug logic at runtime for some Intel(R) Trace Hub instances which may allow an unauthenticated user to potentially enable escalation of privilege via physical access. 2022-03-11 not yet calculated CVE-2021-33150
MISC
ipdio — ipdio
 
Persistent cross-site scripting (XSS) in the web interface of ipDIO allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into specific fields. The XSS payload will be executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services). 2022-03-10 not yet calculated CVE-2022-24432
MISC
istio — istio
 
Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing when the validating webhook for a cluster is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [external istiod](https://istio.io/latest/docs/setup/install/external-controlplane/) topologies, this port is exposed over the public internet. This issue has been patched in versions 1.13.2, 1.12.5 and 1.11.8. Users are advised to upgrade. Users unable to upgrade should disable access to a validating webhook that is exposed to the public internet or restrict the set of IP addresses that can query it to a set of known, trusted entities. 2022-03-10 not yet calculated CVE-2022-24726
MISC
MISC
CONFIRM
jackson-databind — jackson-databind
 
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. 2022-03-11 not yet calculated CVE-2020-36518
MISC
jboss-client — jboss-client
 
A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability. 2022-03-11 not yet calculated CVE-2022-0853
MISC
MISC
jeecg-boot — jceeg-boot
 
A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event. 2022-03-10 not yet calculated CVE-2021-44585
MISC
jetson — linux
 
NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components. 2022-03-11 not yet calculated CVE-2022-21819
MISC
libtiff — libtiff Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa. 2022-03-11 not yet calculated CVE-2022-0909
MISC
MISC
CONFIRM
libtiff — libtiff Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. 2022-03-11 not yet calculated CVE-2022-0908
CONFIRM
MISC
MISC
libtiff — libtiff
 
Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2. 2022-03-11 not yet calculated CVE-2022-0907
MISC
CONFIRM
MISC
libtiff — libtiff
 
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4. 2022-03-11 not yet calculated CVE-2022-0924
MISC
CONFIRM
MISC
libtiff — libtiff
 
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045. 2022-03-10 not yet calculated CVE-2022-0865
MISC
MISC
CONFIRM
libtiff — libtiff
 
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact 2022-03-10 not yet calculated CVE-2022-0891
CONFIRM
MISC
MISC
MISC
linux — linux_kernel drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed). 2022-03-11 not yet calculated CVE-2022-26878
MISC
MISC
MISC
MISC
MLIST
linux — linux_kernel
 
A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability is to system availability. 2022-03-10 not yet calculated CVE-2021-3739
MISC
MISC
MISC
MISC
MISC
linux — linux_kernel
 
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. 2022-03-12 not yet calculated CVE-2022-26966
MISC
MISC
linux — linux_kernel
 
A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This flaw allows a local user with permissions to execute io-uring requests to possibly crash the system. 2022-03-10 not yet calculated CVE-2021-4023
MISC
linux — linux_kernel
 
A security issue was found in Linux kernel’s OverlayFS subsystem where a local attacker who has the ability to mount the TmpFS filesystem with OverlayFS can abuse a logic bug in the overlayfs code which can inadvertently reveal files hidden in the original mount. 2022-03-10 not yet calculated CVE-2021-3732
MISC
MISC
MISC
MISC
linux — linux_kernel
 
A NULL pointer dereference was found in the Linux kernel’s KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1. 2022-03-10 not yet calculated CVE-2021-4095
MISC
MLIST
luocms — luocms Luocms v2.0 is affected by SQL Injection in /admin/link/link_mod.php. 2022-03-10 not yet calculated CVE-2022-24604
MISC
luocms — luocms Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function.php. 2022-03-10 not yet calculated CVE-2022-24608
MISC
luocms — luocms Luocms v2.0 is affected by SQL Injection in /admin/news/news_mod.php. 2022-03-10 not yet calculated CVE-2022-24602
MISC
luocms — luocms Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. An attacker can obtain sensitive information through SQL injection statements. 2022-03-10 not yet calculated CVE-2022-24601
MISC
luocms — luocms Luocms v2.0 is affected by SQL Injection in /admin/news/sort_mod.php. 2022-03-10 not yet calculated CVE-2022-24603
MISC
luocms — luocms Luocms v2.0 is affected by SQL Injection in /admin/link/link_ok.php. 2022-03-10 not yet calculated CVE-2022-24605
MISC
luocms — luocms Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php. 2022-03-10 not yet calculated CVE-2022-24606
MISC
luocms — luocms Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php. 2022-03-10 not yet calculated CVE-2022-24607
MISC
luocms — luocms Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/template_manage.php, an attacker can write an arbitrary shell file. 2022-03-10 not yet calculated CVE-2022-24609
MISC
luocms — luocms
 
Luocms v2.0 is affected by SQL Injection through /admin/login.php. An attacker can log in to the background through SQL injection statements. 2022-03-10 not yet calculated CVE-2022-24600
MISC
maddy — mail_server
 
Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing filtering mechanisms. 2022-03-09 not yet calculated CVE-2022-24732
MISC
CONFIRM
mattermost — server A stack overflow bug in the document extractor in Mattermost Server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted Apple Pages document. 2022-03-10 not yet calculated CVE-2022-0904
MISC
mattermost — server
 
A call stack overflow bug in the SAML login feature in Mattermost server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted POST body. 2022-03-10 not yet calculated CVE-2022-0903
MISC
microsoft — .net_and_visual_studio
 
.NET and Visual Studio Remote Code Execution Vulnerability. 2022-03-09 not yet calculated CVE-2022-24512
N/A
microsoft — .net_and_visual_studio
 
.NET and Visual Studio Denial of Service Vulnerability. 2022-03-09 not yet calculated CVE-2022-24464
N/A
microsoft — azure Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24469, CVE-2022-24506, CVE-2022-24515, CVE-2022-24518. 2022-03-09 not yet calculated CVE-2022-24519
N/A
microsoft — azure Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24469, CVE-2022-24506, CVE-2022-24515, CVE-2022-24519. 2022-03-09 not yet calculated CVE-2022-24518
N/A
microsoft — azure Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24468, CVE-2022-24470, CVE-2022-24471, CVE-2022-24520. 2022-03-09 not yet calculated CVE-2022-24517
N/A
microsoft — azure Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24468, CVE-2022-24471, CVE-2022-24517, CVE-2022-24520. 2022-03-09 not yet calculated CVE-2022-24470
N/A
microsoft — azure Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24468, CVE-2022-24470, CVE-2022-24471, CVE-2022-24517. 2022-03-09 not yet calculated CVE-2022-24520
N/A
microsoft — azure Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24468, CVE-2022-24470, CVE-2022-24517, CVE-2022-24520. 2022-03-09 not yet calculated CVE-2022-24471
N/A
microsoft — azure Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24506, CVE-2022-24515, CVE-2022-24518, CVE-2022-24519. 2022-03-09 not yet calculated CVE-2022-24469
N/A
microsoft — azure Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24470, CVE-2022-24471, CVE-2022-24517, CVE-2022-24520. 2022-03-09 not yet calculated CVE-2022-24468
N/A
microsoft — azure Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24469, CVE-2022-24515, CVE-2022-24518, CVE-2022-24519. 2022-03-09 not yet calculated CVE-2022-24506
N/A
microsoft — azure
 
Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24469, CVE-2022-24506, CVE-2022-24518, CVE-2022-24519. 2022-03-09 not yet calculated CVE-2022-24515
N/A
microsoft — azure
 
Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24468, CVE-2022-24470, CVE-2022-24471, CVE-2022-24517, CVE-2022-24520. 2022-03-09 not yet calculated CVE-2022-24467
N/A
microsoft — defender Microsoft Defender for IoT Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-23266
N/A
microsoft — defender
 
Microsoft Defender for IoT Remote Code Execution Vulnerability. 2022-03-09 not yet calculated CVE-2022-23265
N/A
microsoft — defender
 
Microsoft Defender for Endpoint Spoofing Vulnerability. 2022-03-09 not yet calculated CVE-2022-23278
N/A
microsoft — exchange
 
Microsoft Exchange Server Remote Code Execution Vulnerability. 2022-03-09 not yet calculated CVE-2022-23277
N/A
microsoft — exchange_server
 
Microsoft Exchange Server Spoofing Vulnerability. 2022-03-09 not yet calculated CVE-2022-24463
N/A
microsoft — intune_portal
 
Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability. 2022-03-09 not yet calculated CVE-2022-24465
N/A
microsoft — media_foundation
 
Media Foundation Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-22010. 2022-03-09 not yet calculated CVE-2022-21977
N/A
microsoft — office
 
Microsoft Office Word Tampering Vulnerability. 2022-03-09 not yet calculated CVE-2022-24511
N/A
microsoft — office_visio Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24461, CVE-2022-24509. 2022-03-09 not yet calculated CVE-2022-24510
N/A
microsoft — office_visio Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24461, CVE-2022-24510. 2022-03-09 not yet calculated CVE-2022-24509
N/A
microsoft — office_visio
 
Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24509, CVE-2022-24510. 2022-03-09 not yet calculated CVE-2022-24461
N/A
microsoft — pint_3d
 
Paint 3D Remote Code Execution Vulnerability. 2022-03-09 not yet calculated CVE-2022-23282
N/A
microsoft — skype
 
Skype Extension for Chrome Information Disclosure Vulnerability. 2022-03-09 not yet calculated CVE-2022-24522
N/A
microsoft — visual_studio
 
Visual Studio Code Spoofing Vulnerability. 2022-03-09 not yet calculated CVE-2022-24526
N/A
microsoft — windows Windows CD-ROM Driver Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-24455
N/A
microsoft — windows Windows Fax and Scan Service Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-24459
N/A
microsoft — windows Tablet Windows User Interface Application Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-24460
N/A
microsoft — windows Windows HTML Platforms Security Feature Bypass Vulnerability. 2022-03-09 not yet calculated CVE-2022-24502
N/A
microsoft — windows Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23283, CVE-2022-23287. 2022-03-09 not yet calculated CVE-2022-24505
N/A
microsoft — windows Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-24507
N/A
microsoft — windows Windows SMBv3 Client/Server Remote Code Execution Vulnerability. 2022-03-09 not yet calculated CVE-2022-24508
N/A
microsoft — windows Microsoft Word Security Feature Bypass Vulnerability. 2022-03-09 not yet calculated CVE-2022-24462
N/A
microsoft — windows Windows Fast FAT File System Driver Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-23293
N/A
microsoft — windows Windows Event Tracing Remote Code Execution Vulnerability. 2022-03-09 not yet calculated CVE-2022-23294
N/A
microsoft — windows Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability. 2022-03-09 not yet calculated CVE-2022-23297
N/A
microsoft — windows Windows Print Spooler Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-23284
N/A
microsoft — windows Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23283, CVE-2022-24505. 2022-03-09 not yet calculated CVE-2022-23287
N/A
microsoft — windows Windows DWM Core Library Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23291. 2022-03-09 not yet calculated CVE-2022-23288
N/A
microsoft — windows Windows Inking COM Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-23290
N/A
microsoft — windows Windows DWM Core Library Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23288. 2022-03-09 not yet calculated CVE-2022-23291
N/A
microsoft — windows Windows Installer Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-23296
N/A
MISC
microsoft — windows Windows PDEV Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-23299
N/A
microsoft — windows Windows NT OS Kernel Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-23298
N/A
microsoft — windows
 
Windows Hyper-V Denial of Service Vulnerability. 2022-03-09 not yet calculated CVE-2022-21975
N/A
microsoft — windows
 
Windows Common Log File System Driver Information Disclosure Vulnerability. 2022-03-09 not yet calculated CVE-2022-23281
N/A
microsoft — windows
 
Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23287, CVE-2022-24505. 2022-03-09 not yet calculated CVE-2022-23283
N/A
microsoft — windows
 
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-23286
N/A
microsoft — windows
 
Windows Update Stack Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-24525
N/A
microsoft — windows
 
Windows Security Support Provider Interface Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-24454
N/A
microsoft — windows_media_center
 
Windows Media Center Update Denial of Service Vulnerability. 2022-03-09 not yet calculated CVE-2022-21973
N/A
microsoft — wps_office_for_windows
 
The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed. 2022-03-09 not yet calculated CVE-2022-25943
CONFIRM
MISC
JVN
microsoft — xbox_live
 
Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability. 2022-03-09 not yet calculated CVE-2022-21967
N/A
microweber — microweber XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11. 2022-03-12 not yet calculated CVE-2022-0929
MISC
CONFIRM
microweber — microweber Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11. 2022-03-11 not yet calculated CVE-2022-0912
MISC
CONFIRM
microweber — microweber Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3. 2022-03-11 not yet calculated CVE-2022-0913
CONFIRM
MISC
microweber — microweber Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12. 2022-03-11 not yet calculated CVE-2022-0921
MISC
CONFIRM
microweber — microweber File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. 2022-03-12 not yet calculated CVE-2022-0926
MISC
CONFIRM
microweber — microweber File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. 2022-03-12 not yet calculated CVE-2022-0930
MISC
CONFIRM
microweber — microweber
 
Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12. 2022-03-10 not yet calculated CVE-2022-0906
CONFIRM
MISC
microweber — microweber
 
Cross-site Scripting (XSS) – Stored in GitHub repository microweber/microweber prior to 1.2.12. 2022-03-11 not yet calculated CVE-2022-0928
MISC
CONFIRM
microweber — microweber
 
Static Code Injection in GitHub repository microweber/microweber prior to 1.3. 2022-03-10 not yet calculated CVE-2022-0895
CONFIRM
MISC
mitel — micollab
 
The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack. 2022-03-10 not yet calculated CVE-2022-26143
MISC
MISC
MISC
MISC
MISC
MISC
MISC
moodle — moodle An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. 2022-03-11 not yet calculated CVE-2021-32474
MISC
moodle — moodle The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected. 2022-03-11 not yet calculated CVE-2021-32478
MISC
moodle — moodle ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. 2022-03-11 not yet calculated CVE-2021-32475
MISC
moodle — moodle The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected. 2022-03-11 not yet calculated CVE-2021-32477
MISC
moodle — moodle Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected. 2022-03-11 not yet calculated CVE-2021-32472
MISC
moodle — moodle It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected 2022-03-11 not yet calculated CVE-2021-32473
MISC
moodle — moodle
 
A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. 2022-03-11 not yet calculated CVE-2021-32476
MISC
mruby — mruby
 
NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2. 2022-03-10 not yet calculated CVE-2022-0890
MISC
CONFIRM
myasus — myasus
 
The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalation. 2022-03-10 not yet calculated CVE-2022-22814
MISC
nabu_casa — home_assistant_operating_system
 
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration. 2022-03-10 not yet calculated CVE-2020-36517
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
nacos — nacos A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters. 2022-03-11 not yet calculated CVE-2021-44667
MISC
nats — nats-server
 
NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected. 2022-03-10 not yet calculated CVE-2022-26652
CONFIRM
MISC
CONFIRM
MLIST
network_olympus — network_olympus
 
Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in ‘/api/eventinstance’ via the ‘sqlparameter’ JSON parameter. It is also possible to achieve remote code execution in the default installation (PostgreSQL) by exploiting this issue. 2022-03-10 not yet calculated CVE-2022-25225
MISC
MISC
nextcloud — server Nextcloud server is a self hosted system designed to provide cloud style services. The groupfolders application for Nextcloud allows sharing a folder with a group of people. In addition, it allows setting “advanced permissions” on subfolders, for example, a user could be granted access to the groupfolder but not specific subfolders. Due to a lacking permission check in affected versions, a user could still access these subfolders by copying the groupfolder to another location. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the “groupfolders” application in the admin settings. 2022-03-08 not yet calculated CVE-2021-41241
CONFIRM
MISC
MISC
nextcloud — server
 
Nextcloud server is a self hosted system designed to provide cloud style services. In affected versions the User Status API did not consider the user enumeration settings by the administrator. This allowed a user to enumerate other users on the instance, even when user listings where disabled. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. There are no known workarounds. 2022-03-08 not yet calculated CVE-2021-41239
CONFIRM
MISC
MISC
nextcloud — talk
 
Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validation on the link. This could result in an open-redirect, but required user interaction. This only affected users of the Android Talk client. It is recommended that the Nextcloud Talk App is upgraded to 12.1.2. There are no known workarounds. 2022-03-08 not yet calculated CVE-2021-41180
CONFIRM
MISC
MISC
nextcloud — text
 
Nextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Due to an issue with the Nextcloud Text application, which is by default shipped with Nextcloud Server, an attacker is able to access the folder names of “File Drop”. For successful exploitation an attacker requires knowledge of the sharing link. It is recommended that users upgrade their Nextcloud Server to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the Nextcloud Text application in the application settings. 2022-03-10 not yet calculated CVE-2021-41233
MISC
CONFIRM
northern.tech — cfengine_enterprise Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files. 2022-03-10 not yet calculated CVE-2021-44216
MISC
MISC
northern.tech — cfengine_enterprise
 
Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have an unspecified impact. 2022-03-10 not yet calculated CVE-2021-44215
MISC
MISC
nystudio107 — seomatic
 
A Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header. 2022-03-11 not yet calculated CVE-2021-44618
MISC
MISC
onenav — onenav
 
An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal. 2022-03-12 not yet calculated CVE-2022-26276
MISC
opensuse — opensuse
 
A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service login-proxy-scripts versions prior to dc000cdfe9b9b715fb92195b1a57559362f689ef. 2022-03-09 not yet calculated CVE-2021-36777
CONFIRM
orchardcms — orchardcore Cross-site Scripting (XSS) – Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0. 2022-03-11 not yet calculated CVE-2022-0820
CONFIRM
MISC
orchardcms — orchardcore
 
Cross-site Scripting (XSS) – Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0. 2022-03-11 not yet calculated CVE-2022-0822
CONFIRM
MISC
orchardcms — orchardcore
 
Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0. 2022-03-11 not yet calculated CVE-2022-0821
CONFIRM
MISC
otris — update_manager
 
otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000. 2022-03-10 not yet calculated CVE-2021-40376
MISC
MISC
MISC
overit_geocall — overit_geocall An issue was discovered in OverIT Geocall before 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XSLT Injection vulnerability. Attackers could exploit this issue to achieve remote code execution. 2022-03-10 not yet calculated CVE-2022-22834
MISC
MISC
overit_geocall — overit_geocall
 
An issue was discovered in OverIT Geocall before version 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XXE vulnerability to read arbitrary files from the filesystem. 2022-03-10 not yet calculated CVE-2022-22835
MISC
MISC
panorama_tools — libpano
 
Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-bounds read in the function panoParserFindOLine() in parser.c. 2022-03-10 not yet calculated CVE-2021-33293
MISC
MISC
pgjdbc — pgjdbc
 
** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor’s position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties. 2022-03-10 not yet calculated CVE-2022-26520
MISC
MISC
MISC
MISC
power_line_communications — plc4trucks
 
Power Line Communications PLC4TRUCKS J2497 trailer receivers are susceptible to remote RF induced signals. 2022-03-10 not yet calculated CVE-2022-26131
CONFIRM
power_line_communications — plt4trucks
 
Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions. 2022-03-10 not yet calculated CVE-2022-25922
CONFIRM
proofpoint — insider_threat_management_agent_for_windows
 
Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. All versions prior to 7.12.1 are affected. Agents for MacOS and Linux and Cloud are unaffected. Proofpoint has released fixed software version 7.12.1. The fixed software versions are available through the customer support portal. 2022-03-10 not yet calculated CVE-2022-25294
MISC
python — python
 
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. 2022-03-04 not yet calculated CVE-2021-3737
MISC
MISC
MISC
MISC
MISC
MISC
python — python
 
In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2. 2022-03-10 not yet calculated CVE-2022-26488
MISC
qnx_software_development_platform — qnx_software_development_platform
 
An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system. 2022-03-10 not yet calculated CVE-2021-32025
MISC
quicklert_for_digium — quickler_for_digium An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 (1043) via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an authenticated (low privileged) attacker to execute remote code on the target server within the context of application’s permissions (SYSTEM). 2022-03-10 not yet calculated CVE-2021-43970
MISC
MISC
quicklert_for_digium — quickler_for_digium
 
The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database (up to and including the administrative accounts’ login IDs and passwords) via the login.jsp uname parameter. 2022-03-10 not yet calculated CVE-2021-43969
MISC
MISC
regex — regex
 
regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it’s considered part of the crate’s API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it’s possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes. 2022-03-08 not yet calculated CVE-2022-24713
CONFIRM
MISC
MISC
rockcarry — ffjpeg
 
The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NULL pointer dereference. 2022-03-10 not yet calculated CVE-2021-34122
MISC
MISC
saleor– saleor
 
Improper Authorization in GitHub repository saleor/saleor prior to 3.1.2. 2022-03-11 not yet calculated CVE-2022-0932
CONFIRM
MISC
samsung — acount
 
Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in. 2022-03-10 not yet calculated CVE-2022-25825
MISC
samsung — bixbytouch
 
Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview. 2022-03-10 not yet calculated CVE-2022-25824
MISC
samsung — galaxy_watch_plugin
 
Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.220126741 allows attackers to access user information in log. 2022-03-10 not yet calculated CVE-2022-25823
MISC
samsung — galaxy_watch_plugin
 
Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.22012751 allows attacker to access password information of connected WiFiAp in the log 2022-03-10 not yet calculated CVE-2022-25827
MISC
samsung — smr Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent. 2022-03-10 not yet calculated CVE-2022-25817
MISC
samsung — smr Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution. 2022-03-10 not yet calculated CVE-2022-25818
MISC
samsung — smr PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. 2022-03-10 not yet calculated CVE-2022-25815
MISC
samsung — smr OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory. 2022-03-10 not yet calculated CVE-2022-25819
MISC
samsung — smr PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. 2022-03-10 not yet calculated CVE-2022-25814
MISC
samsung — smr Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication 2022-03-10 not yet calculated CVE-2022-25816
MISC
samsung — smr
 
An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash. 2022-03-10 not yet calculated CVE-2022-25822
MISC
samsung — smr
 
Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read. 2022-03-10 not yet calculated CVE-2022-25821
MISC
samsung — smr
 
A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password. 2022-03-10 not yet calculated CVE-2022-25820
MISC
samsung — watch_active2_plugin
 
Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log 2022-03-10 not yet calculated CVE-2022-25829
MISC
samsung — watch_active_plugin
 
Information Exposure vulnerability in Watch Active Plugin prior to version 2.2.07.22012751 allows attacker to access password information of connected WiFiAp in the log 2022-03-10 not yet calculated CVE-2022-25828
MISC

samsung– galaxy_watch3_plugin

Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the log 2022-03-10 not yet calculated CVE-2022-25830
MISC
sap — business_objects_business_intelligence_platform
 
Under certain conditions SAP Business Objects Business Intelligence Platform – versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted. 2022-03-10 not yet calculated CVE-2022-24398
MISC
MISC
sap — financial_consolidation
 
SAP Financial Consolidation – version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message. 2022-03-10 not yet calculated CVE-2022-26104
MISC
MISC
sap — focused_run
 
The SAP Focused Run (Real User Monitoring) – versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting (XSS) vulnerability. 2022-03-10 not yet calculated CVE-2022-24399
MISC
MISC
sap — netweaver
 
Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) – version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks. 2022-03-10 not yet calculated CVE-2022-26103
MISC
MISC
sap — netweaver_application_server_for_abap
 
Due to missing authorization check, SAP NetWeaver Application Server for ABAP – versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn’t authorized for that transaction. A successful exploitation could expose information and in worst case manipulate data before the start screen is executed, resulting in limited impact on confidentiality and integrity of the application. 2022-03-10 not yet calculated CVE-2022-26102
MISC
MISC
sap — netweaver_enterprise_portal
 
SAP NetWeaver Enterprise Portal – versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. 2022-03-10 not yet calculated CVE-2022-24395
MISC
MISC
sap — netweaver_enterprise_portal
 
SAP NetWeaver Enterprise Portal – versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser. 2022-03-10 not yet calculated CVE-2022-24397
MISC
MISC
sapcar — sapcar
 
SAPCAR – version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a result, the SAPCAR process may crash, and the attacker may obtain privileged access to the system. 2022-03-10 not yet calculated CVE-2022-26100
MISC
MISC
sas — logon_manager
 
SAS Logon Manager v9.4 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack. 2022-03-10 not yet calculated CVE-2021-42186
MISC
MISC
MISC
sasung — galaxy_s3_plugin
 
Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log 2022-03-10 not yet calculated CVE-2022-25826
MISC
secomea — gatemanager Cross-site Scripting (XSS) vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. 2022-03-11 not yet calculated CVE-2021-32009
MISC
secomea — gatemanager
 
This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup files. 2022-03-10 not yet calculated CVE-2021-32006
MISC
sentcms — sentcms sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload. 2022-03-10 not yet calculated CVE-2022-24652
MISC
sentcms — sentcms
 
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload. 2022-03-10 not yet calculated CVE-2022-24651
MISC
simowireless — luna_simo An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user’s list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software. 2022-03-11 not yet calculated CVE-2021-41849
MISC
MISC
MISC
MISC
simowireless — luna_simo An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property values can be obtained via getprop by all third-party applications co-located on the device, even those with no permissions granted, exposing the IMEI values to processes without enforcing any access control. 2022-03-11 not yet calculated CVE-2021-41850
MISC
MISC
MISC
MISC
simowireless — luna_simo
 
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It mishandles software updates such that local third-party apps can provide a spoofed software update file that contains an arbitrary shell script and arbitrary ARM binary, where both will be executed as the root user with an SELinux domain named osi. To exploit this vulnerability, a local third-party app needs to have write access to external storage to write the spoofed update at the expected path. The vulnerable system binary (i.e., /system/bin/osi_bin) does not perform any authentication of the update file beyond ensuring that it is encrypted with an AES key (that is hard-coded in the vulnerable system binary). Processes executing with the osi SELinux domain can programmatically perform the following actions: install apps, grant runtime permissions to apps (including permissions with protection levels of dangerous and development), access extensive Personally Identifiable Information (PII) using the programmatically grant permissions, uninstall apps, set the default launcher app to a malicious launcher app that spoofs other apps, set a network proxy to intercept network traffic, unload kernel modules, set the default keyboard to a keyboard that has keylogging functionality, examine notification contents, send text messages, and more. The spoofed update can optionally contain an arbitrary ARM binary that will be locally stored in internal storage and executed at system startup to achieve persistent code execution as the root user with the osi SELinux domain. This ARM binary will continue to execute at startup even if the app that provided the spoofed update is uninstalled. 2022-03-11 not yet calculated CVE-2021-41848
MISC
MISC
MISC
MISC
simple-git — simple-git
 
The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary command execution. 2022-03-11 not yet calculated CVE-2022-24433
MISC
MISC
MISC
MISC
simple_diagnostics_agent — simple_diagnostics_agent
 
Simple Diagnostics Agent – versions 1.0 (up to version 1.57.), allows an attacker to access information which would otherwise be restricted via a random port 9000-65535. This allows information gathering which could be used exploit future open-source security exploits. 2022-03-10 not yet calculated CVE-2022-22547
MISC
MISC
simple_diagnostics_agent — simple_diagnostics_agent
 
The Simple Diagnostics Agent – versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities and read, modify, or delete sensitive information and configurations. 2022-03-10 not yet calculated CVE-2022-24396
MISC
MISC
smartbear — codecollaborator
 
SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack. 2022-03-10 not yet calculated CVE-2021-41657
MISC
MISC
MISC
softing_opc — ua_c++_sdk An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference. 2022-03-11 not yet calculated CVE-2021-42577
MISC
MISC
softing_opc — ua_c++_sdk
 
An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition. 2022-03-11 not yet calculated CVE-2021-42262
MISC
MISC
solarwinds — solarwinds
 
Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation. 2022-03-10 not yet calculated CVE-2021-35251
MISC
MISC
spectre_bhb — spectre_bhb
 
Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim’s hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected. 2022-03-10 not yet calculated CVE-2022-25368
MISC
MISC
CONFIRM
spip — spip SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code. 2022-03-10 not yet calculated CVE-2022-26846
MISC
MISC
MISC
spip — spip
 
SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects. 2022-03-10 not yet calculated CVE-2022-26847
MISC
MISC
MISC
star7th — showdoc
 
Cross-site Scripting (XSS) – Stored in GitHub repository star7th/showdoc prior to 2.10.2. 2022-03-12 not yet calculated CVE-2022-0880
MISC
CONFIRM
steelcentral_appinternals_dynamic_sampling_agent — steelcentral_appinternals_dynamic_sampling_agent It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent’s (DSA) AgentConfigurationServlet has directory traversal vulnerabilities at the “/api/appInternals/1.0/agent/configuration” API. The affected endpoint does not have any input validation of the user’s input that allows a malicious payload to be injected. 2022-03-10 not yet calculated CVE-2021-42787
CONFIRM
steelcentral_appinternals_dynamic_sampling_agent — steelcentral_appinternals_dynamic_sampling_agent It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the “.debug_command.config” file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the “/api/appInternals/1.0/agent/configuration” API to map the corresponding ID to a command to be executed. 2022-03-10 not yet calculated CVE-2021-42855
CONFIRM
steelcentral_appinternals_dynamic_sampling_agent — steelcentral_appinternals_dynamic_sampling_agent It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent’s (DSA) PluginServlet has directory traversal vulnerabilities at the “/api/appInternals/1.0/plugin/pmx” API. The affected endpoint does not have any input validation of the user’s input that allows a malicious payload to be injected. 2022-03-10 not yet calculated CVE-2021-42854
CONFIRM
steelcentral_appinternals_dynamic_sampling_agent — steelcentral_appinternals_dynamic_sampling_agent It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent’s (DSA) AgentDiagnosticServlet has directory traversal vulnerability at the “/api/appInternals/1.0/agent/diagnostic/logs” API. The affected endpoint does not have any input validation of the user’s input that allows a malicious payload to be injected. 2022-03-10 not yet calculated CVE-2021-42853
CONFIRM
steelcentral_appinternals_dynamic_sampling_agent — steelcentral_appinternals_dynamic_sampling_agent
 
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not have any input validation of the user’s input that allowed a malicious payload to be injected. 2022-03-10 not yet calculated CVE-2021-42786
CONFIRM
steelcentral_appinternals_dynamic_sampling_agent — steelcentral_appinternals_dynamic_sampling_agent
 
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent’s (DSA) AgentDaServlet has directory traversal vulnerabilities at the “/api/appInternals/1.0/agent/da/pcf” API. The affected endpoint does not have any validation of the user’s input that allows a malicious payload to be injected. 2022-03-10 not yet calculated CVE-2021-42857
CONFIRM
suitecrm — suitecrm
 
SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients property. By using a crafted request, they can create a malicious report, containing a PHP-deserialization payload in the email_recipients field. Once someone accesses this report, the backend will deserialize the content of the email_recipients field and the payload gets executed. Project dependencies include a number of interesting PHP deserialization gadgets (e.g., Monolog/RCE1 from phpggc) that can be used for Code Execution. 2022-03-10 not yet calculated CVE-2022-23940
MISC
MISC
swagger_ui — swagger_ui
 
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. 2022-03-11 not yet calculated CVE-2018-25031
MISC
MISC
MISC
tenda — ax12 Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_4327CC. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. 2022-03-10 not yet calculated CVE-2022-25560
MISC
tenda — ax12 Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42E328. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. 2022-03-10 not yet calculated CVE-2022-25556
MISC
tenda — ax12
 
Tenda AX12 v22.03.01.21 was discovered to contain a stack buffer overflow in the function sub_422CE4. This vulnerability allows attackers to cause a Denial of Service (DoS) via the strcpy parameter. 2022-03-10 not yet calculated CVE-2021-46408
MISC
tenda — ax12
 
Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42DE00. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. 2022-03-10 not yet calculated CVE-2022-25561
MISC
totolink — a3100r
 
A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters. 2022-03-11 not yet calculated CVE-2021-44620
MISC
MISC
MISC
tp-link — omada_sdn_software_controller
 
TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method specified in a connection request is allowed. An attacker can bypass the captive portal authentication process by using the downgraded “no authentication” method, and access the protected network. For example, the attacker can simply set window.authType=0 in client-side JavaScript. 2022-03-10 not yet calculated CVE-2021-44032
MISC
MISC
MISC
tp-link — tapo_c200_ip_camera
 
TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera. 2022-03-10 not yet calculated CVE-2021-4045
CONFIRM
trend_micro — password_manager
 
Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially crafted file to exploit the vulnerability and escalate local privileges on the affected machine. 2022-03-08 not yet calculated CVE-2022-26337
N/A
trend_micro — portable_security An installer search patch element vulnerability in Trend Micro Portable Security 3.0 Pro, 3.0 and 2.0 could allow a local attacker to place an arbitrarily generated DLL file in an installer folder to elevate local privileges. Please note: an attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. 2022-03-08 not yet calculated CVE-2022-26319
N/A
tryton_application_platform — tryton_application_platform An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system. 2022-03-10 not yet calculated CVE-2022-26661
MISC
MISC
MLIST
MLIST
DEBIAN
DEBIAN
tryton_application_platform — tryton_application_platform
 
An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server. 2022-03-10 not yet calculated CVE-2022-26662
MISC
MISC
MLIST
MLIST
DEBIAN
DEBIAN
univerge_wa — univerge_wa
 
UNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior, UNIVERGE WA 2021 Ver8.2.11 and prior, UNIVERGE WA 2610-AP Ver8.2.11 and prior, UNIVERGE WA 2611-AP Ver8.2.11 and prior, UNIVERGE WA 2611E-AP Ver8.2.11 and prior, UNIVERGE WA WA2612-AP Ver8.2.11 and prior allows a remote attacker to execute arbitrary OS commands. 2022-03-11 not yet calculated CVE-2022-25621
MISC
url-js — url-js
 
The package url-js before 2.1.0 are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\\\\\localhost and http://localhost are the same URL. However, the hostname is not parsed as localhost, and the backslash is reflected as it is. 2022-03-11 not yet calculated CVE-2022-25839
CONFIRM
CONFIRM
urlib — abstractbasicauthhandler
 
There’s a flaw in urllib’s AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. 2022-03-10 not yet calculated CVE-2021-3733
MISC
MISC
MISC
MISC
MISC
vault_enterprise — vault_enterprise “Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4. 2022-03-10 not yet calculated CVE-2022-25243
MISC
MISC
vault_enterprise — vault_enterprise
 
Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10. 2022-03-10 not yet calculated CVE-2022-25244
MISC
MISC
veritas_system_recovery — veritas_system_recovery
 
Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access. 2022-03-10 not yet calculated CVE-2022-26778
MISC
watchguard — firebox_and_xtm
 
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. 2022-03-04 not yet calculated CVE-2022-26318
CONFIRM
wavpack — wavpack
 
An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound. 2022-03-10 not yet calculated CVE-2021-44269
MISC
wire-ios — wire-ios
 
Wire-ios is a messaging application using the wire protocol on apple’s ios platform. In versions prior to 3.95 malformed resource identifiers may render the iOS Wire Client completely unusable by causing it to repeatedly crash on launch. These malformed resource identifiers can be generated and sent between Wire users. The root cause lies in [wireapp/wire-ios-transport](https://github.com/wireapp/wire-ios-transport), where code responsible for removing sensible tokens before logging may fail and lead to a crash (Swift exception) of the application. This causes undesirable behavior, however the (greater) Wire system is still functional. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. 2022-03-11 not yet calculated CVE-2022-23625
MISC
MISC
CONFIRM
wireguard — wireguard
 
Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.6_1 allows a remote authenticated attacker to lead a pfSense user to view a file outside the public folder. 2022-03-10 not yet calculated CVE-2022-21132
MISC
MISC
wp_google_map — wp_google_map
 
Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3). 2022-03-11 not yet calculated CVE-2022-25600
CONFIRM
CONFIRM
yokogawa_electric — multiple_product The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00. 2022-03-11 not yet calculated CVE-2022-21194
CONFIRM
yokogawa_electric — multiple_product Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. 2022-03-11 not yet calculated CVE-2022-21808
CONFIRM
yokogawa_electric — multiple_products CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00. 2022-03-11 not yet calculated CVE-2022-22151
CONFIRM
yokogawa_electric — multiple_products ‘Root Service’ service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. 2022-03-11 not yet calculated CVE-2022-22148
CONFIRM
yokogawa_electric — multiple_products CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. 2022-03-11 not yet calculated CVE-2022-22145
CONFIRM
yokogawa_electric — multiple_products ‘Long-term Data Archive Package’ service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. 2022-03-11 not yet calculated CVE-2022-22141
CONFIRM
yokogawa_electric — multiple_products The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00 2022-03-11 not yet calculated CVE-2022-23402
CONFIRM
yokogawa_electric — multiple_products There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. 2022-03-11 not yet calculated CVE-2022-21177
CONFIRM
yokogawa_electric — multiple_products CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00. 2022-03-11 not yet calculated CVE-2022-22729
CONFIRM
yokogawa_electric — multiple_products
 
The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. 2022-03-11 not yet calculated CVE-2022-23401
CONFIRM
yxmcms — yzmcms
 
YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user’s personal home page can be realized. It is necessary to judge the user’s login status before accessing the personal home page, but the vulnerability can access other users’ home pages through the non login status because real authentication is not carried out. 2022-03-10 not yet calculated CVE-2022-23383
MISC
MISC
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

CISA recently updated an anonymous product survey;they’d welcome your feedback.