US-CERT Bulletin (SB22-157):Vulnerability Summary for the Week of May 30, 2022

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High: vulnerabilities with a CVSS base score of 7.0–10.0
Medium: vulnerabilities with a CVSS base score of 4.0–6.9
Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
microsoft — windows_server_2012	Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.	2022-06-01	9.3	CVE-2022-30190 N/A

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
cisco — common_services_platform_collector	Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.	2022-05-27	4.3	CVE-2022-20666 CISCO
cisco — common_services_platform_collector	Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.	2022-05-27	4.3	CVE-2022-20667 CISCO
cisco — common_services_platform_collector	Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.	2022-05-27	4.3	CVE-2022-20668 CISCO
cisco — common_services_platform_collector	Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.	2022-05-27	4.3	CVE-2022-20669 CISCO
cisco — common_services_platform_collector	Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.	2022-05-27	4.3	CVE-2022-20670 CISCO
cisco — common_services_platform_collector	Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.	2022-05-27	4.3	CVE-2022-20671 CISCO
libmobi_project — libmobi	Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.	2022-05-27	5.8	CVE-2022-1907 CONFIRM MISC
libmobi_project — libmobi	Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.	2022-05-27	5.8	CVE-2022-1908 CONFIRM MISC
vim — vim	Use After Free in GitHub repository vim/vim prior to 8.2.	2022-05-27	6.8	CVE-2022-1898 MISC CONFIRM FEDORA FEDORA

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
organizr — organizr	Cross-site Scripting (XSS) – Stored in GitHub repository causefx/organizr prior to 2.1.2200.	2022-05-27	3.5	CVE-2022-1909 MISC CONFIRM

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
389-ds-base — 389-ds-base	An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data.	2022-06-02	not yet calculated	CVE-2022-1949 MISC
dell — powerscale_onefs	Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise.	2022-06-01	not yet calculated	CVE-2022-29098 CONFIRM
ncodeastro — wedding_management_system	Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_manage_account_details.php?booking_id=31&user_id=	2022-06-02	not yet calculated	CVE-2022-30834 MISC
abb — e-design	Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine.	2022-06-02	not yet calculated	CVE-2022-29483 MISC
abb — e-design	Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine.	2022-06-02	not yet calculated	CVE-2022-28702 MISC
aceware — aceweb_online_portal	ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp.	2022-06-02	not yet calculated	CVE-2022-24238 MISC MISC MISC
aceware — aceweb_online_portal	ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp.	2022-06-02	not yet calculated	CVE-2022-24239 MISC MISC MISC
aceware — aceweb_online_portal	ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp.	2022-06-02	not yet calculated	CVE-2022-24240 MISC MISC MISC
aceware — aceweb_online_portal	ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp.	2022-06-02	not yet calculated	CVE-2022-24241 MISC MISC MISC
aceware — aceweb_online_portal	ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software.	2022-06-02	not yet calculated	CVE-2022-24581 MISC MISC MISC
adbyby — adbyby	adbyby v2.7 allows external users to make connections via port 8118. This can cause a program logic error and lead to a Denial of Service (DoS) via high CPU usage due to a large number of connections.	2022-06-03	not yet calculated	CVE-2022-29767 MISC
afian_filerun — afian_filerun	In Afian Filerun 20220202 Changing the “search_tika_path” variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user.	2022-06-02	not yet calculated	CVE-2022-30470 MISC
aleksis — aleksis-core	An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set.	2022-06-03	not yet calculated	CVE-2022-29773 MISC
allenhwkim — proctree	OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers to execute arbitrary commands via the fix function.	2022-06-02	not yet calculated	CVE-2021-34082 MISC MISC
apache — tika	We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3.	2022-05-31	not yet calculated	CVE-2022-30973 CONFIRM MLIST
appcheck — dnn_cms_platform	The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services.	2022-06-02	not yet calculated	CVE-2021-40186 MISC
argie — simple_inventory_system	Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/login.php.	2022-06-02	not yet calculated	CVE-2022-31339 MISC
argie — simple_inventory_system	Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/table_edit_ajax.php.	2022-06-02	not yet calculated	CVE-2022-31340 MISC
attlassian — multiple_procuts	In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.	2022-06-03	not yet calculated	CVE-2022-26134 MISC
badminton — center_management_system	Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/view_product.php?id=.	2022-06-02	not yet calculated	CVE-2022-32001 MISC
badminton — center_management_system	Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports/daily_sales_report&date=.	2022-06-02	not yet calculated	CVE-2022-31985 MISC
badminton — center_management_system	Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports/daily_court_rental_report&date=.	2022-06-02	not yet calculated	CVE-2022-31986 MISC
badminton — center_management_system	Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/manage_court.php?id=.	2022-06-02	not yet calculated	CVE-2022-32002 MISC
badminton — center_management_system	Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/view_court.php?id=.	2022-06-02	not yet calculated	CVE-2022-32003 MISC
badminton — center_management_system	Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/manage_product.php?id=.	2022-06-02	not yet calculated	CVE-2022-32004 MISC
badminton — center_management_system	Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/services/view_service.php?id=.	2022-06-02	not yet calculated	CVE-2022-32006 MISC
badminton — center_management_system	Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/services/manage_service.php?id=.	2022-06-02	not yet calculated	CVE-2022-32005 MISC
badminton — center_management_system	Badminton Center Management System V1.0 is vulnerable to SQL Injection via parameter ‘id’ in /bcms/admin/court_rentals/update_status.php.	2022-06-02	not yet calculated	CVE-2022-30490 MISC MISC
badminton — center_management_system	Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_product.	2022-06-02	not yet calculated	CVE-2022-31990 MISC
badminton — center_management_system	Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=reports/daily_services_report&date=.	2022-06-02	not yet calculated	CVE-2022-31988 MISC
badminton — center_management_system	Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=user/manage_user&id=.	2022-06-02	not yet calculated	CVE-2022-31989 MISC
badminton — center_management_system	Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_court.	2022-06-02	not yet calculated	CVE-2022-31991 MISC
badminton — center_management_system	Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/manage_service_transaction&id=.	2022-06-02	not yet calculated	CVE-2022-32000 MISC
badminton — center_management_system	Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/view_details&id=.	2022-06-02	not yet calculated	CVE-2022-31998 MISC
badminton — center_management_system	Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=court_rentals/view_court_rental&id=.	2022-06-02	not yet calculated	CVE-2022-31992 MISC
badminton — center_management_system	Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_service.	2022-06-02	not yet calculated	CVE-2022-31993 MISC
badminton — center_management_system	Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=sales/view_details&id.	2022-06-02	not yet calculated	CVE-2022-31994 MISC
badminton — center_management_system	Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=sales/manage_sale&id=.	2022-06-02	not yet calculated	CVE-2022-31996 MISC
barco — control_room_mangement_suite	Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS.	2022-06-02	not yet calculated	CVE-2022-26976 MISC MISC
barco — control_room_mangement_suite	Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS.	2022-06-02	not yet calculated	CVE-2022-26972 MISC MISC
barco — control_room_mangement_suite	Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. This upload can be executed without authentication.	2022-06-02	not yet calculated	CVE-2022-26971 MISC MISC
barco — control_room_mangement_suite	Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Lack of input sanitization in the upload mechanism leads to reflected XSS.	2022-06-02	not yet calculated	CVE-2022-26974 MISC MISC
barco — control_room_mangement_suite	Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details.	2022-06-02	not yet calculated	CVE-2022-26973 MISC MISC
barco — control_room_mangement_suite	Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication.	2022-06-02	not yet calculated	CVE-2022-26975 MISC MISC
barco — control_room_mangement_suite	Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS.	2022-06-02	not yet calculated	CVE-2022-26977 MISC MISC
barco — control_room_mangement_suite	Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leading to reflected XSS.	2022-06-02	not yet calculated	CVE-2022-26978 MISC MISC
bbs-go — bbs-go	bbs-go <= 3.3.0 including Custom Edition is vulnerable to stored XSS.	2022-06-02	not yet calculated	CVE-2021-38221 MISC MISC
bbultman — gitsome	OS Command Injection vulnerability in bbultman gitsome through 0.2.3 allows attackers to execute arbitrary commands via a crafted tag name of the target git repository.	2022-06-02	not yet calculated	CVE-2021-34081 MISC MISC
bd — pyxis	Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information.	2022-06-02	not yet calculated	CVE-2022-22767 CONFIRM
bd_synapsys	BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII).	2022-06-02	not yet calculated	CVE-2022-30277 CONFIRM
bfabiszewski — libmobi	Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.	2022-06-03	not yet calculated	CVE-2022-1987 CONFIRM MISC
bigbluebutton — bigbluebutton	BigBlueButton is an open source web conferencing system. Starting in version 2.2 and up to versions 2.3.18 and 2.4.1, an attacker could send messages to a locked chat within a grace period of 5s after the lock setting was enacted. The attacker needs to be a participant in the meeting. Versions 2.3.18 and 2.4.1 contain a patch for this issue. There are currently no known workarounds.	2022-06-02	not yet calculated	CVE-2022-29234 MISC MISC MISC MISC CONFIRM
bigbluebutton — bigbluebutton	BigBlueButton is an open source web conferencing system. Starting in version 2.2 and up to versions 2.3.18 and 2.4-rc-6, an attacker who is able to obtain the meeting identifier for a meeting on a server can find information related to an external video being shared, like the current timestamp and play/pause. The problem has been patched in versions 2.3.18 and 2.4-rc-6 by modifying the stream to send the data only for users in the meeting. There are currently no known workarounds.	2022-06-02	not yet calculated	CVE-2022-29235 MISC CONFIRM MISC MISC MISC
bigbluebutton — bigbluebutton	BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and prior to 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service (ReDoS) attacks. By using specific a RegularExpression, an attacker can cause denial of service for the bbb-html5 service. The useragent library performs checking of device by parsing the input of User-Agent header and lets it go through lookupUserAgent() (alias of useragent.lookup() ). This function handles input by regexing and attackers can abuse that by providing some ReDos payload using `SmartWatch`. The maintainers removed `htmlclient/useragent` from versions 2.3.19, 2.4.7, and 2.5.0-beta.2. As a workaround, disable NginX forwarding the requests to the handler according to the directions in the GitHub Security Advisory.	2022-06-01	not yet calculated	CVE-2022-29169 MISC CONFIRM MISC
bigbluebutton — bigbluebutton	BigBlueButton is an open source web conferencing system. Starting in version 2.2 and up to versions 2.3.18 and 2.4-rc-6, an attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previously introduced grace period. The attacker must be a meeting participant. The problem has been patched in versions 2.3.18 and 2.4-rc-6. There are currently no known workarounds.	2022-06-02	not yet calculated	CVE-2022-29236 CONFIRM MISC MISC MISC MISC
bigbluebutton — bigbluebutton	BigBlueButton is an open source web conferencing system. Starting with version 2.2 and prior to versions 2.3.9 and 2.4-beta-1, an attacker can circumvent access controls to obtain the content of public chat messages from different meetings on the server. The attacker must be a participant in a meeting on the server. BigBlueButton versions 2.3.9 and 2.4-beta-1 contain a patch for this issue. There are currently no known workarounds.	2022-06-01	not yet calculated	CVE-2022-29232 CONFIRM MISC MISC MISC
bigbluebutton — bigbluebutton	BigBlueButton is an open source web conferencing system. In BigBlueButton starting with 2.2 but before 2.3.18 and 2.4-rc-1, an attacker can circumvent access controls to gain access to all breakout rooms of the meeting they are in. The permission checks rely on knowledge of internal ids rather than on verification of the role of the user. Versions 2.3.18 and 2.4-rc-1 contain a patch for this issue. There are currently no known workarounds.	2022-06-02	not yet calculated	CVE-2022-29233 MISC MISC CONFIRM MISC MISC
bitdefender — eufy_indoor_2k_indoor_camera	A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote code execution. This issue affects: Eufy Indoor 2K Indoor Camera 2.0.9.3 version and prior versions.	2022-05-31	not yet calculated	CVE-2021-3555 CONFIRM
black_rainbow — nimbus	Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting (XSS).	2022-06-02	not yet calculated	CVE-2022-24967 MISC MISC
bleve — bleve	Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP (bleve/http) handlers for exposing the access to the indexes. For instance, the CreateIndexHandler (`http/index_create.go`) and DeleteIndexHandler (`http/index_delete.go`) enable an attacker to create a bleve index (directory structure) anywhere where the user running the server has the write permissions and to delete recursively any directory owned by the same user account. Users who have used the bleve/http package for exposing access to bleve index without the explicit handling for the Role Based Access Controls(RBAC) of the index assets would be impacted by this issue. There is no patch for this issue because the http package is purely intended to be used for demonstration purposes. Bleve was never designed handle the RBACs, nor it was ever advertised to be used in that way. The collaborators of this project have decided to stay away from adding any authentication or authorization to bleve project at the moment. The bleve/http package is mainly for demonstration purposes and it lacks exhaustive validation of the user inputs as well as any authentication and authorization measures. It is recommended to not use bleve/http in production use cases.	2022-06-01	not yet calculated	CVE-2022-31022 CONFIRM MISC
bonitasoft — bonita-web	Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API endpoints. This can lead to remote code execution by abusing the privileged API actions.	2022-06-02	not yet calculated	CVE-2022-25237 MISC MISC
bottlepy — bottle	Bottle before 0.12.20 mishandles errors during early request binding.	2022-06-02	not yet calculated	CVE-2022-31799 MISC MISC MISC
browsbox — cms	BrowsBox CMS v4.0 was discovered to contain a SQL injection vulnerability.	2022-06-02	not yet calculated	CVE-2022-29704 MISC MISC
caddy_server — caddy	Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.	2022-06-02	not yet calculated	CVE-2022-29718 MISC
car_rental_management_system — car_rental_management_system	Car Rental Management System v1.0 is vulnerable to SQL Injection via /ip/car-rental-management-system/admin/ajax.php?action=login.	2022-06-02	not yet calculated	CVE-2022-32022 MISC
car_rental_management_system — car_rental_management_system	Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=save_car.	2022-06-02	not yet calculated	CVE-2022-32019 MISC
car_rental_management_system — car_rental_management_system	Car Rental Management System v1.0 is vulnerable to SQL Injection via car-rental-management-system/booking.php?car_id=.	2022-06-02	not yet calculated	CVE-2022-32024 MISC
car_rental_management_system — car_rental_management_system	Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/view_car.php?id=.	2022-06-02	not yet calculated	CVE-2022-32025 MISC
car_rental_management_system — car_rental_management_system	Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_booking.php?id=.	2022-06-02	not yet calculated	CVE-2022-32026 MISC
car_rental_management_system — car_rental_management_system	Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/index.php?page=manage_car&id=.	2022-06-02	not yet calculated	CVE-2022-32027 MISC
car_rental_management_system — car_rental_management_system	Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php?id=.	2022-06-02	not yet calculated	CVE-2022-32028 MISC
car_rental_management_system — car_rental_management_system	Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_movement.php?id=.	2022-06-02	not yet calculated	CVE-2022-32021 MISC
car_rental_management_system — car_rental_management_system	Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via ip/car-rental-management-system/admin/ajax.php?action=save_settings.	2022-06-02	not yet calculated	CVE-2022-32020 MISC
chatbot — chatbot_app_with_suggestion	ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=user/manage_user&id=.	2022-06-02	not yet calculated	CVE-2022-31969 MISC
chatbot — chatbot_app_with_suggestion	ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/manage_response&id=.	2022-06-02	not yet calculated	CVE-2022-31970 MISC
chatbot — chatbot_app_with_suggestion	ChatBot App with Suggestion v1.0 is vulnerable to Delete any file via /simple_chat_bot/classes/Master.php?f=delete_img.	2022-06-02	not yet calculated	CVE-2022-31966 MISC
chatbot — chatbot_app_with_suggestion	ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/view_response&id=.	2022-06-02	not yet calculated	CVE-2022-31971 MISC
cisco — common_services_platform_collector_software	Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.	2022-05-27	not yet calculated	CVE-2022-20674 CISCO
cisco — common_services_platform_collector_software	Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.	2022-05-27	not yet calculated	CVE-2022-20673 CISCO
cisco — common_services_platform_collector_software	Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.	2022-05-27	not yet calculated	CVE-2022-20672 CISCO
cisco — enterprise_chat_and_email	A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials.	2022-05-27	not yet calculated	CVE-2022-20802 CISCO
cisco — multiple_products	Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.	2022-05-27	not yet calculated	CVE-2022-20806 CISCO
cisco — multiple_products	Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.	2022-05-27	not yet calculated	CVE-2022-20807 CISCO
cisco — secure_network_analytics	A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system. This vulnerability is due to insufficient user input validation by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting arbitrary commands in the web-based management interface. A successful exploit could allow the attacker to make configuration changes on the affected device or cause certain services to restart unexpectedly.	2022-05-27	not yet calculated	CVE-2022-20797 CISCO
cisco — ucs_director	A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to affected web applications. A successful exploit could allow the attacker to rewrite web page content, access sensitive information stored in the applications, and alter data by submitting forms.	2022-05-27	not yet calculated	CVE-2022-20765 CISCO
coalfire — winaprs	UNSUPPORTED WHEN ASSIGNED An issue was discovered in WinAPRS 2.9.0. A buffer overflow in DIGI address processing for VHF KISS packets allows a remote attacker to cause a denial of service (daemon crash) via a malicious AX.25 packet over the air. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	2022-06-02	not yet calculated	CVE-2022-24700 MISC MISC
coalfire — winaprs	UNSUPPORTED WHEN ASSIGNED An issue was discovered in WinAPRS 2.9.0. A buffer overflow in the VHF KISS TNC component allows a remote attacker to achieve remote code execution via malicious AX.25 packets over the air. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	2022-06-02	not yet calculated	CVE-2022-24702 MISC MISC MISC MISC
coalfire — winaprs	UNSUPPORTED WHEN ASSIGNED An issue was discovered in WinAPRS 2.9.0. A buffer overflow in national.txt processing allows a local attacker to cause a denial of service or possibly achieve code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	2022-06-02	not yet calculated	CVE-2022-24701 MISC MISC
codeastro — simple_bus_ticket_booking_system	Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection via /SimpleBusTicket/index.php.	2022-06-02	not yet calculated	CVE-2022-30817 MISC
codeastro — wedding_management_system	Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\blog_events_edit.php.	2022-06-02	not yet calculated	CVE-2022-30823 MISC
codeastro — wedding_management_system	Wedding Management System v1.0 is vulnerable to SQL Injection via admin\client_assign.php.	2022-06-02	not yet calculated	CVE-2022-30826 MISC
codeastro — wedding_management_system	Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_edit.php?booking=31&user_id=.	2022-06-02	not yet calculated	CVE-2022-30833 MISC
codeastro — wedding_management_system	Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\client_edit.php.	2022-06-02	not yet calculated	CVE-2022-30825 MISC
codeastro — wedding_management_system	Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\package_edit.php.	2022-06-02	not yet calculated	CVE-2022-30827 MISC
codeastro — wedding_management_system	Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\photos_edit.php.	2022-06-02	not yet calculated	CVE-2022-30828 MISC
codeastro — wedding_management_system	In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of “users_profile.php” file.	2022-06-02	not yet calculated	CVE-2022-30822 MISC
codeastro — wedding_management_system	Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\feature_edit.php.	2022-06-02	not yet calculated	CVE-2022-30830 MISC
codeastro — wedding_management_system	In Wedding Management System v1.0, the editing function of the “Services” module in the background management system has an arbitrary file upload vulnerability in the picture upload point of “package_edit.php” file.	2022-06-02	not yet calculated	CVE-2022-30821 MISC
codeastro — wedding_management_system	Wedding Management System v1.0 is vulnerable to SQL Injection via Wedding-Management/wedding_details.php.	2022-06-02	not yet calculated	CVE-2022-30831 MISC
codeastro — wedding_management_system	Wedding Management System v1.0 is vulnerable to SQL injection via /Wedding-Management/admin/blog_events_edit.php?id=31.	2022-06-02	not yet calculated	CVE-2022-30818 MISC
codeastro — wedding_management_system	Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_assign.php?booking=31&user_id=.	2022-06-02	not yet calculated	CVE-2022-30832 MISC
codeastro — wedding_management_system	Wedding Management System v1.0 is vulnerable to SQL Injection. via /Wedding-Management/admin/budget.php?booking_id=.	2022-06-02	not yet calculated	CVE-2022-30835 MISC
codeastro — wedding_management_system	Wedding Management System v1.0 is vulnerable to SQL Injection. via Wedding-Management/admin/select.php.	2022-06-02	not yet calculated	CVE-2022-30836 MISC
codeastro — wedding_management_system	Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\users_edit.php.	2022-06-02	not yet calculated	CVE-2022-30829 MISC
codeastro — wedding_management_system	In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload point of “users_edit.php” file.	2022-06-02	not yet calculated	CVE-2022-30820 MISC
codeastro — wedding_management_system	In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of “photos_edit.php” file.	2022-06-02	not yet calculated	CVE-2022-30819 MISC
complete_online_job_search_system — complete_online_job_search_system	Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/category/index.php?view=edit&id=.	2022-06-02	not yet calculated	CVE-2022-32013 MISC
complete_online_job_search_system — complete_online_job_search_system	Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=category&search=.	2022-06-02	not yet calculated	CVE-2022-32015 MISC
complete_online_job_search_system — complete_online_job_search_system	Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/employee/index.php?view=edit&id=.	2022-06-02	not yet calculated	CVE-2022-32012 MISC
complete_online_job_search_system — complete_online_job_search_system	Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/applicants/index.php?view=view&id=.	2022-06-02	not yet calculated	CVE-2022-32011 MISC
complete_online_job_search_system — complete_online_job_search_system	Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/user/index.php?view=edit&id=.	2022-06-02	not yet calculated	CVE-2022-32010 MISC
complete_online_job_search_system — complete_online_job_search_system	Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/vacancy/index.php?view=edit&id=.	2022-06-02	not yet calculated	CVE-2022-32008 MISC
complete_online_job_search_system — complete_online_job_search_system	Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/company/index.php?view=edit&id=.	2022-06-02	not yet calculated	CVE-2022-32007 MISC
complete_online_job_search_system — complete_online_job_search_system	Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bycompany.	2022-06-02	not yet calculated	CVE-2022-32016 MISC
complete_online_job_search_system — complete_online_job_search_system	Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=byfunction.	2022-06-02	not yet calculated	CVE-2022-32014 MISC
complete_online_job_search_system — complete_online_job_search_system	Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bytitle.	2022-06-02	not yet calculated	CVE-2022-32017 MISC
complete_online_job_search_system — complete_online_job_search_system	Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=hiring&search=.	2022-06-02	not yet calculated	CVE-2022-32018 MISC
couchbase_server	Couchbase Server before 7.1.0 has Incorrect Access Control.	2022-06-02	not yet calculated	CVE-2021-33504 MISC MISC
creatiwity — witycms	An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file.	2022-06-02	not yet calculated	CVE-2022-29725 MISC
cveproject — cve-services	CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in ‘data.js’ has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were called in production, it is possible that it would write the plaintext key to disk. A patch is not available as of time of publication but is anticipated as a “hot fix” for version 1.1.1 and for the 2.x branch.	2022-06-02	not yet calculated	CVE-2022-31004 MISC CONFIRM
d-link — dir-890l	UNSUPPORTED WHEN ASSIGNED D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter ‘descriptor’ at SetVirtualServerSettings.php.	2022-06-03	not yet calculated	CVE-2022-29778 MISC MISC
d-link — dir-890l_dir890la1_fw107b09	The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users easily. The attackers can exploit the vulnerability to carry out arbitrary code by means of sending a specially constructed payload to port 49152.	2022-06-02	not yet calculated	CVE-2022-30521 MISC MISC
dell — bsafe_micro_edition_suite	Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate Validation vulnerability.	2022-06-01	not yet calculated	CVE-2020-26184 CONFIRM
dell — bsafe_micro_edition_suite	Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability.	2022-06-01	not yet calculated	CVE-2020-26185 CONFIRM
dell — emc_powerstore	Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker.	2022-06-02	not yet calculated	CVE-2022-26868 CONFIRM
dell — multiple_products	Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users.	2022-06-02	not yet calculated	CVE-2022-29084 CONFIRM
dell — multiple_products	Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.	2022-06-02	not yet calculated	CVE-2022-29085 CONFIRM
dell — powerstore	PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file.	2022-06-02	not yet calculated	CVE-2022-26867 CONFIRM
dell — powerstore	Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.	2022-06-02	not yet calculated	CVE-2022-26866 CONFIRM
dell — powerstore	PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.	2022-06-02	not yet calculated	CVE-2022-22557 CONFIRM
dell — powerstore	Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution.	2022-06-02	not yet calculated	CVE-2022-26869 CONFIRM
delll — powerstore	Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the Denial of Service.	2022-06-02	not yet calculated	CVE-2022-22556 CONFIRM
delta_controls — entelitouch	Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request.	2022-06-02	not yet calculated	CVE-2022-29735 MISC MISC
delta_controls — entelitouch	Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack.	2022-06-02	not yet calculated	CVE-2022-29733 MISC MISC
delta_controls — entelitouch	Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.	2022-06-02	not yet calculated	CVE-2022-29732 MISC MISC
dhis2 — dhis2	DHIS2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability affects the `/api/programs/orgUnits?programs=` API endpoint in DHIS2 versions prior to 2.36.10.1 and 2.37.6.1. The system is vulnerable to attack only from users that are logged in to DHIS2, and there is no known way of exploiting the vulnerability without first being logged in as a DHIS2 user. The vulnerability is not exposed to a non-malicious user and requires a conscious attack to be exploited. A successful exploit of this vulnerability could allow the malicious user to read, edit and delete data in the DHIS2 instance’s database. Security patches are now available for DHIS2 versions 2.36.10.1 and 2.37.6.1. One may apply mitigations at the web proxy level as a workaround. More information about these mitigations is available in the GitHub Security Advisory.	2022-06-01	not yet calculated	CVE-2022-24848 MISC MISC MISC CONFIRM
drupal — saml_sp	Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Single Sign On (SSO) – SAML Service Provider in certain non-default configurations allow a malicious user to login as any chosen user. The vulnerability is mitigated by the module’s default settings which require the options “Either sign SAML assertions” and “x509 certificate”. This issue affects: Drupal SAML SP 2.0 Single Sign On (SSO) – SAML Service Provider 8.x version 8.x-2.24 and prior versions; 7.x version 7.x-2.57 and prior versions.	2022-06-03	not yet calculated	CVE-2022-26493 CONFIRM
drytents — curekit	In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal.	2022-05-31	not yet calculated	CVE-2022-23082 MISC CONFIRM
ecommerce-project-with-php-and-mysqli-fruits-bazar — ecommerce-project-with-php-and-mysqli-fruits-bazar	Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable to Cross Site Scripting (XSS) in \admin\add_cata.php via the ctg_name parameters.	2022-06-02	not yet calculated	CVE-2022-30482 MISC MISC MISC
ecommerce-project-with-php-and-mysqli-fruits-bazar — ecommerce-project-with-php-and-mysqli-fruits-bazar	Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable to SQL Injection in \search_product.php via the keyword parameters.	2022-06-02	not yet calculated	CVE-2022-30478 MISC MISC MISC
eg_innovations — eg_agent	eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM.	2022-06-02	not yet calculated	CVE-2022-29594 MISC
egavilan_media — contact-form-with-messages-entry-management	EGavilan Media Contact-Form-With-Messages-Entry-Management 1.0 is vulnerable to SQL Injection via Addmessage.php. This allows a remote attacker to compromise Application SQL database.	2022-06-02	not yet calculated	CVE-2021-44097 MISC MISC
egavilan_media — expense-management-system	EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Injection via /expense_action.php. This allows a remote attacker to compromise Application SQL database.	2022-06-02	not yet calculated	CVE-2021-44098 MISC MISC
egavilan_media — user-registration-and-login-system-with-admin-panel	EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profile_action – update_user. This allows a remote attacker to compromise Application SQL database.	2022-06-02	not yet calculated	CVE-2021-44096 MISC MISC
elabftw — elabftw	eLabFTW is an electronic lab notebook manager for research teams. Prior to version 4.3.0, a vulnerability allows an authenticated user with an administrator role in a team to assign itself system administrator privileges within the application, or create a new system administrator account. The issue has been corrected in eLabFTW version 4.3.0. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A system administrator account can manage all accounts, teams and edit system-wide settings within the application. The impact is not deemed as high, as it requires the attacker to have access to an administrator account. Regular user accounts cannot exploit this to gain admin rights. A workaround for one if the issues is removing the ability of administrators to create accounts.	2022-05-31	not yet calculated	CVE-2022-31007 CONFIRM MISC
elitecms — elitecms	elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php.	2022-06-02	not yet calculated	CVE-2022-30808 MISC
elitecms — elitecms	elitecms v1.01 is vulnerable to Delete any file via /admin/delete_image.php?file=.	2022-06-02	not yet calculated	CVE-2022-30804 MISC
elitecms — elitecms	elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php.	2022-06-02	not yet calculated	CVE-2022-30816 MISC
elitecms — elitecms	elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar=	2022-06-02	not yet calculated	CVE-2022-30815 MISC
elitecms — elitecms	elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php.	2022-06-02	not yet calculated	CVE-2022-30814 MISC
elitecms — elitecms	elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php.	2022-06-02	not yet calculated	CVE-2022-30813 MISC
elitecms — elitecms	elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php.	2022-06-02	not yet calculated	CVE-2022-30810 MISC
elitecms — elitecms	elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=.	2022-06-02	not yet calculated	CVE-2022-30809 MISC
embedhis — appweb_community_edition	An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function.	2022-06-02	not yet calculated	CVE-2021-33254 MISC
fedora — fedora	With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.	2022-06-02	not yet calculated	CVE-2022-1789 MISC MISC MISC FEDORA FEDORA FEDORA
flightradar24 — flightradar24	An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys.	2022-06-02	not yet calculated	CVE-2021-43512 MISC MISC MISC
flower — flower	Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes.	2022-06-02	not yet calculated	CVE-2022-30034 MISC MISC
fluid_attacks — keep_my_notes	An attacker with physical access to the victim’s device can bypass the application’s password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation.	2022-06-02	not yet calculated	CVE-2022-1716 MISC MISC
food-order-and-table-reservation-system — food-order-and-table-reservation-system	Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Injection in categorywise-menu.php via the catid parameters.	2022-06-02	not yet calculated	CVE-2022-30481 MISC MISC MISC
form.io — form.io	A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL.	2022-06-02	not yet calculated	CVE-2020-28246 MISC MISC
freeswitch — sofia-sip	Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) – 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this issue.	2022-05-31	not yet calculated	CVE-2022-31001 MISC CONFIRM
freeswitch — sofia-sip	Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a patch for this issue.	2022-05-31	not yet calculated	CVE-2022-31002 MISC CONFIRM
freeswitch — sofia-sip	Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\0` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution. Version 1.13.8 contains a patch for this issue.	2022-05-31	not yet calculated	CVE-2022-31003 MISC CONFIRM
freetype_demo_programs — freetype_demo_programs	ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.	2022-06-02	not yet calculated	CVE-2022-31782 MISC
friendsofflarum — upload	FriendsofFlarum (FoF) Upload is an extension that handles file uploads intelligently for your forum. If FoF Upload prior to version 1.2.3 is configured to allow the uploading of SVG files (‘image/svg+xml’), navigating directly to an SVG file URI could execute arbitrary Javascript code decided by an attacker. This Javascript code could include the execution of HTTP web requests to Flarum, or any other web service. This could allow data to be leaked by an authenticated Flarum user, or, possibly, for data to be modified maliciously. This issue has been patched with v1.2.3, which now sanitizes uploaded SVG files. As a workaround, remove the ability for users to upload SVG files through FoF Upload.	2022-06-02	not yet calculated	CVE-2022-30999 MISC MISC MISC CONFIRM
gitee — tpcms	An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file.	2022-06-02	not yet calculated	CVE-2022-29624 MISC MISC
gitee — ofcms	OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json.	2022-06-02	not yet calculated	CVE-2022-29653 MISC
github-action-merge-dependabot — github-action-merge-dependabot	github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests (PRs). Prior to version 3.2.0, github-action-merge-dependabot does not check if a commit created by dependabot is verified with the proper GPG key. There is just a check if the actor is set to `dependabot[bot]` to determine if the PR is a legit PR. Theoretically, an owner of a seemingly valid and legit action in the pipeline can check if the PR is created by dependabot and if their own action has enough permissions to modify the PR in the pipeline. If so, they can modify the PR by adding a second seemingly valid and legit commit to the PR, as they can set arbitrarily the username and email in for commits in git. Because the bot only checks if the actor is valid, it would pass the malicious changes through and merge the PR automatically, without getting noticed by project maintainers. It would probably not be possible to determine where the malicious commit came from, as it would only say `dependabot[bot]` and the corresponding email-address. Version 3.2.0 contains a patch for this issue.	2022-05-31	not yet calculated	CVE-2022-29220 MISC CONFIRM MISC
go-gitea — gitea	Cross-site Scripting (XSS) – Stored in GitHub repository go-gitea/gitea prior to 1.16.9.	2022-05-29	not yet calculated	CVE-2022-1928 MISC CONFIRM
gogs — gogs	Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8.	2022-06-01	not yet calculated	CVE-2022-1285 MISC CONFIRM
gogs– gogs	Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker (registered user) can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that configuration can contain an option such as sshCommand, which is executed when a master branch is a remote branch (using an ssh:// URI). The remote branch can also be configured by editing the Git configuration file. One can create a new file in a new repository, using the GUI, with “\” as its name, and then rename this file to .git/config with the custom configuration content (and then save it).	2022-06-02	not yet calculated	CVE-2021-32546 MISC MISC
google — google-it	Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the ‘Open in browser’ option in versions up to 1.6.2, google-it will unsafely concat the result’s link retrieved from google to a shell command, potentially exposing the server to RCE.	2022-06-02	not yet calculated	CVE-2021-34083 MISC MISC MISC
hackerone — curl	A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.	2022-06-02	not yet calculated	CVE-2022-27776 MISC
hackerone — curl	Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around – by having the trailing dot in the HSTS cache and not using thetrailing dot in the URL.	2022-06-02	not yet calculated	CVE-2022-30115 MISC
hackerone — curl	libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.	2022-06-02	not yet calculated	CVE-2022-27782 MISC
hackerone — curl	An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.	2022-06-02	not yet calculated	CVE-2022-27775 MISC
hackerone — curl	libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server’s certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.	2022-06-02	not yet calculated	CVE-2022-27781 MISC
hackerone — curl	The curl URL parser wrongly accepts percent-encoded URL separators like ‘/’when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.	2022-06-02	not yet calculated	CVE-2022-27780 MISC
hackerone — curl	libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl’s “cookie engine” can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.	2022-06-02	not yet calculated	CVE-2022-27779 MISC
hackerone — curl	A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `–no-clobber` is used together with `–remove-on-error`.	2022-06-02	not yet calculated	CVE-2022-27778 MISC
hackerone — curl	An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.	2022-06-02	not yet calculated	CVE-2022-27774 MISC
hashicorp — multipule_products	HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1.	2022-06-02	not yet calculated	CVE-2022-30324 MISC MISC
hcl_software — traveler	The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.	2022-05-27	not yet calculated	CVE-2021-27780 CONFIRM
hcl_software — traveler	The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.	2022-05-27	not yet calculated	CVE-2021-27781 CONFIRM
hcl_software — traveler	HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. An attacker could exploit this vulnerability to execute a malicious script to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.	2022-06-01	not yet calculated	CVE-2021-27778 CONFIRM
horner_automation — ccscape_csfont	The affected product is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.	2022-06-02	not yet calculated	CVE-2022-27184 MISC
horner_automation — cscape – csfont	The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code	2022-06-02	not yet calculated	CVE-2022-30540 MISC
horner_automation — cscape_csfont	The affected product is vulnerable to an out-of-bounds write via uninitialized pointer, which may allow an attacker to execute arbitrary code.	2022-06-02	not yet calculated	CVE-2022-28690 MISC
horner_automation — cscape_csfont	The affected product is vulnerable to an out-of-bounds read via uninitialized pointer, which may allow an attacker to execute arbitrary code.	2022-06-02	not yet calculated	CVE-2022-29488 MISC
ibm — multiple_products	IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 – V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.	2022-05-31	not yet calculated	CVE-2022-22361 XF CONFIRM
ict — protege_gxwx	An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users.	2022-06-02	not yet calculated	CVE-2022-29731 MISC MISC
ict — protege_gxwx	A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.	2022-06-02	not yet calculated	CVE-2022-29734 MISC MISC
idce_mv’s_application — idce_mv’s_application	SQL injection in Logon Page of IDCE MV’s application, version 1.0, allows an attacker to inject SQL payloads in the user field, connecting to a database to access enterprise’s private and sensitive information.	2022-06-02	not yet calculated	CVE-2022-30496 MISC MISC
janobe — online_ordering_system	Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?view=edit&id=.	2022-06-02	not yet calculated	CVE-2022-31335 MISC
janobe — online_ordering_system	Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/loaddata.php.	2022-06-02	not yet calculated	CVE-2022-31336 MISC
janobe — online_ordering_system	Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/category/index.php?view=edit&id=.	2022-06-02	not yet calculated	CVE-2022-31337 MISC
janobe — online_ordering_system	Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=.	2022-06-02	not yet calculated	CVE-2022-31338 MISC
janobe — online_ordering_system_by_janobe	Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection via /ordering/admin/orders/loaddata.php.	2022-06-02	not yet calculated	CVE-2022-31329 MISC
janobe — online_ordering_system_by_janobe	Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering/admin/products/index.php?view=edit&id=.	2022-06-02	not yet calculated	CVE-2022-31328 MISC
janobe — online_ordering_system_by_janobe	Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=products&id=.	2022-06-02	not yet calculated	CVE-2022-31327 MISC
jfinal_cms — jfinal_cms	A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request.	2022-06-02	not yet calculated	CVE-2022-29648 MISC
jfrog — devcert_npm_package	An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method	2022-06-02	not yet calculated	CVE-2022-1929 MISC
jfrog — jquery-validation_npm_package	An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method	2022-06-02	not yet calculated	CVE-2021-43306 MISC
jfrog — markdown-link-extractor_npm_package	An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module’s exported function	2022-06-02	not yet calculated	CVE-2021-43308 MISC
jfrog — semver-regex_npm_package	An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method	2022-06-02	not yet calculated	CVE-2021-43307 MISC
keysight_technologies — multiple_products	The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files.	2022-06-02	not yet calculated	CVE-2022-1661 MISC
keysight_technologies — keysight_n6854a_and_n6841a_rf	The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary code.	2022-06-02	not yet calculated	CVE-2022-1660 MISC
knime — analytics_platform	In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions.	2022-06-02	not yet calculated	CVE-2022-31500 MISC MISC
krcert/cc — maxboard	SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoard can cause information leakage and privilege escalation. This vulnerabilities can be exploited by manipulating a variable with a desired value and inserting and arbitrary file.	2022-06-02	not yet calculated	CVE-2021-26633 MISC
krcert/cc — maxboard	In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code execution.	2022-06-02	not yet calculated	CVE-2021-26635 MISC
krcert/cc — maxboard	SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. Attackers can use these vulnerabilities to perform attacks such as stealing server management rights using a web shell.	2022-06-02	not yet calculated	CVE-2021-26634 MISC
libdwarf — libdwarf	libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c.	2022-06-02	not yet calculated	CVE-2022-32200 MISC MISC MISC
libinput — libinput	A format string vulnerability was found in libinput	2022-06-02	not yet calculated	CVE-2022-1215 MISC
libjpeg — libjpeg	libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use.	2022-06-02	not yet calculated	CVE-2022-31796 MISC MISC
libjpeg — libjpeg	In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp.	2022-06-02	not yet calculated	CVE-2022-32202 MISC MISC
libjpeg — libjpeg	In libjpeg 1.63, there is a NULL pointer dereference in Component::SubXOf in component.hpp.	2022-06-02	not yet calculated	CVE-2022-32201 MISC MISC
liblouis — liblouis	Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace.	2022-06-02	not yet calculated	CVE-2022-31783 MISC MISC
libmobi — libmobi	libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mobi file.	2022-06-02	not yet calculated	CVE-2022-29788 MISC
librenms — librenms	LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters.	2022-06-02	not yet calculated	CVE-2022-29712 MISC
librenms — librenms	LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php.	2022-06-02	not yet calculated	CVE-2022-29711 MISC MISC
lifion — lifion-verify-dependencies	lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project’s package.json file.	2022-06-02	not yet calculated	CVE-2021-34078 MISC MISC
linkplay — sound_bar	LinkPlay Sound Bar v1.0 allows attackers to escalate privileges via a hardcoded password for the SSL certificate.	2022-06-02	not yet calculated	CVE-2022-28605 MISC
linux — kernal	Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.	2022-06-02	not yet calculated	CVE-2022-1652 MISC MISC MISC
linux — kernel	A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially	2022-06-02	not yet calculated	CVE-2022-1943 MISC
linux — kernel	net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.	2022-06-02	not yet calculated	CVE-2022-32250 MISC MISC MLIST MLIST
linux — kernel’s_io_uring	A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system.	2022-06-02	not yet calculated	CVE-2022-1786 MISC
linux — teletype	An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.	2022-06-02	not yet calculated	CVE-2022-1462 MISC
mattermost — mattermost	Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post.	2022-06-02	not yet calculated	CVE-2022-1982 MISC
mautic — mautic	A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript	2022-06-01	not yet calculated	CVE-2021-27914 CONFIRM
mcms — mcms	An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file.	2022-06-02	not yet calculated	CVE-2022-30506 MISC
mcms — mcms	An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do.	2022-06-02	not yet calculated	CVE-2022-29647 MISC
mgm_security_partners — bigbluebutton	BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the “Share room access” dialog if the victim has shared access to the particular room with the attacker previously.	2022-06-02	not yet calculated	CVE-2022-26497 MISC MISC
microsoft — edge	Microsoft Edge (Chromium-based) Spoofing Vulnerability.	2022-06-01	not yet calculated	CVE-2022-26905 N/A
microsoft — edge	Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30128.	2022-06-01	not yet calculated	CVE-2022-30127 N/A
microsoft — edge	Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30127.	2022-06-01	not yet calculated	CVE-2022-30128 N/A
mintzo — docker-tester	OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the ‘ports’ entry of a crafted docker-compose.yml file.	2022-06-02	not yet calculated	CVE-2021-34079 MISC MISC
mitsubishi — multiple_products	Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number “24061” or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number “24061” or prior and Mitsubishi Electric MELSEC iQ-R Series RD81MES96N firmware version “08” or prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on the target products by sending specially crafted packets.	2022-06-02	not yet calculated	CVE-2022-25163 MISC MISC
mruby — mruby	Use After Free in GitHub repository mruby/mruby prior to 3.2.	2022-05-31	not yet calculated	CVE-2022-1934 MISC CONFIRM
neorazorx — facturascripts	Cross-site Scripting (XSS) – Generic in GitHub repository neorazorx/facturascripts prior to 2022.09.	2022-06-03	not yet calculated	CVE-2022-1988 MISC CONFIRM
neos_cms — neos_cms	Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also be present in all intermediate versions.	2022-06-02	not yet calculated	CVE-2022-30429 MISC
netapp — e-series_santricity_os_controller_software	E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users.	2022-06-02	not yet calculated	CVE-2022-23236 MISC
netapp — e-series_santricity_os_controller_software	E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host header injection attacks that could allow an attacker to redirect users to malicious websites.	2022-06-02	not yet calculated	CVE-2022-23237 MISC
netcloud — server	Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4, missing input-size validation of new session names allows users to create app passwords with long names. These long names are then loaded into memory on usage, resulting in impacted performance. Versions 22.2.7 and 23.0.4 contain a fix for this issue. There are currently no known workarounds available.	2022-05-31	not yet calculated	CVE-2022-29243 MISC MISC CONFIRM
netscout — ngeniusone	NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution.	2022-06-02	not yet calculated	CVE-2021-45983 MISC MISC
netscout — ngeniusone	NetScout nGeniusONE 6.3.2 allows Arbitrary File Upload by a privileged user.	2022-06-02	not yet calculated	CVE-2021-45982 MISC MISC
netscout — ngeniusone	NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack.	2022-06-02	not yet calculated	CVE-2021-45981 MISC MISC
nextcloud — richdocuments	richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fix for this issue. There are currently no known workarounds available.	2022-06-02	not yet calculated	CVE-2022-31024 MISC CONFIRM MISC
nginx — njs	Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h.	2022-06-02	not yet calculated	CVE-2022-30503 MISC MISC
nginx — njs	Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.	2022-06-02	not yet calculated	CVE-2022-29779 MISC MISC
nginx — njs	Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c.	2022-06-02	not yet calculated	CVE-2022-29780 MISC MISC
npm — es128_ssl-utils	OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions.	2022-06-02	not yet calculated	CVE-2021-34080 MISC
online_car_wash_booking_system — online_car_wash_booking_system	Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_booking.	2022-06-02	not yet calculated	CVE-2022-31344 MISC
online_car_wash_booking_system — online_car_wash_booking_system	Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle.	2022-06-02	not yet calculated	CVE-2022-31347 MISC
online_car_wash_booking_system — online_car_wash_booking_system	Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/bookings/update_status.php?id=.	2022-06-02	not yet calculated	CVE-2022-31348 MISC
online_car_wash_booking_system — online_car_wash_booking_system	Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manage_price.php?id=.	2022-06-02	not yet calculated	CVE-2022-31351 MISC
online_car_wash_booking_system — online_car_wash_booking_system	Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_service.php?id=.	2022-06-02	not yet calculated	CVE-2022-31353 MISC
online_car_wash_booking_system — online_car_wash_booking_system	Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=get_vehicle_service.	2022-06-02	not yet calculated	CVE-2022-31354 MISC
online_car_wash_booking_system — online_car_wash_booking_system	Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=.	2022-06-02	not yet calculated	CVE-2022-31350 MISC
online_car_wash_booking_system — online_car_wash_booking_system	Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manage_service.php?id=.	2022-06-02	not yet calculated	CVE-2022-31352 MISC
online_car_wash_booking_system — online_car_wash_booking_system	Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_service.	2022-06-02	not yet calculated	CVE-2022-31346 MISC
online_car_wash_booking_system — online_car_wash_booking_system	Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=user/manage_user&id=.	2022-06-02	not yet calculated	CVE-2022-31345 MISC
online_car_wash_booking_system — online_car_wash_booking_system	Online Car Wash Booking System v1.0 is vulnerable to Delete any file via /ocwbs/classes/Master.php?f=delete_img.	2022-06-02	not yet calculated	CVE-2022-31342 MISC
online_car_wash_booking_system — online_car_wash_booking_system	Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/view_details&id=.	2022-06-02	not yet calculated	CVE-2022-31343 MISC
online_fire_reporting_system — online_fire_reporting_system	Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=.	2022-06-02	not yet calculated	CVE-2022-31974 MISC
online_fire_reporting_system — online_fire_reporting_system	Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manage_team&id=.	2022-06-02	not yet calculated	CVE-2022-31980 MISC
online_fire_reporting_system — online_fire_reporting_system	Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team.	2022-06-02	not yet calculated	CVE-2022-31977 MISC
online_fire_reporting_system — online_fire_reporting_system	Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=delete_img.	2022-06-02	not yet calculated	CVE-2022-31973 MISC
online_fire_reporting_system — online_fire_reporting_system	Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_inquiry.	2022-06-02	not yet calculated	CVE-2022-31978 MISC
online_fire_reporting_system — online_fire_reporting_system	Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_user&id=.	2022-06-02	not yet calculated	CVE-2022-31975 MISC
online_fire_reporting_system — online_fire_reporting_system	Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/view_team&id=.	2022-06-02	not yet calculated	CVE-2022-31981 MISC
online_fire_reporting_system — online_fire_reporting_system	Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request&id=.	2022-06-02	not yet calculated	CVE-2022-31982 MISC
online_fire_reporting_system — online_fire_reporting_system	Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request.	2022-06-02	not yet calculated	CVE-2022-31976 MISC
online_fire_reporting_system — online_fire_reporting_system	Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/manage_request&id=.	2022-06-02	not yet calculated	CVE-2022-31983 MISC
online_fire_reporting_system — online_fire_reporting_system	Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/take_action.php?id=.	2022-06-02	not yet calculated	CVE-2022-31984 MISC
onlyoffice — document_server	Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp.	2022-06-02	not yet calculated	CVE-2022-29776 MISC MISC
onlyoffice — document_server	Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h.	2022-06-02	not yet calculated	CVE-2022-29777 MISC MISC
oretnom23 — merchandise_online_store	Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information.	2022-06-02	not yet calculated	CVE-2022-30423 MISC
oretnom23 — online_ordering_system	Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductetails.php.	2022-06-02	not yet calculated	CVE-2022-30794 MISC
oretnom23 — online_ordering_system	Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductimage.php.	2022-06-02	not yet calculated	CVE-2022-30795 MISC
oretnom23 — online_ordering_system	Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/viewreport.php.	2022-06-02	not yet calculated	CVE-2022-30798 MISC
oretnom23 — online_ordering_system	Online Ordering System v1.0 by oretnom23 has SQL injection via store/orderpage.php.	2022-06-02	not yet calculated	CVE-2022-30799 MISC
oretnom23 — online_ordering_system	Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php.	2022-06-02	not yet calculated	CVE-2022-30797 MISC
owl_labs — meeting_owl	Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used.	2022-06-02	not yet calculated	CVE-2022-31463 MISC MISC
owl_labs — meeting_owl	Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data.	2022-06-02	not yet calculated	CVE-2022-31462 MISC MISC
owl_labs — meeting_owl	Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value.	2022-06-02	not yet calculated	CVE-2022-31460 MISC MISC
owl_labs — meeting_owl	Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth.	2022-06-02	not yet calculated	CVE-2022-31459 MISC MISC
owl_labs — meeting_owl	Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message.	2022-06-02	not yet calculated	CVE-2022-31461 MISC MISC
packet_storm — responsive_online_blog	Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php.	2022-06-02	not yet calculated	CVE-2022-29659 MISC MISC MISC
pbootcms — pbootcms	Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index.	2022-06-02	not yet calculated	CVE-2020-20971 MISC
percona — xtrabackup	Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when –history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table. NOTE: this issue exists because of an incomplete fix for CVE-2020-10997.	2022-06-02	not yet calculated	CVE-2022-26944 MISC MISC
phpabook — phpabook	phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the “auth_user” parameter in index.php script.	2022-06-02	not yet calculated	CVE-2022-30352 MISC MISC
pidgin — pidgin	An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968.	2022-06-02	not yet calculated	CVE-2022-26491 MISC MISC MISC MISC MISC
play_framework — play_framework	Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by configuring its `DefaultHttpErrorHandler` to do so based on the application mode. In its Scala API Play also provides a static object `DefaultHttpErrorHandler` that is configured to always show verbose errors. This is used as a default value in some Play APIs, so it is possible to inadvertently use this version in production. It is also possible to improperly configure the `DefaultHttpErrorHandler` object instance as the injected error handler. Both of these situations could result in verbose errors displaying to users in a production application, which could expose sensitive information from the application. In particular, the constructor for `CORSFilter` and `apply` method for `CORSActionBuilder` use the static object `DefaultHttpErrorHandler` as a default value. This is patched in Play Framework 2.8.16. The `DefaultHttpErrorHandler` object has been changed to use the prod-mode behavior, and `DevHttpErrorHandler` has been introduced for the dev-mode behavior. A workaround is available. When constructing a `CORSFilter` or `CORSActionBuilder`, ensure that a properly-configured error handler is passed. Generally this should be done by using the `HttpErrorHandler` instance provided through dependency injection or through Play’s `BuiltInComponents`. Ensure that the application is not using the `DefaultHttpErrorHandler` static object in any code that may be run in production.	2022-06-02	not yet calculated	CVE-2022-31023 CONFIRM MISC MISC
play_framework — play_framework	Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play’s forms library, in both the Scala and Java APIs. This can occur when using either the `Form#bindFromRequest` method on a JSON request body or the `Form#bind` method directly on a JSON value. If the JSON data being bound to the form contains a deeply-nested JSON object or array, the form binding implementation may consume all available heap space and cause an `OutOfMemoryError`. If executing on the default dispatcher and `akka.jvm-exit-on-fatal-error` is enabled—as it is by default—then this can crash the application process. `Form.bindFromRequest` is vulnerable when using any body parser that produces a type of `AnyContent` or `JsValue` in Scala, or one that can produce a `JsonNode` in Java. This includes Play’s default body parser. This vulnerability been patched in version 2.8.16. There is now a global limit on the depth of a JSON object that can be parsed, which can be configured by the user if necessary. As a workaround, applications that do not need to parse a request body of type `application/json` can switch from the default body parser to another body parser that supports only the specific type of body they expect.	2022-06-02	not yet calculated	CVE-2022-31018 CONFIRM MISC MISC
polonel — trudesk	Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3.	2022-05-31	not yet calculated	CVE-2022-1947 MISC CONFIRM
polonel — trudesk	Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3.	2022-05-31	not yet calculated	CVE-2022-1926 CONFIRM MISC
polonel — trudesk	Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository polonel/trudesk prior to 1.2.3.	2022-05-31	not yet calculated	CVE-2022-1893 MISC CONFIRM
polonel — trudesk	Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3.	2022-05-31	not yet calculated	CVE-2022-1931 CONFIRM MISC
polonel — trudesk	Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3.	2022-05-31	not yet calculated	CVE-2022-1808 MISC CONFIRM
project_worlds_official — hospital_management_system_in_php	Project Worlds Official Hospital Management System in php 1.0 is vulnerable to SQL Injection on login page organization. ¶¶ A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database.	2022-06-02	not yet calculated	CVE-2021-44095 MISC MISC MISC
protobufjs — protobufjs	The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions 2. by parsing/loading .proto files	2022-05-27	not yet calculated	CVE-2022-25878 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
publiccms — publiccms	PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java.	2022-06-03	not yet calculated	CVE-2022-29784 MISC MISC
python — waitress	Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed. This issue has been fixed in Waitress 2.1.2 by no longer allowing the WSGI thread to close the socket. Instead, that is always delegated to the main thread. There is no work-around for this issue. However, users using waitress behind a reverse proxy server are less likely to have issues if the reverse proxy always reads the full response.	2022-05-31	not yet calculated	CVE-2022-31015 MISC MISC CONFIRM MISC
qdecoder — qdecoder	qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding.	2022-06-03	not yet calculated	CVE-2022-32265 MISC MISC MISC
real_player — real_player	In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder (DLL planting could also occur).	2022-06-03	not yet calculated	CVE-2022-32270 MISC MISC
real_player — real_player	In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary local files.	2022-06-03	not yet calculated	CVE-2022-32271 MISC MISC
real_player — real_player	In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). This leads to arbitrary code execution.	2022-06-03	not yet calculated	CVE-2022-32269 MISC MISC
red_hat_inc — multiple_products	The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of drm_vgem_gem_object (created in vgem_gem_dumb_create) concurrently, and vgem_gem_dumb_create will access the freed drm_vgem_gem_object.	2022-06-02	not yet calculated	CVE-2022-1419 MISC
rescue_dispatch_management_system — rescue_dispatch_management_system	Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/manage_report.php?id=.	2022-06-02	not yet calculated	CVE-2022-31956 MISC
rescue_dispatch_management_system — rescue_dispatch_management_system	Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/respondent_types/manage_respondent_type.php?id=.	2022-06-02	not yet calculated	CVE-2022-31965 MISC
rescue_dispatch_management_system — rescue_dispatch_management_system	Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/respondent_types/view_respondent_type.php?id=.	2022-06-02	not yet calculated	CVE-2022-31964 MISC
rescue_dispatch_management_system — rescue_dispatch_management_system	Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/view_incident.php?id=.	2022-06-02	not yet calculated	CVE-2022-31962 MISC
rescue_dispatch_management_system — rescue_dispatch_management_system	Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/manage_incident.php?id=.	2022-06-02	not yet calculated	CVE-2022-31961 MISC
rescue_dispatch_management_system — rescue_dispatch_management_system	Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/teams/manage_team.php?id=.	2022-06-02	not yet calculated	CVE-2022-31959 MISC
rescue_dispatch_management_system — rescue_dispatch_management_system	Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/teams/view_team.php?id=.	2022-06-02	not yet calculated	CVE-2022-31957 MISC
rescue_dispatch_management_system — rescue_dispatch_management_system	Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/view_report.php?id=.	2022-06-02	not yet calculated	CVE-2022-31953 MISC
rescue_dispatch_management_system — rescue_dispatch_management_system	Rescue Dispatch Management System v1.0 is vulnerable to Delete any file via /rdms/classes/Master.php?f=delete_img.	2022-06-02	not yet calculated	CVE-2022-31945 MISC
rescue_dispatch_management_system — rescue_dispatch_management_system	Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_team.	2022-06-02	not yet calculated	CVE-2022-31946 MISC
rescue_dispatch_management_system — rescue_dispatch_management_system	Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_report.	2022-06-02	not yet calculated	CVE-2022-31948 MISC
rescue_dispatch_management_system — rescue_dispatch_management_system	Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_respondent_type.	2022-06-02	not yet calculated	CVE-2022-31951 MISC
rescue_dispatch_management_system — rescue_dispatch_management_system	Rescue Dispatch Management System v1.0 is vulnerable to SQL injection via /rdms/classes/Master.php?f=delete_incident.	2022-06-02	not yet calculated	CVE-2022-31952 MISC
resi — gemini-net	resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints,	2022-06-02	not yet calculated	CVE-2022-29540 MISC MISC
riverbed — appresponse	Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a (when configured to use local, RADIUS, or TACACS authentication) logs usernames and passwords if either is entered incorrectly. If a user enters an incorrect username and/or password when logging into the WebUI, these attempted credentials are included in an error message that is logged in the WebUI log file. A log entry does not appear if the username and password provided correctly match a valid set of credentials. This also does not happen if AppResponse is configured to use SAML authentication. The WebUI log file is included in subsequent diagnostic system dumps that are generated. (Only users with Full Control access to the System Configuration permission can generate system dumps. By default, only System Administrators have Full Control access to the System Configuration permission.)	2022-06-03	not yet calculated	CVE-2021-43271 MISC
rockwell_automation — logix_controllers	A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online.	2022-06-02	not yet calculated	CVE-2022-1797 CONFIRM CONFIRM
rsa — archer	RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type.	2022-06-02	not yet calculated	CVE-2021-33615 MISC MISC MISC
ruby_gem — dragonfly	An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL.	2022-06-02	not yet calculated	CVE-2021-33473 MISC MISC
schneider_electric_se — multiple_products	A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)	2022-06-02	not yet calculated	CVE-2022-30238 MISC
schneider_electric_se — multiple_products	A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)	2022-06-02	not yet calculated	CVE-2022-30232 MISC
schneider_electric_se — multiple_products	A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)	2022-06-02	not yet calculated	CVE-2022-30233 MISC
schneider_electric_se — multiple_products	A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)	2022-06-02	not yet calculated	CVE-2022-30234 MISC
schneider_electric_se — multiple_products	A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)	2022-06-02	not yet calculated	CVE-2022-30235 MISC
schneider_electric_se — multiple_products	A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)	2022-06-02	not yet calculated	CVE-2022-30236 MISC
schneider_electric_se — multiple_products	A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)	2022-06-02	not yet calculated	CVE-2022-30237 MISC
sercomm — multiple_products	A Command Injection vulnerability in httpd web server (setup.cgi) in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connection_type parameter of the statussupport_diagnostic_tracing.json endpoint.	2022-06-02	not yet calculated	CVE-2021-44080 MISC MISC
siemens-healthineers — multiple_products	A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.	2022-06-01	not yet calculated	CVE-2022-29875 CONFIRM
siteserver — sscms	siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS).	2022-06-02	not yet calculated	CVE-2022-30349 MISC
solidusio — solidus	solidus_backend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery (CSRF) vulnerability. The vulnerability allows attackers to change the state of an order’s adjustments if they hold its number, and the execution happens on a store administrator’s computer. Users should upgrade to solidus_backend 3.1.6, 3.0.6, or 2.11.16 to receive a patch.	2022-06-01	not yet calculated	CVE-2022-31000 MISC CONFIRM
solutions_atlantic — regulatory_reporting_system	Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to an reflected Cross-Site Scripting (XSS) vulnerability via RRSWeb/maint/ShowDocument/ShowDocument.aspx .	2022-06-02	not yet calculated	CVE-2022-29598 MISC MISC
solutions_atlantic — regulatory_reporting_system	Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to Local File Inclusion (LFI). Any authenticated user has the ability to reference internal system files within requests made to the RRSWeb/maint/ShowDocument/ShowDocument.aspx page. The server will successfully respond with the file contents of the internal system file requested. This ability could allow for adversaries to extract sensitive data and/or files from the underlying file system, gain knowledge about the internal workings of the system, or access source code of the application.	2022-06-02	not yet calculated	CVE-2022-29597 MISC MISC
sourcecodester — online_market_place_site	An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers.	2022-06-02	not yet calculated	CVE-2022-29627 MISC
sourcecodester — online_market_place_site	A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page parameter.	2022-06-02	not yet calculated	CVE-2022-29628 MISC
sourcecodester — product_show_room_site	A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been declared as problematic. This vulnerability affects p=contact. The manipulation of the Message textbox with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely but requires authentication. Exploit details have been disclosed to the public.	2022-06-02	not yet calculated	CVE-2022-1979 MISC MISC
sourcecodester — product_show_room_site	A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been rated as problematic. This issue affects the file /admin/?page=system_info/contact_info. The manipulation of the textbox Telephone with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely but requires authentication. Expliot details have been disclosed to the public.	2022-06-02	not yet calculated	CVE-2022-1980 MISC MISC
sourcecodester — school_dormitory_management_system	School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126.	2022-06-02	not yet calculated	CVE-2022-30514 MISC MISC
sourcecodester — school_dormitory_management_system	School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/daily_collection_report.php:59.	2022-06-02	not yet calculated	CVE-2022-30510 MISC MISC
sourcecodester — school_dormitory_management_system	School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/view_details.php:4.	2022-06-02	not yet calculated	CVE-2022-30511 MISC MISC
sourcecodester — school_dormitory_management_system	School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125	2022-06-02	not yet calculated	CVE-2022-30513 MISC MISC
sourcecodester — school_dormitory_management_system	School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/payment_history.php:31.	2022-06-02	not yet calculated	CVE-2022-30512 MISC MISC
ssh.net — ssh.net	SSH.NET is a Secure Shell (SSH) library for .NET. In versions 2020.0.0 and 2020.0.1, during an `X25519` key exchange, the clientâ€™s private key is generated with `System.Random`. `System.Random` is not a cryptographically secure random number generator, it must therefore not be used for cryptographic purposes. When establishing an SSH connection to a remote host, during the X25519 key exchange, the private key is generated with a weak random number generator whose seed can be brute forced. This allows an attacker who is able to eavesdrop on the communications to decrypt them. Version 2020.0.2 contains a patch for this issue. As a workaround, one may disable support for `curve25519-sha256` and `[email protected]` key exchange algorithms.	2022-05-31	not yet calculated	CVE-2022-29245 CONFIRM MISC MISC MISC
starwindsoftware — multiple_products	StarWind SAN and NAS v0.2 build 1914 allow remote code execution.	2022-06-03	not yet calculated	CVE-2022-32268 MISC
swftools — swftools	An issue was discovered in swftools through 20201222. A heap buffer overflow exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execution.	2022-06-02	not yet calculated	CVE-2021-42199 MISC
swftools — swftools	An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_DeleteFilter() located in swffilter.c. It allows an attacker to cause Denial of Service.	2022-06-02	not yet calculated	CVE-2021-42202 MISC
swftools — swftools	An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function handleEditText() located in swfdump.c. It allows an attacker to cause code Execution.	2022-06-02	not yet calculated	CVE-2021-42195 MISC
swftools — swftools	An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function main() located in swfdump.c. It allows an attacker to cause Denial of Service.	2022-06-02	not yet calculated	CVE-2021-42200 MISC
swftools — swftools	An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause code execution.	2022-06-02	not yet calculated	CVE-2021-42204 MISC
swftools — swftools	An issue was discovered in swftools through 20201222. A heap-use-after-free exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execution.	2022-06-02	not yet calculated	CVE-2021-42203 MISC
swftools — swftools	An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function traits_parse() located in abc.c. It allows an attacker to cause Denial of Service.	2022-06-02	not yet calculated	CVE-2021-42196 MISC
swftools — swftools	An issue was discovered in swftools through 20201222 through a memory leak in the swftools when swfdump is used. It allows an attacker to cause code execution.	2022-06-02	not yet calculated	CVE-2021-42197 MISC
swftools — swftools	An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause Denial of Service.	2022-06-02	not yet calculated	CVE-2021-42198 MISC
swftools — swftools	An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetD64() located in rfxswf.c. It allows an attacker to cause code execution.	2022-06-02	not yet calculated	CVE-2021-42201 MISC
tenda_technology — hg6	Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. This vulnerability is exploited via a crafted POST request.	2022-06-02	not yet calculated	CVE-2022-30425 MISC MISC MISC
tidb — tidb	TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access. Only users using TiDB 5.3.0 are affected by this vulnerability. TiDB version 5.3.1 contains a patch for this issue. Other mitigation strategies include turning off Security Enhanced Mode (SEM), disabling local login for non-root accounts, and ensuring that the same IP cannot be logged in as root and normal user at the same time.	2022-05-31	not yet calculated	CVE-2022-31011 MISC CONFIRM
tiktok — tiktok	The TikTok application before 23.8.4 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click.	2022-06-02	not yet calculated	CVE-2022-28799 MISC MISC MISC
totolink — ex1200t	TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack.	2022-06-03	not yet calculated	CVE-2021-42888 MISC
totolink — ex1200t	TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack.	2022-06-03	not yet calculated	CVE-2021-42890 MISC
totolink — ex1200t	In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization.	2022-06-03	not yet calculated	CVE-2021-42889 MISC
totolink — ex1200t	TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin.	2022-06-02	not yet calculated	CVE-2021-42875 MISC MISC MISC
totolink — ex1200t	In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg.	2022-06-03	not yet calculated	CVE-2021-42893 MISC
totolink — ex1200t	In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware.	2022-06-03	not yet calculated	CVE-2021-42892 MISC
totolink — ex1200t	In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization.	2022-06-03	not yet calculated	CVE-2021-42891 MISC
totolink — ex1200t	TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file.	2022-06-03	not yet calculated	CVE-2021-42886 MISC
totolink — ex1200t	TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system.	2022-06-02	not yet calculated	CVE-2021-42877 MISC MISC MISC
totolink — ex1200t	TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack.	2022-06-03	not yet calculated	CVE-2021-42884 MISC
totolink — ex1200t	TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack.	2022-06-03	not yet calculated	CVE-2021-42885 MISC
totolink — ex1200t	TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code.	2022-06-02	not yet calculated	CVE-2021-42872 MISC MISC MISC
totolink — ex1200t	In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.	2022-06-03	not yet calculated	CVE-2021-42887 MISC
trend_micro_inc — maximum_security_2022	Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product’s secure erase feature to delete arbitrary files.	2022-05-27	not yet calculated	CVE-2022-30687 N/A N/A
trend_micro_inc — multiple_products	An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.	2022-05-27	not yet calculated	CVE-2022-30700 N/A N/A
trend_micro_inc — multiple_products	An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.	2022-05-27	not yet calculated	CVE-2022-30701 N/A N/A
trend_micro — eol_product_cve_installer_of_trend_micro_password_manager_(consumer)	EOL Product CVE – Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Please note that this was reported on an EOL version of the product, and users are advised to upgrade to the latest supported version (5.x).	2022-05-27	not yet calculated	CVE-2022-28394 N/A N/A N/A
turistforeningen — node-s3-uploader	OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function.	2022-06-02	not yet calculated	CVE-2021-34084 MISC
unicorn-engine — unicorn_engine	Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine initialization.	2022-06-02	not yet calculated	CVE-2022-29695 MISC MISC
unicorn-engine — unicorn_engine	Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ram_free.	2022-06-02	not yet calculated	CVE-2022-29694 MISC MISC MISC MISC MISC
unicorn-engine — unicorn_engine	Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c.	2022-06-02	not yet calculated	CVE-2022-29693 MISC MISC
unicorn-engine — unicorn_engine	Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulnerability via the hook function.	2022-06-02	not yet calculated	CVE-2022-29692 MISC
vapor — vapor	Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a workaround, disable FileMiddleware and serve via a Content Delivery Network.	2022-05-31	not yet calculated	CVE-2022-31005 CONFIRM MISC MISC
vartalap — chat_server	Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function `this.authProvider.verifyAccessKey` is an async function, as the code is not using `await` to wait for the verification result. Every time the function responds back with success, along with an unhandled exception if the token is invalid. A patch is available in version 2.6.0.	2022-05-31	not yet calculated	CVE-2022-31013 MISC CONFIRM MISC
verizon — 4g_lte_network_extender_ga4.38	Verizon 4G LTE Network Extender GA4.38 – V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page.	2022-06-02	not yet calculated	CVE-2022-29729 MISC MISC
vim — vim	Use After Free in GitHub repository vim/vim prior to 8.2.	2022-06-02	not yet calculated	CVE-2022-1968 CONFIRM MISC
vim — vim	Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.	2022-05-27	not yet calculated	CVE-2022-1897 CONFIRM MISC FEDORA FEDORA
vim — vim	Buffer Over-read in GitHub repository vim/vim prior to 8.2.	2022-05-29	not yet calculated	CVE-2022-1927 CONFIRM MISC FEDORA FEDORA
vim — vim	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.	2022-05-31	not yet calculated	CVE-2022-1942 CONFIRM MISC
webankpartners — wecube	An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted ZIP file.	2022-06-02	not yet calculated	CVE-2022-28945 MISC MISC MISC MISC
wordpress — amazon_link_wordpress_plugin	The Amazon Link WordPress plugin through 3.2.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.	2022-05-30	not yet calculated	CVE-2022-1645 MISC
wordpress — bannerman_wordpress_plugin	The BannerMan WordPress plugin through 0.2.4 does not sanitize or escape its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed (such as in multisite)	2022-05-30	not yet calculated	CVE-2022-1275 MISC
wordpress — birthdays_widget_wordpress_plugin	The Birthdays Widget WordPress plugin through 1.7.18 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed	2022-05-30	not yet calculated	CVE-2022-1643 MISC
wordpress — bluk_page_creator_wordpress_plugin	The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF.	2022-05-30	not yet calculated	CVE-2022-1611 MISC
wordpress — call&book_mobile_bar_wordpress_plugin	The Call&Book Mobile Bar WordPress plugin through 1.2.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.	2022-05-30	not yet calculated	CVE-2022-1644 MISC
wordpress — change_wp_admin_login_wordpress_plugin	The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector	2022-05-30	not yet calculated	CVE-2022-1589 MISC
wordpress — content_mask_wordpress_plugin	The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options	2022-05-30	not yet calculated	CVE-2022-1203 MISC
wordpress — easy_faq_with_expanding_text_wordpress_plugin	The Easy FAQ with Expanding Text WordPress plugin through 3.2.8.3.1 does not sanitise and escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks when unfiltered_html is disallowed	2022-05-30	not yet calculated	CVE-2022-1395 MISC
wordpress — enable_svg_wordpress_plugin	The Enable SVG WordPress plugin before 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads	2022-05-30	not yet calculated	CVE-2022-1562 MISC
wordpress — external_links_in_new_window/new_tab_wordpress_plugin	The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible.	2022-05-30	not yet calculated	CVE-2022-1582 MISC
wordpress — external_links_in_new_window/new_tab_wordpress_plugin	The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to “null” when links to external sites are clicked, which may enable tabnabbing attacks to occur.	2022-05-30	not yet calculated	CVE-2022-1583 MISC
wordpress — fatcat_apps_easy_pricing_tables_plugin	Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at WordPress.	2022-06-02	not yet calculated	CVE-2021-36866 CONFIRM CONFIRM
wordpress — form_maker_by_10web_wordpress_plugin	The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed	2022-05-30	not yet calculated	CVE-2022-1564 MISC
wordpress — hpb_dashboard_wordpress_plugin	The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.	2022-05-30	not yet calculated	CVE-2022-1542 MISC
wordpress — imbd_info_box_wordpress_plugin	The IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed	2022-05-30	not yet calculated	CVE-2022-1294 MISC
wordpress — jivochat_live_chat_wordpress_plugin	The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript.	2022-05-30	not yet calculated	CVE-2022-0642 MISC
wordpress — no_future_posts_wordpress_plugin	The No Future Posts WordPress plugin through 1.4 does not escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed	2022-05-30	not yet calculated	CVE-2022-1387 MISC
wordpress — poll_maker_wordpress_plugin	The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed	2022-05-30	not yet calculated	CVE-2022-1456 MISC
wordpress — quotes_llama_wordpress_plugin	The Quotes llama WordPress plugin through 0.7 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file	2022-05-30	not yet calculated	CVE-2022-1566 MISC
wordpress — simple_real_estate_pack_wordpress_plugin	The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed	2022-05-30	not yet calculated	CVE-2022-1646 MISC
wordpress — slideshow_wordpress_plugin	The Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed	2022-05-30	not yet calculated	CVE-2022-1299 MISC
wordpress — smush_wordpress_plugin	The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin to upload a malicious configuration file	2022-05-30	not yet calculated	CVE-2022-1009 MISC
wordpress — social_share_buttons_supsystic_plugin	Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress.	2022-06-02	not yet calculated	CVE-2021-36890 CONFIRM CONFIRM
wordpress — stafflist_wordpress_plugin	The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection	2022-05-30	not yet calculated	CVE-2022-1556 MISC MISC
wordpress — team_members_wordpress_plugin	The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed	2022-05-30	not yet calculated	CVE-2022-1568 MISC
wordpress — user_meta_wordpress_plugin	The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed	2022-05-30	not yet calculated	CVE-2022-0376 MISC
wordpress — vikbooking_hotel_booking_engine_&_pms_wordpress_plugin	The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.9 does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting	2022-05-30	not yet calculated	CVE-2022-1528 MISC
wordpress — wp_2fa_wordpress_plugin	The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting	2022-05-30	not yet calculated	CVE-2022-1527 MISC
xwiki_platform — filter_ui	XWiki Platform Filter UI provides a generic user interface to convert from a XWiki Filter input stream to an output stream with settings for each stream. Starting with versions 6.0-milestone-2 and 5.4.4 and prior to versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3, XWiki Platform Filter UI contains a possible cross-site scripting vector in the `Filter.FilterStreamDescriptorForm` wiki page related to pretty much all the form fields printed in the home page of the application. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest workaround is to edit the wiki page `Filter.FilterStreamDescriptorForm` (with wiki editor) according to the instructions in the GitHub Security Advisory.	2022-05-31	not yet calculated	CVE-2022-29258 MISC CONFIRM MISC
xxl-job — xxl-job	XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo.	2022-06-03	not yet calculated	CVE-2022-29770 MISC
zero_science_lab — usr_iot_4g_lte_industrial_cellular_vpn_router	USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the device.	2022-06-02	not yet calculated	CVE-2022-29730 MISC MISC
zzcms — zzcms	An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma.	2022-06-02	not yet calculated	CVE-2019-12350 MISC
zzcms — zzcms	An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing comma.	2022-06-02	not yet calculated	CVE-2019-12351 MISC
zzcms — zzcms	An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dl_sendsms.php via the id parameter.	2022-06-02	not yet calculated	CVE-2019-12349 MISC

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

CISA recently updated an anonymous product survey;they’d welcome your feedback.

Tags: threatintel, US-CERT

US-CERT Bulletin (SB22-157):Vulnerability Summary for the Week of May 30, 2022

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: Joint Guidance on Deploying AI Systems Securely

CISA: Juniper Releases Security Bulletin for Multiple Juniper Products

CISA: Citrix Releases Security Updates for XenServer and Citrix Hypervisor

CISA: Palo Alto Networks Releases Guidance for Vulnerability in PAN-OS, CVE-2024-3400

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

You may have missed

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: Joint Guidance on Deploying AI Systems Securely

CISA: Juniper Releases Security Bulletin for Multiple Juniper Products

CISA: Citrix Releases Security Updates for XenServer and Citrix Hypervisor

CISA: Palo Alto Networks Releases Guidance for Vulnerability in PAN-OS, CVE-2024-3400