Vulnerability Summary for the Week of April 4, 2022

Released
Apr 11, 2022
Document ID
SB22-101

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
escanav -- escan_anti-virusAn local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values.2022-04-0110CVE-2021-26624
MISC
pagekit -- pagekitpagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing.2022-04-0110CVE-2021-44135
MISC
allmediaserver -- allmediaserverMediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port 888, a related issue to CVE-2017-17932.2022-04-0310CVE-2022-28381
MISC
MISC
qualcomm -- apq8096au_firmwareAn Out of Bounds read may potentially occur while processing an IBSS beacon, in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music2022-04-019.4CVE-2021-35117
CONFIRM
dell -- wyse_management_suiteDell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. A malicious user with admin privileges can exploit this vulnerability in order to execute arbitrary code on the system.2022-04-019CVE-2022-23155
CONFIRM
hitrontech -- chita_firmwareHitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulnerability via the Device/DDNS ddnsUsername field.2022-04-019CVE-2022-25017
MISC
idearespa -- reftreeAn unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource.2022-04-039CVE-2022-27249
MISC
MISC
qualcomm -- ar8035_firmwarePossible assertion due to improper validation of invalid NR CSI-IM resource configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile2022-04-017.8CVE-2021-30328
CONFIRM
qualcomm -- ar8035_firmwarePossible assertion due to improper validation of TCI configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile2022-04-017.8CVE-2021-30329
CONFIRM
oppo -- quick_appA command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine2022-04-017.5CVE-2021-23247
MISC
bandisoft -- bandizipA remote code execution vulnerability due to incomplete check for 'xheader_decode_path_record' function's parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function.2022-04-017.5CVE-2021-26623
MISC
philips -- myvuePhilips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.2022-04-017.5CVE-2021-27497
CONFIRM
CONFIRM
philips -- myvuePhilips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities.2022-04-017.5CVE-2021-27501
CONFIRM
CONFIRM
auvesy-mdt -- autosaveAn attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument. This could then be leveraged to run a malicious process.2022-04-017.5CVE-2021-32933
CONFIRM
cocoapods -- cocoapods-downloaderThe package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function (when using hg), the url (and/or revision, tag, branch) is passed to the hg clone command in a way that additional flags can be set. The additional flags can be used to perform a command injection.2022-04-017.5CVE-2022-21223
MISC
MISC
ui -- ua_lite_firmwareA buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a malicious actor who has gained access to a network to control all connected UA devices. This vulnerability is fixed in Version 3.8.31.13 and later.2022-04-017.5CVE-2022-22570
MISC
vmware -- spring_cloud_functionIn Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.2022-04-017.5CVE-2022-22963
MISC
CISCO
CONFIRM
vmware -- spring_frameworkA Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.2022-04-017.5CVE-2022-22965
MISC
CISCO
CONFIRM
simple-git_project -- simple-gitThe package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-24433](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199) which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover.2022-04-017.5CVE-2022-24066
CONFIRM
CONFIRM
CONFIRM
CONFIRM
cocoapods -- cocoapods-downloaderThe package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocess_options function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.2022-04-017.5CVE-2022-24440
MISC
MISC
MISC
kopano -- groupware_coreAn issue in provider/libserver/ECKrbAuth.cpp of Kopano-Core v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired.2022-04-017.5CVE-2022-26562
MISC
MISC
kaspersky -- anti-virusKaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies).2022-04-017.5CVE-2022-27534
MISC
qualcomm -- aqt1000_firmwareImproper handling of permissions of a shared memory region can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking2022-04-017.2CVE-2021-1942
CONFIRM
qualcomm -- ar8035_firmwareImproper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking2022-04-017.2CVE-2021-1950
CONFIRM
belden -- tofino_xenon_security_appliance_firmwareOn Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, physically proximate attackers can execute code via a crafted file on a USB stick.2022-04-037.2CVE-2021-30061
MISC
CONFIRM
belden -- tofino_xenon_security_appliance_firmwareOn Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verification (for a USB stick) can be bypassed. NOTE: this issue exists because of an incomplete fix of CVE-2017-11400.2022-04-037.2CVE-2021-30066
MISC
CONFIRM
qualcomm -- qca6696_firmwarePossible buffer overflow due to lack of input IB amount validation while processing the user command in Snapdragon Auto2022-04-017.2CVE-2021-35089
CONFIRM
qualcomm -- ar8035_firmwarePossible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking2022-04-017.2CVE-2021-35103
CONFIRM
qualcomm -- apq8009w_firmwarePossible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2022-04-017.2CVE-2021-35105
CONFIRM
qualcomm -- aqt1000_firmwarePossible out of bound read due to improper length calculation of WMI message. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2022-04-017.2CVE-2021-35106
CONFIRM
qualcomm -- sd_8_gen1_5g_firmwarePossible buffer overflow to improper validation of hash segment of file while allocating memory in Snapdragon Connectivity, Snapdragon Mobile2022-04-017.2CVE-2021-35110
CONFIRM
dell -- alienware_updateDell Command | Update, Dell Update, and Alienware Update versions prior to 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.2022-04-017.2CVE-2022-24426
CONFIRM

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
belden -- tofino_xenon_security_appliance_firmwareOn Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state).2022-04-036.8CVE-2021-30064
MISC
CONFIRM
google -- chromeUse after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.2022-04-056.8CVE-2022-0452
MISC
MISC
google -- chromeUse after free in Reader Mode in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.2022-04-056.8CVE-2022-0453
MISC
MISC
google -- chromeHeap buffer overflow in ANGLE in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-04-056.8CVE-2022-0454
MISC
MISC
google -- chromeUse after free in Web Search in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via profile destruction.2022-04-056.8CVE-2022-0456
MISC
MISC
google -- chromeType confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-04-056.8CVE-2022-0457
MISC
MISC
google -- chromeUse after free in Thumbnail Tab Strip in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-04-056.8CVE-2022-0458
MISC
MISC
google -- chromeUse after free in Screen Capture in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process and convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.2022-04-056.8CVE-2022-0459
MISC
MISC
google -- chromeUse after free in Window Dialogue in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-04-056.8CVE-2022-0460
MISC
MISC
google -- chromeUse after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.2022-04-056.8CVE-2022-0463
MISC
MISC
google -- chromeUse after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.2022-04-056.8CVE-2022-0464
MISC
MISC
google -- chromeUse after free in Extensions in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via user interaction.2022-04-056.8CVE-2022-0465
MISC
MISC
google -- chromeUse after free in Payments in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-04-056.8CVE-2022-0468
MISC
MISC
google -- chromeUse after free in Cast in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific interactions to potentially exploit heap corruption via a crafted HTML page.2022-04-056.8CVE-2022-0469
MISC
MISC
google -- chromeOut of bounds memory access in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-04-056.8CVE-2022-0470
MISC
MISC
google -- chromeHeap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.2022-04-056.8CVE-2022-0604
MISC
MISC
google -- chromeUse after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.2022-04-056.8CVE-2022-0605
MISC
MISC
google -- chromeUse after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-04-056.8CVE-2022-0606
MISC
MISC
google -- chromeUse after free in GPU in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-04-056.8CVE-2022-0607
MISC
MISC
google -- chromeInteger overflow in Mojo in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-04-056.8CVE-2022-0608
MISC
MISC
google -- chromeUse after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-04-056.8CVE-2022-0609
MISC
MISC
google -- chromeInappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-04-056.8CVE-2022-0610
MISC
MISC
google -- chromeHeap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-04-056.8CVE-2022-0789
MISC
MISC
google -- chromeUse after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page.2022-04-056.8CVE-2022-0790
MISC
MISC
google -- chromeUse after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user interactions.2022-04-056.8CVE-2022-0791
MISC
MISC
google -- chromeUse after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.2022-04-056.8CVE-2022-0794
MISC
MISC
google -- chromeType confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-04-056.8CVE-2022-0795
MISC
MISC
google -- chromeUse after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-04-056.8CVE-2022-0796
MISC
MISC
google -- chromeOut of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.2022-04-056.8CVE-2022-0797
MISC
MISC
google -- chromeUse after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.2022-04-056.8CVE-2022-0798
MISC
MISC
google -- chromeInsufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file.2022-04-056.8CVE-2022-0799
MISC
MISC
google -- chromeHeap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.2022-04-056.8CVE-2022-0800
MISC
MISC
google -- chromeUse after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.2022-04-056.8CVE-2022-0805
MISC
MISC
vcs_project -- vcsThe package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection.2022-04-016.8CVE-2022-21235
MISC
MISC
mitsubishielectric -- fx5uc_firmwareUse of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by replaying an eavesdropped password hash.2022-04-016.8CVE-2022-25155
MISC
MISC
MISC
mitsubishielectric -- fx5uc_firmwareUse of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash.2022-04-016.8CVE-2022-25156
MISC
MISC
MISC
mitsubishielectric -- fx5uc_firmwareAuthentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by replay attack.2022-04-016.8CVE-2022-25159
MISC
MISC
MISC
omron -- cx-positionOmron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code.2022-04-016.8CVE-2022-25959
CONFIRM
MISC
omron -- cx-positionOmron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code.2022-04-016.8CVE-2022-26022
CONFIRM
MISC
omron -- cx-positionOmron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code.2022-04-016.8CVE-2022-26417
CONFIRM
MISC
omron -- cx-positionOmron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbitrary code.2022-04-016.8CVE-2022-26419
CONFIRM
MISC
MISC
MISC
MISC
rockwellautomation -- controllogix_5580_firmwareRockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user.2022-04-016.5CVE-2022-1159
CONFIRM
philips -- myvuePhilips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.2022-04-016.4CVE-2021-27493
CONFIRM
CONFIRM
qualcomm -- aqt1000_firmwarePossible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking2022-04-016.4CVE-2021-35088
CONFIRM
mitsubishielectric -- fx5uc_firmwareUse of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose or tamper with the information in the product by using an eavesdropped password hash.2022-04-016.4CVE-2022-25157
MISC
MISC
MISC
mitsubishielectric -- fx5uc_firmwareCleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote attacker to disclose or tamper with a file in which password hash is saved in cleartext.2022-04-016.4CVE-2022-25158
MISC
MISC
MISC
redhat -- business-centralIt was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc.2022-04-015CVE-2019-14839
MISC
inductiveautomation -- ignitionSensitive information can be obtained through the handling of serialized data. The issue results from the lack of proper authentication required to query the server2022-04-015CVE-2020-14479
MISC
darkhttpd_project -- darkhttpdA flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability.2022-04-015CVE-2020-25691
MISC
belden -- tofino_xenon_security_appliance_firmwareOn Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can bypass the OPC enforcer.2022-04-035CVE-2021-30062
MISC
CONFIRM
belden -- tofino_xenon_security_appliance_firmwareOn Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service.2022-04-035CVE-2021-30063
MISC
CONFIRM
belden -- tofino_xenon_security_appliance_firmwareOn Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. NOTE: this issue exists because of an incomplete fix of CVE-2017-11401.2022-04-035CVE-2021-30065
MISC
CONFIRM
qualcomm -- ar8035_firmwarePossible assertion due to improper validation of OTA configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile2022-04-015CVE-2021-30332
CONFIRM
auvesy-mdt -- autosaveAn attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be initiated.2022-04-015CVE-2021-32937
CONFIRM
auvesy-mdt -- autosaveA getfile function in MDT AutoSave versions prior to v6.02.06 enables a user to supply an optional parameter, resulting in the processing of a request in a special manner. This can result in the execution of an unzip command and place a malicious .exe file in one of the locations the function looks for and get execution capabilities.2022-04-015CVE-2021-32961
CONFIRM
philips -- myvueThe use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information.2022-04-015CVE-2021-33018
CONFIRM
CONFIRM
philips -- myvuePhilips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.2022-04-015CVE-2021-33020
CONFIRM
CONFIRM
philips -- myvuePhilips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.2022-04-015CVE-2021-33022
CONFIRM
CONFIRM
philips -- myvuePhilips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval.2022-04-015CVE-2021-33024
CONFIRM
CONFIRM
gitlab -- gitlabIn all versions of GitLab CE/EE, certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI.2022-04-015CVE-2021-39908
MISC
CONFIRM
MISC
linux -- linux_kernelIn the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.2022-04-025CVE-2022-28356
MISC
MISC
MLIST
qualcomm -- apq8009w_firmwareImproper validation of buffer size input to the EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2022-04-014.6CVE-2021-30333
CONFIRM
qualcomm -- apq8096au_firmwareImproper handling of multiple session supported by PVM backend can lead to use after free in Snapdragon Auto, Snapdragon Mobile2022-04-014.6CVE-2021-35115
CONFIRM
dell -- wyse_device_agentWyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. A malicious user could potentially exploit this vulnerability by providing invalid input in order to obtain a connection to WMS server.2022-04-014.6CVE-2022-23156
CONFIRM
linux -- linux_kernelusb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.2022-04-034.6CVE-2022-28388
MISC
FEDORA
linux -- linux_kernelmcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.2022-04-034.6CVE-2022-28389
MISC
FEDORA
linux -- linux_kernelems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.2022-04-034.6CVE-2022-28390
MISC
FEDORA
deltaww -- diaenergieDelta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges2022-04-014.4CVE-2022-1098
CONFIRM
yourls -- yourlsCross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3.2022-04-034.3CVE-2022-0088
CONFIRM
MISC
google -- chromeInappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 98.0.4758.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.2022-04-054.3CVE-2022-0455
MISC
MISC
google -- chromeOut of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-04-054.3CVE-2022-0792
MISC
MISC
google -- chromeInappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.2022-04-054.3CVE-2022-0802
MISC
MISC
google -- chromeInappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page.2022-04-054.3CVE-2022-0803
MISC
MISC
google -- chromeInappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.2022-04-054.3CVE-2022-0804
MISC
MISC
google -- chromeData leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page.2022-04-054.3CVE-2022-0806
MISC
MISC
google -- chromeInappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.2022-04-054.3CVE-2022-0807
MISC
MISC
radare -- radare2Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary.2022-04-014.3CVE-2022-1207
MISC
CONFIRM
rocket.chat -- livechatA blind self XSS vulnerability exists in RocketChat LiveChat <v1.9 that could allow an attacker to trick a victim pasting malicious code in their chat instance.2022-04-014.3CVE-2022-21830
MISC
public_knowledge_project -- open_journal_systemsCross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header.2022-04-014.3CVE-2022-24181
MISC
mitsubishielectric -- fx5uc_firmwareCleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user's product by using previously eavesdropped cleartext information and to counterfeit a legitimate user's system.2022-04-014.3CVE-2022-25160
MISC
MISC
MISC
sick -- ftmgUnauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system.2022-04-014CVE-2021-32503
MISC
calibre-web_project -- calibre-webImproper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16.2022-04-034CVE-2022-0406
MISC
CONFIRM
ibm -- app_connect_enterprise_certified_containerIBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting.2022-04-014CVE-2022-22404
XF
CONFIRM
pivotal_software -- spring_frameworkn Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.2022-04-014CVE-2022-22950
MISC
idearespa -- reftreeA directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative path when invoking the affected DownloadDwg endpoint. An attack uses the path field to CaddemServiceJS/CaddemService.svc/rest/DownloadDwg.2022-04-034CVE-2022-27248
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
eaton -- intelligent_power_managerThe vulnerability exists due to insufficient validation of input of certain resources within the IPM software. This issue affects: Intelligent Power Manager (IPM 1) versions prior to 1.70.2022-04-013.5CVE-2021-23287
MISC
wedevs -- wp_project_managerAuthenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager (WordPress plugin) versions <= 2.4.13.2022-04-043.5CVE-2021-36826
CONFIRM
MISC
CONFIRM
rumble_mail_server_project -- rumble_mail_serverA Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the (1) domain and (2) path parameters.2022-04-043.5CVE-2021-43459
MISC
rumble_mail_server_project -- rumble_mail_serverCross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the servername parameter.2022-04-043.5CVE-2021-43461
MISC
rumble_mail_server_project -- rumble_mail_serverA Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the username parameter.2022-04-043.5CVE-2021-43462
MISC
totaljs -- content_management_systemA cross-site scripting (XSS) vulnerability in Totaljs commit 95f54a5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name text field when creating a new page.2022-04-013.5CVE-2022-26565
MISC
eaton -- intelligent_power_protectorThe vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69.2022-04-012.3CVE-2021-23288
MISC
qemu -- qemuIt was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corrected in virt:rhel/qemu-kvm via erratum RHSA-2020:4059 (https://access.redhat.com/errata/RHSA-2020:4059). CVE-2021-20295 was assigned to that Red Hat specific security regression. For more details about the original security issue CVE-2020-10756, refer to bug 1835986 or the CVE page: https://access.redhat.com/security/cve/CVE-2020-10756.2022-04-012.1CVE-2021-20295
MISC
MISC
qualcomm -- ar8035_firmwarePossible buffer overflow due to improper data validation of external commands sent via DIAG interface in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables2022-04-012.1CVE-2021-30331
CONFIRM
dell -- wyse_device_agentWyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A authenticated malicious user could potentially exploit this vulnerability in order to view sensitive information from the WMS Server.2022-04-012.1CVE-2022-23157
CONFIRM
dell -- wyse_device_agentWyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with standard privilege could potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server2022-04-012.1CVE-2022-23158
CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
jeesite -- jeesite
 
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter.2022-04-05not yet calculatedCVE-2020-19229
MISC
xiongmai_technology_co -- multiple_products
 
Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, and HI3518E_50H10L_S39 were all discovered to have port 9530 open which allows unauthenticated attackers to make arbitrary Telnet connections with the victim device.2022-04-06not yet calculatedCVE-2020-22253
MISC
sina -- weibo_android_sdk
 
An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk.share.WbShareTransActivity), any unexported Activities could be started by the com.sina.weibo.sdk.share.WbShareTransActivity.2022-04-05not yet calculatedCVE-2020-23349
MISC
drtrustusa -- icheck_connect_bp_monitor_bp_testing_118Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to Plain text command over BLE.2022-04-07not yet calculatedCVE-2020-27373
MISC
MISC
MISC
drtrustusa -- icheck_connect_bp_monitor_bp_testing_118
 
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to a Replay Attack to BP Monitoring.2022-04-07not yet calculatedCVE-2020-27374
MISC
MISC
MISC
drtrustusa -- icheck_connect_bp_monitor_bp_testing_118
 
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Transmitting Write Requests and Chars.2022-04-07not yet calculatedCVE-2020-27375
MISC
MISC
MISC
drtrustusa -- icheck_connect_bp_monitor_bp_testing_118
 
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Missing Authentication.2022-04-07not yet calculatedCVE-2020-27376
MISC
MISC
MISC
hisiphp -- hisiphp
 
An Access Control vulnerability exists in HisiPHP 2.0.11 via special packets that are constructed in $files = Dir::getList($decompath. '/ Upload/Plugins /, which could let a remote malicious user execute arbitrary code.2022-04-04not yet calculatedCVE-2020-28062
MISC
xcxx_valine -- xcss_valine
 
Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment.2022-04-05not yet calculatedCVE-2020-28847
MISC
fortiguard_labs -- fortisandbox
 
An improper input validation vulnerability in the sniffer interface of FortiSandbox before 3.2.2 may allow an authenticated attacker to silently halt the sniffer via specifically crafted requests.2022-04-06not yet calculatedCVE-2020-29013
CONFIRM
ibm -- sterling_b2b_integrator
 
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186283.2022-04-08not yet calculatedCVE-2020-4668
XF
CONFIRM
fortinet -- forticlient_for_linux
 
An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow an unauthenticated attacker to execute arbitrary code on the host operating system as root via tricking the user into connecting to a network with a malicious name.2022-04-06not yet calculatedCVE-2021-22127
CONFIRM
fortinetguru -- fortiwan
 
Multiple improper neutralization of special elements used in an OS command vulnerabilities (CWE-78) in the Web GUI of FortiWAN before 4.5.9 may allow an authenticated attacker to execute arbitrary commands on the underlying system's shell via specifically crafted HTTP requests.2022-04-06not yet calculatedCVE-2021-24009
CONFIRM
kingcomposer -- kingcomposer
 
The KingComposer WordPress plugin through 2.9.6 does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in them2022-04-04not yet calculatedCVE-2021-25048
MISC
wpscan -- dropdown_menu_widget_wordpress_plugin
 
The Dropdown Menu Widget WordPress plugin through 1.9.7 does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues2022-04-04not yet calculatedCVE-2021-25113
MISC
fortinet -- fortimanager
 
Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters.2022-04-06not yet calculatedCVE-2021-26104
CONFIRM
fortinet -- fortiwan
 
Multiple stack-based buffer overflow vulnerabilities [CWE-121] both in network daemons and in the command line interpreter of FortiWAN before 4.5.9 may allow an unauthenticated attacker to potentially corrupt control data in memory and execute arbitrary code via specifically crafted requests.2022-04-06not yet calculatedCVE-2021-26112
CONFIRM
fortinet -- fortiwan
 
A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN before 4.5.9 may allow an attacker who has previously come in possession of the password file to potentially guess passwords therein stored.2022-04-06not yet calculatedCVE-2021-26113
CONFIRM
fortinet -- fortiwan
 
Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN before 4.5.9 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.2022-04-06not yet calculatedCVE-2021-26114
CONFIRM
fortinet -- fortiauthenticator
 
An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.2022-04-06not yet calculatedCVE-2021-26116
CONFIRM
beego -- beego
 
An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally.2022-04-05not yet calculatedCVE-2021-27116
MISC
beego -- beego
 
An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally.2022-04-05not yet calculatedCVE-2021-27117
MISC
horizontcms -- horizontcms
 
File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27387) was remediated by restricting the PHP extensions; however, we confirmed that the filter was bypassed via uploading an arbitrary .htaccess and *.hello files in order to execute PHP code to gain RCE.2022-04-05not yet calculatedCVE-2021-28428
MISC
MISC
beego -- beego
 
An issue was discovered in the route lookup process in beego through 2.0.1, allows attackers to bypass access control.2022-04-05not yet calculatedCVE-2021-30080
MISC
ivanti  -- avalanche_(premise)
 
Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive information via the C:/Windows/system32/config/system.sav value.2022-04-06not yet calculatedCVE-2021-30497
MISC
MISC
MISC
fortinet -- fortiwan
 
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiWAN before 4.5.9 may allow an attacker to perform a stored cross-site scripting attack via specifically crafted HTTP requests.2022-04-06not yet calculatedCVE-2021-32585
CONFIRM
fortinet -- fortiwan
 
A use of a broken or risky cryptographic algorithm vulnerability [CWE-327] in the Dynamic Tunnel Protocol of FortiWAN before 4.5.9 may allow an unauthenticated remote attacker to decrypt and forge protocol communication messages.2022-04-06not yet calculatedCVE-2021-32593
CONFIRM
aveva -- system_platform
 
AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies, the cryptographic signature for data.2022-04-04not yet calculatedCVE-2021-32977
CONFIRM
CONFIRM
automationdirect -- click_plc_cpu_modules
 
The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00.2022-04-04not yet calculatedCVE-2021-32978
CONFIRM
automationdirect -- click_plc_cpu_modules
 
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active.2022-04-04not yet calculatedCVE-2021-32980
CONFIRM
aveva -- system_platform
 
AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.2022-04-04not yet calculatedCVE-2021-32981
CONFIRM
CONFIRM
automationdirect -- click_plc_cpu_modules
 
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange.2022-04-04not yet calculatedCVE-2021-32982
CONFIRM
automationdirect -- click_plc_cpu_modules
 
All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project without authorization.2022-04-04not yet calculatedCVE-2021-32984
CONFIRM
aveva -- system_platform
 
AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid.2022-04-04not yet calculatedCVE-2021-32985
CONFIRM
CONFIRM
automationdirect -- click_plc_cpu_modules
 
After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly.2022-04-04not yet calculatedCVE-2021-32986
CONFIRM
softing -- opc_ua_c++_sdk
 
Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 to 5.64 exported library functions don't properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets to access several unexpected memory locations.2022-04-04not yet calculatedCVE-2021-32994
CONFIRM
aveva -- system_platform
 
AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity.2022-04-04not yet calculatedCVE-2021-33008
CONFIRM
CONFIRM
aveva -- system_platform
 
An exception is thrown from a function in AVEVA System Platform versions 2017 through 2020 R2 P01, but it is not caught, which may cause a denial-of-service condition.2022-04-04not yet calculatedCVE-2021-33010
CONFIRM
CONFIRM
software_ag -- mashzone_nextgen
 
The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code.2022-04-05not yet calculatedCVE-2021-33207
MISC
MISC
rsa -- archer
 
RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS.2022-04-04not yet calculatedCVE-2021-33616
MISC
MISC
MISC
MISC
johnson_controls -- metasys
 
Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson Controls Metasys All 10 versions versions prior to 10.1.5; All 11 versions versions prior to 11.0.2.2022-04-07not yet calculatedCVE-2021-36202
CONFIRM
CERT
dell -- vnx2_for_file
 
Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system.2022-04-08not yet calculatedCVE-2021-36287
MISC
dell -- vnx2_for_file
 
Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which may lead unauthenticated users to read/write restricted files2022-04-08not yet calculatedCVE-2021-36288
MISC
dell -- vnx2_for_file
 
Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges.2022-04-08not yet calculatedCVE-2021-36290
MISC
dell -- vnx2_for_file
 
Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain elevated privileges.2022-04-08not yet calculatedCVE-2021-36293
MISC
suse -- rancher
 
a Improper Access Control vulnerability in SUSE Rancher allows users to keep privileges that should have been revoked. This issue affects: SUSE Rancher Rancher versions prior to 2.4.18; Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3.2022-04-04not yet calculatedCVE-2021-36775
CONFIRM
suse -- rancher
 
A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. This issue affects: SUSE Rancher Rancher versions prior to 2.5.10.2022-04-04not yet calculatedCVE-2021-36776
CONFIRM
wpscan -- web_settler_testimonial_slider_free_testimonials_slider_plugin
 
Authenticated (editor or higher user role) Cross-Site Scripting (XSS) vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin (WordPress plugin) via parameters mpsp_posts_bg_color, mpsp_posts_description_color, mpsp_slide_nav_button_color.2022-04-04not yet calculatedCVE-2021-36851
CONFIRM
CONFIRM
exploit_database -- easy-mock
 
easy-mock v1.5.0-v1.6.0 allows remote attackers to bypass the vm2 sandbox and execute arbitrary system commands through special js code.2022-04-05not yet calculatedCVE-2021-38834
MISC
atlassian -- confluence_server_and_data_center
 
Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.2022-04-05not yet calculatedCVE-2021-39114
MISC
apperta_foundation -- openeyes
 
A stored cross-site scripting (XSS) vulnerability was identified in Apperta Foundation OpenEyes 3.5.1. Updating a patient's details allows remote attackers to inject arbitrary web script or HTML via the Address1 parameter. This JavaScript then executes when the patient profile is loaded, which could be used in a XSS attack.2022-04-06not yet calculatedCVE-2021-40374
MISC
MISC
apperta_foundation -- openeyes
 
Apperta Foundation OpenEyes 3.5.1 allows remote attackers to view the sensitive information of patients without having the intended level of privilege. Despite OpenEyes returning a Forbidden error message, the contents of a patient's profile are still returned in the server response. This response can be read in an intercepting proxy or by viewing the page source. Sensitive information returned in responses includes patient PII and medication records or history.2022-04-06not yet calculatedCVE-2021-40375
MISC
MISC
github -- libsixel
 
libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867.2022-04-08not yet calculatedCVE-2021-40656
MISC
fortinet -- fortiweb
 
A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.2022-04-06not yet calculatedCVE-2021-41026
CONFIRM
combo -- itop
 
Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, CSRF tokens generated by `privUITransactionFile` aren't properly checked. Versions 2.7.6 and 3.0.0 contain a patch for this issue. As a workaround, use the session implementation by adding in the iTop config file.2022-04-05not yet calculatedCVE-2021-41245
CONFIRM
MISC
MISC
libsixel -- libsixel
 
libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither.c:379.2022-04-08not yet calculatedCVE-2021-41715
MISC
jerryscript -- ecma_builtin_array_prototype_object_slice
 
Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:909 in function ecma_builtin_array_prototype_object_slice in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021.2022-04-05not yet calculatedCVE-2021-41751
MISC
jerryscript -- jerryscript
 
Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021 due to an unbounded recursive call to the new opt() function.2022-04-05not yet calculatedCVE-2021-41752
MISC
digital_china_ networks -- S4600_10P_SI_ devices
 
An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470. Due to improper parameter validation in the console interface, it is possible for a low-privileged authenticated attacker to escape the sandbox environment and execute system commands as root via shell metacharacters in the capture command parameters. Command output will be shown on the Serial interface of the device. Exploitation requires both credentials and physical access.2022-04-05not yet calculatedCVE-2021-42324
MISC
MISC
adminer -- adminerImproper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.2022-04-05not yet calculatedCVE-2021-43008
MISC
MISC
MISC
MISC
opservices -- opmon
 
A Cross Site Scripting (XSS) vulnerability exists in OpServices OpMon through 9.11 via the search parameter in the request URL.2022-04-08not yet calculatedCVE-2021-43009
MISC
async -- async
 
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2) , which could let a malicious user obtain privileges via the mapValues() method.2022-04-06not yet calculatedCVE-2021-43138
MISC
MISC
MISC
MISC
linux -- forticlient
 
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Linux version 7.0.2 and below, 6.4.7 and below and 6.2.9 and below may allow an unauthenticated attacker to access the confighandler webserver via external binaries.2022-04-06not yet calculatedCVE-2021-43205
CONFIRM
studio_42 -- elfinder
 
A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code.2022-04-07not yet calculatedCVE-2021-43421
MISC
MISC
seagate -- cortex
 
A Denial of Service vulnerability exists in CORTX-S3 Server as of 11/7/2021 via the mempool_destroy method due to a failture to release locks pool->lock.2022-04-07not yet calculatedCVE-2021-43429
MISC
MISC
bigantsoft -- im_webserver
 
An Access Control vulnerability exists in BigAntSoft BigAnt office messenger 5.6 via im_webserver, which could let a malicious user upload PHP Trojan files.2022-04-07not yet calculatedCVE-2021-43430
MISC
exrick -- product_add.jsp
 
A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via the GET parameter in product-add.jsp.2022-04-07not yet calculatedCVE-2021-43432
MISC
MISC
MISC
MISC
jerryscript -- js_parser_statm.c_file
 
A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 and prior versions via an out-of-bounds read in parser_parse_for_statement_start in the js-parser-statm.c file. This issue is similar to CVE-2020-29657.2022-04-07not yet calculatedCVE-2021-43453
MISC
anytxt -- anytxt
 
An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.394 via a specially crafted file in the ATService path. .2022-04-04not yet calculatedCVE-2021-43454
MISC
MISC
MISC
freelan -- freelan
 
An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via a specially crafted file in the FreeLAN Service path.2022-04-04not yet calculatedCVE-2021-43455
MISC
MISC
MISC
rumble_mail_server -- rumbleservice
 
An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially crafted file in the RumbleService executable service path.2022-04-04not yet calculatedCVE-2021-43456
MISC
MISC
MISC
bvpn -- waselvpnserv
 
An Unquoted Service Path vulnerability exists in bVPN 2.5.1 via a specially crafted file in the waselvpnserv service path.2022-04-04not yet calculatedCVE-2021-43457
MISC
MISC
MISC
vembu -- vembu
 
An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths.2022-04-04not yet calculatedCVE-2021-43458
MISC
MISC
MISC
system_explorer_7.0.0 -- systemexplorerhelpservice
 
An Unquoted Service Path vulnerability exists in System Explorer 7.0.0 via via a specially crafted file in the SystemExplorerHelpService service executable path.2022-04-04not yet calculatedCVE-2021-43460
MISC
MISC
MISC
ext2fsd -- ext2srv service
 
An Unquoted Service Path vulnerability exists in Ext2Fsd v0.68 via a specially crafted file in the Ext2Srv Service executable service path.2022-04-04not yet calculatedCVE-2021-43463
MISC
MISC
MISC
subrioncms -- intelliantsA Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed through eval().2022-04-04not yet calculatedCVE-2021-43464
MISC
d-link -- dir-823g
 
An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter in the HNAP1 function2022-04-07not yet calculatedCVE-2021-43474
MISC
MISC
claro -- kaon_CG3000
 
An Access Control vulnerability exists in CLARO KAON CG3000 1.00.67 in the router configuration, which could allow a malicious user to read or update the configuraiton without authentication.2022-04-08not yet calculatedCVE-2021-43483
MISC
atutor -- atutor
 
An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h, form_password_hidden, and form_change HTTP POST parameters are set.2022-04-08not yet calculatedCVE-2021-43498
MISC
MISC
h_laravel -- h_laravel
 
A Remote Code Execution (RCE) vulnerability exists in h laravel 5.8.38 via an unserialize pop chain in (1) __destruct in \Routing\PendingResourceRegistration.php, (2) __cal in Queue\Capsule\Manager.php, and (3) __invoke in mockery\library\Mockery\ClosureWrapper.php.2022-04-08not yet calculatedCVE-2021-43503
MISC
kimai_kimai -- new_timesheet
 
A CSV Injection vulnerablity exists in Kimai Kimai 2 > 1.14 via a description in a new timesheet.2022-04-08not yet calculatedCVE-2021-43515
MISC
foscam -- foscam_camera
 
FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that opens Telnet port when special command is sent on port 9530.2022-04-08not yet calculatedCVE-2021-43517
MISC
zlog -- zlog
 
A Buffer Overflow vulnerability exists in zlog 1.2.15 via zlog_conf_build_with_file in src/zlog/src/conf.c.2022-04-08not yet calculatedCVE-2021-43521
MISC
MISC
open5gs -- open5gs
 
A null pointer dereference in src/amf/namf-handler.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request to amf.2022-04-05not yet calculatedCVE-2021-44108
MISC
MISC
open5gs -- open5gs
 
A buffer overflow in lib/sbi/message.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request.2022-04-05not yet calculatedCVE-2021-44109
MISC
MISC
cauchoresin -- resin
 
There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request.2022-04-04not yet calculatedCVE-2021-44138
MISC
fortinet -- forticlient
 
A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory.2022-04-06not yet calculatedCVE-2021-44169
CONFIRM
htcondor -- htcondor
 
An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can access files stored in S3 cloud storage that a user has asked HTCondor to transfer.2022-04-06not yet calculatedCVE-2021-45103
MISC
MISC
htcondor -- htcondor
 
An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users' jobs and data.2022-04-06not yet calculatedCVE-2021-45104
MISC
MISC
softwarebuero_zauner_ arc -- softwarebuero_zauner_ arc
 
An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that allows attackers to escalate privileges within the application, since all permission checks are done client-side, not server-side.2022-04-05not yet calculatedCVE-2021-45891
MISC
MISC
softwarebuero_zauner_ arc -- softwarebuero_zauner_ arcAn issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is storage of Passwords in a Recoverable Format.2022-04-05not yet calculatedCVE-2021-45892
MISC
MISC
softwarebuero_zauner_ arc -- softwarebuero_zauner_ arcAn issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Improper Handling of Case Sensitivity, which makes password guessing easier.2022-04-05not yet calculatedCVE-2021-45893
MISC
MISC
softwarebuero_zauner_ arc -- softwarebuero_zauner_ arcAn issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Cleartext Transmission of Sensitive Information.2022-04-05not yet calculatedCVE-2021-45894
MISC
MISC
ritecms -- ritecms
 
RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default.2022-04-08not yet calculatedCVE-2021-46367
MISC
MISC
MISC
MISC
sma -- sunny_tripower 
 
Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling.2022-04-07not yet calculatedCVE-2021-46416
MISC
MISC
franklin_fueling_systems -- franklin_fueling_ Systems_colibri_ controller
 
Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580.2022-04-07not yet calculatedCVE-2021-46417
MISC
MISC
telesquare -- telesquare_tlr_2855KS6
 
An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts.2022-04-07not yet calculatedCVE-2021-46418
MISC
telesquare -- telesquare_tlr_2855KS6
 
An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts.2022-04-07not yet calculatedCVE-2021-46419
MISC
zzcms -- zzcms_2021
 
An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php.2022-04-08not yet calculatedCVE-2021-46436
MISC
zzcms -- zzcms_2021
 
An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php.2022-04-08not yet calculatedCVE-2021-46437
MISC
wordpress -- elfinderThe Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues (CVE-2021-32682), and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any authenticated users, such as subscriber to call it. Furthermore, as the options passed to the elFinder library does not restrict any file type, users with a role as low as subscriber can Create/Upload/Delete Arbitrary files and folders.2022-04-04not yet calculatedCVE-2022-0403
MISC
worpress -- contact_ form_7
 
The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to the cf7md_dismiss_notice action, allowing any logged in user (with roles as low as Subscriber) to set arbitrary options to true, potentially leading to Denial of Service by breaking the site.2022-04-04not yet calculatedCVE-2022-0404
MISC
github -- janeczku/calibre_web
 
Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16.2022-04-03not yet calculatedCVE-2022-0405
CONFIRM
MISC
google -- pagespeed
 
The Insights from Google PageSpeed WordPress plugin before 4.0.4 does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leading to Reflected Cross-Site Scripting2022-04-04not yet calculatedCVE-2022-0431
MISC
CONFIRM
google_chrome -- coop
 
Policy bypass in COOP in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to bypass iframe sandbox via a crafted HTML page.2022-04-05not yet calculatedCVE-2022-0461
MISC
MISC
google_chrome -- scroll
 
Inappropriate implementation in Scroll in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.2022-04-05not yet calculatedCVE-2022-0462
MISC
MISC
google_chrome -- extensions_platform
 
Inappropriate implementation in Extensions Platform in Google Chrome prior to 98.0.4758.80 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page.2022-04-05not yet calculatedCVE-2022-0466
MISC
MISC
google_chrome -- pointer_lock
 
Inappropriate implementation in Pointer Lock in Google Chrome on Windows prior to 98.0.4758.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.2022-04-05not yet calculatedCVE-2022-0467
MISC
MISC
wordpress -- mappress_maps
 
The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload arbitrary files to the site through the "ajax_save" function. The file is written relative to the current 's stylesheet directory, and a .php file extension is added. No validation is performed on the content of the file, triggering an RCE vulnerability by uploading a web shell. Further the name parameter is not sanitized, allowing the payload to be uploaded to any directory to which the server has write access.2022-04-04not yet calculatedCVE-2022-0537
MISC
github -- xss
 
Cross-site Scripting (XSS) - DOM in GitHub repository tastyigniter/tastyigniter prior to 3.3.0.2022-04-05not yet calculatedCVE-2022-0602
MISC
CONFIRM
google_chrome -- file_manager
 
Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-04-05not yet calculatedCVE-2022-0603
MISC
MISC
bitdefender_update_ serve -- gravityzone
 
Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. This issue affects: Bitdefender Update Server versions prior to 3.4.0.276. Bitdefender GravityZone versions prior to 26.4-1. Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.171. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.1.111.2022-04-07not yet calculatedCVE-2022-0677
MISC
wordpress -- booking_package_
 
The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability.2022-04-04not yet calculatedCVE-2022-0709
MISC
gitlab -- asana
 
Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from unrestricted branches.2022-04-04not yet calculatedCVE-2022-0740
CONFIRM
MISC
MISC
google_chrome -- cast
 
Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted Chrome Extension.2022-04-05not yet calculatedCVE-2022-0793
MISC
MISC
google_chrome -- chrome_os_shell
 
Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in a series of user interaction to potentially exploit heap corruption via user interactions.2022-04-05not yet calculatedCVE-2022-0808
MISC
MISC
google_chrome -- webxr
 
Out of bounds memory access in WebXR in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2022-04-05not yet calculatedCVE-2022-0809
MISC
MISC
wordpress -- amelia
 
The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it.2022-04-04not yet calculatedCVE-2022-0825
MISC
CONFIRM
wordpress -- formbuilder
 
The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a CSRF attack, and put Cross-Site Scripting payloads in them.2022-04-04not yet calculatedCVE-2022-0830
MISC
wordpress -- amelia
 
The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious actor can abuse this vulnerability to drain out the account balance by keep sending SMS notification.2022-04-04not yet calculatedCVE-2022-0837
MISC
wordpress -- updraftplusThe UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.2022-04-04not yet calculatedCVE-2022-0864
MISC
MISC
wordpress -- profile_builder
 
The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfiltered_html is disallowed2022-04-04not yet calculatedCVE-2022-0884
MISC
CONFIRM
wordpress -- easy_social_icons
 
The Easy Social Icons WordPress plugin before 3.1.4 does not sanitize the selected_icons attribute to the cnss_widget before using it in an SQL statement, leading to a SQL injection vulnerability.2022-04-04not yet calculatedCVE-2022-0887
MISC
wordpress -- ad_inserter_free_and_pro
 
The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters2022-04-04not yet calculatedCVE-2022-0901
MISC
MISC
github -- livehelperchat
 
Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97.2022-04-07not yet calculatedCVE-2022-0935
CONFIRM
MISC
github -- server_side_request_forgery
 
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.2022-04-04not yet calculatedCVE-2022-0939
CONFIRM
MISC
wordpress -- mark_posts
 
The Mark Posts WordPress plugin before 2.0.1 does not escape new markers, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed2022-04-04not yet calculatedCVE-2022-0958
MISC
CONFIRM
github -- server_side_ request_forgery
 
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.2022-04-04not yet calculatedCVE-2022-0990
MISC
CONFIRM
kyocera -- net_view
 
Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.2022-04-04not yet calculatedCVE-2022-1026
CONFIRM
MISC
gitlab -- ce/ee
 
Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of GitLab2022-04-04not yet calculatedCVE-2022-1099
CONFIRM
MISC
gitlab -- ce/ee
 
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.2022-04-04not yet calculatedCVE-2022-1100
CONFIRM
MISC
gitlab -- ce/ee
 
An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an unauthorized user to access pipeline analytics even when public pipelines are disabled2022-04-04not yet calculatedCVE-2022-1105
CONFIRM
MISC
gitlab -- project_import
 
A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages2022-04-04not yet calculatedCVE-2022-1111
MISC
CONFIRM
gitlab -- ce/ee
 
Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration.2022-04-04not yet calculatedCVE-2022-1120
MISC
MISC
CONFIRM
gitlab -- gitlab_pages
 
A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption.2022-04-04not yet calculatedCVE-2022-1121
CONFIRM
MISC
gitlab -- gitlab_pages
 
Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a user's access token on an attacker-controlled private GitLab Pages website and reuse that token on the victim's other private websites2022-04-04not yet calculatedCVE-2022-1148
MISC
MISC
CONFIRM
gitlab -- ce/ee
 
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts2022-04-04not yet calculatedCVE-2022-1162
CONFIRM
MISC
wyzi_theme -- wyzi_business_finder
 
The Wyzi Theme was affected by reflected XSS vulnerabilities in the business search feature2022-04-04not yet calculatedCVE-2022-1164
MISC
wordpress -- baclhole_for_bad_bots
 
The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, which allows them to be spoofed. This could result in blocking arbitrary IP addresses, such as legitimate/good search engine crawlers / bots. This could also be abused by competitors to cause damage related to visibility in search engines, can be used to bypass arbitrary blocks caused by this plugin, block any visitor or even the administrator and even more.2022-04-04not yet calculatedCVE-2022-1165
CONFIRM
MISC
jobmonster -- jobmonster
 
The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the web server, vendors can also take measures to make it less likely to happen.2022-04-04not yet calculatedCVE-2022-1166
MISC
MISC
wordpress -- careerup
 
There are unauthenticated reflected Cross-Site Scripting (XSS) vulnerabilities in CareerUp Careerup WordPress theme before 2.3.1, via the filter parameters.2022-04-04not yet calculatedCVE-2022-1167
MISC
MISC
MISC
wordpress -- jobsearch
 
There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1.2022-04-04not yet calculatedCVE-2022-1168
MISC
MISC
careerfy -- careerfy
 
There is a XSS vulnerability in Careerfy.2022-04-04not yet calculatedCVE-2022-1169
MISC
MISC
wordpress -- jobmonster
 
In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests.2022-04-04not yet calculatedCVE-2022-1170
MISC
MISC
gitlab -- gitlab
 
A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to trigger high CPU usage via a special crafted input added in Issues, Merge requests, Milestones, Snippets, Wiki pages, etc.2022-04-04not yet calculatedCVE-2022-1174
CONFIRM
MISC
MISC
gitlab -- gitlab
 
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.2022-04-04not yet calculatedCVE-2022-1175
CONFIRM
MISC
MISC
gitlab -- gitlab
 
A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file2022-04-04not yet calculatedCVE-2022-1185
MISC
MISC
CONFIRM
gitlab -- gitlabAn issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring feature was possible.2022-04-04not yet calculatedCVE-2022-1188
MISC
CONFIRM
MISC
gitlab -- gitlabAn issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that allowed for an unauthorised user to read the the approval rules of a private project.2022-04-04not yet calculatedCVE-2022-1189
CONFIRM
MISC
gitlab -- gitlabImproper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc.2022-04-04not yet calculatedCVE-2022-1190
CONFIRM
MISC
MISC
mruby -- mruby
 
NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system.2022-04-02not yet calculatedCVE-2022-1201
CONFIRM
MISC
libtiff -- libtiff
 
A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.2022-04-03not yet calculatedCVE-2022-1210
MISC
MISC
MISC
tildearrow -- tildearrow_furnace_dev73
 
A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used.2022-04-03not yet calculatedCVE-2022-1211
N/A
N/A
N/A
mruby -- mruby
 
Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.2022-04-05not yet calculatedCVE-2022-1212
MISC
CONFIRM
livehelperchat -- livehelperchat
 
SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-11912022-04-05not yet calculatedCVE-2022-1213
MISC
CONFIRM
pimcore -- pimcore
 
SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data2022-04-08not yet calculatedCVE-2022-1219
MISC
CONFIRM
gpac -- gpac
 
Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV.2022-04-04not yet calculatedCVE-2022-1222
MISC
CONFIRM
phpipam -- phpipam
 
Improper Access Control in GitHub repository phpipam/phpipam prior to 1.4.6.2022-04-04not yet calculatedCVE-2022-1223
CONFIRM
MISC
phpipam -- phpipam
 
Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.2022-04-04not yet calculatedCVE-2022-1224
MISC
CONFIRM
phpipam -- phpipam
 
Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6.2022-04-04not yet calculatedCVE-2022-1225
MISC
CONFIRM
github -- uri.js
 
URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11.2022-04-04not yet calculatedCVE-2022-1233
MISC
CONFIRM
livehelperchat -- livehelperchat
 
XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device.2022-04-06not yet calculatedCVE-2022-1234
MISC
CONFIRM
livehelperchat -- livehelperchat
 
Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96.2022-04-05not yet calculatedCVE-2022-1235
MISC
CONFIRM
weseek -- growi
 
Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0.2022-04-05not yet calculatedCVE-2022-1236
MISC
CONFIRM
radareorg -- radare2
 
Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).2022-04-06not yet calculatedCVE-2022-1237
CONFIRM
MISC
radareorg -- radare2
 
Heap-based Buffer Overflow in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).2022-04-06not yet calculatedCVE-2022-1238
MISC
CONFIRM
radareorg -- radare2
 
Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I think it is very likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).2022-04-06not yet calculatedCVE-2022-1240
CONFIRM
MISC
medalize -- uri.js
 
CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11.2022-04-05not yet calculatedCVE-2022-1243
CONFIRM
MISC
radareorg -- radare2
 
heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.2022-04-05not yet calculatedCVE-2022-1244
MISC
CONFIRM
sap -- sap_information_sysystem
 
A vulnerability was found in SAP Information System 1.0 which has been rated as critical. Affected by this issue is the file /SAP_Information_System/controllers/add_admin.php. An unauthenticated attacker is able to create a new admin account for the web application with a simple POST request. Exploit details were disclosed.2022-04-06not yet calculatedCVE-2022-1248
N/A
MISC
strukturag -- strukturag
 
Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to 1.0.8.2022-04-06not yet calculatedCVE-2022-1253
CONFIRM
MISC
radareorg -- radare2NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash).2022-04-08not yet calculatedCVE-2022-1283
CONFIRM
MISC
radareorg -- radare2heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.2022-04-08not yet calculatedCVE-2022-1284
CONFIRM
MISC
school_club_application_system -- school_club_application_system
 
A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=save_user. The manipulation with a POST request leads to privilege escalation. The attack can be initiated remotely and does not require authentication. The exploit has been disclosed to the public and may be used.2022-04-09not yet calculatedCVE-2022-1287
N/A
school_club_application_system -- school_club_application_system
 
A vulnerability, which was classified as problematic, has been found in School Club Application System 1.0. This issue affects access to /scas/admin/. The manipulation of the parameter page with the input %22%3E%3Cimg%20src=x%20onerror=alert(1)%3E leads to a reflected cross site scripting. The attack may be initiated remotely and does not require any form of authentication. The exploit has been disclosed to the public and may be used.2022-04-09not yet calculatedCVE-2022-1288
N/A
cisco -- staros
 
A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device.2022-04-06not yet calculatedCVE-2022-20665
CISCO
cisco -- email_security_appliance
 
A vulnerability in the TCP/IP stack of Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Secure Email and Web Manager, formerly Security Management Appliance, could allow an unauthenticated, remote attacker to crash the Simple Network Management Protocol (SNMP) service, resulting in a denial of service (DoS) condition. This vulnerability is due to an open port listener on TCP port 199. An attacker could exploit this vulnerability by connecting to TCP port 199. A successful exploit could allow the attacker to crash the SNMP service, resulting in a DoS condition.2022-04-06not yet calculatedCVE-2022-20675
CISCO
cisco -- network_diagrams_application
 
A vulnerability in the web-based management interface of the Network Diagrams application for Cisco Secure Network Analytics, formerly Stealthwatch Enterprise, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.2022-04-06not yet calculatedCVE-2022-20741
CISCO
cisco -- multiple_products
 
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. For more information about these vulnerabilities, see the Details section of this advisory.2022-04-06not yet calculatedCVE-2022-20754
CISCO
cisco -- multiple_products
 
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. For more information about these vulnerabilities, see the Details section of this advisory.2022-04-06not yet calculatedCVE-2022-20755
CISCO
cisco -- identity_services_engine
 
A vulnerability in the RADIUS feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. This vulnerability is due to improper handling of certain RADIUS requests. An attacker could exploit this vulnerability by attempting to authenticate to a network or a service where the access server is using Cisco ISE as the RADIUS server. A successful exploit could allow the attacker to cause Cisco ISE to stop processing RADIUS requests, causing authentication/authorization timeouts, which would then result in legitimate requests being denied access. Note: To recover the ability to process RADIUS packets, a manual restart of the affected Policy Service Node (PSN) is required. See the Details section for more information.2022-04-06not yet calculatedCVE-2022-20756
CISCO
cisco -- ultra_cloud_core
 
A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure (SMI) software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in the affected CLI. An attacker could exploit this vulnerability by authenticating as a CEE ConfD CLI user and executing a specific CLI command. A successful exploit could allow an attacker to access privileged containers with root privileges.2022-04-06not yet calculatedCVE-2022-20762
CISCO
cisco -- webex
 
A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attacker to inject arbitrary Java code. This vulnerability is due to improper deserialization of Java code within login requests. An attacker could exploit this vulnerability by sending malicious login requests to the Cisco Webex Meetings service. A successful exploit could allow the attacker to inject arbitrary Java code and take arbitrary actions within the Cisco Webex Meetings application.2022-04-06not yet calculatedCVE-2022-20763
CISCO
cisco -- ip_phone
 
A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition.2022-04-06not yet calculatedCVE-2022-20774
CISCO
cisco -- asyncos
 
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface.2022-04-06not yet calculatedCVE-2022-20781
CISCO
cisco -- identity_services_engine
 
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges to the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.2022-04-06not yet calculatedCVE-2022-20782
CISCO
cisco -- asyncos
 
A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass established web request policies and access blocked content on an affected device. This vulnerability is due to incorrect handling of certain character combinations inserted into a URL. An attacker could exploit this vulnerability by sending crafted URLs to be processed by an affected device. A successful exploit could allow the attacker to bypass the web proxy and access web content that has been blocked by policy.2022-04-06not yet calculatedCVE-2022-20784
CISCO
ibm -- planning_analytics
 
IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 219736.2022-04-08not yet calculatedCVE-2022-22339
XF
CONFIRM
ibm -- mq_appliance
 
IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance.2022-04-05not yet calculatedCVE-2022-22355
CONFIRM
XF
ibm -- mq_appliance
 
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487.2022-04-05not yet calculatedCVE-2022-22356
CONFIRM
XF
ibm -- watson_query
 
IBM Watson Query with Cloud Pak for Data as a Service could allow an authenticated user to obtain sensitive information that would allow them to examine or alter system configurations or data sources connected to the service. IBM X-Force ID: 222763.2022-04-06not yet calculatedCVE-2022-22410
XF
CONFIRM
codesys -- codesys
 
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.2022-04-07not yet calculatedCVE-2022-22513
MISC
codesys -- codesys
 
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. This causes a null pointer dereference in the CmpSettings component of the affected CODESYS products and leads to a crash.2022-04-07not yet calculatedCVE-2022-22514
MISC
codesys -- control_runtime_system
 
A remote, unauthenticated attacker could utilize the control programmer of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.2022-04-07not yet calculatedCVE-2022-22515
MISC
codesys -- control_runtime_system
 
The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space.2022-04-07not yet calculatedCVE-2022-22516
MISC
codesys -- codesys
 
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.2022-04-07not yet calculatedCVE-2022-22517
MISC
codesys -- codesys
 
A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy.2022-04-07not yet calculatedCVE-2022-22518
MISC
codesys -- codesys
 
A remote, authenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver and the CODESYS Control runtime system.2022-04-07not yet calculatedCVE-2022-22519
MISC
dell -- emc_powerscale_onefs
 
Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes.2022-04-08not yet calculatedCVE-2022-22563
MISC
fortiedr -- multiple_products
 
A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment.2022-04-06not yet calculatedCVE-2022-23440
CONFIRM
fortiedr -- multiple_products
 
A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors.2022-04-06not yet calculatedCVE-2022-23441
CONFIRM
fortiedr -- multiple_productsA improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission.2022-04-06not yet calculatedCVE-2022-23446
CONFIRM
hpe -- oneview
 
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.2022-04-04not yet calculatedCVE-2022-23697
MISC
hpe -- oneview
 
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.2022-04-04not yet calculatedCVE-2022-23698
MISC
hpe -- oneview
 
A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.2022-04-04not yet calculatedCVE-2022-23699
MISC
hpe -- oneview
 
A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.2022-04-04not yet calculatedCVE-2022-23700
MISC
enterprise_server_management -- enterprise_server_management
 
A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the management console. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.5 and was fixed in versions 3.1.19, 3.2.11, 3.3.6, 3.4.1. This vulnerability was reported via the GitHub Bug Bounty program.2022-04-05not yet calculatedCVE-2022-23732
CONFIRM
CONFIRM
CONFIRM
CONFIRM
wavlink -- wl-wn531p3_router
 
A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request through /cgi-bin/adm.cgi.2022-04-07not yet calculatedCVE-2022-23900
MISC
MISC
sherpa -- connector_service
 
There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a "C:\Program Files\Sherpa Software\Sherpa.exe" file.2022-04-05not yet calculatedCVE-2022-23909
MISC
MISC
asus -- asus
 
ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption.2022-04-07not yet calculatedCVE-2022-23970
MISC
asus -- asusASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service disruption.2022-04-07not yet calculatedCVE-2022-23971
MISC
asus -- asus
 
ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database.2022-04-07not yet calculatedCVE-2022-23972
MISC
asus -- asus
 
ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. An unauthenticated LAN attacker can execute arbitrary code to perform arbitrary operations or disrupt service.2022-04-07not yet calculatedCVE-2022-23973
MISC
apache -- pinot
 
In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release 0.10.0 fixes this. See https://docs.pinot.apache.org/basics/releases/0.10.02022-04-05not yet calculatedCVE-2022-23974
MISC
htmldoc -- htmldoc
 
In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow.2022-04-04not yet calculatedCVE-2022-24191
MISC
onlyoffice -- document_server
 
A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor.2022-04-08not yet calculatedCVE-2022-24229
MISC
MISC
MISC
simple_student_information_system -- simple_student_information_system
 
Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student.2022-04-05not yet calculatedCVE-2022-24231
MISC
dell -- powerscale_onefs
 
Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure.2022-04-08not yet calculatedCVE-2022-24428
MISC
microsoft -- edge
 
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.2022-04-05not yet calculatedCVE-2022-24475
N/A
microsoft -- edge
 
Microsoft Edge (Chromium-based) Spoofing Vulnerability.2022-04-05not yet calculatedCVE-2022-24523
N/A
zoho -- manageengine_adselfservice
 
Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.2022-04-07not yet calculatedCVE-2022-24681
MISC
CONFIRM
combodo -- itop
 
Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.2022-04-05not yet calculatedCVE-2022-24780
MISC
MISC
MISC
CONFIRM
MISC
moment -- momentMoment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.2022-04-04not yet calculatedCVE-2022-24785
MISC
CONFIRM
pjsip -- pjsip
 
PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmedia_rtcp_fb_parse_rpsi() will be affected. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.2022-04-06not yet calculatedCVE-2022-24786
CONFIRM
MISC
vyper -- vyper
 
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one ends with `"\x00"` because there is no comparison of the length. A patch is available and expected to be part of the 0.3.2 release. There are currently no known workarounds.2022-04-04not yet calculatedCVE-2022-24787
MISC
CONFIRM
pjsip -- pjsip
 
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that uses PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver instead.2022-04-06not yet calculatedCVE-2022-24793
MISC
CONFIRM
yajl-ruby -- yajl-ruby
 
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.2022-04-05not yet calculatedCVE-2022-24795
CONFIRM
MISC
MISC
twisted -- twisted
 
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. Users who may be affected use Twisted Web's HTTP 1.1 server and/or proxy and also pass requests through a different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a different parser, so it is not affected. The issue has been addressed in Twisted 22.4.0rc1. Two workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by upgrading them; or filter malformed requests by other means, such as configuration of an upstream proxy.2022-04-04not yet calculatedCVE-2022-24801
MISC
MISC
CONFIRM
combodi -- itop
 
Combodi iTop is a web based IT Service Management tool. Prior to versions 2.7.6 and 3.0.0, cross-site scripting is possible for scripts outside of script tags when displaying HTML attachments. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.2022-04-05not yet calculatedCVE-2022-24811
MISC
MISC
CONFIRM
createwiki -- createwiki
 
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Without the patch for this issue, anonymous comments can be made using Special:RequestWikiQueue when sent directly via POST. A patch for this issue is available in the `master` branch of CreateWiki's GitHub repository.2022-04-04not yet calculatedCVE-2022-24813
CONFIRM
MISC
MISC
directus -- directus
 
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.7.0, unauthorized JavaScript (JS) can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script tag. This satisfies the regular content security policy header, which in turn allows the file to run any arbitrary JS. This issue was resolved in version 9.7.0. As a workaround, disable the live embed in the what-you-see-is-what-you-get by adding `{ "media_live_embeds": false }` to the _Options Overrides_ option of the Rich Text HTML interface.2022-04-04not yet calculatedCVE-2022-24814
CONFIRM
MISC
MISC
xwiki -- xwiki_platform
 
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem.2022-04-08not yet calculatedCVE-2022-24819
CONFIRM
MISC
xwiki -- xwiki_platform
 
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem.2022-04-08not yet calculatedCVE-2022-24820
CONFIRM
MISC
xwiki -- xwiki_platform
 
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But a bug allow anyone with edit rights to actually create those. This issue has been patched in XWiki 13.10-rc-1, 12.10.11 and 13.4.6. There's no easy workaround for this issue, administrators should upgrade their wiki.2022-04-08not yet calculatedCVE-2022-24821
MISC
CONFIRM
podium -- podium
 
Podium is a library for building micro frontends. @podium/layout is a module for building a Podium layout server, and @podium/proxy is a module for proxying HTTP requests from a layout server to a podlet server. In @podium/layout prior to version 4.6.110 and @podium/proxy prior to version 4.2.74, an attacker using the `Trailer` header as part of the request against proxy endpoints has the ability to take down the server. All Podium layouts that include podlets with proxy endpoints are affected. `@podium/layout`, which is the main way developers/users are vulnerable to this exploit, has been patched in version `4.6.110`. All earlier versions are vulnerable.`@podium/proxy`, which is the source of the vulnerability and is used by `@podium/layout` has been patched in version `4.2.74`. All earlier versions are vulnerable. It is not easily possible to work around this issue without upgrading.2022-04-06not yet calculatedCVE-2022-24822
CONFIRM
MISC
MISC
MISC
MISC
zoho -- manageengine_adaudit_plusZoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response.2022-04-05not yet calculatedCVE-2022-24978
MISC
CONFIRM
samsung -- ssd_t5
 
A DLL hijacking vulnerability in Samsung portable SSD T5 PC software before 1.6.9 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows 7, 10, or 11 to exploit this vulnerability.)2022-04-05not yet calculatedCVE-2022-25154
CONFIRM
zoho -- manageengine_servicedesk_plus
 
Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name.2022-04-05not yet calculatedCVE-2022-25245
MISC
CONFIRM
owncloud -- owncloud
 
ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers.2022-04-07not yet calculatedCVE-2022-25338
MISC
owncloud -- owncloudownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers.2022-04-07not yet calculatedCVE-2022-25339
MISC
alt-n -- mdaemon_security_gateway
 
Alt-N MDaemon Security Gateway through 8.5.0 allows SecurityGateway.dll?view=login XML Injection.2022-04-05not yet calculatedCVE-2022-25356
MISC
MISC
MISC
zoho -- manageengine_supportcenter_plus
 
Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history.2022-04-05not yet calculatedCVE-2022-25373
MISC
CONFIRM
gams -- gams
 
Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across installations, allowing unauthenticated attackers to login as root users via extracting a key from the software.2022-04-04not yet calculatedCVE-2022-25569
MISC
seyeon_tech_co.,_ltd -- flexwatch
 
Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E Network Video System 4.23-3000_GY allows attackers to access sensitive information.2022-04-05not yet calculatedCVE-2022-25584
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
microprogram -- parking_lot_management_system
 
Microprogram’s parking lot management system is vulnerable to sensitive information exposure. An unauthorized remote attacker can input specific URLs to acquire partial system configuration information.2022-04-07not yet calculatedCVE-2022-25594
MISC
asus -- rt_ac86u
 
ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt.2022-04-07not yet calculatedCVE-2022-25595
MISC
asus -- rt_ac56u
 
ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service.2022-04-07not yet calculatedCVE-2022-25596
MISC
asus -- asus
 
ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service.2022-04-07not yet calculatedCVE-2022-25597
MISC
fv -- flowplayer_video_player
 
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter.2022-04-04not yet calculatedCVE-2022-25613
CONFIRM
CONFIRM
wordpress -- wpdatatables
 
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.272022-04-04not yet calculatedCVE-2022-25618
CONFIRM
CONFIRM
htcondor -- htcondor
 
An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon.2022-04-06not yet calculatedCVE-2022-26110
MISC
qdpm -- qdpm
 
qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI.2022-04-08not yet calculatedCVE-2022-26180
MISC
barco -- control_room_management
 
Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring.2022-04-03not yet calculatedCVE-2022-26233
MISC
MISC
synaman -- synaman
 
Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges.2022-04-06not yet calculatedCVE-2022-26250
MISC
MISC
MISC
synaman -- synaman
 
The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges.2022-04-06not yet calculatedCVE-2022-26251
MISC
MISC
MISC
bigant -- bigant
 
BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.2022-04-05not yet calculatedCVE-2022-26281
MISC
MISC
xenbits -- xenbits
 
Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_vram can enable log dirty while another CPU is still in the process of tearing down the structures related to a previously enabled log dirty mode (XEN_DOMCTL_SHADOW_OP_OFF). This is due to lack of mutually exclusive locking between both operations and can lead to entries being added in already freed slots, resulting in a memory leak.2022-04-05not yet calculatedCVE-2022-26356
MISC
CONFIRM
MLIST
vt-d -- domain_id_clelanup
 
race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the housekeeping structures has a race, allowing for VT-d domain IDs to be leaked and flushes to be bypassed.2022-04-05not yet calculatedCVE-2022-26357
MISC
CONFIRM
MLIST
vt-d -- vt-d
 
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.2022-04-05not yet calculatedCVE-2022-26358
MISC
CONFIRM
MLIST
vt-d -- vt-d
 
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.2022-04-05not yet calculatedCVE-2022-26359
MISC
CONFIRM
MLIST
vt-d -- vt-d
 
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.2022-04-05not yet calculatedCVE-2022-26360
MISC
CONFIRM
MLIST
vt-d -- vt-d
 
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.2022-04-05not yet calculatedCVE-2022-26361
MISC
CONFIRM
MLIST
swaylock -- swaylock
 
swaylock before 1.6 allows attackers to trigger a crash and achieve unlocked access to a Wayland compositor.2022-04-03not yet calculatedCVE-2022-26530
CONFIRM
MISC
MISC
xerox -- colorqube_8580
 
Xerox ColorQube 8580 was discovered to contain an access control issue which allows attackers to print, view the status, and obtain sensitive information.2022-04-04not yet calculatedCVE-2022-26572
MISC
mingsoft -- mcms
 
Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list.2022-04-05not yet calculatedCVE-2022-26585
MISC
icehrm -- icehrm
 
A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI.2022-04-08not yet calculatedCVE-2022-26588
MISC
fantech -- gmbh_mwid25-ds_firmware
 
FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attackers to access and download arbitrary files via a crafted GET request.2022-04-06not yet calculatedCVE-2022-26591
MISC
eziosuite -- eziosuiteeZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload functionality.2022-04-06not yet calculatedCVE-2022-26605
MISC
baigo -- baigo_cms
 
A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 was discovered to allow attackers to execute arbitrary code via uploading a crafted PHP file.2022-04-06not yet calculatedCVE-2022-26607
MISC
MISC
MISC
apache -- hadoop
 
In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.32022-04-07not yet calculatedCVE-2022-26612
MISC
php-cms -- php-cms
 
PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability via the category parameter in categorymenu.php.2022-04-06not yet calculatedCVE-2022-26613
MISC
college_website_content_management_system -- college_website_content_management
 
A cross-site scripting (XSS) vulnerability in College Website Content Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User Profile Name text fields.2022-04-05not yet calculatedCVE-2022-26615
MISC
pkp_vendor_open_jornal_system -- pkp_vendor_open_journal_system
 
PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to perform reflected cross-site scripting (XSS) attacks via crafted HTTP headers.2022-04-04not yet calculatedCVE-2022-26616
MISC
MISC
halo_blog_cms -- halo_blog_cms
 
Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function.2022-04-05not yet calculatedCVE-2022-26619
MISC
bootstrap -- bootstrap
 
Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title parameter in /vendor/views/add_product.php.2022-04-08not yet calculatedCVE-2022-26624
MISC
MISC
online_project_time_management -- online_project_time_management
 
Online Project Time Management System v1.0 was discovered to contain an arbitrary file write vulnerability which allows attackers to execute arbitrary code via a crafted HTML file.2022-04-07not yet calculatedCVE-2022-26627
MISC
matrimony -- matrimony
 
Matrimony v1.0 was discovered to contain a SQL injection vulnerability via the Password parameter.2022-04-05not yet calculatedCVE-2022-26628
MISC
jellycms -- jellycms
 
Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \app.\admin\Controllers\db.php.2022-04-05not yet calculatedCVE-2022-26630
MISC
php-memcached -- php-memcached
 
PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection.2022-04-05not yet calculatedCVE-2022-26635
MISC
dlink -- dlink
 
D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to control the system or disrupt service.2022-04-07not yet calculatedCVE-2022-26670
MISC
secom -- secomTaiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service.2022-04-07not yet calculatedCVE-2022-26671
MISC
aenrich -- aenrichaEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal attacks to access arbitrary files under website root directory.2022-04-07not yet calculatedCVE-2022-26675
MISC
aenrich -- aenrich
 
aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service.2022-04-07not yet calculatedCVE-2022-26676
MISC
apache -- nifi
 
When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory.2022-04-06not yet calculatedCVE-2022-26850
MISC
MLIST
dell -- powerscale_onefsDell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss.2022-04-08not yet calculatedCVE-2022-26851
MISC
dell -- powerscale_onefsDell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise.2022-04-08not yet calculatedCVE-2022-26852
MISC
dell -- powerscale_onefsDell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access2022-04-08not yet calculatedCVE-2022-26854
MISC
dell -- powerscale_onefs
 
Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of service.2022-04-08not yet calculatedCVE-2022-26855
MISC
asana -- asanda_desktop
 
Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page.2022-04-09not yet calculatedCVE-2022-26877
MISC
CONFIRM
microsoft -- edgeMicrosoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.2022-04-05not yet calculatedCVE-2022-26891
N/A
microsoft -- edgeMicrosoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.2022-04-05not yet calculatedCVE-2022-26894
N/A
microsoft -- edgeMicrosoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.2022-04-05not yet calculatedCVE-2022-26895
N/A
microsoft -- edgeMicrosoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.2022-04-05not yet calculatedCVE-2022-26900
N/A
microsoft -- edgeMicrosoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26909, CVE-2022-26912.2022-04-05not yet calculatedCVE-2022-26908
N/A
microsoft -- edgeMicrosoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26912.2022-04-05not yet calculatedCVE-2022-26909
N/A
microsoft -- edge
 
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909.2022-04-05not yet calculatedCVE-2022-26912
N/A
digi -- passport_firmwareDigi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page.2022-04-06not yet calculatedCVE-2022-26952
MISC
MISC
MISC
digi -- passport_firmware
 
Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page parameter for reboot.asp endpoint, allowing him to force an overflow when the string is concatenated to the HTML body.2022-04-06not yet calculatedCVE-2022-26953
MISC
MISC
MISC
simplemachinesforum --simplemachinesforum
 
SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator.2022-04-05not yet calculatedCVE-2022-26982
MISC
impresscms -- impresscms
 
SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to compromise the entire system.2022-04-05not yet calculatedCVE-2022-26986
MISC
tenda -- tendaThere is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn.2022-04-07not yet calculatedCVE-2022-27016
MISC
tenda -- tenda
 
There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tenda AC9 V15.03.2.21_cn. The attacker can obtain a stable root shell through a constructed payload.2022-04-07not yet calculatedCVE-2022-27022
MISC
libsixel -- libsixellibsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c:876.2022-04-08not yet calculatedCVE-2022-27044
MISC
libsixel -- libsixel
 
libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388.2022-04-08not yet calculatedCVE-2022-27046
MISC
mogu_blog_cms -- mogu_blog_cms
 
mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation.2022-04-08not yet calculatedCVE-2022-27047
MISC
aerocms -- aerocmsAeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.2022-04-08not yet calculatedCVE-2022-27061
MISC
MISC
MISC
aerocms -- aerocms
 
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field.2022-04-08not yet calculatedCVE-2022-27062
MISC
MISC
MISC
aerocms -- aerocms
 
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.2022-04-08not yet calculatedCVE-2022-27063
MISC
MISC
MISC
musical_world -- musical_world
 
Musical World v1 was discovered to contain an arbitrary file upload vulnerability via uploaded_songs.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.2022-04-08not yet calculatedCVE-2022-27064
MISC
MISC
MISC
orangehrm -- orangehrm
 
OrangeHRM 4.10 is vulnerable to Stored XSS in the "Share Video" section under "OrangeBuzz" via the GET/POST "createVideo[linkAddress]" parameter2022-04-06not yet calculatedCVE-2022-27107
MISC
orangehrm -- orangehrm
 
OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony/web/index.php/time/createTimesheet`. Any user can create a timesheet in another user's account.2022-04-06not yet calculatedCVE-2022-27108
MISC
orangehrm -- orangehrmOrangeHRM 4.10 suffers from a Referer header injection redirect vulnerability.2022-04-06not yet calculatedCVE-2022-27109
MISC
orangehrm -- orangehrmOrangeHRM 4.10 is vulnerable to a Host header injection redirect via viewPersonalDetails endpoint.2022-04-06not yet calculatedCVE-2022-27110
MISC
employee_performance_evaluation -- employee_performance_evaluation
 
Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the email parameter.2022-04-05not yet calculatedCVE-2022-27123
MISC
insurance_management_system -- insurance_management_system
 
Insurance Management System 1.0 was discovered to contain a SQL injection vulnerability via the username parameter.2022-04-05not yet calculatedCVE-2022-27124
MISC
gpac -- mp4box
 
GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box.2022-04-08not yet calculatedCVE-2022-27145
MISC
gpac -- mp4box
 
GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag.2022-04-08not yet calculatedCVE-2022-27146
MISC
gpac -- mp4box
 
GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag.2022-04-08not yet calculatedCVE-2022-27147
MISC
gpac -- mp4box
 
GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow.2022-04-08not yet calculatedCVE-2022-27148
MISC
roku -- roku
 
Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification.2022-04-08not yet calculatedCVE-2022-27152
MISC
student_grading_system -- student_grading_system
 
Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via the user parameter.2022-04-05not yet calculatedCVE-2022-27304
MISC
ecommerce-website -- ecommerce-website
 
Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.2022-04-08not yet calculatedCVE-2022-27346
MISC
MISC
MISC
social_codia_sms -- social_codia_sms
 
Social Codia SMS v1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field.2022-04-08not yet calculatedCVE-2022-27348
MISC
MISC
MISC
social_codia_sms -- social_codia_sms
 
Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.2022-04-08not yet calculatedCVE-2022-27349
MISC
MISC
MISC
zoo_management_system -- zoo_management_system 
 
Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.2022-04-08not yet calculatedCVE-2022-27351
MISC
MISC
MISC
simple_house_rental_system -- simple_house_rental_system
 
Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.2022-04-08not yet calculatedCVE-2022-27352
MISC
MISC
MISC
ecommerce-website -- ecommerce-website
 
Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.2022-04-08not yet calculatedCVE-2022-27357
MISC
MISC
MISC
e-commerce_website -- e-commerce_website
 
An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allows attackers to upload a webshell via the Product Image component.2022-04-04not yet calculatedCVE-2022-27435
MISC
MISC
e-commerce_website -- e-commerce_website
 
A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_user at Ecommerce-Website v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username text field.2022-04-04not yet calculatedCVE-2022-27436
MISC
MISC
tpcms -- tpcms
 
A stored cross-site scripting (XSS) vulnerability in TPCMS v3.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Phone text box.2022-04-04not yet calculatedCVE-2022-27441
MISC
tpcms -- tpcms
 
TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password.2022-04-04not yet calculatedCVE-2022-27442
MISC
wwbn -- avideoCross Site Scripting (XSS) vulnerability in objects/function.php in function getDeviceID in WWBN AVideo through 11.6, via the yptDevice parameter to view/include/head.php.2022-04-05not yet calculatedCVE-2022-27462
MISC
MISC
wwbn -- avideo
 
Open redirect vulnerability in objects/login.json.php in WWBN AVideo through 11.6, allows attackers to arbitrarily redirect users from a crafted url to the login page.2022-04-05not yet calculatedCVE-2022-27463
MISC
MISC
forcepoint -- one_endpoint
 
Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. This could result in a user disabling anti-tampering mechanisms which would then allow the user to disable Forcepoint One Endpoint and the protection offered by it.2022-04-04not yet calculatedCVE-2022-27608
MISC
forcepoint -- one_endpoint
 
Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. This could result in a user disabling Forcepoint One Endpoint and the protection offered by it.2022-04-04not yet calculatedCVE-2022-27609
MISC
podman -- moby_docker_engine
 
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.2022-04-04not yet calculatedCVE-2022-27649
MISC
MISC
MISC
moby -- moby_docker_engine
 
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.2022-04-04not yet calculatedCVE-2022-27650
MISC
MISC
MISC
FEDORA
moby -- moby_docker_engine
 
A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.2022-04-04not yet calculatedCVE-2022-27651
MISC
MISC
MISC
FEDORA
FEDORA
waycrate -- swhkdSWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service.2022-04-07not yet calculatedCVE-2022-27818
MISC
MISC
waycrate -- swhkd
 
SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service (memory exhaustion) upon an attempt to parse a large or infinite file (such as a block or character device).2022-04-07not yet calculatedCVE-2022-27819
MISC
MISC
trend_micro -- antivirus_for_mac
 
A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an attacker must at least have low-level privileges on the system to attempt to exploit this vulnerability.2022-04-09not yet calculatedCVE-2022-27883
N/A
N/A
online_banking_system -- online_banking_system
 
Online Banking System in PHP v1 was discovered to contain multiple SQL injection vulnerabilities at /staff_login.php via the Staff ID and Staff Password parameters.2022-04-08not yet calculatedCVE-2022-27991
MISC
zoo_management_system -- zoo_management_system
 
Zoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /public_html/animals via the class_id parameter.2022-04-08not yet calculatedCVE-2022-27992
MISC
MISC
car_rental_system -- car_rental_system
 
Car Rental System v1.0 was discovered to contain a SQL injection vulnerability at /Car_Rental/booking.php via the id parameter.2022-04-08not yet calculatedCVE-2022-28000
MISC
MISC
movie_seat_reservation -- movie_seat_reservationMovie Seat Reservation v1 was discovered to contain a SQL injection vulnerability at /index.php?page=reserve via the id parameter.2022-04-08not yet calculatedCVE-2022-28001
MISC
MISC
movie_seat_reservation -- movie_seat_reservationMovie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home.2022-04-08not yet calculatedCVE-2022-28002
MISC
MISC
car_rental_system -- car_rental_system
 
Car Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component which allows attackers to upload a webshell and execute arbitrary code.2022-04-04not yet calculatedCVE-2022-28062
MISC
simple_bakery_shop_management_system -- simple_bakery_shop_management_system
 
Simple Bakery Shop Management System v1.0 contains a file disclosure via /bsms/?page=products.2022-04-04not yet calculatedCVE-2022-28063
MISC
online_sports_complex_booking -- online_sports_complex_bookingOnline Sports Complex Booking v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.2022-04-05not yet calculatedCVE-2022-28115
MISC
online_banking_system -- online_banking_system
 
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.2022-04-05not yet calculatedCVE-2022-28116
MISC
zoho -- manageengine
 
Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.2022-04-05not yet calculatedCVE-2022-28219
MISC
CONFIRM
weechat -- weechat
 
WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate. NOTE: this only affects situations where weechat.network.gnutls_ca_system or weechat.network.gnutls_ca_user is changed without a WeeChat restart.2022-04-02not yet calculatedCVE-2022-28352
MISC
MISC
scala.js -- scala.js
 
randomUUID in Scala.js before 1.10.0 generates predictable values.2022-04-02not yet calculatedCVE-2022-28355
MISC
MISC
CONFIRM
CONFIRM
reprise_software -- reprise_license_managerReprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process username parameter via GET. No authentication is required.2022-04-09not yet calculatedCVE-2022-28363
MISC
MISC
reprise_software -- reprise_license_managerReprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/rlmswitchr_process file parameter via GET. Authentication is required.2022-04-09not yet calculatedCVE-2022-28364
MISC
MISC
reprise_software -- reprise_license_manager
 
Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture, and file/directory details.2022-04-09not yet calculatedCVE-2022-28365
MISC
MISC
synk_labs -- php_goof
 
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file).2022-04-03not yet calculatedCVE-2022-28368
MISC
MISC
MISC
MISC
MISC
MISC
verizon -- lvskihp_5g
 
Verizon LVSKIHP 5G outside devices through 2022-02-15 allow anyone (knowing the device's serial number) to access a CPE admin website, e.g., at the 10.0.0.1 IP address. The password (for the verizon username) is calculated by concatenating the serial number and the model (i.e., the LVSKIHP string), running the sha256sum program, and extracting the first seven characters concatenated with the last seven characters of that SHA-256 value.2022-04-03not yet calculatedCVE-2022-28376
MISC
craft_cms -- craft
 
Craft CMS before 3.7.29 allows XSS.2022-04-03not yet calculatedCVE-2022-28378
MISC
nginx_proxy_manager -- nginx_proxy_manager
 
jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion.2022-04-03not yet calculatedCVE-2022-28379
MISC
MISC
rc-httpd -- rc-httpd
 
The rc-httpd component through 2022-03-31 for 9front (Plan 9 fork) allows ..%2f directory traversal if serve-static is used.2022-04-03not yet calculatedCVE-2022-28380
MISC
CONFIRM
alpine -- busybox
 
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.2022-04-03not yet calculatedCVE-2022-28391
MISC
MISC
MISC
online_student_admission -- online_student_admission
 
Online Student Admission v1.0 was discovered to contain a SQL injection vulnerability via the txtapplicationID parameter.2022-04-05not yet calculatedCVE-2022-28467
MISC
payroll_management_system -- payroll_management_system
 
Payroll Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter.2022-04-05not yet calculatedCVE-2022-28468
MISC

jetbrains -- youtrack

In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered2022-04-05not yet calculatedCVE-2022-28648
MISC
jetbrains -- youtrackIn JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description2022-04-05not yet calculatedCVE-2022-28649
MISC
jetbrains -- youtrack
 
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI2022-04-05not yet calculatedCVE-2022-28650
MISC
jetbrains -- intellij_idea
 
In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields2022-04-05not yet calculatedCVE-2022-28651
MISC
linux -- linux_kernel
 
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.2022-04-08not yet calculatedCVE-2022-28796
MISC
MISC
lua -- lua
 
singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.2022-04-08not yet calculatedCVE-2022-28805
MISC
MISC
MISC
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.