Vulnerability Summary for the Week of June 27, 2022

This article is contributed. See the original author and article here.

admidio — admidio Admidio 4.1.2 version is affected by stored cross-site scripting (XSS). 2022-06-28 not yet calculated CVE-2022-23896
MISC aerogear — aerogear
  The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can’t be reached or can slow the server down by purposefully wasting it’s time with slow endpoints. Similarly, one can provide whatever HTTP end point they want. This turns the server into a DDOS vector or an anonymizer for the posting of malware and so on. 2022-07-01 not yet calculated CVE-2014-3648
MISC aerogear — aerogear
  Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input. 2022-07-01 not yet calculated CVE-2014-3650
MISC
MISC ampere — alta_and_altramax
  On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component. 2022-07-01 not yet calculated CVE-2022-32295
MISC
MISC android — ebook_app
  SQL Injection vulnerability in viaviwebtech Android EBook App (Books App, PDF, ePub, Online Book Reading, Download Books) 10 via the author_id parameter to api.php. 2022-07-01 not yet calculated CVE-2021-32428
MISC
MISC
MISC
MISC apache — shiro
  Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass. 2022-06-29 not yet calculated CVE-2022-32532
MISC apache — systemds The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a “low-priority but useful improvement”. SystemDS is a distributed system and needs to serialize/deserialize data but in many code paths (e.g., on Spark broadcast/shuffle or writing to sequence files) the byte stream is anyway protected by additional CRC fingerprints. In this particular case though, the number of decoders is upper-bounded by twice the number of columns, which means an attacker would need to modify two entries in the byte stream in a consistent manner. By adding these checks robustness was strictly improved with almost zero overhead. These code changes are available in versions higher than 2.2.1. 2022-06-27 not yet calculated CVE-2022-26477
MISC apache — apache
  The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1. 2022-06-27 not yet calculated CVE-2022-33879
MISC
MLIST apifest — oauth
  ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization code to the redirect URI submitted with the authorization request, without checking whether the redirect URI is registered by the client who initiated the request. This allows an attacker to craft a request with a manipulated redirect URI (redirect_uri parameter), which is under the attacker’s control, and consequently obtain the leaked authorization code when the server redirects the client to the manipulated redirect URI with an authorization code. NOTE: this is similar to CVE-2019-3778. 2022-06-29 not yet calculated CVE-2020-26877
MISC
MISC
MISC apple — air_transfer
  A vulnerability was found in Air Transfer 1.0.14/1.2.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2022-06-27 not yet calculated CVE-2017-20100
MISC
MISC apple — album_lock
  A vulnerability was found in Album Lock 4.0 and classified as critical. Affected by this issue is some unknown functionality of the file /getImage. The manipulation of the argument filePaht leads to path traversal. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. 2022-06-27 not yet calculated CVE-2017-20102
MISC
MISC apple — iphone
  A vulnerability was found in Apple iPhone up to 12.4.1. It has been declared as critical. Affected by this vulnerability is Siri. Playing an audio or video file might be able to initiate Siri on the same device which makes it possible to execute commands remotely. Exploit details have been disclosed to the public. The existence and implications of this vulnerability are doubted by Apple even though multiple public videos demonstrating the attack exist. Upgrading to version 13.0 migt be able to address this issue. It is recommended to upgrade affected devices. NOTE: Apple claims, that after examining the report they do not see any actual security implications. 2022-06-25 not yet calculated CVE-2019-25071
N/A
N/A
N/A argo — cd Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a `javascript:` link in the UI. When clicked by a victim user, the script will execute with the victim’s permissions (up to and including admin). The script would be capable of doing anything which is possible in the UI or via the API, such as creating, modifying, and deleting Kubernetes resources. A patch for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no completely-safe workarounds besides upgrading. 2022-06-27 not yet calculated CVE-2022-31035
MISC
MISC
CONFIRM argo — cd
  Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must be an authenticated Argo CD user authorized to deploy Applications from a repository which contains (or can be made to contain) a large file. The fix for this vulnerability is available in versions 2.3.5, 2.2.10, 2.1.16, and later. There are no known workarounds. Users are recommended to upgrade. 2022-06-25 not yet calculated CVE-2022-31016
CONFIRM argo — cd
  Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD’s repo-server. A malicious Argo CD user with write access for a repository which is (or may be) used in a Helm-type Application may commit a symlink which points to an out-of-bounds file. If the target file is a valid YAML file, the attacker can read the contents of that file. Sensitive files which could be leaked include manifest files from other Applications’ source repositories (potentially decrypted files, if you are using a decryption plugin) or any YAML-formatted secrets which have been mounted as files on the repo-server. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. If you are using a version >=v2.3.0 and do not have any Helm-type Applications you may disable the Helm config management tool as a workaround. 2022-06-27 not yet calculated CVE-2022-31036
MISC
CONFIRM argo — cd
  Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a relatively-predictable (time-based) seed in a non-cryptographically-secure pseudo-random number generator made the parameter less random than required by the relevant spec or by general best practices. In some cases, using too short a value made the entropy even less sufficient. The attacks on login flows which are meant to be mitigated by these parameters are difficult to accomplish but can have a high impact potentially granting an attacker admin access to Argo CD. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no known workarounds for this vulnerability. 2022-06-27 not yet calculated CVE-2022-31034
MISC
CONFIRM ast — parser An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input. 2022-06-30 not yet calculated CVE-2022-33082
MISC asus — dsl-n14u-b1
  Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the “*list” parameters (e.g. filter_lwlist, keyword_rulelist, etc) in every “.asp” page containing a list of stored strings. The following asp files are affected: (1) cgi-bin/APP_Installation.asp, (2) cgi-bin/Advanced_ACL_Content.asp, (3) cgi-bin/Advanced_ADSL_Content.asp, (4) cgi-bin/Advanced_ASUSDDNS_Content.asp, (5) cgi-bin/Advanced_AiDisk_ftp.asp, (6) cgi-bin/Advanced_AiDisk_samba.asp, (7) cgi-bin/Advanced_DSL_Content.asp, (8) cgi-bin/Advanced_Firewall_Content.asp, (9) cgi-bin/Advanced_FirmwareUpgrade_Content.asp, (10) cgi-bin/Advanced_GWStaticRoute_Content.asp, (11) cgi-bin/Advanced_IPTV_Content.asp, (12) cgi-bin/Advanced_IPv6_Content.asp, (13) cgi-bin/Advanced_KeywordFilter_Content.asp, (14) cgi-bin/Advanced_LAN_Content.asp, (15) cgi-bin/Advanced_Modem_Content.asp, (16) cgi-bin/Advanced_PortTrigger_Content.asp, (17) cgi-bin/Advanced_QOSUserPrio_Content.asp, (18) cgi-bin/Advanced_QOSUserRules_Content.asp, (19) cgi-bin/Advanced_SettingBackup_Content.asp, (20) cgi-bin/Advanced_System_Content.asp, (21) cgi-bin/Advanced_URLFilter_Content.asp, (22) cgi-bin/Advanced_VPN_PPTP.asp, (23) cgi-bin/Advanced_VirtualServer_Content.asp, (24) cgi-bin/Advanced_WANPort_Content.asp, (25) cgi-bin/Advanced_WAdvanced_Content.asp, (26) cgi-bin/Advanced_WMode_Content.asp, (27) cgi-bin/Advanced_WWPS_Content.asp, (28) cgi-bin/Advanced_Wireless_Content.asp, (29) cgi-bin/Bandwidth_Limiter.asp, (30) cgi-bin/Guest_network.asp, (31) cgi-bin/Main_AccessLog_Content.asp, (32) cgi-bin/Main_AdslStatus_Content.asp, (33) cgi-bin/Main_Spectrum_Content.asp, (34) cgi-bin/Main_WebHistory_Content.asp, (35) cgi-bin/ParentalControl.asp, (36) cgi-bin/QIS_wizard.asp, (37) cgi-bin/QoS_EZQoS.asp, (38) cgi-bin/aidisk.asp, (39) cgi-bin/aidisk/Aidisk-1.asp, (40) cgi-bin/aidisk/Aidisk-2.asp, (41) cgi-bin/aidisk/Aidisk-3.asp, (42) cgi-bin/aidisk/Aidisk-4.asp, (43) cgi-bin/blocking.asp, (44) cgi-bin/cloud_main.asp, (45) cgi-bin/cloud_router_sync.asp, (46) cgi-bin/cloud_settings.asp, (47) cgi-bin/cloud_sync.asp, (48) cgi-bin/device-map/DSL_dashboard.asp, (49) cgi-bin/device-map/clients.asp, (50) cgi-bin/device-map/disk.asp, (51) cgi-bin/device-map/internet.asp, (52) cgi-bin/error_page.asp, (53) cgi-bin/index.asp, (54) cgi-bin/index2.asp, (55) cgi-bin/qis/QIS_PTM_manual_setting.asp, (56) cgi-bin/qis/QIS_admin_pass.asp, (57) cgi-bin/qis/QIS_annex_setting.asp, (58) cgi-bin/qis/QIS_bridge_cfg_tmp.asp, (59) cgi-bin/qis/QIS_detect.asp, (60) cgi-bin/qis/QIS_finish.asp, (61) cgi-bin/qis/QIS_ipoa_cfg_tmp.asp, (62) cgi-bin/qis/QIS_manual_setting.asp, (63) cgi-bin/qis/QIS_mer_cfg.asp, (64) cgi-bin/qis/QIS_mer_cfg_tmp.asp, (65) cgi-bin/qis/QIS_ppp_cfg.asp, (66) cgi-bin/qis/QIS_ppp_cfg_tmp.asp, (67) cgi-bin/qis/QIS_wireless.asp, (68) cgi-bin/query_wan_status.asp, (69) cgi-bin/query_wan_status2.asp, and (70) cgi-bin/start_apply.asp. 2022-07-01 not yet calculated CVE-2022-32988
MISC
MISC automox — agent_for_osx The Automox Agent installation package before 37 on macOS allows an unprivileged user to obtain root access because of incorrect access control on a file used within the PostInstall script. 2022-07-01 not yet calculated CVE-2022-27904
MISC
MISC bento4 — bento4
  In Bento4 1.6.0-638, there is an allocator is out of memory in the function AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity in Ap4Array.h:172, as demonstrated by GPAC. This can cause a denial of service (DOS). 2022-06-27 not yet calculated CVE-2021-40941
MISC bento4 — bento4
  In Bento4 1.6.0-638, there is a null pointer reference in the function AP4_DescriptorListInspector::Action function in Ap4Descriptor.h:124 , as demonstrated by GPAC. This can cause a denial of service (DOS). 2022-06-28 not yet calculated CVE-2021-40943
MISC bestofinc — online_hotel_booking_system_pro A vulnerability classified as critical has been found in Online Hotel Booking System Pro Plugin 1.0. Affected is an unknown function of the file /front/roomtype-details.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2022-06-30 not yet calculated CVE-2017-20124
N/A
N/A bestofinc — online_hotel_booking_system_pro
  A vulnerability classified as critical was found in Online Hotel Booking System Pro 1.2. Affected by this vulnerability is an unknown functionality of the file /roomtype-details.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2022-06-30 not yet calculated CVE-2017-20125
N/A
N/A bfabiszewski — libmobi
  NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11. 2022-07-01 not yet calculated CVE-2022-2279
CONFIRM
MISC bigbluebutton — bigbluebutton
  BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim’s client. When a user receives a private chat from the attacker (whose username contains malicious JavaScript), the script gets executed. Additionally when the victim receives a notification that the attacker has left the session. This issue has been patched in version 2.4.8 and 2.5.0. There are no known workarounds for this issue. 2022-06-27 not yet calculated CVE-2022-31065
CONFIRM
MISC
MISC bigbluebutton — bigbluebutton
  BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker (with xss in the name) starts a chat. in the victim’s client the JavaScript will be executed. This issue has been addressed in version 2.4.8 and 2.5.0. There are no known workarounds for this issue. 2022-06-27 not yet calculated CVE-2022-31064
MISC
CONFIRM
MISC
MISC
FULLDISC
MISC bigbluebutton — greenlight
  Greenlight is a simple front-end interface for your BigBlueButton server. In affected versions an attacker can view any room’s settings even though they are not authorized to do so. Only the room owner and administrator should be able to view a room’s settings. This issue has been patched in release version 2.12.6. 2022-06-27 not yet calculated CVE-2022-31039
CONFIRM
MISC bitrix — site_manager
  A vulnerability classified as problematic was found in Bitrix Site Manager 12.06.2015. Affected by this vulnerability is an unknown functionality of the component Contact Form. The manipulation of the argument text with the input <img src=”http://1″; on onerror=”$(’p’).text(’Hacked’)” /> leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2022-06-30 not yet calculated CVE-2017-20122
N/A
N/A brocade — sannav
  Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log 2022-06-27 not yet calculated CVE-2022-28167
MISC
CONFIRM brocade — sannav
  In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082. 2022-06-27 not yet calculated CVE-2022-28166
MISC
CONFIRM brocade — sannav
  In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords. 2022-06-27 not yet calculated CVE-2022-28168
MISC
CONFIRM centum — multiple_versions
  Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 ‘For CENTUM VP Support CAMS for HIS’ is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration. 2022-06-28 not yet calculated CVE-2022-30707
MISC
MISC
MISC
MISC cilan2 — iot A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. 2022-06-30 not yet calculated CVE-2022-33087
MISC clever — underscore.deep
  Underscore.deep is a collection of Underscore mixins that operate on nested objects. Versions of `underscore.deep` prior to version 0.5.3 are vulnerable to a prototype pollution vulnerability. An attacker can craft a malicious payload and pass it to `deepFromFlat`, which would pollute any future Objects created. Any users that have `deepFromFlat` or `deepPick` (due to its dependency on `deepFromFlat`) in their code should upgrade to version 0.5.3 as soon as possible. Users unable to upgrade may mitigate this issue by modifying `deepFromFlat` to prevent specific keywords which will prevent this from happening. 2022-06-28 not yet calculated CVE-2022-31106
MISC
CONFIRM cloudflare — warp_client_for_windows Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files. 2022-06-28 not yet calculated CVE-2022-2145
MISC college_management_sytem — college_management_system
  College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file. 2022-07-01 not yet calculated CVE-2022-32420
MISC d-link — dir-645
  D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi. 2022-06-27 not yet calculated CVE-2022-32092
MISC
MISC dahuasecurity — dahuasecurity When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user’s login packet. 2022-06-28 not yet calculated CVE-2022-30563
MISC dahuasecurity –dahuasecurity When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash. 2022-06-28 not yet calculated CVE-2022-30560
MISC dahuasecurity –dahuasecurity When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user’s login packet. 2022-06-28 not yet calculated CVE-2022-30561
MISC dahuasecurity –dahuasecurity
  If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. 2022-06-28 not yet calculated CVE-2022-30562
MISC das — u-boot
  In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the “i2c md” command enables the corruption of the return address pointer of the do_i2c_md function. 2022-06-30 not yet calculated CVE-2022-34835
MISC
MISC
MISC das — u-boot
  Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir(). 2022-07-01 not yet calculated CVE-2022-33103
MISC
MISC dcmtk — dcmtk DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack. 2022-06-28 not yet calculated CVE-2021-41689
MISC
MISC dcmtk — dcmtk DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can use it to launch a DoS attack. 2022-06-28 not yet calculated CVE-2021-41690
MISC
MISC dcmtk — dcmtk
  DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack. 2022-06-28 not yet calculated CVE-2021-41688
MISC
MISC dcmtk — dcmtk
  DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack. 2022-06-28 not yet calculated CVE-2021-41687
MISC
MISC deep.assign — deep.assign deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’). 2022-06-30 not yet calculated CVE-2021-40663
MISC
MISC dell — powerscale_onefs Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources. 2022-06-28 not yet calculated CVE-2022-31229
MISC dell — powerscale_onefs
  Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access. 2022-06-28 not yet calculated CVE-2022-31230
MISC delta_electronics — diaenergie A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field. 2022-06-27 not yet calculated CVE-2022-33005
MISC devolutions — remote_desktop_manager
  Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8. 2022-06-27 not yet calculated CVE-2022-2221
MISC discourse — discourse
  Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn’t match the invite’s email or does not adhere to the email domain restriction of an invite link. The impact of this flaw is aggravated when the invite has been configured to add the user that accepts the invite into restricted groups. Once a user has been incorrectly added to a restricted group, the user may then be able to view content which that are restricted to the respective group. Users are advised to upgrade to the current stable releases. There are no known workarounds to this issue. 2022-06-27 not yet calculated CVE-2022-31096
CONFIRM distributed_data_systems — webhmi
  A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 can store a script that could impact other logged in users. 2022-07-01 not yet calculated CVE-2022-2254
CONFIRM distributed_data_systems — webhmi
  A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the host server. 2022-07-01 not yet calculated CVE-2022-2253
CONFIRM dompdf — dompdf Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0. 2022-06-28 not yet calculated CVE-2022-0085
MISC
CONFIRM easy_table_plugin — easy_table_plugin
  A vulnerability classified as problematic has been found in Easy Table Plugin 1.6. This affects an unknown part of the file /wordpress/wp-admin/options-general.php. The manipulation with the input “><script>alert(1)</script> leads to basic cross site scripting. It is possible to initiate the attack remotely. 2022-06-29 not yet calculated CVE-2017-20108
MISC
MISC ecshop — eschop
  ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information. 2022-06-28 not yet calculated CVE-2021-41460
MISC edimax — ic-3140w
  The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password. 2022-06-29 not yet calculated CVE-2021-40597
MISC
MISC
MISC elcomplus — smartics
  An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0. 2022-06-27 not yet calculated CVE-2022-2088
CONFIRM elcomplus — smartics
  Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files. 2022-06-27 not yet calculated CVE-2022-2106
CONFIRM elcomplus — smartics
  Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters. 2022-06-27 not yet calculated CVE-2022-2140
CONFIRM embarcadero — dev-cpp A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execute arbitrary code via a crafted .exe file. 2022-06-29 not yet calculated CVE-2022-33036
MISC ember.js — ember.js
  In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view’s `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain (“XSS”). This vulnerability only affects applications that assign or bind user-provided content to `tagName`. 2022-06-30 not yet calculated CVE-2013-4170
MISC
MISC
MISC espcms — espcms
  ESPCMS P8 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the fetch_filename function at espcms_publicespcms_templatesESPCMS_Templates. 2022-06-30 not yet calculated CVE-2022-33085
MISC espressif — bluetootj_mesh_sdk
  ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (`ESP-BLE-MESH`), a memory corruption vulnerability can be triggered during provisioning, because there is no check for the `SegN` field of the Transaction Start PDU. This can result in memory corruption related attacks and potentially attacker gaining control of the entire system. Patch commits are available on the 4.1, 4.2, 4.3 and 4.4 branches and users are recommended to upgrade. The upgrade is applicable for all applications and users of `ESP-BLE-MESH` component from `ESP-IDF`. As it is implemented in the Bluetooth Mesh stack, there is no workaround for the user to fix the application layer without upgrading the underlying firmware. 2022-06-25 not yet calculated CVE-2022-24893
CONFIRM exemys — rme1
  By using a specific credential string, an attacker with network access to the device’s web interface could circumvent the authentication scheme and perform administrative operations. 2022-06-30 not yet calculated CVE-2022-2197
MISC eyeofnetwork — eyeofnetwork
  EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the “sendmail” application in the “cacti” configuration page (by default/usr/sbin/sendmail) it is possible to execute any command, which will be executed when we make a test of the configuration (“send test mail”). 2022-06-30 not yet calculated CVE-2021-40643
MISC
MISC form –contact_form_wordpress_plugin The Form – Contact Form WordPress plugin through 1.2.0 does not sanitize and escape Custom text fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed 2022-06-27 not yet calculated CVE-2022-1326
MISC fusionpbx — fusionpbx
  Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized “path” parameter in resources/login.php. 2022-07-01 not yet calculated CVE-2021-37524
MISC
MISC getgrav — grav Code Injection in GitHub repository getgrav/grav prior to 1.7.34. 2022-06-29 not yet calculated CVE-2022-2073
MISC
CONFIRM gitee — gitee
  When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception. 2022-06-27 not yet calculated CVE-2021-33654
MISC gitee — gitee
  When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception. 2022-06-27 not yet calculated CVE-2021-33653
MISC gitee — gitee
  When the Reduce operator run operation is executed, if there is a value of 0 in the parameter axis_sizes element, it will cause a division by 0 exception. 2022-06-27 not yet calculated CVE-2021-33652
MISC gitee — gitee
  When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers. 2022-06-27 not yet calculated CVE-2021-33648
MISC gitee — gitee
  When performing the inference shape operation of the Tile operator, if the input data type is not int or int32, it will access data outside of bounds of heap allocated buffers. 2022-06-27 not yet calculated CVE-2021-33647
MISC gitee — gitee
  When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers. 2022-06-27 not yet calculated CVE-2021-33650
MISC gitee — gitee
  When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_multiplier is 0, it will cause a division by 0 exception. 2022-06-27 not yet calculated CVE-2021-33651
MISC gitee — gitee
  When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will access data outside of bounds of input_shape which allocated from heap buffers. 2022-06-27 not yet calculated CVE-2021-33649
MISC gitlab — ce/ee Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions 2022-07-01 not yet calculated CVE-2022-2227
MISC
MISC
CONFIRM gitlab — ce/ee
  An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they’re a member of. 2022-07-01 not yet calculated CVE-2022-2229
CONFIRM
MISC
MISC gitlab — ce/ee
  An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description. 2022-07-01 not yet calculated CVE-2022-1999
MISC
CONFIRM gitlab — ce/ee
  A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim’s behalf. 2022-07-01 not yet calculated CVE-2022-2230
MISC
CONFIRM
MISC gitlab — ee
  An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group milestones are associated with any project releases. 2022-07-01 not yet calculated CVE-2022-2281
MISC
MISC
CONFIRM gitlab — ee
  Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP address restrictions were configured. 2022-07-01 not yet calculated CVE-2022-1983
MISC
CONFIRM gitlab — ee
  Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling from outside the allowed IP range 2022-07-01 not yet calculated CVE-2022-2228
CONFIRM
MISC gitlab — ee
  Insufficient sanitization in GitLab EE’s external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link 2022-07-01 not yet calculated CVE-2022-2235
MISC
MISC
CONFIRM gitlab — ee
  An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains, that allow-list may be bypassed if a Maintainer uses the ‘Invite a group’ feature to invite a group that has members that don’t comply with domain allow-list. 2022-07-01 not yet calculated CVE-2022-1981
MISC
MISC
CONFIRM gitlab — ee/ce
  An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL. 2022-07-01 not yet calculated CVE-2022-2250
CONFIRM
MISC
MISC gitlab — ee/ce
  An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project’s error tracking feature. 2022-07-01 not yet calculated CVE-2022-2244
CONFIRM
MISC
MISC gitlab — ee/ce
  An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in non-linked sentry projects. 2022-07-01 not yet calculated CVE-2022-2243
MISC
MISC
CONFIRM gitlab — gitlab
  An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making it possible to be retrieved under certain conditions. 2022-07-01 not yet calculated CVE-2022-0167
MISC
CONFIRM gitlab — gitlab
  An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification. 2022-07-01 not yet calculated CVE-2022-2270
CONFIRM
MISC
MISC gitlab — ce/ee A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers 2022-07-01 not yet calculated CVE-2022-1954
MISC
CONFIRM
MISC gitlab — ce/ee
  An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab reveals if a user has enabled two-factor authentication on their account in the HTML source, to unauthenticated users. 2022-07-01 not yet calculated CVE-2022-1963
MISC
MISC
CONFIRM gitlab — gitlab
  A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where it was possible for an unauthorised user to execute arbitrary code on the server using the project import feature. 2022-07-01 not yet calculated CVE-2022-2185
CONFIRM
MISC
MISC glpi — glpi
  GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is not authenticated. This issue has been addressed in version 10.0.2 and all affected users are advised to upgrade. 2022-06-28 not yet calculated CVE-2022-31068
MISC
CONFIRM glpi — glpi
  GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a SQL injection can be made using package deployment tasks. This issue has been resolved in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should delete the `front/deploypackage.public.php` file if they are not using the `deploy tasks` feature. 2022-06-27 not yet calculated CVE-2022-31082
MISC
CONFIRM glpi — glpi
  GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms (Ticket/Change/Problem) permit sql injection on the actor fields. This issue has been resolved in version 10.0.2 and all affected users are advised to upgrade. 2022-06-28 not yet calculated CVE-2022-31056
CONFIRM glpi — glpi
  GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. 2022-06-28 not yet calculated CVE-2022-31061
CONFIRM
MISC gnupg — gnupg
  GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim’s keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. 2022-07-01 not yet calculated CVE-2022-34903
MISC
MISC
MISC
MLIST gpac — gpac
  The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. 2022-06-28 not yet calculated CVE-2021-40608
MISC gpac — gpac
  The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. 2022-06-28 not yet calculated CVE-2021-40606
MISC gpac — gpac
  The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. 2022-06-28 not yet calculated CVE-2021-40607
MISC gpac — gpac
  The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. 2022-06-28 not yet calculated CVE-2021-40609
MISC gpac — mp4box In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS). 2022-06-28 not yet calculated CVE-2021-40944
MISC gpac — mp4box
  In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c:1454, as demonstrated by GPAC. This can cause a denial of service (DOS). 2022-06-27 not yet calculated CVE-2021-40942
MISC gps-sdr-sim — gps-sdr-sim
  There is a buffer overflow in gps-sdr-sim v1.0 when parsing long command line parameters, which can lead to DoS or code execution. 2022-06-30 not yet calculated CVE-2021-37778
MISC gunet — open_eclass_platform An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal. 2022-06-27 not yet calculated CVE-2022-33116
MISC
MISC
MISC
MISC guzzle — guzzle
  Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify an `Authorization` header. On making a request which responds with a redirect to a URI with a different origin (change in host, scheme or port), if we choose to follow it, we should remove the `CURLOPT_HTTPAUTH` option before continuing, stopping curl from appending the `Authorization` header to the new request. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. If you do not require or expect redirects to be followed, one should simply disable redirects all together. Alternatively, one can specify to use the Guzzle steam handler backend, rather than curl. 2022-06-27 not yet calculated CVE-2022-31090
MISC
CONFIRM guzzle — guzzle
  Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the `Authorization` and `Cookie` headers from the request, before containing. Previously, we would only consider a change in host or scheme. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. An alternative approach would be to use your own redirect middleware, rather than ours, if you are unable to upgrade. If you do not require or expect redirects to be followed, one should simply disable redirects all together. 2022-06-27 not yet calculated CVE-2022-31091
MISC
CONFIRM halo_cms — halo_cms Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function. 2022-06-27 not yet calculated CVE-2022-32995
MISC halo_cms — halo_cms Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload. 2022-06-27 not yet calculated CVE-2022-32994
MISC hikvision — hybrid_san/cluster_storage
  The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device. 2022-06-27 not yet calculated CVE-2022-28171
MISC hikvision — hybrid_san_cluster_storage
  The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending messages with malicious commands to the affected device. 2022-06-27 not yet calculated CVE-2022-28172
MISC hongcms — hongcms An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell. 2022-07-01 not yet calculated CVE-2022-32412
MISC hongcms — hongcms An issue in the languages config file of HongCMS v3.0 allows attackers to getshell. 2022-07-01 not yet calculated CVE-2022-32411
MISC hospital_management_system — hospital_management_system Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php. 2022-07-01 not yet calculated CVE-2022-32094
MISC hospital_management_system — hospital_management_system Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php. 2022-07-01 not yet calculated CVE-2022-32093
MISC hospital_management_system — hospital_management_system Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php. 2022-07-01 not yet calculated CVE-2022-32095
MISC hpe — nonstop_dsm/scm
  A remote disclosure of sensitive information vulnerability was discovered in HPE NonStop DSM/SCM version: T6031H03^ADP. HPE has provided a software update to resolve this vulnerability in HPE NonStop DSM/SCM. 2022-06-28 not yet calculated CVE-2022-28621
MISC hpe — storeonce A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2. 2022-06-27 not yet calculated CVE-2022-28622
MISC ibm — cloudpak
  IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these containers could execute arbitrary commands. IBM X-Force ID: 211048. 2022-06-30 not yet calculated CVE-2021-38941
XF
CONFIRM ibm — infosphere_information_server
  An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system that may contain non-sensitive debugging information like stack traces. IBM X-Force ID: 221323. 2022-07-01 not yet calculated CVE-2022-22373
XF
CONFIRM ibm — security_guardium
  IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2022-06-29 not yet calculated CVE-2021-39074
CONFIRM
XF ibm — spectrum_protect IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets. This can result in a denial of service for IBM Spectrum Protect client operations. IBM X-Force ID: 225348. 2022-06-30 not yet calculated CVE-2022-22474
XF
CONFIRM ibm — spectrum_protect
  While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942. 2022-06-30 not yet calculated CVE-2022-22496
XF
CONFIRM ibm — spectrum_protect
  An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326. 2022-06-30 not yet calculated CVE-2022-22487
XF
CONFIRM ibm — spectrum_protect
  IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886. 2022-06-30 not yet calculated CVE-2022-22478
CONFIRM
XF ibm — spectrum_protect
  IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID: 226940. 2022-06-30 not yet calculated CVE-2022-22494
CONFIRM
XF ibm — spectrum_protect_plus_container_backup_and_restore IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper disclosure of session information. By retrieving the logs of a container an attacker could exploit this vulnerability to bypass login security of the IBM Spectrum Protect Plus server and gain unauthorized access based on the permissions of the IBM Spectrum Protect Plus user to the vulnerable Spectrum Protect Plus server software. IBM X-Force ID: 225340. 2022-06-30 not yet calculated CVE-2022-22472
CONFIRM
XF ibm — sterling_b2b_integrator
  IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could disclose sensitive version information that could aid in future attacks against the system. IBM X-Force ID: 211414. 2022-06-30 not yet calculated CVE-2021-38954
CONFIRM
XF ibm — urban_code_deploy
  IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008. 2022-07-01 not yet calculated CVE-2022-22367
CONFIRM
XF ibm — urban_code_deploy
  IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106. 2022-07-01 not yet calculated CVE-2022-22366
CONFIRM
XF ilias — ilias
  In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts. 2022-06-29 not yet calculated CVE-2022-31266
MISC
MISC image_galery — grid_gallery_ wordpress_ plugin The Image Gallery – Grid Gallery WordPress plugin through 1.1.1 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed 2022-06-27 not yet calculated CVE-2022-1327
MISC ionicabizau — parse-path Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0. 2022-06-27 not yet calculated CVE-2022-0722
MISC
CONFIRM ionicabizau — parse-path Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0. 2022-06-28 not yet calculated CVE-2022-0624
CONFIRM
MISC ionicabizau — parse-url
  Cross-site Scripting (XSS) – Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0. 2022-06-27 not yet calculated CVE-2022-2218
MISC
CONFIRM ionicabizau — parse-url
  Cross-site Scripting (XSS) – Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0. 2022-06-27 not yet calculated CVE-2022-2217
MISC
CONFIRM ionicabizau — parse-url
  Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0. 2022-06-27 not yet calculated CVE-2022-2216
MISC
CONFIRM ivpn — client
  A vulnerability has been found in IVPN Client 2.6.6120.33863 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument –up cmd leads to improper privilege management. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.6.2 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-29 not yet calculated CVE-2017-20112
MISC
MISC
MISC jaredhanson — passport
  This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed. 2022-07-01 not yet calculated CVE-2022-25896
CONFIRM
CONFIRM
CONFIRM jenkins — build-metrics_plugin Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them. 2022-06-30 not yet calculated CVE-2022-34785
CONFIRM jenkins — build-metrics_plugin Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission. 2022-06-30 not yet calculated CVE-2022-34784
CONFIRM jenkins — build_notifications_plugin Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. 2022-06-30 not yet calculated CVE-2022-34801
CONFIRM jenkins — build_notifications_plugin Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34800
CONFIRM jenkins — cisco_spark_plugin Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34808
CONFIRM jenkins — deployment_dashboard_plugin Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34799
CONFIRM jenkins — deployment_dashboard_plugin A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials. 2022-06-30 not yet calculated CVE-2022-34797
CONFIRM jenkins — deployment_dashboard_plugin Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. 2022-06-30 not yet calculated CVE-2022-34795
CONFIRM jenkins — deployment_dashboard_plugin A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 2022-06-30 not yet calculated CVE-2022-34796
CONFIRM jenkins — deployment_dashboard_plugin Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. 2022-06-30 not yet calculated CVE-2022-34798
CONFIRM jenkins — elasticsearch_query_plugin Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34807
CONFIRM jenkins — extreme_feedback_panel_plugin Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-06-30 not yet calculated CVE-2022-34790
CONFIRM jenkins — failed_job_deactivator_plugin Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints, allowing attackers with Overall/Read permission to disable jobs. 2022-06-30 not yet calculated CVE-2022-34818
CONFIRM jenkins — failed_job_deactivator_plugin A cross-site request forgery (CSRF) vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs. 2022-06-30 not yet calculated CVE-2022-34817
CONFIRM jenkins — gitlab_plugin
  Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-06-30 not yet calculated CVE-2022-34777
CONFIRM jenkins — hpe_network_virtualization_plugin Jenkins HPE Network Virtualization Plugin 1.0 stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34816
CONFIRM jenkins — jigomerge_plugin
  Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34806
CONFIRM jenkins — plot_plugin Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-06-30 not yet calculated CVE-2022-34783
CONFIRM jenkins — project_inheritance_plugin
  Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked. 2022-06-30 not yet calculated CVE-2022-34787
CONFIRM jenkins — recipe_plugin Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. 2022-06-30 not yet calculated CVE-2022-34794
CONFIRM jenkins — recipe_plugin Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2022-06-30 not yet calculated CVE-2022-34793
CONFIRM jenkins — recipe_plugin A cross-site request forgery (CSRF) vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML. 2022-06-30 not yet calculated CVE-2022-34792
CONFIRM jenkins — request_rename_or_delete_plugin A cross-site request forgery (CSRF) vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs. 2022-06-30 not yet calculated CVE-2022-34815
CONFIRM jenkins — request_rename_or_delete_plugin Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration page listing pending requests. 2022-06-30 not yet calculated CVE-2022-34814
CONFIRM jenkins — requests-plugin_plugin An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. 2022-06-30 not yet calculated CVE-2022-34782
CONFIRM jenkins — rocketchat_notifier_plugin Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34802
CONFIRM jenkins — rqm_plugin A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 2022-06-30 not yet calculated CVE-2022-34810
CONFIRM jenkins — rqm_plugin Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34809
CONFIRM jenkins — skype_notifier_plugin
  Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34805
CONFIRM jenkins — testng_results_plugin Jenkins TestNG Results Plugin 554.va4a552116332 and earlier renders the unescaped test descriptions and exception messages provided in test results if certain job-level options are set, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or control test results. 2022-06-30 not yet calculated CVE-2022-34778
CONFIRM jenkins — validating_email_parameter_plugin Jenkins Validating Email Parameter Plugin 1.10 and earlier does not escape the name and description of its parameter type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-06-30 not yet calculated CVE-2022-34791
CONFIRM jenkins — xebialabs_xl_release_plugin A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2022-06-30 not yet calculated CVE-2022-34780
CONFIRM jenkins — xebialabs_xl_release_plugin A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 2022-06-30 not yet calculated CVE-2022-34779
CONFIRM jenkins — xebialabs_xl_release_plugin Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2022-06-30 not yet calculated CVE-2022-34781
CONFIRM jenkins — xpath_configuration_viewer_plugin A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions. 2022-06-30 not yet calculated CVE-2022-34812
CONFIRM jenkins — xpath_configuration_viewer_plugin A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. 2022-06-30 not yet calculated CVE-2022-34811
CONFIRM jenkins — xpath_configuration_viewer_plugin A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions. 2022-06-30 not yet calculated CVE-2022-34813
CONFIRM jenkins — matrix_reloaded_plugin A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds. 2022-06-30 not yet calculated CVE-2022-34789
CONFIRM jenkins — matrix_reloaded_plugin Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. 2022-06-30 not yet calculated CVE-2022-34788
CONFIRM jenkins — opsgenie_plugin Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission (config.xml), or access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34803
CONFIRM jenkins — opsgenie_plugin Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain text as part of the global Jenkins configuration form and job configuration forms, potentially resulting in their exposure. 2022-06-30 not yet calculated CVE-2022-34804
CONFIRM jenkins — rich_text_publisher_plugin
  Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs. 2022-06-30 not yet calculated CVE-2022-34786
CONFIRM jetbrains — hub
  In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services 2022-07-01 not yet calculated CVE-2022-34894
MISC jira — data_center_and_server_mobile_plugin
  A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4. 2022-06-30 not yet calculated CVE-2022-26135
MISC
MISC
MISC jorani — jorani Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php. 2022-06-28 not yet calculated CVE-2022-34133
MISC
MISC jorani — jorani Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php. 2022-06-28 not yet calculated CVE-2022-34134
MISC
MISC jorani — jorani Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php. 2022-06-28 not yet calculated CVE-2022-34132
MISC
MISC joy_ebike — wolf
  Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote attackers to jam the key fob request via RF. 2022-06-29 not yet calculated CVE-2022-30467
MISC
MISC jpegoptim — jpegoptim JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. 2022-07-01 not yet calculated CVE-2022-32325
MISC kjur — jsrsasign
  The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT signature if it has Base64URL and dot safe string before executing JWS.verify() or JWS.verifyJWT() method. 2022-07-01 not yet calculated CVE-2022-25898
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM kubeedge — kubeedge
  KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates with the CSI Driver on the cloud side, the attack is limited to the local host network. As such, an attacker would already need to be an authenticated user of the Cloud. Additionally it will be affected only when users turn on the unixsocket switch in the config file cloudcore.yaml. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. Users unable to upgrade should sisable the unixsocket switch of CloudHub in the config file cloudcore.yaml. 2022-06-27 not yet calculated CVE-2022-31076
MISC
CONFIRM kubeedge — kubeedge
  KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a consequence, the CSI Driver controller will be in denial of service. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. At the time of writing, no workaround exists. 2022-06-27 not yet calculated CVE-2022-31077
MISC
CONFIRM
MISC l2blocker — l2blocker
  Authentication bypass vulnerability in the setup screen of L2Blocker(on-premise) Ver4.8.5 and earlier and L2Blocker(Cloud) Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative paths or channels for Sensor. 2022-06-27 not yet calculated CVE-2022-33202
MISC
MISC ldap — account_manager LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor argument. This can lead to code execution if non-LAM classes are instantiated that execute code during object creation. This issue has been fixed in version 8.0. 2022-06-27 not yet calculated CVE-2022-31084
MISC
CONFIRM ldap — account_manager
  LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Code Execution if the /config/templates/pdf/ directory is accessible for remote users. This is not a default configuration of LAM. This issue has been fixed in version 8.0. There are no known workarounds for this issue. 2022-06-27 not yet calculated CVE-2022-31086
CONFIRM
MISC ldap — account_manager
  LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by configuration. This issue has been fixed in version 8.0. Users unable to upgrade should install the PHP OpenSSL extension and make sure session encryption is enabled in LAM main configuration. 2022-06-27 not yet calculated CVE-2022-31085
CONFIRM
MISC ldap — account_manager
  LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LDAP search configuration. This issue has been fixed in version 8.0. 2022-06-27 not yet calculated CVE-2022-31088
MISC
CONFIRM ldap — account_manager
  LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php (and .php5/.php4/.phpt/etc) files. An attacker capable of writing files under www-data privileges can write a web-shell into this directory, and gain a Code Execution on the host. This issue has been fixed in version 8.0. Users unable to upgrade should disallow executing PHP scripts in (/var/lib/ldap-account-manager/)tmp directory. 2022-06-27 not yet calculated CVE-2022-31087
MISC
CONFIRM lettersanitizer — lettersantizer
  lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule `@keyframes`. This package is depended on by [react-letter](https://github.com/mat-sz/react-letter), therefore everyone using react-letter is also at risk. The problem has been patched in version 1.0.2. 2022-06-27 not yet calculated CVE-2022-31103
MISC
CONFIRM
MISC libtiff — libtiff Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. 2022-06-30 not yet calculated CVE-2022-2056
MISC
CONFIRM
MISC libtiff — libtiff
  Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. 2022-06-30 not yet calculated CVE-2022-2057
MISC
CONFIRM
MISC libtiff — libtiff
  Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. 2022-06-30 not yet calculated CVE-2022-2058
CONFIRM
MISC
MISC lightcms — lightcms
  A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file. 2022-06-27 not yet calculated CVE-2022-33009
MISC
MISC
MISC linux — linux_kernel rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. 2022-06-26 not yet calculated CVE-2022-34495
MISC
MISC linux — linux_kernel rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. 2022-06-26 not yet calculated CVE-2022-34494
MISC
MISC linux — linux_kernel
  A vulnerability was found in the Linux kernel’s nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. 2022-06-30 not yet calculated CVE-2022-2078
MISC linux — linux_kernel
  A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. 2022-06-30 not yet calculated CVE-2022-1852
MISC lirantal — git-clone All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the –upload-pack feature of git. 2022-07-01 not yet calculated CVE-2022-25900
CONFIRM
CONFIRM lithium_technologies — lithium_forum
  A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the argument upload_url leads to server-side request forgery. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. 2022-06-28 not yet calculated CVE-2017-20106
N/A
N/A lua — lua
  An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. 2022-07-01 not yet calculated CVE-2022-33099
MISC
MISC
MISC
MISC
MISC manageiq — awesome_spawn
  Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command. 2022-06-30 not yet calculated CVE-2014-0156
MISC
MISC mariadb — mariadb MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field. 2022-07-01 not yet calculated CVE-2022-32086
MISC mariadb — mariadb MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. 2022-07-01 not yet calculated CVE-2022-32082
MISC mariadb — mariadb MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. 2022-07-01 not yet calculated CVE-2022-32088
MISC mariadb — mariadb MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. 2022-07-01 not yet calculated CVE-2022-32089
MISC mariadb — mariadb MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. 2022-07-01 not yet calculated CVE-2022-32083
MISC mariadb — mariadb MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. 2022-07-01 not yet calculated CVE-2022-32085
MISC mariadb — mariadb MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. 2022-07-01 not yet calculated CVE-2022-32081
MISC mariadb — mariadb MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. 2022-07-01 not yet calculated CVE-2022-32087
MISC mariadb — mariadb
  MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. 2022-07-01 not yet calculated CVE-2022-32091
MISC mariadb — mariadb
  MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. 2022-07-01 not yet calculated CVE-2022-32084
MISC marval_global — marval_msm Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys. 2022-06-28 not yet calculated CVE-2022-31883
MISC
MISC
MISC marval_global — marval_msm Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form. 2022-06-28 not yet calculated CVE-2022-31886
MISC
MISC
MISC
MISC marval_global — marval_msm Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys. 2022-06-28 not yet calculated CVE-2022-31884
MISC
MISC
MISC marval_global — marval_msm
  Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user’s password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password. 2022-06-28 not yet calculated CVE-2022-31887
MISC
MISC
MISC marval_global — marval_msm
  Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts. 2022-06-28 not yet calculated CVE-2022-31885
MISC
MISC
MISC mcms — mcms
  MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability. 2022-07-01 not yet calculated CVE-2022-31943
MISC md2roff — md2roff
  ** DISPUTED ** md2roff 1.7 has a stack-based buffer overflow via a Markdown file containing a large number of consecutive characters to be processed. NOTE: the vendor’s position is that the product is not intended for untrusted input. 2022-07-02 not yet calculated CVE-2022-34913
MISC mediawiki — mediawiki
  An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack vectors within the Wikibase and WikibaseLexeme extensions. This is related to Special:NewLexeme and Special:NewProperty. 2022-06-28 not yet calculated CVE-2022-34750
MISC
MISC
MISC mediawiki — mediawiki
  An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won’t be escaped. 2022-07-02 not yet calculated CVE-2022-34912
MISC mediawiki — mediawiki
  An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to “Welcome” followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text(). 2022-07-02 not yet calculated CVE-2022-34911
MISC mermaid — mermaid
  Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary `CSS` into the generated graph allowing them to change the styling of elements outside of the generated graph, and potentially exfiltrate sensitive information by using specially crafted `CSS` selectors. The following example shows how an attacker can exfiltrate the contents of an input field by bruteforcing the `value` attribute one character at a time. Whenever there is an actual match, an `http` request will be made by the browser in order to “load” a background image that will let an attacker know what’s the value of the character. This issue may lead to `Information Disclosure` via CSS selectors and functions able to generate HTTP requests. This also allows an attacker to change the document in ways which may lead a user to perform unintended actions, such as clicking on a link, etc. This issue has been resolved in version 9.1.3. Users are advised to upgrade. Users unable to upgrade should ensure that user input is adequately escaped before embedding it in CSS blocks. 2022-06-28 not yet calculated CVE-2022-31108
MISC
CONFIRM metamask — metamask_extension
  MetaMask before 10.11.3 might allow an attacker to access a user’s secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue. 2022-06-29 not yet calculated CVE-2022-32969
MISC
MISC
MISC microsoft — edge Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638. 2022-06-29 not yet calculated CVE-2022-33639
N/A microsoft — edge Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33639. 2022-06-29 not yet calculated CVE-2022-33638
N/A microsoft — edge
  Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33638, CVE-2022-33639. 2022-06-29 not yet calculated CVE-2022-30192
N/A microweber — microweber
  Cross-site Scripting (XSS) – Stored in GitHub repository microweber/microweber prior to 1.2.19. 2022-07-01 not yet calculated CVE-2022-2280
MISC
CONFIRM microweber — microweber
  Open Redirect in GitHub repository microweber/microweber prior to 1.2.19. 2022-06-29 not yet calculated CVE-2022-2252
MISC
CONFIRM minicms — minicms
  File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php. 2022-06-28 not yet calculated CVE-2020-19896
MISC minioranges_google_authenticator — minioranges_google_authenticator_wordpress_plugin The miniOrange’s Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) 2022-06-27 not yet calculated CVE-2022-1321
MISC myadmin — myadmin
  MyAdmin v1.0 is affected by an incorrect access control vulnerability in viewing personal center in /api/user/userData?userCode=admin. 2022-06-30 not yet calculated CVE-2021-37791
MISC nagios — nagios_xi In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address. 2022-06-29 not yet calculated CVE-2022-29269
MISC
MISC
MISC
MISC nagios — nagios_xi
  In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing. 2022-06-29 not yet calculated CVE-2022-29272
MISC
MISC
MISC
MISC nagios — nagios_xi
  In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable all monitoring checks. 2022-06-29 not yet calculated CVE-2022-29271
MISC
MISC
MISC
MISC nagios — nagios_xi
  In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address. 2022-06-29 not yet calculated CVE-2022-29270
MISC
MISC
MISC
MISC naver — whale_browser_mobile_app
  NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode. 2022-06-27 not yet calculated CVE-2020-9754
CONFIRM neors — activex
  Origin validation error vulnerability in NeoRS’s ActiveX module allows attackers to download and execute arbitrary files. Remote attackers can use this vulerability to encourage users to access crafted web pages, causing damage such as malicious code infections. 2022-06-28 not yet calculated CVE-2022-23763
MISC nextauth.js — nextauth
  NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally is converted to a `URL` object. The URL instantiation would fail due to a malformed URL being passed into the constructor, causing it to throw an unhandled error which led to the **API route handler timing out and logging in to fail**. This has been remedied in versions 3.29.5 and 4.5.0. If for some reason you cannot upgrade, the workaround requires you to rely on Advanced Initialization. Please see the documentation for more. 2022-06-27 not yet calculated CVE-2022-31093
MISC
MISC
MISC
CONFIRM nomachine — nomachine
  Incorrect permissions for the folder C:ProgramDataNoMachinevaruninstall of Nomachine v7.9.2 allows attackers to perform a DLL hijacking attack and execute arbitrary code. 2022-06-29 not yet calculated CVE-2022-34043
MISC nucleus_cms — nucleus_cms
  Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload an Htaccess file and write it to AddType application / x-httpd-php.jpg. In this way, an attacker can upload a picture with shell, treat it as PHP, execute commands, so as to take down website resources. 2022-06-30 not yet calculated CVE-2021-37770
MISC
MISC nvflare — nvflare NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity. 2022-07-01 not yet calculated CVE-2022-31604
MISC nvflare — nvflare
  NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() instead of yaml.safe_load(). The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity. 2022-07-01 not yet calculated CVE-2022-31605
MISC nvidia — dgx_a100
  NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. 2022-07-02 not yet calculated CVE-2022-28200
MISC online_railway_reservation_system — online_railway_reservation_system Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/inquiries/view_details.php. 2022-06-29 not yet calculated CVE-2022-33042
MISC online_railway_reservation_system — online_railway_reservation_system Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_message. 2022-06-29 not yet calculated CVE-2022-33058
MISC online_railway_reservation_system — online_railway_reservation_system Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_train. 2022-06-29 not yet calculated CVE-2022-33059
MISC online_railway_reservation_system — online_railway_reservation_system Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_service. 2022-06-29 not yet calculated CVE-2022-33061
MISC online_railway_reservation_system — online_railway_reservation_system Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule. 2022-06-29 not yet calculated CVE-2022-33060
MISC online_railway_reservation_system — online_railway_reservation_system Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation. 2022-06-29 not yet calculated CVE-2022-33057
MISC openhwgroup — cva6 CVA6 commit 909d85a accesses invalid memory when reading the value of MHPMCOUNTER30. 2022-06-29 not yet calculated CVE-2022-33021
MISC openhwgroup — cva6 CVA6 commit 909d85a gives incorrect permission to use special multiplication units when the format of instructions is wrong. 2022-06-29 not yet calculated CVE-2022-33023
MISC opensearch-project — opensearch-ruby
  opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. An attacker must be in control of an opensearch server and convince the victim to connect to it in order to exploit this vulnerability. The problem has been patched in opensearch-ruby gem version 2.0.1. Users are advised to upgrade. There are no known workarounds for this issue. 2022-06-30 not yet calculated CVE-2022-31115
CONFIRM
MISC
MISC openshift — openshift
  In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity. 2022-06-30 not yet calculated CVE-2013-4561
MISC
MISC openshift — openshift
  It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission. 2022-06-30 not yet calculated CVE-2014-0068
MISC openssl –openssl
  The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue. 2022-07-01 not yet calculated CVE-2022-2274
CONFIRM
CONFIRM orwell-dev-cpp — orwell-dev-cpp A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file. 2022-06-29 not yet calculated CVE-2022-33037
MISC ospfranco — link-preview-js
  The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection. 2022-07-01 not yet calculated CVE-2022-25876
CONFIRM
CONFIRM
CONFIRM oxen_i/o — session_android Session 1.13.0 allows an attacker with physical access to the victim’s device to bypass the application’s password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation. 2022-06-30 not yet calculated CVE-2022-1955
MISC
MISC
MISC packagekit — packagekit A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists. 2022-06-28 not yet calculated CVE-2022-0987
MISC parse_community — parse_server Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability impact may be low; if you are running Parse Server as single instance without redundancy, the availability impact may be high. This issue has been addressed in versions 4.10.12 and 5.2.3. Users are advised to upgrade. There are no known workarounds for this issue. 2022-06-27 not yet calculated CVE-2022-31089
CONFIRM
MISC parse_server — parse_server
  Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client response. Users are advised to upgrade. Users unable t upgrade should use `Parse.Cloud.afterLiveQueryEvent` to manually remove protected fields. 2022-06-30 not yet calculated CVE-2022-31112
MISC
MISC
CONFIRM
MISC
MISC
MISC pdfalto — pdfalto PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc. 2022-07-01 not yet calculated CVE-2022-32324
MISC perl — perl
  HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served on top of Nginx or Apache, not on the `HTTP::Daemon`. This library is commonly used for local development and tests. Users are advised to update to resolve this issue. Users unable to upgrade may add additional request handling logic as a mitigation. After calling `my $rqst = $conn->get_request()` one could inspect the returned `HTTP::Request` object. Querying the ‘Content-Length’ (`my $cl = $rqst->header(‘Content-Length’)`) will show any abnormalities that should be dealt with by a `400` response. Expected strings of ‘Content-Length’ SHOULD consist of either a single non-negative integer, or, a comma separated repetition of that number. (that is `42` or `42, 42, 42`). Anything else MUST be rejected. 2022-06-27 not yet calculated CVE-2022-31081
MISC
MISC
MISC
MISC
CONFIRM
MISC
MISC pimcore — pimcore
  Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting is not done properly in both cases, so there’s the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the listing classes. This issue has been resolved in version 10.4.4. Users are advised to upgrade or to apple the patch manually. There are no known workarounds for this issue. 2022-06-27 not yet calculated CVE-2022-31092
MISC
MISC
CONFIRM pingid — windows_login PingID Windows Login prior to 2.8 is vulnerable to a denial of service condition on local machines when combined with using offline security keys as part of authentication. 2022-06-30 not yet calculated CVE-2022-23717
MISC
MISC pingid — windows_login
  PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances. 2022-06-30 not yet calculated CVE-2022-23725
MISC
MISC pingid — windows_login
  PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. An IT administrator could mistakenly deploy administrator privileged PingID API credentials, such as those typically used by PingFederate, into PingID Windows Login user endpoints. Using sensitive full permissions properties file outside of a privileged trust boundary leads to an increased risk of exposure or discovery, and an attacker could leverage these credentials to perform administrative actions against PingID APIs or endpoints. 2022-06-30 not yet calculated CVE-2022-23720
MISC
MISC pingid — windows_login
  PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromise Ping Identity web servers, could deliver malicious code that would be executed as SYSTEM by the PingID Windows Login application. 2022-06-30 not yet calculated CVE-2022-23718
MISC
MISC pingid — windows_login
  PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A successful attack can lead to code executed as SYSTEM by the PingID Windows Login application, or even a denial of service for offline security key authentication. 2022-06-30 not yet calculated CVE-2022-23719
MISC
MISC pingidentity — pingid_mac_login
  A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. 2022-06-30 not yet calculated CVE-2021-41995
MISC
MISC piwigo –piwigo
  piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor. 2022-06-28 not yet calculated CVE-2021-40553
MISC prestashop — blockwishlist
  prestashop/blockwishlist is a prestashop extension which adds a block containing the customer’s wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue. 2022-06-27 not yet calculated CVE-2022-31101
CONFIRM
MISC projectsend — r754
  A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely. 2022-06-27 not yet calculated CVE-2017-20101
MISC
MISC
MISC raytion — custom_security_manager
  Raytion 7.2.0 allows reflected Cross-site Scripting (XSS). 2022-06-25 not yet calculated CVE-2022-29931
MISC regexfn — regexfn A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in regexfn v1.0.5 when validating crafted invalid emails. 2022-06-27 not yet calculated CVE-2021-40900
MISC repo-git-downloader — repo-git-downloader A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in repo-git-downloader v0.1.1 when downloading crafted invalid git repositories. 2022-06-27 not yet calculated CVE-2021-40899
MISC rg-eg — rg-eg
  RG-EG series gateway EG350 EG_RGOS 11.1(6) was discovered to contain a SQL injection vulnerability via the function get_alarmAction at /alarm_pi/alarmService.php. 2022-06-25 not yet calculated CVE-2022-33128
MISC robustel — r1510
  A data removal vulnerability exists in the web_server /action/remove/ API functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability. 2022-06-30 not yet calculated CVE-2022-28127
MISC robustel — robustel_r1510 Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_sdk_file/` API is affected by command injection vulnerability. 2022-06-30 not yet calculated CVE-2022-33314
MISC robustel — robustel_r1510 Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_https_cert_file/` API is affected by command injection vulnerability. 2022-06-30 not yet calculated CVE-2022-33313
MISC robustel — robustel_r1510 Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_cert_file/` API is affected by command injection vulnerability. 2022-06-30 not yet calculated CVE-2022-33312
MISC robustel — robustel_r1510 Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/config_rollback/` API is affected by a command injection vulnerability. 2022-06-30 not yet calculated CVE-2022-33326
MISC robustel — robustel_r1510 Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/remove/` API is affected by a command injection vulnerability. 2022-06-30 not yet calculated CVE-2022-33328
MISC robustel — robustel_r1510
  A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. 2022-06-30 not yet calculated CVE-2022-32585
MISC robustel — robustel_r1510
  Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/clear_tools_log/` API is affected by command injection vulnerability. 2022-06-30 not yet calculated CVE-2022-33325
MISC robustel — robustel_r1510
  Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/set_sys_time/` API is affected by a command injection vulnerability. 2022-06-30 not yet calculated CVE-2022-33329
MISC robustel — robustel_r1510
  Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/remove_sniffer_raw_log/` API is affected by a command injection vulnerability. 2022-06-30 not yet calculated CVE-2022-33327
MISC rsshub — rsshub
  RSSHub is an open source, extensible RSS feed generator. In commits prior to 5c4177441417 passing some special values to the `filter` and `filterout` parameters can cause an abnormally high CPU. This results in an impact on the performance of the servers and RSSHub services which may lead to a denial of service. This issue has been fixed in commit 5c4177441417 and all users are advised to upgrade. There are no known workarounds for this issue. 2022-06-29 not yet calculated CVE-2022-31110
CONFIRM
MISC
MISC ruby-mysql — ruby-mysql
  A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later. 2022-06-28 not yet calculated CVE-2021-3779
MISC ruckus — wireless_zonedirector
  Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirector 9.8.3.0. 2022-06-27 not yet calculated CVE-2020-21161
MISC
MISC
MISC rulex — rulex rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately. This is a security concern for you, if your service parses untrusted rulex expressions (expressions provided by an untrusted user), and your service becomes unavailable when the process running rulex aborts due to a stack overflow. The crash is fixed in version **0.4.3**. Affected users are advised to update to this version. There are no known workarounds for this issue. 2022-06-27 not yet calculated CVE-2022-31099
CONFIRM
MISC rulex — rulex
  rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, rulex may crash, possibly enabling a Denial of Service attack. This happens when the expression contains a multi-byte UTF-8 code point in a string literal or after a backslash, because rulex tries to slice into the code point and panics as a result. This is a security concern for you, if your service parses untrusted rulex expressions (expressions provided by an untrusted user), and your service becomes unavailable when the thread running rulex panics. The crashes are fixed in version **0.4.3**. Affected users are advised to update to this version. The only known workaround for this issue is to assume that regular expression parsing will panic and to add logic to catch panics. 2022-06-27 not yet calculated CVE-2022-31100
MISC
CONFIRM sasstools — scss-tokenizer
  All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex. 2022-07-01 not yet calculated CVE-2022-25758
CONFIRM
CONFIRM
CONFIRM scaffold-helper — scaffold-helper A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scaffold-helper v1.2.0 when copying crafted invalid files. 2022-06-27 not yet calculated CVE-2021-40898
MISC scatchtools — scratchtools
  ScratchTools is a web extension designed to make interacting with the Scratch programming language community (Scratching) easier. In affected versions anybody who uses the Recently Viewed Projects feature is vulnerable to having their account taken over if they view a project that tries to. The issue is that if a user visits a project that includes Javascript in the title, then when the Recently Viewed Projects feature displays it, it could run the Javascript. This issue has been addressed in the 2.5.2 release. Users having issues scratching should open an issue in the project issue tracker https://github.com/STForScratch/ScratchTools/ 2022-06-27 not yet calculated CVE-2022-31094
CONFIRM
MISC
MISC shadeyouvpn — client
  A vulnerability, which was classified as problematic, was found in ShadeYouVPN.com Client 2.0.1.11. Affected is an unknown function. The manipulation leads to improper privilege management. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.1.12 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-28 not yet calculated CVE-2017-20107
N/A
N/A shopware — shopware
  Shopware is an open source e-commerce software made in Germany. Versions of Shopware 5 prior to version 5.7.12 are subject to an authenticated Stored XSS in Administration. Users are advised to upgrade. There are no known workarounds for this issue. 2022-06-27 not yet calculated CVE-2022-31057
MISC
CONFIRM
MISC
MISC silverstripe — framework
  Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document. 2022-06-28 not yet calculated CVE-2021-41559
MISC
MISC
MISC silverstripe — silverstripe/frameowrk
  In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR). 2022-06-29 not yet calculated CVE-2022-28803
MISC
MISC silverstripe — silverstripe/framework
  Silverstripe silverstripe/framework through 4.10 allows Session Fixation. 2022-06-28 not yet calculated CVE-2022-24444
MISC
MISC
MISC
MISC
MISC silverstripe — silverstripe/framework
  Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code. 2022-06-28 not yet calculated CVE-2022-25238
MISC
MISC
MISC
MISC silverstripe — silverstripe/assets
  Silverstripe silverstripe/assets through 1.10 allows XSS. 2022-06-28 not yet calculated CVE-2022-29858
MISC
MISC
MISC
MISC simplessus — simplessus
  A vulnerability was found in Simplessus 3.7.7. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument path with the input ..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.8.3 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-28 not yet calculated CVE-2017-20105
N/A
N/A simplessus — simplessus
  A vulnerability was found in Simplessus 3.7.7. It has been declared as critical. This vulnerability affects unknown code of the component Cookie Handler. The manipulation of the argument UWA_SID leads to sql injection (Time). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.8.3 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-28 not yet calculated CVE-2017-20104
N/A
N/A sniro-validator  — sniro-validator A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails. 2022-06-27 not yet calculated CVE-2021-40901
MISC sourcecodester — library_management_system A vulnerability was found in SourceCodester Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the component /card/index.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2022-06-27 not yet calculated CVE-2022-2212
MISC
MISC sourcecodester — library_management_system
  A vulnerability was found in SourceCodester Library Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /librarian/bookdetails.php. The manipulation of the argument id with the input ‘ AND (SELECT 9198 FROM (SELECT(SLEEP(5)))iqZA)– PbtB leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2022-06-27 not yet calculated CVE-2022-2214
MISC
MISC sourcecodester — library_management_system
  A vulnerability was found in SourceCodester Library Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_admin_details.php?id=admin. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2022-06-27 not yet calculated CVE-2022-2213
MISC
MISC sourcecodester — zoo_management_system
  SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=. 2022-06-29 not yet calculated CVE-2022-31897
MISC
MISC split-html-to-chars — split-html-to-chars A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in split-html-to-chars v1.0.5 when splitting crafted invalid htmls. 2022-06-27 not yet calculated CVE-2021-40897
MISC synapse — synapse
  Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the request causing the problem, but in other cases the Synapse process may crash altogether. It is possible to exploit this maliciously, either by malicious users on the homeserver, or by remote users sending URLs that a local user’s client may automatically request a URL preview for. Remote users are not able to exploit this directly, because the URL preview endpoint is authenticated. Deployments with `url_preview_enabled: false` set in configuration are not affected. Deployments with `url_preview_enabled: true` set in configuration **are** affected. Deployments with no configuration value set for `url_preview_enabled` are not affected, because the default is `false`. Administrators of homeservers with URL previews enabled are advised to upgrade to v1.61.1 or higher. Users unable to upgrade should set `url_preview_enabled` to false. 2022-06-28 not yet calculated CVE-2022-31052
CONFIRM
MISC
MISC teleopti — wfm
  A vulnerability classified as problematic was found in Teleopti WFM up to 7.1.0. Affected by this vulnerability is an unknown functionality of the file /TeleoptiWFM/Administration/GetOneTenant of the component Administration. The manipulation leads to information disclosure (Credentials). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. 2022-06-29 not yet calculated CVE-2017-20109
MISC
MISC teleopti — wfm
  A vulnerability, which was classified as problematic, has been found in Teleopti WFM up to 7.1.0. Affected by this issue is some unknown functionality of the component Administration. The manipulation as part of JSON leads to information disclosure (Credentials). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. 2022-06-29 not yet calculated CVE-2017-20110
MISC
MISC teleopti — wfm
  A vulnerability, which was classified as critical, was found in Teleopti WFM 7.1.0. This affects an unknown part of the component Administration. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. 2022-06-29 not yet calculated CVE-2017-20111
MISC
MISC tenda — ac23
  Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the security_5g parameter in the function formWifiBasicSet. 2022-07-01 not yet calculated CVE-2022-32384
MISC
MISC
MISC tenda — ax1806 Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule. 2022-07-01 not yet calculated CVE-2022-32032
MISC tenda — ax1806 Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand. 2022-07-01 not yet calculated CVE-2022-32030
MISC tenda — ax1806 Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the function formSetVirtualSer. 2022-07-01 not yet calculated CVE-2022-32033
MISC tenda — ax1806 Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetRouteStatic. 2022-07-01 not yet calculated CVE-2022-32031
MISC tenda — tenda_m3 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm. 2022-07-01 not yet calculated CVE-2022-32040
MISC tenda — tenda_m3 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg. 2022-07-01 not yet calculated CVE-2022-32037
MISC tenda — tenda_m3 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist. 2022-07-01 not yet calculated CVE-2022-32034
MISC tenda — tenda_m3 Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters in the function formSetStoreWeb. 2022-07-01 not yet calculated CVE-2022-32036
MISC tenda — tenda_m3 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng. 2022-07-01 not yet calculated CVE-2022-32035
MISC tenda — tenda_m3 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient. 2022-07-01 not yet calculated CVE-2022-32039
MISC tenda — tenda_m3 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo. 2022-07-01 not yet calculated CVE-2022-32043
MISC tenda — tenda_m3 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData. 2022-07-01 not yet calculated CVE-2022-32041
MISC teradici — management_console
  A vulnerability was found in Teradici Management Console 2.2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Database Management. The manipulation leads to improper privilege management. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. 2022-06-30 not yet calculated CVE-2017-20121
N/A
N/A textpattern — textpattern
  Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie’s scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. 2022-06-29 not yet calculated CVE-2021-40642
MISC
MISC that-value — that-value A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in that-value v0.1.3 when validating crafted invalid emails. 2022-06-27 not yet calculated CVE-2021-40896
MISC thinkphp — thinkphp
  ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendorleagueflysystem-cached-adaptersrcStorageAbstractCache.php. This vulnerability allows attackers to execute arbitrary code via a crafted payload. 2022-06-29 not yet calculated CVE-2022-33107
MISC thinkst — canarytokens
  Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens. This permits an attacker who recognised an HTTP-based Canarytoken (a URL) to execute Javascript in the Canarytoken’s history page (domain: canarytokens.org) when the history page is later visited by the Canarytoken’s creator. This vulnerability could be used to disable or delete the affected Canarytoken, or view its activation history. It might also be used as a stepping stone towards revealing more information about the Canarytoken’s creator to the attacker. For example, an attacker could recover the email address tied to the Canarytoken, or place Javascript on the history page that redirect the creator towards an attacker-controlled Canarytoken to show the creator’s network location. An attacker could only act on the discovered Canarytoken. This issue did not expose other Canarytokens or other Canarytoken creators. The issue has been patched on Canarytokens.org and in the latest release. No signs of successful exploitation of this vulnerability have been found. Users are advised to upgrade. There are no known workarounds for this issue. 2022-07-01 not yet calculated CVE-2022-31113
CONFIRM
MISC todo-regrex — todo-regrex A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in todo-regex v0.1.1 when matching crafted invalid TODO statements. 2022-06-27 not yet calculated CVE-2021-40895
MISC totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004137a4. 2022-07-01 not yet calculated CVE-2022-32052
MISC totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00412ef4. 2022-07-01 not yet calculated CVE-2022-32047
MISC totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00413be4. 2022-07-01 not yet calculated CVE-2022-32045
MISC totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password parameter in the function FUN_00413f80. 2022-07-01 not yet calculated CVE-2022-32044
MISC totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN_0041cc88. 2022-07-01 not yet calculated CVE-2022-32048
MISC totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN_00418540. 2022-07-01 not yet calculated CVE-2022-32049
MISC totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041af40. 2022-07-01 not yet calculated CVE-2022-32050
MISC totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN_004133c4. 2022-07-01 not yet calculated CVE-2022-32051
MISC totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_0041880c. 2022-07-01 not yet calculated CVE-2022-32046
MISC totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041621c. 2022-07-01 not yet calculated CVE-2022-32053
MISC trendnet — wi-fi_routers TRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discovered to contain a stack overflow via the function genacgi_main. 2022-06-27 not yet calculated CVE-2022-33007
MISC trueconf — server
  A vulnerability was found in TrueConf Server 4.3.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/group. The manipulation leads to basic cross site scripting (DOM). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2022-06-29 not yet calculated CVE-2017-20117
MISC
MISC trueconf — server
  A vulnerability was found in TrueConf Server 4.3.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/conferences/list/. The manipulation of the argument domxss leads to basic cross site scripting (DOM). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2022-06-29 not yet calculated CVE-2017-20118
MISC
MISC trueconf — server
  A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2022-06-29 not yet calculated CVE-2017-20120
MISC
MISC trueconf — server
  A vulnerability has been found in TrueConf Server 4.3.7 and classified as problematic. This vulnerability affects unknown code of the file /admin/conferences/get-all-status/. The manipulation of the argument keys[] leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2022-06-29 not yet calculated CVE-2017-20114
MISC
MISC trueconf — server
  A vulnerability, which was classified as problematic, was found in TrueConf Server 4.3.7. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2022-06-29 not yet calculated CVE-2017-20113
MISC
MISC trueconf — server
  A vulnerability was found in TrueConf Server 4.3.7 and classified as problematic. This issue affects some unknown processing of the file /admin/conferences/list/. The manipulation of the argument sort leads to basic cross site scripting (Reflected). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2022-06-29 not yet calculated CVE-2017-20115
MISC
MISC trueconf — server
  A vulnerability classified as problematic has been found in TrueConf Server 4.3.7. This affects an unknown part of the file /admin/general/change-lang. The manipulation of the argument redirect_url leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2022-06-29 not yet calculated CVE-2017-20119
MISC
MISC trurconf — server
  A vulnerability was found in TrueConf Server 4.3.7. It has been classified as problematic. Affected is an unknown function of the file /admin/group/list/. The manipulation of the argument checked_group_id leads to basic cross site scripting (Reflected). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2022-06-29 not yet calculated CVE-2017-20116
MISC
MISC tuleap — tuleap
  Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the tracker reports. An attacker with the capability to create a new tracker can execute arbitrary SQL queries. Users are advised to upgrade. There is no known workaround for this issue. 2022-06-29 not yet calculated CVE-2022-31058
MISC
CONFIRM
MISC
MISC tuleap — tuleap
  Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.111 the title of a document is not properly escaped in the search result of MyDocmanSearch widget and in the administration page of the locked documents. A malicious user with the capability to create a document could force victim to execute uncontrolled code. Users are advised to upgrade. There are no known workarounds for this issue. 2022-06-29 not yet calculated CVE-2022-31063
CONFIRM
MISC
MISC
MISC tuleap — tuleap
  Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can get access to information in those template projects because the permissions model is not properly enforced. Users are advised to upgrade. There are no known workarounds for this issue. 2022-06-29 not yet calculated CVE-2022-31032
MISC
CONFIRM
MISC
MISC
MISC
MISC vim — vim
  Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. 2022-06-30 not yet calculated CVE-2022-2257
MISC
CONFIRM vim — vim
  NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. 2022-06-27 not yet calculated CVE-2022-2208
MISC
CONFIRM
FEDORA
FEDORA vim — vim
  Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. 2022-06-26 not yet calculated CVE-2022-2206
CONFIRM
MISC
FEDORA
FEDORA vim — vim
  Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. 2022-06-27 not yet calculated CVE-2022-2210
CONFIRM
MISC
FEDORA
FEDORA vim — vim
  NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. 2022-06-28 not yet calculated CVE-2022-2231
CONFIRM
MISC
FEDORA
FEDORA vim — vim
  Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. 2022-07-01 not yet calculated CVE-2022-2264
MISC
CONFIRM vim — vim
  Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 2022-06-27 not yet calculated CVE-2022-2207
CONFIRM
MISC
FEDORA
FEDORA vim — vim
  A cross-site scripting (XSS) vulnerability in the batch add function of Urtracker Premium v4.0.1.1477 allows attackers to execute arbitrary web scripts or HTML via a crafted excel file. 2022-06-30 not yet calculated CVE-2022-33043
MISC vim — vim
  Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. 2022-07-02 not yet calculated CVE-2022-2285
MISC
CONFIRM vim — vim
  Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. 2022-07-02 not yet calculated CVE-2022-2286
CONFIRM
MISC vim — vim
  Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. 2022-07-02 not yet calculated CVE-2022-2287
MISC
CONFIRM vim — vim
  Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. 2022-07-02 not yet calculated CVE-2022-2284
CONFIRM
MISC viscosity — viscosity
  A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-30 not yet calculated CVE-2017-20123
N/A
N/A
N/A
N/A wasmtime — wasmtime
  Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime’s implementation of the SIMD proposal for WebAssembly on x86_64 contained two distinct bugs in the instruction lowerings implemented in Cranelift. The aarch64 implementation of the simd proposal is not affected. The bugs were presented in the `i8x16.swizzle` and `select` WebAssembly instructions. The `select` instruction is only affected when the inputs are of `v128` type. The correspondingly affected Cranelift instructions were `swizzle` and `select`. The `swizzle` instruction lowering in Cranelift erroneously overwrote the mask input register which could corrupt a constant value, for example. This means that future uses of the same constant may see a different value than the constant itself. The `select` instruction lowering in Cranelift wasn’t correctly implemented for vector types that are 128-bits wide. When the condition was 0 the wrong instruction was used to move the correct input to the output of the instruction meaning that only the low 32 bits were moved and the upper 96 bits of the result were left as whatever the register previously contained (instead of the input being moved from). The `select` instruction worked correctly if the condition was nonzero, however. This bug in Wasmtime’s implementation of these instructions on x86_64 represents an incorrect implementation of the specified semantics of these instructions according to the WebAssembly specification. The impact of this is benign for hosts running WebAssembly but represents possible vulnerabilities within the execution of a guest program. For example a WebAssembly program could take unintended branches or materialize incorrect values internally which runs the risk of exposing the program itself to other related vulnerabilities which can occur from miscompilations. We have released Wasmtime 0.38.1 and cranelift-codegen (and other associated cranelift crates) 0.85.1 which contain the corrected implementations of these two instructions in Cranelift. If upgrading is not an option for you at this time, you can avoid the vulnerability by disabling the Wasm simd proposal. Additionally the bug is only present on x86_64 hosts. Other aarch64 hosts are not affected. Note that s390x hosts don’t yet implement the simd proposal and are not affected. 2022-06-28 not yet calculated CVE-2022-31104
MISC
MISC
CONFIRM
MISC
MISC
MISC weaveworks — weave_gitops
  Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of registered Kubernetes clusters, including the service account tokens in plain text from Weave GitOps’s pod logs on the management cluster. An unauthorized remote attacker can also view these sensitive configurations from external log storage if enabled by the management cluster. This vulnerability is due to the client factory dumping cluster configurations and their service account tokens when the cluster manager tries to connect to an API server of a registered cluster, and a connection error occurs. An attacker could exploit this vulnerability by either accessing logs of a pod of Weave GitOps, or from external log storage and obtaining all cluster configurations of registered clusters. A successful exploit could allow the attacker to use those cluster configurations to manage the registered Kubernetes clusters. This vulnerability has been fixed by commit 567356f471353fb5c676c77f5abc2a04631d50ca. Users should upgrade to Weave GitOps core version v0.8.1-rc.6 or newer. There is no known workaround for this vulnerability. 2022-06-27 not yet calculated CVE-2022-31098
CONFIRM
MISC web2py — web2py
  Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. 2022-06-27 not yet calculated CVE-2022-33146
MISC
MISC
MISC
MISC wireapp — wire
  Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering `@mentions` in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim allowing the attacker to fully control the user account. Wire-desktop clients that are connected to a vulnerable wire-webapp version are also vulnerable to this attack. The issue has been fixed in wire-webapp 2022-05-04-production.0 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-05-04-production.0-v0.29.7-0-a6f2ded or wire-server 2022-05-04 (chart/4.11.0) or later. No known workarounds exist. 2022-06-25 not yet calculated CVE-2022-29168
CONFIRM wordpress — add_post_url
  The Add Post URL WordPress plugin through 2.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping 2022-06-27 not yet calculated CVE-2022-1913
MISC wordpress — analytics_stats_counter_statistics_plugin
  A vulnerability was found in Analytics Stats Counter Statistics Plugin 1.2.2.5 and classified as critical. This issue affects some unknown processing. The manipulation leads to code injection. The attack may be initiated remotely. 2022-06-27 not yet calculated CVE-2017-20099
MISC
MISC wordpress — armember_plugin
  The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username 2022-06-27 not yet calculated CVE-2022-1903
MISC wordpress — cimry_header_image_rotator_plugin The Cimy Header Image Rotator WordPress plugin through 6.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack 2022-06-27 not yet calculated CVE-2022-1885
MISC wordpress — clean_contact_plugin The Clean-Contact WordPress plugin through 1.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS due to the lack of sanitisation and escaping as well 2022-06-27 not yet calculated CVE-2022-1914
MISC wordpress — easy_svg_support_plugin The Easy SVG Support WordPress plugin before 3.3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads 2022-06-27 not yet calculated CVE-2022-1964
MISC wordpress — html2wp_plugin The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file 2022-06-27 not yet calculated CVE-2022-1572
MISC wordpress — html2wp_plugin
  The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on the remote server 2022-06-27 not yet calculated CVE-2022-1574
MISC wordpress — html2wp_plugin
  The HTML2WP WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them 2022-06-27 not yet calculated CVE-2022-1573
MISC wordpress — import_export_all_plugin The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks 2022-06-27 not yet calculated CVE-2022-1977
MISC wordpress — limit_login_attempts_wordpress_plugin The Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) 2022-06-27 not yet calculated CVE-2022-1029
MISC wordpress — login_with_otp_over_sms_email_whatsapp_and_google_authenticator_plugin
  The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed 2022-06-27 not yet calculated CVE-2022-1994
MISC wordpress — mailpress
  The MailPress WordPress plugin through 7.2.1 does not have CSRF checks in various places, which could allow attackers to make a logged in admin change the settings, purge log files and more via CSRF attacks 2022-06-27 not yet calculated CVE-2022-1843
MISC wordpress — malware_scanner The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) 2022-06-27 not yet calculated CVE-2022-1995
MISC wordpress — my_private_site_plugin The My Private Site WordPress plugin before 3.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack 2022-06-27 not yet calculated CVE-2022-1627
MISC wordpress — mycss_plugin
  The MyCSS WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack 2022-06-27 not yet calculated CVE-2022-1960
MISC wordpress — nested_pages_plugin The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltered_html is disallowed 2022-06-27 not yet calculated CVE-2022-1990
MISC wordpress — new_user_approve_plugin The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for bypassing the provided restrictions) and to change plugin settings by tricking admin users into visiting specially crafted websites. 2022-06-27 not yet calculated CVE-2022-1625
MISC wordpress — nextcellent_gallery_plugin
  The NextCellent Gallery WordPress plugin through 1.9.35 does not sanitise and escape some of its image settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-06-27 not yet calculated CVE-2022-1971
MISC wordpress — no_external_links_wordpress_plugin The Mihdan: No External Links WordPress plugin through 4.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-06-27 not yet calculated CVE-2022-1095
MISC wordpress — openbook_book_data_plugin The OpenBook Book Data WordPress plugin through 3.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well 2022-06-27 not yet calculated CVE-2022-1842
MISC wordpress — popups_welcome_bar_optins_and_lead_generation_plugin The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.1.8 does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks 2022-06-27 not yet calculated CVE-2022-1776
MISC wordpress — pricing_tables_plugin
  The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Reflected Cross-Site Scripting 2022-06-27 not yet calculated CVE-2022-1904
MISC wordpress — rotating_posts_plugin The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack 2022-06-27 not yet calculated CVE-2022-1847
MISC wordpress — site_offine_or_coming_soon_plugin The Site Offline or Coming Soon WordPress plugin through 1.6.6 does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads in them via a CSRF attack 2022-06-27 not yet calculated CVE-2022-1593
MISC wordpress — social_share_buttons_by_supsystic_plugin
  The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it’s ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks. 2022-06-27 not yet calculated CVE-2022-1653
MISC wordpress — tiny_contact_form_plugin
  The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack 2022-06-27 not yet calculated CVE-2022-1846
MISC wordpress — ultimate_woocommerce_csv_importer_plugin
  The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting 2022-06-27 not yet calculated CVE-2022-1470
MISC wordpress — woocommerce_plugin The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected cross-Site Scripting 2022-06-27 not yet calculated CVE-2022-1916
MISC wordpress — woocommerce_plugin
  The Product Configurator for WooCommerce WordPress plugin before 1.2.32 suffers from an arbitrary file deletion vulnerability via an AJAX action, accessible to unauthenticated users, which accepts user input that is being used in a path and passed to unlink() without validation first 2022-06-27 not yet calculated CVE-2022-1953
MISC wordpress — wp_post_styling_plugin The WP Post Styling WordPress plugin before 1.3.1 does not have CSRF checks in various actions, which could allow attackers to make a logged in admin delete plugin’s data, update the settings, add new entries and more via CSRF attacks 2022-06-27 not yet calculated CVE-2022-1845
MISC wordpress — wp_security_pro
  The WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before 4.2.1 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) 2022-06-27 not yet calculated CVE-2022-1028
MISC wordpress — wpsentry The WP Sentry WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well 2022-06-27 not yet calculated CVE-2022-1844
MISC wordpress — admin_custom_login_plugin
  A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely. 2022-06-27 not yet calculated CVE-2017-20098
MISC
MISC wordpress — brizy_plugin
  The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks 2022-06-27 not yet calculated CVE-2022-2040
MISC
MISC wordpress — brizy_plugin
  The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element content, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks 2022-06-27 not yet calculated CVE-2022-2041
MISC
MISC wordpress — flower_delivery_by_florist_ one_wordpress_plugin
  The Flower Delivery by Florist One WordPress plugin through 3.5.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setups) 2022-06-27 not yet calculated CVE-2022-1113
MISC wordpress — google_authenticator_word_presse
  The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks 2022-06-27 not yet calculated CVE-2022-0875
MISC wordpress — kama_click_counter_plugin
  A vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part of the file wp-admin/admin.php. The manipulation of the argument order_by/order with the input ASC%2c(select*from(select(sleep(2)))a) leads to sql injection (Blind). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.4.9 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-27 not yet calculated CVE-2017-20103
MISC
MISC wordpress — wp_as_saml_idp_wordpress_plugin The Login using WordPress Users ( WP as SAML IDP ) WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-06-27 not yet calculated CVE-2022-1010
MISC wordpress — xcloner_plugin_wordpress_plugin
  The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key. 2022-06-27 not yet calculated CVE-2022-0444
MISC wordpress — secure_swfupload
  There is an object injection vulnerability in swfupload plugin for wordpress. 2022-06-30 not yet calculated CVE-2013-4144
MISC
MISC wuzhicms — wuzhicms
  A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter. 2022-06-28 not yet calculated CVE-2020-19897
MISC xiaongmai — multiple_versions
  Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20170327, V4.02.R11.Nat.Onvif.20161205, V4.02.R11.Nat.20170301, V4.02.R12.Nat.OnvifS.20170727 is affected by a backdoor in the macGuarder and dvrHelper binaries of DVR/NVR/IP camera firmware due to static root account credentials in the system. 2022-06-30 not yet calculated CVE-2021-41506
MISC
MISC
MISC
MISC xlpd — N/A
  XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. 2022-06-29 not yet calculated CVE-2022-33035
MISC
MISC xpdf — xpdf
  XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files. 2022-06-28 not yet calculated CVE-2022-33108
MISC
MISC
MISC yokogawa — stradom
  Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware. 2022-06-28 not yet calculated CVE-2022-29519
MISC
MISC
MISC
MISC yokogawa — stardom.fcn
  Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware. 2022-06-28 not yet calculated CVE-2022-30997
MISC
MISC
MISC
MISC zeypher_project — zepyher Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp 2022-06-28 not yet calculated CVE-2021-3433
MISC zeypher_project — zepyher
  Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr 2022-06-28 not yet calculated CVE-2021-3430
MISC zeypher_project — zepyher
  Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9 2022-06-28 not yet calculated CVE-2021-3431
MISC zeypher_project — zepyher
  Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4 2022-06-28 not yet calculated CVE-2021-3432
MISC zeypher_project — zepyher
  Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm 2022-06-28 not yet calculated CVE-2021-3434
MISC zeypher_project — zepyher
  Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh 2022-06-28 not yet calculated CVE-2021-3435
MISC zoho — manageengine_servicedesk_plus_msp Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml). 2022-07-02 not yet calculated CVE-2022-32551
MISC zulip — zulip
  Zulip is an open-source team collaboration tool. Versions 2.1.0 through and including 5.2 are vulnerable to a logic error. A stream configured as private with protected history, where new subscribers should not be allowed to see messages sent before they were subscribed, when edited causes the server to incorrectly send an API event that includes the edited message to all of the stream’s current subscribers. This API event is ignored by official clients, but can be observed by using a modified client or the browser’s developer tools. This bug will be fixed in Zulip Server 5.3. There are no known workarounds. 2022-06-25 not yet calculated CVE-2022-31017
CONFIRM
#JulyOT 2022 -31 days of IoT content for everyone starting 1st July

#JulyOT 2022 -31 days of IoT content for everyone starting 1st July

This article is contributed. See the original author and article here.

Animated July O T logoAnimated July O T logo


 


#JulyOT is back for 2022! Throughout the month of July, the IoT teams at Microsoft will be sharing content and events put together by IoT enthusiasts from around the world.  This includes content from community members, Microsoft employees, and could even involve you!   For every working day in July, we’ll focus on one or more featured content pieces from our curated collection at the new home of #JulyOT – JulyOT.dev!.  The idea is to inspire those curious about IoT to pursue their own personal projects within the realm of Internet of Things, and then share them on social media with the hashtag #JulyOT.


 


We’ll be updating JulyOT.dev with new content every working day in July, so check back there often, or subscribe to the RSS feed. We’ll also be updating this post at the end of each week with a round up of what we covered in that week.


 


IoT live streams


 


IoT for Beginners Reactor stream logoIoT for Beginners Reactor stream logo


 JulyOT kicks off with live streams from the Microsoft Reactor. Check out our events page to learn more and register. These include the first 4 lessons of IoT for Beginners, our free, open source IoT curriculum, as well as live streams in English and Spanish.


 


IoT Cloud Skills Challenge


A cartoon raccoon holding medalsA cartoon raccoon holding medals


We’ll also challenge y’all to grow your IoT skills with a cloud skills challenge! More details coming on the 1st July.


 


Digital swag


What better way to celebrate #JulyOT than with digital swag! Set your desktop or video chat background, and get cool visuals to share on social on our digital swag page.


 


Enjoy the celebration of #JulyOT


See you all at JulyOT.dev as we celebrate #JulyOT.


 


 

Recommendations for Oracle 19c Patches in Azure

Recommendations for Oracle 19c Patches in Azure

This article is contributed. See the original author and article here.

Oracle 19c is the terminal release for Oracle 12c.  If you aren’t familiar with that term, a terminal release is the last point release of the product.  There were terminal releases for previous Oracle versions (10.2.0.4, 11.2.0.7.0) and after 19c, the next terminal release will be 23c.  Therefore, you don’t see many 18c, 20c or 21c databases.  We’ve gone to yearly release numbers, but the fact remains that 19c is going to receive all major updates and continue to be supported unlike the non-terminal releases.


 


Oracle will tell you for support, you should be upgrading to 19c.  Premier Oracle Support ended for December 1st, 2020 and as we discussed, not many are going to choose or stay on non-terminal releases, so 19c is it.


 


upgrade.gif


With that said, we must offer guidance on recommended practices for Oracle versioning and patching in Azure.  Although I will list any bugs and document IDs that back up the recommendations I’m making, be aware that many of these will be behind Oracle Support’s paywall, so you’ll only be able to access them with an Oracle Support CSI.  Let’s talk about the things not to do first-


Don’t Upgrade DURING Your Migration


I know it sounds like an awesome idea to upgrade to the latest database version while you are migrating to the cloud, but please, don’t do these two things- migrating to the cloud and upgrading the database/app at the same time.  It’s a common scenario that I’m brought in after the Azure specialists are left scratching their head or scrambling to explain what has changed and then I come in to tell them to stand down because it’s the DATABASE THAT’S CHANGED. 


 


Do Patch to the LATEST Patchset for Oracle


I am part of the crowd that often did the latest patchset -1 approach.  We would always be one patchset behind and let others figure out how many bugs might be introduced by the patch that had sneaked through testing. 


 


Not anymore… I have a few customers on 19.14, which should be safe, considering the previous practice I mentioned, but the sheer number of bugs and serious bugs that were experienced has changed my thinking to recommend going to the latest patchset.


 


I think it’s easy to think, “Oh, it’s just a small bug” but I’m in agreement with you, if it’s a small impact and it has an easy work around, that’s one thing, but these bugs I’m referring to are quite impactful and here’s how:


High CPU Usage



  • 19.14 release, there were 11 bugs that caused high CPU usage for Oracle.

  • High CPU usage to the point of doubling the core count for the VM the database ran on in Azure.

  • Doubling the need for Oracle licenses for the database, even though it was a bug that was causing all the additional CPU usage.

  • At $47500 list price per processor license, this isn’t something I’d recommend letting go on.


For one customer that I was deeply involved in, the VM sizing required 20 vCPU to run the workload.  I sized up to 32 vCPU for peak workloads and yet they were at 97.6% CPU busy with a 64-core machine.  The workload hadn’t changed, and the CPU usage traced was out of control!


I would start here: After Upgrade to 19c, One or More of the Following Issues Occur on Non-Linux Platforms: High Paging/Swapping, High CPU, Poor Performance, ORA-27nnn Errors, ORA-00379 Errors, ORA-04036 Errors (Doc ID 2762216.1)


 


Bug examples for high CPU usage in 19.14:


























































































NB



Prob



Bug



Fixed



Description


 

II



31050103



19.15, 23.1.0.0.0



fbda: slow sql performance when running in pluggable database


 



32869560



19.15, 21.6



HIGH CPU ON KXSGETRUNTIMELOCK AND SSKGSLCAS


 

I



29446010



20.1



Query Using LIKE Predicate Spins Using NLS_SORT=’japanese_m’ NLS_COMP=’linguistic’


 



32431067



23.1.0.0.0



Data Pump Export is Slow When Exporting Scheduler Jobs Due to Query Against SYS.KU$_PROCOBJ_VIEW


 



33380871



19.15, 21.6



High CPU on KSLWT_UPDATE_STATS_ELEM


 



33921441



19.15



Slow performance in AQ dequeue processing



*



II



32075777


 

Performance degradation by Wnnn processes after applying july 2020 DBRU


 

III



32164034


 

Database Hang Updating USER$ When LSLT (LAST SUCCESSFUL LOGIN TIME) Is Enabled


 

III



30664385


 

High count of repetitive executions for sql_id 35c8afbgfm40c during incremental statistics gathering


 

II



29559415


 

DMLs on FDA enabled tables are slow, or potential deadlocks on recursive DML on SYS_FBA_* tables


 

II



29448426



20.1



Killing Sessions in PDB Eventually Results in Poor Buffer Cache Performance Due To Miscalculating Free Buffer Count



 


Time Slip


This issue will often display an ORA-00800 error and you will need to check the extended trace file for details.  It will include the VKTM in the error arguments.


 


…/trace/xxxxx_vktm_xxxx.trc


ORA-00800: soft external error, arguments: [Set Priority Failed], [VKTM], [Check traces and OS configuration], [Check Oracle document and MOS notes]

The trace file will include additional information about the error, including:


Kstmmainvktm: failed in setting elevated priority

Verify: SETUID is set on ORADISM and restart the instance highres_enabled

 


This refers to a bug and has two documents around time drift and how to address it-


ORA-00800: soft external error, arguments: [Set Priority Failed], [VKTM] (Doc ID 2718971.1)


I’d also refer to this doc, even though you aren’t running AIX:


Bug 28831618 : FAILED TO ELEVATE VKTM’S PRIORITY IN AIX WITH EVENT 10795 SET


 


Network Connection Timeouts


Incident alerting will occur in the alert log, and it will require viewing the corresponding trace file for the incident.


 


ORA-03137: malformed TTC packet from client rejected.

ORA-03137: Malformed TTC Packet From Client Rejected: [12569] (Doc ID 2498924.1)


Potential Tracing to gather more data:


Getting ORA-12569: TNS:Packet Checksum Failure While Trying To Connect Through Client (Doc ID 257793.1)


 


Block Corruption


Thanks to Jeff Steiner from the NetApp team who advised on this one.


Bug 32931941 – Fractured block Corruption Found while Using DirectNFS (Doc ID 32931941.8)



  • This can result in 100’s to 1000’s of corrupted blocks in an Oracle database.

  • All customers using dNFS with 19c should run 19.14 or higher to avoid being vulnerable to this bug.


Also follow the Recommended Patches for Direct NFS Client (Doc ID 1495104.1)


Summary


If you’re considering an upgrade to Oracle 19c, please review the following Oracle Doc:


Things to Consider to Avoid Database Performance Problems on 19c (Doc ID 2773012.1)


It really is worth your time and can save you a lot of time and headache.


 

Row Level Security in Power BI Desktop

Row Level Security in Power BI Desktop

This article is contributed. See the original author and article here.

Picture1.png


 


 


The Same KPIs, Different Department


 


Scenario: You have different managers requesting to see the same KPIs (Customer Count, Revenue Generated, Products Performance, etc) for their different region. Data privacy requires that the various managers only see reports for their regions. A simple way to think about this is by creating different reports for the managers making a total of 3 Reports. 


 


I am sure you will agree with me that this isn’t effective. more efforts and it is not scalable. what if it is a large multinational – country manager, regional manager, group manager, unit head, team leads all across the world? will you also build different reports for over 500 people? With Row Level Security, you can easily address this challenge by building a single Reports and set roles and rules to filter what everyone can see.


 


 


Learn and Practice Along here:


 


 


 


Additional Resources



 


 

Streamline sales actions with Dynamics 365 sales accelerator

Streamline sales actions with Dynamics 365 sales accelerator

This article is contributed. See the original author and article here.


The sales accelerator in Dynamics 365 provides a tailored experience for sellers by minimizing the time spent searching for the best next customer to reach out to. It’s a workspace optimized with AI and suggested activities that guide sellers through customer interactions. The sales accelerator enables your sales team to prioritize their pipeline, reach out to prospects most likely to buy, and respond to recommendations, speeding up the sales process.

Our teams are constantly reviewing customer feedback and optimizing the experience. We have two new updates you’ll see immediately in your environments:

  • Sales Hub users now get out-of-the-box access to the sales accelerator workspace. (If you use a custom app, additional steps might be required to surface the capabilities.)
  • Sales engagement managers can discover and configure the sales accelerator in a newly streamlined onboarding process.

Let’s take a deeper look at these improvements.

Out-of-the-box access to the sales accelerator workspace

Sales Hub users will now be able to instantly access the sales accelerator from the left pane on the site map menu. As they access the sales accelerator, sellers will immediately see any activities scheduled for them in the worklist. Without navigating away from the screen, they can see who to contact next, filter and sort the records to their chosen priority, and then take the best next action.

Sales Hub is a Microsoft app that’s designed around the sales processes that most organizations follow. If you’re new to Dynamics 365 Sales and wondering whether to use the Sales Hub app or create a custom app, this comparison will help you decide.

If you’re already using a custom app, you’ll need to add the sales accelerator to your site map to allow users to see and select it from the left pane.

Simple onboarding and setup

The following improvements help sales engagement managers and admins discover and engage with the right options to implement and deploy the sales accelerator more efficiently:

  • Independently configured sales accelerator workspace and optimized assignment rules
  • Context-specific settings
  • Setup recommendations

Independently configure access to the workspace and assignment rules

Assignment rules enable new leads and opportunities to be automatically assigned to sellers or sales teams. This helps reduce the time and effort required to manually assign records, prevent the loss of unassigned records, and balance assignments among sellers.

Assignment rules can now be independently used or aligned to the use of the sales accelerator. This allows you to select the right options for your sellers and ensure they receive the records to work on, regardless of workspace area. We’ve introduced the ability to set security roles to separately control access to the sales accelerator workspace and assignment rules.

A security role defines how users may access different types of records. You can modify existing security roles, create new security roles, or change which security roles are assigned to each user. Learn more about security roles.

To configure access to the sales accelerator workspace, choose security roles in the Manage access and record type section of the workspace settings page.

Screenshot of the Manage access and record type section of the sales accelerator workspace settings page, with security roles highlighted.

To configure access to assignment rules, choose security roles in the Team settings section of the assignment rules settings page.

Screenshot of the Team settings section of the assignment rules settings page, with security roles highlighted.

Context-specific settings

Advanced settings for sequences, assignment rules, and sales teams are now available in context, on the page, rather than requiring navigation to another settings area. This screenshot shows an example of the new in-context settings, using seller availability:

Screenshot of the new in-context seller availability settings.

Personalize your workspace

To improve sellers’ productivity, we help them focus on who to engage next. To that end, you can now customize the workspace filters. For example, sellers might want to filter work items based on the lead source, such as website inquiry. Add a filter based on Lead as the record type and Leadsource as the field.

We encourage you to try out different capabilities to get the most out of the sales accelerator. To help you discover its capabilities, we show recommended next steps in workspace settings. Recommendations are tailored to the sales process and based on where your organization is in the setup process, taking away the guesswork and guiding you on a recommended path for a successful implementation.

Stay tuned for more exciting improvements to come, such as customizable worklist cards, advanced sorting, and a new sequence designer experience!

Next steps

The post Streamline sales actions with Dynamics 365 sales accelerator appeared first on Microsoft Dynamics 365 Blog.

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.