This article is contributed. See the original author and article here.
0day.today — opennetadmin
|
A vulnerability was found in OpenNetAdmin 18.1.1. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
2022-06-09 |
not yet calculated |
CVE-2019-25065
MISC
MISC |
ajenti — ajenti
|
A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.32 is able to address this issue. The name of the patch is 7aa146b724e0e20cfee2c71ca78fafbf53a8767c. It is recommended to upgrade the affected component. |
2022-06-09 |
not yet calculated |
CVE-2019-25066
MISC
MISC
MISC |
aleksis — aleksis-core
|
An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set. |
2022-06-03 |
not yet calculated |
CVE-2022-29773
MISC
MISC |
alibaba — fastjson
|
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode). |
2022-06-10 |
not yet calculated |
CVE-2022-25845
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM |
apache — dubbo
|
bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability. |
2022-06-09 |
not yet calculated |
CVE-2022-24969
MISC |
apache — http_server
|
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. |
2022-06-09 |
not yet calculated |
CVE-2022-30556
MLIST
MISC |
apache — http_server
|
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. |
2022-06-09 |
not yet calculated |
CVE-2022-29404
MLIST
MISC |
apache — http_server
|
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. |
2022-06-09 |
not yet calculated |
CVE-2022-30522
MISC
MLIST |
apache — http_server
|
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. |
2022-06-09 |
not yet calculated |
CVE-2022-31813
MISC
MLIST |
apache — http_server
|
Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module. |
2022-06-09 |
not yet calculated |
CVE-2022-28330
MLIST
MISC |
apache — http_server
|
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. |
2022-06-09 |
not yet calculated |
CVE-2022-28614
MLIST
MISC |
apache — http_server
|
Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’) vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions. |
2022-06-09 |
not yet calculated |
CVE-2022-26377
MLIST
MISC |
apache — http_server
|
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. |
2022-06-09 |
not yet calculated |
CVE-2022-28615
MISC
MLIST |
atlassian — multiple_server
|
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1. |
2022-06-03 |
not yet calculated |
CVE-2022-26134
MISC
MISC
MISC
MISC
MISC |
avantune — genialcloud_proj
|
A reflected cross-site scripting (XSS) vulnerability in the login portal of Avantune Genialcloud ProJ – 10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
2022-06-06 |
not yet calculated |
CVE-2022-29296
MISC
MISC |
axigen — mobile_webmail
|
An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content. |
2022-06-07 |
not yet calculated |
CVE-2022-31470
MISC
MISC |
axiomatic_systems — bento4
|
An issue was discovered in Bento4 1.2. The allocator is out of memory in /Source/C++/Core/Ap4Array.h. |
2022-06-10 |
not yet calculated |
CVE-2022-31285
MISC |
axiomatic_systems — bento4
|
An issue was discovered in Bento4 v1.2. There is an allocation size request error in /Ap4RtpAtom.cpp. |
2022-06-10 |
not yet calculated |
CVE-2022-31287
MISC |
axiomatic_systems — bento4_mp4dump
|
Bento4 MP4Dump v1.2 was discovered to contain a segmentation violation via an unknown address at /Source/C++/Core/Ap4DataBuffer.cpp:175. |
2022-06-10 |
not yet calculated |
CVE-2022-31282
MISC |
axios_italia — axios_re
|
A vulnerability classified as critical was found in Axios Italia Axios RE 1.7.0/7.0.0. This vulnerability affects unknown code of the file REDefault.aspx of the component Connection Handler. The manipulation of the argument DBIDX leads to privilege escalation. The attack can be initiated remotely. |
2022-06-09 |
not yet calculated |
CVE-2019-25068
MISC |
axios_italia — axios_re
|
A vulnerability, which was classified as problematic, has been found in Axios Italia Axios RE 1.7.0/7.0.0. This issue affects some unknown processing of the component Error Message Handler. The manipulation leads to information disclosure (ASP.NET). The attack may be initiated remotely. |
2022-06-09 |
not yet calculated |
CVE-2019-25069
MISC
MISC |
bbge — netwave_ip
|
There is a memory dump vulnerability on Netwave IP camera devices at //proc/kcore that allows an unauthenticated attacker to exfiltrate sensitive information from the network configuration (e.g., username and password). |
2022-06-10 |
not yet calculated |
CVE-2018-17240
MISC
MISC
MISC |
brandbugle — brandbugle
|
A vulnerability was found in Brandbugle. It has been rated as critical. Affected by this issue is some unknown functionality of the file /main.php. The manipulation leads to sql injection. The attack may be launched remotely. |
2022-06-07 |
not yet calculated |
CVE-2020-36536
MISC |
caphyon_ltd — advanced_installer
|
Caphyon Ltd Advanced Installer 19.2 was discovered to contain a remote code execution (RCE) vulnerability via the Update Check function. |
2022-06-06 |
not yet calculated |
CVE-2022-27438
MISC
MISC
MISC |
carrier — multiple_products
|
An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The attacker needs to have a properly signed and encrypted binary, loading the firmware to the device ultimately triggers a reboot. |
2022-06-06 |
not yet calculated |
CVE-2022-31480
MISC |
carrier — multiple_products
|
An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. The injected commands only get executed during start up or when unsafe calls regarding the hostname are used. This allows the attacker to gain remote access to the device and can make their persistence permanent by modifying the filesystem. |
2022-06-06 |
not yet calculated |
CVE-2022-31479
MISC |
carrier — multiple_products
|
An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.271. This allows a malicious actor to overwrite sensitive system files and install a startup service to gain remote access to the underlaying Linux operating system with root privileges. |
2022-06-06 |
not yet calculated |
CVE-2022-31483
MISC |
carrier — multiple_products
|
An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The overflowed data can allow the attacker to manipulate the “normal” code execution to that of their choosing. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. |
2022-06-06 |
not yet calculated |
CVE-2022-31481
MISC |
carrier — multiple_products
|
An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of this vulnerability is that an unauthenticated attacker could restrict access to the web interface to legitimate users and potentially requiring them to use the default user dip switch procedure to gain access back. |
2022-06-06 |
not yet calculated |
CVE-2022-31484
MISC |
carrier — multiple_products
|
An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303 for the LP series and 1.297 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. |
2022-06-06 |
not yet calculated |
CVE-2022-31486
MISC |
carrier — multiple_products
|
An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. |
2022-06-06 |
not yet calculated |
CVE-2022-31485
MISC |
carrier — multiple_products
|
An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless. |
2022-06-06 |
not yet calculated |
CVE-2022-31482
MISC |
chshcms — cscms
|
A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator’s username and password. |
2022-06-09 |
not yet calculated |
CVE-2022-30898
MISC |
churchcrm — churchcrm
|
There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the ‘PersonID’ field in /churchcrm/WhyCameEditor.php. |
2022-06-08 |
not yet calculated |
CVE-2022-31325
MISC |
cla-assistant — cla-assistant
|
Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application. |
2022-06-06 |
not yet calculated |
CVE-2022-29617
MISC |
cms_made_simple — cms_made_siple
|
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the ‘. |
2022-06-09 |
not yet calculated |
CVE-2021-40961
MISC
MISC
MISC |
containerd — containerd
|
containerd is an open source container runtime. A bug was found in the containerd’s CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd’s CRI implementation; `ExecSync` may be used when running probes or when executing processes via an “exec” facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used. |
2022-06-09 |
not yet calculated |
CVE-2022-31030
CONFIRM
MLIST
MISC |
convert-svg-core — convert-svg-core
|
The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file. |
2022-06-10 |
not yet calculated |
CVE-2022-24429
CONFIRM
CONFIRM
CONFIRM |
convert-svg-core — convert-svg-core
|
The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file. |
2022-06-10 |
not yet calculated |
CVE-2022-24278
CONFIRM
CONFIRM
CONFIRM
CONFIRM |
cookiecutter — cookiecutter
|
The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection. |
2022-06-08 |
not yet calculated |
CVE-2022-24065
MISC
MISC
MISC |
corehr — core_portal
|
A vulnerability was found in CoreHR Core Portal up to 27.0.7. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. Upgrading to version 27.0.8 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-09 |
not yet calculated |
CVE-2019-25064
MISC |
couchbase — sync_gateway
|
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, the admin credentials provided to the Admin REST API are ignored, resulting in privilege escalation for unauthenticated users. The Public REST API is not impacted by this issue. A workaround is to replace X.509 certificate based authentication with Username and Password authentication inside the bootstrap configuration. |
2022-06-10 |
not yet calculated |
CVE-2022-32563
MISC
MISC |
| cyberthoth — fast_food_order_system |
A vulnerability classified as problematic has been found in Fast Food Ordering System 1.0. Affected is the file Master.php of the Master List. The manipulation of the argument Description with the input foo “><img src=”” onerror=”alert(document.cookie)”> leads to cross site scripting. It is possible to launch the attack remotely but it requires authentication. Exploit details have been disclosed to the public. |
2022-06-07 |
not yet calculated |
CVE-2022-1991
MISC
MISC |
d-link — dir-890L
|
** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter ‘descriptor’ at SetVirtualServerSettings.php. |
2022-06-03 |
not yet calculated |
CVE-2022-29778
MISC
MISC |
dell — supportassist_client_consumer
|
Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system. |
2022-06-10 |
not yet calculated |
CVE-2022-29092
CONFIRM |
dell — supportassist_client_consumer
|
Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system. |
2022-06-10 |
not yet calculated |
CVE-2022-29095
CONFIRM |
dell — supportassist_client_consumer
|
Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files on the system. |
2022-06-10 |
not yet calculated |
CVE-2022-29094
CONFIRM |
dell — supportassist_client_consumer
|
Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system. |
2022-06-10 |
not yet calculated |
CVE-2022-29093
CONFIRM |
discourse — discourse
|
Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the `stable` branch and 2.9.0beta5 on the `beta` and `tests-passed` branches, inviting users on sites that use single sign-on could bypass the `must_approve_users` check and invites by staff are always approved automatically. The issue is patched in Discourse version 2.8.4 on the `stable` branch and version `2.9.0.beta5` on the `beta` and `tests-passed` branches. As a workaround, disable invites or increase `min_trust_level_to_allow_invite` to reduce the attack surface to more trusted users. |
2022-06-07 |
not yet calculated |
CVE-2022-31025
CONFIRM
MISC
MISC
MISC
MISC |
django-s3file — django-s3file
|
django-s3file is a lightweight file upload input for Django and Amazon S3 . In versions prior to 5.5.1 it was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. If the `AWS_LOCATION` setting was set, traversal was limited to that location only. The issue was discovered by the maintainer. There were no reports of the vulnerability being known to or exploited by a third party, prior to the release of the patch. The vulnerability has been fixed in version 5.5.1 and above. There is no feasible workaround. We must urge all users to immediately updated to a patched version. |
2022-06-09 |
not yet calculated |
CVE-2022-24840
MISC
CONFIRM |
dolibarr — dolibarr
|
Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page. |
2022-06-08 |
not yet calculated |
CVE-2022-30875
MISC
MISC |
drupal — saml_sp_2.0_single_sign_on_-_saml_service_provide
|
Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Single Sign On (SSO) – SAML Service Provider in certain non-default configurations allow a malicious user to login as any chosen user. The vulnerability is mitigated by the module’s default settings which require the options “Either sign SAML assertions” and “x509 certificate”. This issue affects: Drupal SAML SP 2.0 Single Sign On (SSO) – SAML Service Provider 8.x version 8.x-2.24 and prior versions; 7.x version 7.x-2.57 and prior versions. |
2022-06-03 |
not yet calculated |
CVE-2022-26493
CONFIRM |
dynamicmarkt — dynamicmarkt
|
dynamicMarkt <= 3.10 is affected by SQL injection in the parent parameter of index.php. |
2022-06-10 |
not yet calculated |
CVE-2021-41754
MISC
MISC |
dynamicmarkt — dynamicmarkt
|
dynamicMarkt <= 3.10 is affected by SQL injection in the kat parameter of index.php. |
2022-06-10 |
not yet calculated |
CVE-2021-41756
MISC
MISC |
dynamicmarkt — dynamicmarkt
|
dynamicMarkt <= 3.10 is affected by SQL injection in the kat1 parameter of index.php. |
2022-06-10 |
not yet calculated |
CVE-2021-41755
MISC
MISC |
easyii_cms — easyii_cms
|
A vulnerability was found in easyii CMS. It has been classified as problematic. Affected is an unknown function of the file /admin/sign/out. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
2022-06-07 |
not yet calculated |
CVE-2020-36534
MISC
MISC |
eatan_cms — eatan_cms
|
A vulnerability was found in Eatan CMS. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The attack can be launched remotely. |
2022-06-07 |
not yet calculated |
CVE-2020-36538
MISC |
elastic — elasticsearch
|
A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request. |
2022-06-06 |
not yet calculated |
CVE-2022-23712
MISC
MISC |
emicklei — go-restful
|
Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0. |
2022-06-08 |
not yet calculated |
CVE-2022-1996
CONFIRM
MISC |
emlog_pro — emlog_pro
|
Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background management. |
2022-06-09 |
not yet calculated |
CVE-2021-40610
MISC |
envoy_proxy — envoy
|
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an intermediate buffer before overwriting the body in the decode/encodeBody. This may allow an attacker to zip bomb the decompressor by sending a small highly compressed payload. Maliciously constructed zip files may exhaust system memory and cause a denial of service. Users are advised to upgrade. Users unable to upgrade may consider disabling decompression. |
2022-06-09 |
not yet calculated |
CVE-2022-29225
CONFIRM
MISC |
envoy_proxy — envoy
|
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions. continueDecoding() shouldn’t ever be called from filters after a local reply has been sent. Users are advised to upgrade. There are no known workarounds for this issue. |
2022-06-09 |
not yet calculated |
CVE-2022-29228
CONFIRM
MISC |
envoy_proxy — envoy
|
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mechanism for validating access tokens, so by design when the HMAC signed cookie is missing a full authentication flow should be triggered. However, the current implementation assumes that access tokens are always validated thus allowing access in the presence of any access token attached to the request. Users are advised to upgrade. There is no known workaround for this issue. |
2022-06-09 |
not yet calculated |
CVE-2022-29226
MISC
CONFIRM |
envoy_proxy — envoy
|
Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the request Envoy sends a local reply when the redirect headers are processed, the downstream state indicates that the downstream stream is not complete. On sending the local reply, Envoy will attempt to reset the upstream stream, but as it is actually complete, and deleted, this result in a use-after-free. Users are advised to upgrade. Users unable to upgrade are advised to disable internal redirects if crashes are observed. |
2022-06-09 |
not yet calculated |
CVE-2022-29227
CONFIRM
MISC |
envoy_proxy — envoy
|
Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold� (prevent removal) upstream hosts obtained via service discovery until configured active health checking fails. If an attacker controls an upstream host and also controls service discovery of that host (via DNS, the EDS API, etc.), an attacker can crash Envoy by forcing removal of the host from service discovery, and then failing the gRPC health check request. This will crash Envoy via a null pointer dereference. Users are advised to upgrade to resolve this vulnerability. Users unable to upgrade may disable gRPC health checking and/or replace it with a different health checking type as a mitigation. |
2022-06-09 |
not yet calculated |
CVE-2022-29224
CONFIRM
MISC |
everywhere_cms — everywhere_cms
|
A vulnerability was found in Everywhere CMS. It has been classified as critical. Affected is an unknown function. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. |
2022-06-07 |
not yet calculated |
CVE-2020-36537
MISC |
fex-team — kity_minder
|
Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the init function at ImageCapture.class.php. |
2022-06-09 |
not yet calculated |
CVE-2022-31830
MISC |
filerun — afian_filerun
|
In Afian Filerun 20220202, lack of sanitization of the POST parameter “metadata[]” in `/?module=fileman§ion=get&page=grid` leads to SQL injection. |
2022-06-06 |
not yet calculated |
CVE-2022-30469
MISC
MISC |
filezilla — filezilla
|
** DISPUTED ** FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via a memory dump.- NOTE: the vendor does not consider this a vulnerability. |
2022-06-07 |
not yet calculated |
CVE-2022-29620
MISC
MISC
MISC |
firejail — firejail
|
A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker’s control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo. |
2022-06-09 |
not yet calculated |
CVE-2022-31214
MISC
MISC |
flatcore — flatcore-cms
|
FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tags and content sections. |
2022-06-06 |
not yet calculated |
CVE-2021-42245
MISC |
francoisjacquet — rosariosis
|
Cross-site Scripting (XSS) – Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0. |
2022-06-08 |
not yet calculated |
CVE-2022-1997
CONFIRM
MISC |
francoisjacquet — rosariosis
|
Cross-site Scripting (XSS) – Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. |
2022-06-09 |
not yet calculated |
CVE-2022-2036
MISC
CONFIRM |
fudforum — fudforum
|
FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel. |
2022-06-06 |
not yet calculated |
CVE-2022-30860
MISC |
fudforum — fudforum
|
FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel. |
2022-06-06 |
not yet calculated |
CVE-2022-30863
MISC |
fudforum — fudforum
|
FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature. |
2022-06-06 |
not yet calculated |
CVE-2022-30861
MISC |
gatsby — gatsby
|
The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible when passing input in both webpack (MDX files in src/pages or MDX file imported as a component in frontend / React code) and data mode (querying MDX nodes via GraphQL). Workaround: If an older version of gatsby-plugin-mdx must be used, input passed into the plugin should be sanitized ahead of processing. |
2022-06-10 |
not yet calculated |
CVE-2022-25863
CONFIRM
CONFIRM
CONFIRM
CONFIRM |
git-promise — git-promise
|
All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this package. **Note:** Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue. |
2022-06-10 |
not yet calculated |
CVE-2022-24376
CONFIRM
CONFIRM |
gitlab — ce/ee
|
When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows users with the Developer role to open terminals on other Developers’ running jobs |
2022-06-06 |
not yet calculated |
CVE-2022-1944
MISC
CONFIRM |
gitlab — ce/ee
|
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers to add new members to a project within their group, through the REST API, even after their group owner enabled a setting to prevent members from being added to projects within that group. |
2022-06-06 |
not yet calculated |
CVE-2022-1783
CONFIRM
MISC
MISC |
gitlab — ce/ee
|
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group. |
2022-06-06 |
not yet calculated |
CVE-2022-1821
CONFIRM
MISC |
gitlab — ee
|
A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim’s behalf via specially crafted Jira Issues |
2022-06-06 |
not yet calculated |
CVE-2022-1940
MISC
MISC
CONFIRM |
gitlab — ee
|
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token to misuse it from any location even when IP address restrictions were configured |
2022-06-06 |
not yet calculated |
CVE-2022-1935
MISC
CONFIRM |
gitlab — ee
|
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP address restrictions were configured |
2022-06-06 |
not yet calculated |
CVE-2022-1936
MISC
CONFIRM |
gitlab — gitlab_ee
|
An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature (available only on Premium+ subscriptions) may allow any owner of a Premium group to invite arbitrary users through their username and email, then change those users’ email addresses via SCIM to an attacker controlled email address and thus – in the absence of 2FA – take over those accounts. It is also possible for the attacker to change the display name and username of the targeted account. |
2022-06-06 |
not yet calculated |
CVE-2022-1680
MISC
CONFIRM |
gitlab — gitlab_runner
|
In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs |
2022-06-06 |
not yet calculated |
CVE-2021-39947
MISC
CONFIRM |
| glpl-project — glpl |
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to version 10.0.1 it is possible to add extra information by SQL injection on search pages. In order to exploit this vulnerability a user must be logged in. |
2022-06-09 |
not yet calculated |
CVE-2022-29250
CONFIRM |
glpl_project — glpl
|
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Kanban is a GLPI view to display Projects, Tickets, Changes or Problems on a task board. In versions prior to 10.0.1 a user can exploit a cross site scripting vulnerability in Kanban by injecting HTML code in its user name. Users are advised to upgrade. There are no known workarounds for this issue. |
2022-06-09 |
not yet calculated |
CVE-2022-24876
CONFIRM
MISC |
| gogs — gogs |
Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes `DisplayName` prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users’ display names for malicious characters. |
2022-06-09 |
not yet calculated |
CVE-2022-31038
MISC
MISC
CONFIRM |
gogs — gogs
|
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9. |
2022-06-09 |
not yet calculated |
CVE-2022-1986
CONFIRM
MISC |
gogs — gogs
|
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. |
2022-06-09 |
not yet calculated |
CVE-2022-1992
MISC
CONFIRM |
gogs — gogs
|
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. |
2022-06-09 |
not yet calculated |
CVE-2022-1993
MISC
CONFIRM |
google — android
|
The Android application HTTP File Server (Version 1.4.1) by ‘slowscript’ is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write. |
2022-06-09 |
not yet calculated |
CVE-2021-40668
MISC
MISC |
gosecure– phone_system
|
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of “<space><space> followed by <shift><enter>” mishandling. |
2022-06-07 |
not yet calculated |
CVE-2019-9972
MISC
MISC |
gosecure– phone_system
|
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z (aka postrotate-command) option to tcpdump can be unsafe when used in conjunction with sudo. |
2022-06-07 |
not yet calculated |
CVE-2019-9971
MISC
MISC
MISC |
gpac — gpac
|
GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition (‘infinite loop’) vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file. |
2022-06-08 |
not yet calculated |
CVE-2021-40592
MISC
MISC |
gradle_enterprise — gradle_enterprise
|
Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure. |
2022-06-06 |
not yet calculated |
CVE-2022-30587
MISC
MISC |
gradle_enterprise — gradle_enterprise
|
Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution. |
2022-06-06 |
not yet calculated |
CVE-2022-30586
MISC
MISC |
grafana — grafana
|
Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor’/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. |
2022-06-06 |
not yet calculated |
CVE-2022-32275
MISC
MISC
MISC |
gunet — open_eclass
|
GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter. |
2022-06-11 |
not yet calculated |
CVE-2021-44266
MISC
MISC
MISC |
| guzzle — guzzle |
Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Authorization` header on. This is much the same as to how we don’t forward on the header if the host changes. Prior to this fix, `https` to `http` downgrades did not result in the `Authorization` header being removed, only changes to the host. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach which would be to use their own redirect middleware. Alternately users may simply disable redirects all together if redirects are not expected or required. |
2022-06-10 |
not yet calculated |
CVE-2022-31043
CONFIRM
MISC
MISC
CONFIRM |
| guzzle — guzzle |
Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward the `Cookie` header on. Prior to this fix, only cookies that were managed by our cookie middleware would be safely removed, and any `Cookie` header manually added to the initial request would not be stripped. We now always strip it, and allow the cookie middleware to re-add any cookies that it deems should be there. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach to use your own redirect middleware, rather than ours. If you do not require or expect redirects to be followed, one should simply disable redirects all together. |
2022-06-10 |
not yet calculated |
CVE-2022-31042
CONFIRM
MISC
MISC
CONFIRM |
h3c — magic_r100_r100v100r005
|
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddMacList parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30925
MISC |
h3c — magic_r100_r100v100r005
|
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnet parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30918
MISC |
h3c — magic_r100_r100v100r005
|
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the CMD parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30909
MISC |
h3c — magic_r100_r100v100r005
|
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID_5G parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30919
MISC |
h3c — magic_r100_r100v100r005
|
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTimingtimeWifiAndLed parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30923
MISC |
h3c — magic_r100_r100v100r005
|
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddWlanMacList parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30917
MISC |
h3c — magic_r100_r100v100r005
|
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnetDebug parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30916
MISC |
h3c — magic_r100_r100v100r005
|
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30920
MISC |
h3c — magic_r100_r100v100r005
|
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateSnat parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30915
MISC |
h3c — magic_r100_r100v100r005
|
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateMacClone parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30914
MISC |
h3c — magic_r100_r100v100r005
|
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the ipqos_set_bandwidth parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30913
MISC |
h3c — magic_r100_r100v100r005
|
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the GO parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30910
MISC |
h3c — magic_r100_r100v100r005
|
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateWanParams parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30912
MISC |
h3c — magic_r100_r100v100r005
|
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditMacList parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30926
MISC |
h3c — magic_r100_r100v100r005
|
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetAPWifiorLedInfoById parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30924
MISC |
h3c — magic_r100_r100v100r005
|
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditWlanMacList parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30922
MISC |
h3c — magic_r100_r100v100r005
|
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetMobileAPInfoById parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30921
MISC |
hcl_software — onetest_server
|
Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and server to see if the request is allowed. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information when the Access-Control-Allow-Credentials is enabled. |
2022-06-09 |
not yet calculated |
CVE-2021-27786
MISC |
hitachi_energy — txpert_hub_coretec
|
A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. |
2022-06-07 |
not yet calculated |
CVE-2021-35532
CONFIRM |
hitachi_energy — txpert_hub_coretec
|
Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. |
2022-06-07 |
not yet calculated |
CVE-2021-35531
CONFIRM |
hitachi_energy — txpert_hub_coretec
|
A vulnerability in the application authentication and authorization mechanism in Hitachi Energy’s TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0 2.1.0; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. |
2022-06-07 |
not yet calculated |
CVE-2021-35530
CONFIRM |
| humhub — humhub |
A vulnerability was found in HumHub up to 1.0.1 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting (DOM). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-09 |
not yet calculated |
CVE-2017-20027
MISC
MISC |
| humhub — humhub |
A vulnerability was found in HumHub 0.20.1/1.0.0-beta.3. It has been classified as critical. This affects an unknown part. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-09 |
not yet calculated |
CVE-2017-20028
MISC
MISC |
humhub — humhub
|
A vulnerability has been found in HumHub up to 1.0.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting (Reflected). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-09 |
not yet calculated |
CVE-2017-20026
MISC
MISC |
ibm — infosphere_information_server
|
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. |
2022-06-06 |
not yet calculated |
CVE-2022-31768
CONFIRM
XF |
ibm — spectrum_copy_data_management
|
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow a remote attacker to view product configuration information stored in PostgreSQL, which could be used in further attacks against the system. IBM X-Force ID: 228219. |
2022-06-10 |
not yet calculated |
CVE-2022-31769
XF
CONFIRM |
ibm — spectrum_copy_data_management
|
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using some fields of the form in the portal UI to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. IBM X-Force ID: 227364. |
2022-06-10 |
not yet calculated |
CVE-2022-30611
XF
CONFIRM |
ibm — spectrum_copy_data_management
|
IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could exploit this vulnerability to bypass authentication and gain unauthorized access to the Spectrum Copy Data Management catalog which contains metadata. IBM X-Force ID: 223718. |
2022-06-10 |
not yet calculated |
CVE-2022-22426
XF
CONFIRM |
ibm — spectrum_copy_data_management
|
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 227363. |
2022-06-10 |
not yet calculated |
CVE-2022-30610
XF
CONFIRM |
ibm — spectrum_copy_data_management
|
IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 225887. |
2022-06-10 |
not yet calculated |
CVE-2022-22479
XF
CONFIRM |
ibm — spectrum_protect_plus
|
Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are not printed. IBM X-Force ID: 222231. |
2022-06-06 |
not yet calculated |
CVE-2022-22396
CONFIRM
XF |
| ideaco.ir — idealms |
IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID= pathname. |
2022-06-10 |
not yet calculated |
CVE-2022-31788
MISC
MISC |
| igel — universal_management_suite |
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key. |
2022-06-09 |
not yet calculated |
CVE-2022-25807
MISC
MISC |
igel — universal_management_suite
|
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. The transmission of cleartext LDAP bind credentials by the cmd_mgt_load_mgt_tree command allows an attacker (who can intercept or inspect traffic between an authenticated UMS client and server) to compromise those LDAP bind credentials. |
2022-06-09 |
not yet calculated |
CVE-2022-25805
MISC
MISC |
igel — universal_management_suite
|
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key. |
2022-06-09 |
not yet calculated |
CVE-2022-25806
MISC
MISC |
igel — universal_management_suite
|
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Insecure permissions for the serverconfig registry key (under JavaSoftPrefsdeigelrmconfig in HKEY_LOCAL_MACHINESOFTWARE) allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the UMS superuser. |
2022-06-09 |
not yet calculated |
CVE-2022-25804
MISC
MISC |
ihb_eg_flexnow — ihb_eg_flexnow
|
An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by changing the student ID parameter in the HTTP POST request to the FrontControllerSS endpoint. |
2022-06-09 |
not yet calculated |
CVE-2022-30760
MISC
MISC |
intelliants — subrion_cms
|
An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute. |
2022-06-11 |
not yet calculated |
CVE-2021-41502
MISC |
istio — istio
|
Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an Istio ingress Gateway exposed to external traffic. This vulnerability has been resolved in versions 1.12.8, 1.13.5, and 1.14.1. Users are advised to upgrade. There are no known workarounds for this issue. |
2022-06-09 |
not yet calculated |
CVE-2022-31045
CONFIRM
MISC |
itarian — endpoint_manage_communication_client
|
The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Due to this setting, a malicious actor with low privileges access to a system can escalate his privileges to SYSTEM abusing an insecure openssl.conf lookup. |
2022-06-09 |
not yet calculated |
CVE-2022-25153
CONFIRM
CONFIRM |
itarian — saas/on-premise
|
Within the Service Desk module of the ITarian platform (SAAS and on-premise), a remote attacker can obtain sensitive information, caused by the failure to set the HTTP Only flag. A remote attacker could exploit this vulnerability to gain access to the management interface by using this vulnerability in combination with a successful Cross-Site Scripting attack on a user. |
2022-06-09 |
not yet calculated |
CVE-2022-25151
CONFIRM
CONFIRM |
itarian — saas/on-premise
|
The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures. It is possible to require a mandatory approval process. Due to a vulnerability in the approval process, present in any version prior to 6.35.37347.20040, a malicious actor (with a valid session token) can create a procedure, bypass approval, and execute the procedure. This results in the ability for any user with a valid session token to perform arbitrary code execution and full system take-over on all agents. |
2022-06-09 |
not yet calculated |
CVE-2022-25152
CONFIRM
CONFIRM |
itop_hub — itop
|
ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php. |
2022-06-10 |
not yet calculated |
CVE-2022-31402
MISC
MISC
MISC |
jamf — private_access
|
Jamf Private Access before 2022-05-16 has Incorrect Access Control, in which an unauthorized user can reach a system in the internal infrastructure, aka WND-44801. |
2022-06-07 |
not yet calculated |
CVE-2022-29564
MISC
MISC |
jgraph — drawio
|
Cross-site Scripting (XSS) – Stored in GitHub repository jgraph/drawio prior to 19.0.2. |
2022-06-09 |
not yet calculated |
CVE-2022-2015
MISC
CONFIRM |
jgraph — drawio
|
Code Injection in GitHub repository jgraph/drawio prior to 19.0.2. |
2022-06-09 |
not yet calculated |
CVE-2022-2014
MISC
CONFIRM |
jizhicms — jizhicms
|
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php. |
2022-06-09 |
not yet calculated |
CVE-2022-31390
MISC |
jizhicms — jizhicms
|
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php. |
2022-06-09 |
not yet calculated |
CVE-2022-31393
MISC |
jodd_http — jodd_http
|
Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequest#set and `jodd.http.HttpRequest#send. These vulnerabilities allow attackers to execute Server-Side Request Forgery (SSRF) via a crafted TCP payload. |
2022-06-06 |
not yet calculated |
CVE-2022-29631
MISC
MISC |
joy_ebike — joy_ebike
|
joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authentication Bypass by Capture-replay. |
2022-06-07 |
not yet calculated |
CVE-2022-30466
MISC |
jupyter_hub — oauthenticator
|
OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowed_idps configuration trait of CILogonOAuthenticator is documented to be a list of domains that indicate the institutions whose users are authorized to access this JupyterHub. This authorization is validated by ensuring that the *email* field provided to us by CILogon has a *domain* that matches one of the domains listed in `allowed_idps`.If `allowed_idps` contains `berkeley.edu`, you might expect only users with valid current credentials provided by University of California, Berkeley to be able to access the JupyterHub. However, CILogonOAuthenticator does *not* verify which provider is used by the user to login, only the email address provided. So a user can login with a GitHub account that has email set to `<something>@berkeley.edu`, and that will be treated exactly the same as someone logging in using the UC Berkeley official Identity Provider. The patch fixing this issue makes a *breaking change* in how `allowed_idps` is interpreted. It’s no longer a list of domains, but configuration representing the `EntityID` of the IdPs that are allowed, picked from the [list maintained by CILogon](https://cilogon.org/idplist/). Users are advised to upgrade. |
2022-06-09 |
not yet calculated |
CVE-2022-31027
CONFIRM |
kromitgmbh — titra
|
Cross-site Scripting (XSS) – Stored in GitHub repository kromitgmbh/titra prior to 0.77.0. |
2022-06-09 |
not yet calculated |
CVE-2022-2026
CONFIRM
MISC |
kromitgmbh — titra
|
Cross-site Scripting (XSS) – DOM in GitHub repository kromitgmbh/titra prior to 0.77.0. |
2022-06-09 |
not yet calculated |
CVE-2022-2029
CONFIRM
MISC |
kromitgmbh — titra
|
Cross-site Scripting (XSS) – Generic in GitHub repository kromitgmbh/titra prior to 0.77.0. |
2022-06-09 |
not yet calculated |
CVE-2022-2028
CONFIRM
MISC |
kromitgmbh — titra
|
Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0. |
2022-06-09 |
not yet calculated |
CVE-2022-2027
MISC
CONFIRM |
laravel
— laravel
|
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution (RCE) via an unserialized pop chain in __destruct in IlluminateBroadcastingPendingBroadcast.php and __call in FakerGenerator.php. |
2022-06-07 |
not yet calculated |
CVE-2022-31279
MISC |
| lepin — ep-kp001 |
Due to an insecure design, the Lepin EP-KP001 flash drive through KP001_V19 is vulnerable to an authentication bypass attack that enables an attacker to gain access to the stored encrypted data. Normally, the encrypted disk partition with this data is unlocked by entering the correct passcode (6 to 14 digits) via the keypad and pressing the Unlock button. This authentication is performed by an unknown microcontroller. By replacing this microcontroller on a target device with one from an attacker-controlled Lepin EP-KP001 whose passcode is known, it is possible to successfully unlock the target device and read the stored data in cleartext. |
2022-06-10 |
not yet calculated |
CVE-2022-29948
MISC
FULLDISC |
libjpeg — libjpeg
|
There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan. |
2022-06-10 |
not yet calculated |
CVE-2022-32978
MISC
MISC |
librehealth — lh-ehr_base
|
Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username. |
2022-06-06 |
not yet calculated |
CVE-2022-31492
MISC
MISC
MISC |
librehealth — lh-ehr_base
|
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS. |
2022-06-06 |
not yet calculated |
CVE-2022-31494
MISC
MISC
MISC |
librehealth — lh-ehr_base
|
LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS. |
2022-06-06 |
not yet calculated |
CVE-2022-31498
MISC
MISC
MISC |
librehealth — lh-ehr_base
|
LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS. |
2022-06-08 |
not yet calculated |
CVE-2022-31497
MISC
MISC
MISC |
librehealth — lh-ehr_base
|
LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access. |
2022-06-09 |
not yet calculated |
CVE-2022-31496
MISC
MISC
MISC |
librehealth — lh-ehr_base
|
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS. |
2022-06-07 |
not yet calculated |
CVE-2022-31495
MISC
MISC
MISC |
librehealth — lh-ehr_base
|
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS. |
2022-06-06 |
not yet calculated |
CVE-2022-31493
MISC
MISC
MISC |
lighttpd — lighttpd
|
Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers. |
2022-06-11 |
not yet calculated |
CVE-2022-30780
MISC
MISC
MISC
MISC |
linux — kernel
|
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. |
2022-06-05 |
not yet calculated |
CVE-2022-32296
MISC
MISC |
linux — kernel
|
An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. |
2022-06-10 |
not yet calculated |
CVE-2022-32981
MISC |
linux — kernel
|
A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system. |
2022-06-09 |
not yet calculated |
CVE-2022-1998
MISC
MISC |
linux — kernel
|
A use-after-free vulnerability was found in the Linux kernel’s Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue. |
2022-06-06 |
not yet calculated |
CVE-2022-1966
MISC
MISC
MISC
FEDORA
FEDORA |
mechanize — mechanize
|
The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to 2.8.5 the Authorization header is leaked after a redirect to a different port on the same site. Users are advised to upgrade to Mechanize v2.8.5 or later. There are no known workarounds for this issue. |
2022-06-09 |
not yet calculated |
CVE-2022-31033
CONFIRM
MISC |
mediatek — apusys_driver
|
In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06477946; Issue ID: ALPS06477946. |
2022-06-06 |
not yet calculated |
CVE-2022-21762
MISC |
mediatek — apusys_driver
|
In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479532; Issue ID: ALPS06479532. |
2022-06-06 |
not yet calculated |
CVE-2022-21761
MISC |
mediatek — apusys_driver
|
In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479562; Issue ID: ALPS06479562. |
2022-06-06 |
not yet calculated |
CVE-2022-21760
MISC |
mediatek — ccu
|
In ccu, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06439600; Issue ID: ALPS06439600. |
2022-06-06 |
not yet calculated |
CVE-2022-21758
MISC |
mediatek — imgsensor
|
In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479698; Issue ID: ALPS06479698. |
2022-06-06 |
not yet calculated |
CVE-2022-21746
MISC |
mediatek — imgsensor
|
In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478078; Issue ID: ALPS06478078. |
2022-06-06 |
not yet calculated |
CVE-2022-21747
MISC |
mediatek — telephony
|
In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06511030; Issue ID: ALPS06511030. |
2022-06-06 |
not yet calculated |
CVE-2022-21748
MISC |
mediatek — telephony
|
In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06511058; Issue ID: ALPS06511058. |
2022-06-06 |
not yet calculated |
CVE-2022-21749
MISC |
mediatek — wifi_firmware
|
In WIFI Firmware, there is a possible memory corruption due to a use after free. This could lead to remote escalation of privilege, when devices are connecting to the attacker-controllable Wi-Fi hotspot, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468872; Issue ID: ALPS06468872. |
2022-06-06 |
not yet calculated |
CVE-2022-21745
MISC |
mediatek — wifi_firmware
|
In WIFI Firmware, there is a possible system crash due to a missing count check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468894; Issue ID: ALPS06468894. |
2022-06-06 |
not yet calculated |
CVE-2022-21757
MISC |
mediatek — wlan_driver
|
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521283; Issue ID: ALPS06521283. |
2022-06-06 |
not yet calculated |
CVE-2022-21750
MISC |
mediatek — wlan_driver
|
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06493873; Issue ID: ALPS06493873. |
2022-06-06 |
not yet calculated |
CVE-2022-21752
MISC |
mediatek — wlan_driver
|
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06493873; Issue ID: ALPS06493899. |
2022-06-06 |
not yet calculated |
CVE-2022-21753
MISC |
mediatek — wlan_driver
|
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06535953; Issue ID: ALPS06535953. |
2022-06-06 |
not yet calculated |
CVE-2022-21754
MISC |
mediatek — wlan_driver
|
In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06545464; Issue ID: ALPS06545464. |
2022-06-06 |
not yet calculated |
CVE-2022-21755
MISC |
mediatek — wlan_driver
|
In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06535950; Issue ID: ALPS06535950. |
2022-06-06 |
not yet calculated |
CVE-2022-21756
MISC |
mediatek — wlan_driver
|
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06511132; Issue ID: ALPS06511132. |
2022-06-06 |
not yet calculated |
CVE-2022-21751
MISC |
mediatek –android
|
In power service, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419106; Issue ID: ALPS06419077. |
2022-06-06 |
not yet calculated |
CVE-2022-21759
MISC |
minio — minio
|
MinIO is a multi-cloud object storage solution. Starting with version RELEASE.2019-09-25T18-25-51Z and ending with version RELEASE.2022-06-02T02-11-04Z, MinIO is vulnerable to an unending go-routine buildup while keeping connections established due to HTTP clients not closing the connections. Public-facing MinIO deployments are most affected. Users should upgrade to RELEASE.2022-06-02T02-11-04Z to receive a patch. One possible workaround is to use a reverse proxy to limit the number of connections being attempted in front of MinIO, and actively rejecting connections from such malicious clients. |
2022-06-07 |
not yet calculated |
CVE-2022-31028
CONFIRM
MISC
MISC
MISC |
minmax — minmax
|
A vulnerability classified as critical has been found in MINMAX. This affects an unknown part of the file /newsDia.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. |
2022-06-07 |
not yet calculated |
CVE-2020-36535
MISC |
mitsubishi — multiple_products
|
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications. |
2022-06-08 |
not yet calculated |
CVE-2022-24296
MISC
MISC
MISC |
modzero — klapp_app
|
A vulnerability has been found in Klapp App and classified as problematic. This vulnerability affects unknown code of the component Authorization. The manipulation leads to information disclosure (Credentials). The attack can be initiated remotely. It is recommended to upgrade the affected app. |
2022-06-07 |
not yet calculated |
CVE-2020-36532
MISC
MISC |
modzero — klapp_app
|
A vulnerability was found in Klapp App and classified as problematic. This issue affects some unknown processing of the JSON Web Token Handler. The manipulation leads to weak authentication. The attack may be initiated remotely. |
2022-06-07 |
not yet calculated |
CVE-2020-36533
MISC
MISC |
monstaftp — monstaftp
|
MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function performFetchRequest at HTTPFetcher.php. |
2022-06-09 |
not yet calculated |
CVE-2022-31827
MISC |
monyog_ultimate — monyog_ultimate
|
A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This affects an unknown part of the component Cookie Handler. The manipulation of the argument HasServerEdit/IsAdmin leads to privilege escalation. It is possible to initiate the attack remotely. |
2022-06-09 |
not yet calculated |
CVE-2016-15002
MISC
MISC |
nbnbk_cms — nbnbk_cms
|
A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter. |
2022-06-09 |
not yet calculated |
CVE-2022-31386
MISC |
neorazorx — facturascripts
|
Cross-site Scripting (XSS) – Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1. |
2022-06-09 |
not yet calculated |
CVE-2022-2016
MISC
CONFIRM |
next_generation_of_genealogy_sitebuilding — next_generation_of_genealogy_sitebuilding
|
A vulnerability, which was classified as critical, has been found in The Next Generation of Genealogy Sitebuilding up to 11.1.0. This issue affects some unknown processing of the file /timeline2.php. The manipulation of the argument primaryID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.1.1 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-08 |
not yet calculated |
CVE-2017-20017
MISC |
nocodb — nocodb
|
Cross-site Scripting (XSS) – Stored in GitHub repository nocodb/nocodb prior to 0.91.7. |
2022-06-07 |
not yet calculated |
CVE-2022-2022
MISC
CONFIRM |
open_edx — open_edx
|
Open edX platform before 2022-06-06 allows XSS via the “next” parameter in the logout URL. |
2022-06-09 |
not yet calculated |
CVE-2022-32195
MISC
MISC |
opswat — metadefender_core
|
As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server. |
2022-06-08 |
not yet calculated |
CVE-2022-32273
MISC
MISC |
opswat — metadefender_core
|
OPSWAT MetaDefender Core (MDCore) before 5.1.2 has incorrect access control, resulting in privilege escalation. |
2022-06-09 |
not yet calculated |
CVE-2022-32272
MISC
MISC |
oracle — multiple_products
|
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). |
2022-06-09 |
not yet calculated |
CVE-2022-21499
MISC |
owncloud — core
|
ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer. |
2022-06-09 |
not yet calculated |
CVE-2022-31649
MISC
MISC |
partkeepr — partkeepr
|
A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the ‘name’ field in /api/part_categories. |
2022-06-08 |
not yet calculated |
CVE-2022-30899
MISC |
| phplist — phplist |
A vulnerability was found in PHPList 3.2.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Subscription. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-10 |
not yet calculated |
CVE-2017-20032
MISC
MISC |
phplist — phplist
|
A vulnerability, which was classified as problematic, was found in PHPList 3.2.6. Affected is an unknown function of the file /lists/admin/ of the component Bounce Rule. The manipulation leads to cross site scripting (Persistent). It is possible to launch the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-10 |
not yet calculated |
CVE-2017-20036
MISC
MISC |
phplist — phplist
|
A vulnerability was found in PHPList 3.2.6 and classified as critical. This issue affects some unknown processing of the file /lists/index.php of the component Edit Subscription. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-10 |
not yet calculated |
CVE-2017-20029
MISC
MISC |
phplist — phplist
|
A vulnerability was found in PHPList 3.2.6. It has been classified as critical. Affected is an unknown function of the file /lists/admin/ of the component Sending Campain. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-10 |
not yet calculated |
CVE-2017-20030
MISC
MISC |
phplist — phplist
|
A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting (Persistent). The attack may be initiated remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-10 |
not yet calculated |
CVE-2017-20035
MISC
MISC |
phplist — phplist
|
A vulnerability was found in PHPList 3.2.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument sortby with the input password leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-10 |
not yet calculated |
CVE-2017-20031
MISC
MISC |
phplist — phplist
|
A vulnerability classified as problematic has been found in PHPList 3.2.6. This affects an unknown part of the file /lists/admin/. The manipulation of the argument page with the input send'”;><script>alert(8)</script> leads to cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-10 |
not yet calculated |
CVE-2017-20033
MISC
MISC |
phplist — phplist
|
A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting (Persistent). The attack can be initiated remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-10 |
not yet calculated |
CVE-2017-20034
MISC
MISC |
pjsip — pjsip
|
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue. |
2022-06-09 |
not yet calculated |
CVE-2022-31031
MISC
CONFIRM |
platinum_mobile — platinum_mobile
|
A vulnerability, which was classified as critical, was found in Platinum Mobile 1.0.4.850. Affected is /MobileHandler.ashx which leads to broken access control. The attack requires authentication. Upgrading to version 1.0.4.851 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-07 |
not yet calculated |
CVE-2020-36528
MISC
MISC |
podman — podman
|
A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
2022-06-09 |
not yet calculated |
CVE-2019-25067
MISC
MISC |
publiccms — publiccms
|
PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java. |
2022-06-03 |
not yet calculated |
CVE-2022-29784
MISC
MISC |
pyil — pypl
|
The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2. |
2022-06-08 |
not yet calculated |
CVE-2022-30877
MISC
MISC
MISC |
pyil — pypl
|
pyanxdns package in PyPI version 0.2 is vulnerable to code execution backdoor. The impact is: execute arbitrary code (remote). When installing the pyanxdns package of version 0.2, the request package will be installed. |
2022-06-08 |
not yet calculated |
CVE-2022-30882
MISC
MISC
MISC |
pypl — pypl
|
api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor in the request package. |
2022-06-08 |
not yet calculated |
CVE-2022-31313
MISC
MISC
MISC |
razer — sila_gaming_router
|
A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request. |
2022-06-09 |
not yet calculated |
CVE-2022-29013
MISC
MISC
MISC |
razer — sila_gaming_router
|
A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files. |
2022-06-09 |
not yet calculated |
CVE-2022-29014
MISC
MISC
MISC |
realnetworks — real_player
|
In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname (for a DLL file) in a RAM file. |
2022-06-05 |
not yet calculated |
CVE-2022-32291
MISC |
realvnc — vnc_server
|
RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM. |
2022-06-10 |
not yet calculated |
CVE-2022-27502
MISC
MISC |
redhat — cri-o
|
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability. |
2022-06-07 |
not yet calculated |
CVE-2022-1708
MISC
MISC
MISC |
riverbed — appresponse
|
Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a (when configured to use local, RADIUS, or TACACS authentication) logs usernames and passwords if either is entered incorrectly. If a user enters an incorrect username and/or password when logging into the WebUI, these attempted credentials are included in an error message that is logged in the WebUI log file. A log entry does not appear if the username and password provided correctly match a valid set of credentials. This also does not happen if AppResponse is configured to use SAML authentication. The WebUI log file is included in subsequent diagnostic system dumps that are generated. (Only users with Full Control access to the System Configuration permission can generate system dumps. By default, only System Administrators have Full Control access to the System Configuration permission.) |
2022-06-03 |
not yet calculated |
CVE-2021-43271
MISC |
samsung_mobile — find_my_mobile
|
Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permissio to get sim card information through device log. |
2022-06-07 |
not yet calculated |
CVE-2022-30742
MISC |
samsung_mobile — find_my_mobile
|
Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log. |
2022-06-07 |
not yet calculated |
CVE-2022-30741
MISC |
samsung_mobile — internet
|
Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers. |
2022-06-07 |
not yet calculated |
CVE-2022-30740
MISC |
samsung_mobile — internet
|
Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script. |
2022-06-07 |
not yet calculated |
CVE-2022-30738
MISC |
samsung_mobile — kies
|
DLL hijacking vulnerability in KiesWrapper in Samsung Kies prior to version 2.6.4.22043_1 allows attacker to execute arbitrary code. |
2022-06-07 |
not yet calculated |
CVE-2022-30744
MISC |
samsung_mobile — members
|
Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity. |
2022-06-07 |
not yet calculated |
CVE-2022-30748
MISC |
samsung_mobile — my_files
|
Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application. |
2022-06-07 |
not yet calculated |
CVE-2022-30731
MISC |
samsung_mobile — pass
|
Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication. |
2022-06-07 |
not yet calculated |
CVE-2022-30730
MISC |
samsung_mobile — quick_share
|
Improper access control vulnerability in Quick Share prior to version 13.1.2.4 allows attacker to access internal files in Quick Share. |
2022-06-07 |
not yet calculated |
CVE-2022-30745
MISC |
samsung_mobile — smart_things
|
Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity. |
2022-06-07 |
not yet calculated |
CVE-2022-30749
MISC |
samsung_mobile — smart_things
|
PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent. |
2022-06-07 |
not yet calculated |
CVE-2022-30747
MISC |
samsung_mobile — smart_things
|
Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API. |
2022-06-07 |
not yet calculated |
CVE-2022-30746
MISC |
sap — sap_business_objects_business_intelligence_platform
|
BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active. |
2022-06-06 |
not yet calculated |
CVE-2020-6220
MISC
MISC |
| seeddms — seeddms |
The “Add category” functionality inside the “Global Keywords” menu in “SeedDMS” version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code. |
2022-06-06 |
not yet calculated |
CVE-2022-28051
MISC
MISC
MISC |
seeddms — seeddms
|
SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the “Role management” menu and then trigger the payload by loading the “Users management” menu |
2022-06-06 |
not yet calculated |
CVE-2022-28479
MISC
MISC |
seeddms — seeddms
|
SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The “Remove file” functionality inside the “Log files management” menu does not sanitize user input allowing attackers with admin privileges to delete arbitrary files on the remote system. |
2022-06-06 |
not yet calculated |
CVE-2022-28478
MISC
MISC |
semantic-release — semantic-release
|
semantic-release is an open source npm package for automated version management and package publishing. In affected versions secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that are excluded from uri encoding by `encodeURI`. Occurrence is further limited to execution contexts where push access to the related repository is not available without modifying the repository url to inject credentials. Users are advised to upgrade. Users unable to upgrade should ensure that secrets that do not contain characters that are excluded from encoding with `encodeURI` when included in a URL are already masked properly. |
2022-06-09 |
not yet calculated |
CVE-2022-31051
CONFIRM
MISC
MISC
MISC |
sevone — network_management_system
|
A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely. |
2022-06-07 |
not yet calculated |
CVE-2020-36529
MISC
MISC |
sevone — network_management_system
|
A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely. |
2022-06-07 |
not yet calculated |
CVE-2020-36531
MISC
MISC |
sevone — network_management_system
|
A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated remotely. |
2022-06-07 |
not yet calculated |
CVE-2020-36530
MISC
MISC |
| sialweb_cms — sialweb_cms |
A vulnerability has been found in SialWeb CMS and classified as problematic. This vulnerability affects unknown code of the component Search Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
2022-06-08 |
not yet calculated |
CVE-2020-36544
MISC
MISC |
sialweb_cms — sialweb_cms
|
A vulnerability, which was classified as critical, was found in SialWeb CMS. This affects an unknown part of the file /about.php. The manipulation of the argument Id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
2022-06-08 |
not yet calculated |
CVE-2020-36543
MISC
MISC |
sicunet — access_controller
|
A vulnerability has been found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument c leads to privilege escalation. The attack can be launched remotely. |
2022-06-11 |
not yet calculated |
CVE-2017-20037
N/A
N/A |
sicunet — access_controller
|
A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this issue is some unknown functionality of the file card_scan_decoder.php. The manipulation of the argument No/door leads to privilege escalation. The attack may be launched remotely. |
2022-06-11 |
not yet calculated |
CVE-2017-20038
N/A
N/A |
sicunet — access_controller
|
A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been classified as very critical. This affects an unknown part. The manipulation leads to weak authentication. It is possible to initiate the attack remotely. |
2022-06-11 |
not yet calculated |
CVE-2017-20039
N/A
N/A |
sicunet — access_controller
|
A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been declared as problematic. This vulnerability affects unknown code of the component Password Storage. The manipulation leads to weak encryption. Attacking locally is a requirement. |
2022-06-11 |
not yet calculated |
CVE-2017-20040
N/A
N/A |
silver_stripe — silverstripe-ominpay
|
silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as completed without payment being taken. This is mitigated by the fact that most payment gateways hide this information from users, however some issuing banks offer flawed 3DSecure implementations that may inadvertently expose this data. The following versions have been patched to fix this issue: `2.5.2`, `3.0.2`, `3.1.4`, and `3.2.1`. There are no known workarounds for this vulnerability. |
2022-06-09 |
not yet calculated |
CVE-2022-29254
MISC
CONFIRM |
| snyk — jpeg-js |
The package jpeg-js before 0.4.4 are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return. |
2022-06-10 |
not yet calculated |
CVE-2022-25851
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM |
snyk — posix
|
This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with type-check. |
2022-06-10 |
not yet calculated |
CVE-2022-21211
CONFIRM |
snyk — metacalc
|
The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript’s Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript’s Function constructor. |
2022-06-08 |
not yet calculated |
CVE-2022-21122
MISC
MISC
MISC |
| solare_datensysteme — solar-log |
A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-09 |
not yet calculated |
CVE-2017-20020
MISC
MISC |
solare_datensysteme — solar-log
|
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-09 |
not yet calculated |
CVE-2017-20024
MISC
MISC |
solare_datensysteme — solar-log
|
A vulnerability classified as problematic was found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this vulnerability is an unknown functionality of the component Config Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-09 |
not yet calculated |
CVE-2017-20019
MISC
MISC |
solare_datensysteme — solar-log
|
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privilege escalation. The attack may be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-09 |
not yet calculated |
CVE-2017-20023
MISC
MISC |
solare_datensysteme — solar-log
|
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipulation leads to privilege escalation. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-09 |
not yet calculated |
CVE-2017-20025
MISC
MISC |
solare_datensysteme — solar-log
|
A vulnerability has been found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-09 |
not yet calculated |
CVE-2017-20022
MISC
MISC |
solare_datensysteme — solar-log
|
A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-09 |
not yet calculated |
CVE-2017-20021
MISC
MISC |
sonicwall — ssl-vpn_sma100
|
Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack. |
2022-06-08 |
not yet calculated |
CVE-2022-1703
CONFIRM |
sourcecodester — money_transfer_management_system
|
A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1.0, which allows a remote malicious user to gain elevated privileges to the Admin role via any URL. |
2022-06-10 |
not yet calculated |
CVE-2021-44582
MISC
MISC |
sourcecodester — prison_management_system
|
A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Affected is an unknown function of the file /admin/?page=inmates/view_inmate of the component Inmate Handler. The manipulation of the argument id with the input 1%27%20and%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,0,database(),2,3,4,5,6,7,8,9,0,1,2,3,4–+ leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
2022-06-09 |
not yet calculated |
CVE-2022-2018
MISC
MISC |
sourcecodester — prison_management_system
|
A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php?f=save of the component New User Creation. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
2022-06-09 |
not yet calculated |
CVE-2022-2019
MISC
MISC |
sourcecodester — prison_management_system
|
A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input <img src=”” onerror=”alert(1)”> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
2022-06-09 |
not yet calculated |
CVE-2022-2020
MISC
MISC |
sourcecodester — prison_management_system
|
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pms/admin/visits/view_visit.php of the component Visit Handler. The manipulation of the argument id with the input 2%27and%201=2%20union%20select%201,2,3,4,5,6,7,user(),database()–+ leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
2022-06-09 |
not yet calculated |
CVE-2022-2017
MISC
MISC |
sourcecodester — siple_task_scheduling_system
|
A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable “id” parameter. |
2022-06-06 |
not yet calculated |
CVE-2022-30927
MISC
MISC
MISC |
sricam — ip_cctv_camera
|
A vulnerability was found in Sricam IP CCTV Camera and classified as critical. This issue affects some unknown processing of the component Device Viewer. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. |
2022-06-08 |
not yet calculated |
CVE-2019-25062
MISC
MISC |
sricam — ip_cctv_camera
|
A vulnerability was found in Sricam IP CCTV Camera. It has been classified as critical. Affected is an unknown function of the component Device Viewer. The manipulation leads to memory corruption. Local access is required to approach this attack. |
2022-06-08 |
not yet calculated |
CVE-2019-25063
MISC |
stackoverflow — jmespath.rb
|
jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable. |
2022-06-06 |
not yet calculated |
CVE-2022-32511
MISC
MISC
MISC |
tenable — scorm_engive
|
A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim’s browser. |
2022-06-09 |
not yet calculated |
CVE-2022-2035
MISC |
thales_group — safenet_keysecure
|
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in SafeNet KeySecure allows an authenticated user to read arbitrary files from the underlying system on which the product is deployed. |
2022-06-10 |
not yet calculated |
CVE-2021-42811
MISC |
thedaylightstudio — fuel_cms
|
A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4. |
2022-06-10 |
not yet calculated |
CVE-2021-44117
MISC
MISC |
| tigera — multiple_products |
Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod. |
2022-06-06 |
not yet calculated |
CVE-2022-28224
MISC |
toaruos — toaruos
|
ToaruOS 1.99.2 is affected by incorrect access control via the kernel. Improper MMU management and having a low GDT address allows it to be mapped in userland. A call gate can then be written to escalate to CPL 0. |
2022-06-08 |
not yet calculated |
CVE-2021-36710
MISC |
tooljet — tooljet
|
Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0. |
2022-06-09 |
not yet calculated |
CVE-2022-2037
MISC
CONFIRM |
totolink –ex1200t
|
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization. |
2022-06-03 |
not yet calculated |
CVE-2021-42891
MISC |
totolink –ex1200t
|
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg. |
2022-06-03 |
not yet calculated |
CVE-2021-42893
MISC |
totolink –ex1200t
|
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware. |
2022-06-03 |
not yet calculated |
CVE-2021-42892
MISC |
tp-linnk — router_ax50
|
In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation. |
2022-06-09 |
not yet calculated |
CVE-2022-30075
MISC
MISC
MISC |
trend_micro — security_2021_and_2022
|
Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected machine. |
2022-06-09 |
not yet calculated |
CVE-2022-30702
MISC
MISC |
trend_micro — security_2021_and_2022
|
Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for privilege escalation. |
2022-06-09 |
not yet calculated |
CVE-2022-30703
MISC
MISC |
trilogy – trilogy
|
Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers. |
2022-06-09 |
not yet calculated |
CVE-2022-31026
CONFIRM
MISC |
tuleap — tuleap
|
Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this vulnerability to retrieve the name of a tracker they cannot access as well as the name of the fields used in reports. |
2022-06-09 |
not yet calculated |
CVE-2022-24896
MISC
CONFIRM
MISC
MISC |
u-boot — u-boot
|
Das U-Boot 2022.01 has a Buffer Overflow. |
2022-06-08 |
not yet calculated |
CVE-2022-30552
MISC
MISC |
uboot — uboot
|
Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552. |
2022-06-08 |
not yet calculated |
CVE-2022-30790
MISC
MISC |
vapor — vapor
|
Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: `curl -d “array[_0][0][array][_0][0][array]$(for f in $(seq 1100); do echo -n ‘[_0][0][array]’; done)[string][_0]=hello%20world” http://localhost:8080/foo`. The issue is unbounded, attacker controlled stack growth which will at some point lead to a stack overflow and a process crash. This issue has been fixed in version 4.61.1. |
2022-06-09 |
not yet calculated |
CVE-2022-31019
CONFIRM
MISC |
verbatim — multiple_products
|
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they can be unlocked by an attacker who can then gain unauthorized access to the stored data. The attacker can simply use an undocumented IOCTL command that retrieves the correct password. This affects Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 and Fingerprint Secure Portable Hard Drive Part Number #53650. |
2022-06-08 |
not yet calculated |
CVE-2022-28387
MISC
MISC
FULLDISC
FULLDISC |
verbatim — multiple_products
|
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode (Electronic Codebook, aka ECB), an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB mode. This operation mode of block ciphers (e.g., AES) always encrypts identical plaintext data, in this case blocks of 16 bytes, to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion, within ECB, can leak sensitive information even in encrypted data. Thus, the use of the ECB operation mode can put the confidentiality of specific information at risk, even in an encrypted form. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store ‘n’ Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650. |
2022-06-08 |
not yet calculated |
CVE-2022-28382
MISC
MISC
MISC
MISC
FULLDISC
FULLDISC
FULLDISC
FULLDISC |
verbatim — multiple_products
|
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to insufficient firmware validation, an attacker can store malicious firmware code for the USB-to-SATA bridge controller on the USB drive (e.g., by leveraging physical access during the supply chain). This code is then executed. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store ‘n’ Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650. |
2022-06-08 |
not yet calculated |
CVE-2022-28383
MISC
MISC
MISC
MISC
FULLDISC
FULLDISC
FULLDISC
FULLDISC |
verbatim — multiple_products
|
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they allow an offline brute-force attack for determining the correct passcode, and thus gaining unauthorized access to the stored encrypted data. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store ‘n’ Go Secure Portable HDD GD25LK01-3637-C VER4.0. |
2022-06-08 |
not yet calculated |
CVE-2022-28384
MISC
MISC
FULLDISC
FULLDISC |
verbatim — multiple_products
|
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to missing integrity checks, an attacker can manipulate the content of the emulated CD-ROM drive (containing the Windows and macOS client software). The content of this emulated CD-ROM drive is stored as an ISO-9660 image in the hidden sectors of the USB drive, that can only be accessed using special IOCTL commands, or when installing the drive in an external disk enclosure. By manipulating this ISO-9660 image or replacing it with another one, an attacker is able to store malicious software on the emulated CD-ROM drive. This software may get executed by an unsuspecting victim when using the device. For example, an attacker with temporary physical access during the supply chain could program a modified ISO-9660 image on a device that always accepts an attacker-controlled password for unlocking the device. If the attacker later on gains access to the used USB drive, he can simply decrypt all contained user data. Storing arbitrary other malicious software is also possible. This affects Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 and Fingerprint Secure Portable Hard Drive Part Number #53650. |
2022-06-08 |
not yet calculated |
CVE-2022-28385
MISC
MISC
FULLDISC
FULLDISC |
verbatim — multiple_products
|
An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout (e.g., requiring a reformat of the drive after 20 failed unlock attempts) does not work as specified. More than 20 attempts may be made. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store ‘n’ Go Secure Portable HDD GD25LK01-3637-C VER4.0. |
2022-06-08 |
not yet calculated |
CVE-2022-28386
MISC
MISC
FULLDISC
FULLDISC |
vim — vim
|
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. |
2022-06-09 |
not yet calculated |
CVE-2022-2000
CONFIRM
MISC |
vim — vim
|
Use After Free in GitHub repository vim/vim prior to 8.2. |
2022-06-10 |
not yet calculated |
CVE-2022-2042
CONFIRM
MISC |
virtua_software — cobranca
|
Virtua Cobranca before 12R allows SQL Injection on the login page. |
2022-06-07 |
not yet calculated |
CVE-2021-37589
MISC
MISC |
vyperlang — vyper
|
Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address (including side effects) could be evaluated twice. This may result in incorrect outcomes for contracts. This issue has been addressed in v0.3.4. |
2022-06-09 |
not yet calculated |
CVE-2022-29255
CONFIRM
MISC |
| watchguard — multiple_products |
WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to delete arbitrary files from a limited set of directories on the system. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. |
2022-06-07 |
not yet calculated |
CVE-2022-25361
MISC
MISC |
wolfcms — wolfcms
|
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS up to 0.8.3.1. It has been rated as problematic. This issue affects some unknown processing of the file /wolfcms/?/admin/user/add of the component User Add. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
2022-06-09 |
not yet calculated |
CVE-2019-25070
MISC
MISC |
wolterskulwer — teammate+_audit
|
A blind SQL injection vulnerability in search form in TeamMate+ Audit version 28.0.19.0 allows any authenticated user to create malicious SQL injections, which can result in complete database compromise, gaining information about other users, unauthorized access to audit data etc. |
2022-06-06 |
not yet calculated |
CVE-2021-41932
MISC |
wordpress — amtythumb_wordpress_plugin
|
The amtyThumb WordPress plugin through 4.2.0 does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user (and not just Author+ like the original advisory mention) due to the fact that they can execute shortcodes via an AJAX action |
2022-06-08 |
not yet calculated |
CVE-2022-1683
MISC
MISC |
wordpress — cp_image_store_with_slideshow_wordpress_plugin
|
The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack |
2022-06-08 |
not yet calculated |
CVE-2022-1692
MISC
MISC |
wordpress — cube_slider_wordpress_plugin
|
The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users such as admin |
2022-06-08 |
not yet calculated |
CVE-2022-1684
MISC
MISC |
wordpress — database_backup_for_wordpress_plugin
|
The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails to themselves, which contain more details. Or disable the automatic backup schedule |
2022-06-08 |
not yet calculated |
CVE-2022-1577
MISC |
wordpress — fibosearch_wordpress_plugin
|
The FiboSearch WordPress plugin before 1.17.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed |
2022-06-08 |
not yet calculated |
CVE-2022-1469
MISC |
wordpress — files_download_delay_wordpress_plugin
|
The Files Download Delay WordPress plugin before 1.0.7 does not have authorisation and CSRF checks when reseting its settings, which could allow any authenticated users, such as subscriber to perform such action. |
2022-06-08 |
not yet calculated |
CVE-2022-1570
MISC |
wordpress — five_minute_webshop_wordpress_plugin
|
The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection |
2022-06-08 |
not yet calculated |
CVE-2022-1686
MISC
MISC |
wordpress — five_minute_webshop_wordpress_plugin
|
The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection |
2022-06-08 |
not yet calculated |
CVE-2022-1685
MISC
MISC |
wordpress — formcraft_wordpress_plugin
|
The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. |
2022-06-08 |
not yet calculated |
CVE-2022-1647
MISC |
wordpress — livesync_for_wordpress_plugin
|
The LiveSync for WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
2022-06-08 |
not yet calculated |
CVE-2022-1712
MISC |
wordpress — logo_slider_wordpress_plugin
|
The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection |
2022-06-08 |
not yet calculated |
CVE-2022-1687
MISC
MISC |
wordpress — multiple_plugins
|
The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed |
2022-06-08 |
not yet calculated |
CVE-2022-1569
MISC |
wordpress — note_press_wordpress_plugin
|
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection |
2022-06-08 |
not yet calculated |
CVE-2022-1690
MISC
MISC |
wordpress — note_press_wordpress_plugin
|
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection |
2022-06-08 |
not yet calculated |
CVE-2022-1689
MISC
MISC |
wordpress — note_press_wordpress_plugin
|
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections |
2022-06-08 |
not yet calculated |
CVE-2022-1688
MISC
MISC |
wordpress — photo_gallery_by_10wev_wordpress_plugin
|
The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed |
2022-06-08 |
not yet calculated |
CVE-2022-1394
MISC |
wordpress — realty_workstation_wordpress_plugin
|
The Realty Workstation WordPress plugin through 1.0.6 does not sanitise and escape the trans_edit parameter before using it in a SQL statement when an agent edit a transaction, leading to an SQL injection |
2022-06-08 |
not yet calculated |
CVE-2022-1691
MISC
MISC |
wordpress — throws_spam_away_wordpress_plugin
|
The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF checks in place when deleting comments (either all, spam, or pending), allowing attackers to make a logged in admin delete comments via a CSRF attack |
2022-06-08 |
not yet calculated |
CVE-2022-1709
MISC |
wordpress — user_meta_wordpress_plugin
|
The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads |
2022-06-08 |
not yet calculated |
CVE-2022-0779
MISC |
wordpress — video_slider_wordpress_plugin
|
The Video Slider WordPress plugin before 1.4.8 does not sanitize or escape some of its video settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed |
2022-06-08 |
not yet calculated |
CVE-2022-1541
MISC |
wordpress — woocommerce_green_wallet_gateway_wordpress_plugin
|
The WooCommerce Green Wallet Gateway WordPress plugin before 1.0.2 does not escape the error_envision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting vulnerability. |
2022-06-08 |
not yet calculated |
CVE-2022-1673
MISC |
wordpress — wp_born_babies_wordpress_plugin
|
The WP Born Babies WordPress plugin through 1.0 does not sanitise and escape some of its fields, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks |
2022-06-08 |
not yet calculated |
CVE-2022-1506
MISC |
wordpress — wp_fundraising_donation_and_crowdfunding_platform_wordpress_plugin
|
The WP Fundraising Donation and Crowdfunding Platform WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via one of it’s REST route, leading to an SQL injection exploitable by unauthenticated users |
2022-06-08 |
not yet calculated |
CVE-2022-0788
MISC |
wordpress — wp_siple_adsense_insertion_wordpress_plugin
|
The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form. |
2022-06-08 |
not yet calculated |
CVE-2022-1695
MISC |
wordpress — wp_statistics_wordpress_plugin
|
The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters |
2022-06-08 |
not yet calculated |
CVE-2022-1005
MISC |
wordpress — wpqa_builder_wordpress_plugin
|
The WPQA Builder WordPress plugin before 5.4 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site. |
2022-06-08 |
not yet calculated |
CVE-2022-1598
MISC |
wordpress — wpqa_builder_wordpress_plugin
|
The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks |
2022-06-08 |
not yet calculated |
CVE-2022-1597
MISC |
wpscan — ask_me_wordpress_theme
|
The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site. |
2022-06-08 |
not yet calculated |
CVE-2022-1424
MISC |
wpscan — ask_me_wordpress_theme
|
The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues |
2022-06-08 |
not yet calculated |
CVE-2022-1241
MISC |
wpscan — discy_wordpress_theme
|
The Discy WordPress theme before 5.2 does not check for CSRF tokens in the AJAX action discy_reset_options, allowing an attacker to trick an admin into resetting the site settings back to defaults. |
2022-06-08 |
not yet calculated |
CVE-2022-1422
MISC |
wpscan — discy_wordpress_theme
|
The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary ‘s settings including payment methods via a CSRF attack |
2022-06-08 |
not yet calculated |
CVE-2022-1421
MISC |
xampp — xampp
|
A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component Installer. The manipulation leads to privilege escalation. It is possible to launch the attack remotely. |
2022-06-09 |
not yet calculated |
CVE-2017-20018
MISC
MISC |
xen_project — xen
|
x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen’s safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited. |
2022-06-09 |
not yet calculated |
CVE-2022-26362
MLIST
MISC
CONFIRM |
xen_project — xen
|
x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen’s safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen’s safety logic doesn’t account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen’s safety logic can incorrectly conclude that the contents of a page is safe. |
2022-06-09 |
not yet calculated |
CVE-2022-26364
MISC
MLIST
CONFIRM |
xen_project — xen
|
x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen’s safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen’s safety logic doesn’t account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen’s safety logic can incorrectly conclude that the contents of a page is safe. |
2022-06-09 |
not yet calculated |
CVE-2022-26363
MISC
MLIST
CONFIRM |
xiaomi — xiaomi
|
A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by out-of-bound read/write and can be exploited by attackers to make denial of service. |
2022-06-08 |
not yet calculated |
CVE-2020-14125
MISC |
xxl-job — xxl-job
|
XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo. |
2022-06-03 |
not yet calculated |
CVE-2022-29770
MISC |
zangband — zangband-data
|
ZAngband zangband-data 2.7.5 is affected by an integer underflow vulnerability in src/tk/plat.c through the variable fileheader.bfOffBits. |
2022-06-08 |
not yet calculated |
CVE-2021-40589
MISC |
zeroshell — zeroshell
|
ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands. |
2022-06-11 |
not yet calculated |
CVE-2021-41738
MISC |
zte — mf297d
|
ZTE’s MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack. |
2022-06-09 |
not yet calculated |
CVE-2022-23138
MISC |
zyxel — gs1200
|
An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack. |
2022-06-09 |
not yet calculated |
CVE-2022-0823
CONFIRM |
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments