This article is contributed. See the original author and article here.
0day.today — opennetadmin |
A vulnerability was found in OpenNetAdmin 18.1.1. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
2022-06-09 |
not yet calculated |
CVE-2019-25065 MISC MISC |
ajenti — ajenti |
A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.32 is able to address this issue. The name of the patch is 7aa146b724e0e20cfee2c71ca78fafbf53a8767c. It is recommended to upgrade the affected component. |
2022-06-09 |
not yet calculated |
CVE-2019-25066 MISC MISC MISC |
aleksis — aleksis-core |
An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set. |
2022-06-03 |
not yet calculated |
CVE-2022-29773 MISC MISC |
alibaba — fastjson |
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode). |
2022-06-10 |
not yet calculated |
CVE-2022-25845 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
apache — dubbo |
bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability. |
2022-06-09 |
not yet calculated |
CVE-2022-24969 MISC |
apache — http_server |
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. |
2022-06-09 |
not yet calculated |
CVE-2022-30556 MLIST MISC |
apache — http_server |
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. |
2022-06-09 |
not yet calculated |
CVE-2022-29404 MLIST MISC |
apache — http_server |
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. |
2022-06-09 |
not yet calculated |
CVE-2022-30522 MISC MLIST |
apache — http_server |
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. |
2022-06-09 |
not yet calculated |
CVE-2022-31813 MISC MLIST |
apache — http_server |
Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module. |
2022-06-09 |
not yet calculated |
CVE-2022-28330 MLIST MISC |
apache — http_server |
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. |
2022-06-09 |
not yet calculated |
CVE-2022-28614 MLIST MISC |
apache — http_server |
Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’) vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions. |
2022-06-09 |
not yet calculated |
CVE-2022-26377 MLIST MISC |
apache — http_server |
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. |
2022-06-09 |
not yet calculated |
CVE-2022-28615 MISC MLIST |
atlassian — multiple_server |
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1. |
2022-06-03 |
not yet calculated |
CVE-2022-26134 MISC MISC MISC MISC MISC |
avantune — genialcloud_proj |
A reflected cross-site scripting (XSS) vulnerability in the login portal of Avantune Genialcloud ProJ – 10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
2022-06-06 |
not yet calculated |
CVE-2022-29296 MISC MISC |
axigen — mobile_webmail |
An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content. |
2022-06-07 |
not yet calculated |
CVE-2022-31470 MISC MISC |
axiomatic_systems — bento4 |
An issue was discovered in Bento4 1.2. The allocator is out of memory in /Source/C++/Core/Ap4Array.h. |
2022-06-10 |
not yet calculated |
CVE-2022-31285 MISC |
axiomatic_systems — bento4 |
An issue was discovered in Bento4 v1.2. There is an allocation size request error in /Ap4RtpAtom.cpp. |
2022-06-10 |
not yet calculated |
CVE-2022-31287 MISC |
axiomatic_systems — bento4_mp4dump |
Bento4 MP4Dump v1.2 was discovered to contain a segmentation violation via an unknown address at /Source/C++/Core/Ap4DataBuffer.cpp:175. |
2022-06-10 |
not yet calculated |
CVE-2022-31282 MISC |
axios_italia — axios_re |
A vulnerability classified as critical was found in Axios Italia Axios RE 1.7.0/7.0.0. This vulnerability affects unknown code of the file REDefault.aspx of the component Connection Handler. The manipulation of the argument DBIDX leads to privilege escalation. The attack can be initiated remotely. |
2022-06-09 |
not yet calculated |
CVE-2019-25068 MISC |
axios_italia — axios_re |
A vulnerability, which was classified as problematic, has been found in Axios Italia Axios RE 1.7.0/7.0.0. This issue affects some unknown processing of the component Error Message Handler. The manipulation leads to information disclosure (ASP.NET). The attack may be initiated remotely. |
2022-06-09 |
not yet calculated |
CVE-2019-25069 MISC MISC |
bbge — netwave_ip |
There is a memory dump vulnerability on Netwave IP camera devices at //proc/kcore that allows an unauthenticated attacker to exfiltrate sensitive information from the network configuration (e.g., username and password). |
2022-06-10 |
not yet calculated |
CVE-2018-17240 MISC MISC MISC |
brandbugle — brandbugle |
A vulnerability was found in Brandbugle. It has been rated as critical. Affected by this issue is some unknown functionality of the file /main.php. The manipulation leads to sql injection. The attack may be launched remotely. |
2022-06-07 |
not yet calculated |
CVE-2020-36536 MISC |
caphyon_ltd — advanced_installer |
Caphyon Ltd Advanced Installer 19.2 was discovered to contain a remote code execution (RCE) vulnerability via the Update Check function. |
2022-06-06 |
not yet calculated |
CVE-2022-27438 MISC MISC MISC |
carrier — multiple_products |
An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The attacker needs to have a properly signed and encrypted binary, loading the firmware to the device ultimately triggers a reboot. |
2022-06-06 |
not yet calculated |
CVE-2022-31480 MISC |
carrier — multiple_products |
An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. The injected commands only get executed during start up or when unsafe calls regarding the hostname are used. This allows the attacker to gain remote access to the device and can make their persistence permanent by modifying the filesystem. |
2022-06-06 |
not yet calculated |
CVE-2022-31479 MISC |
carrier — multiple_products |
An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.271. This allows a malicious actor to overwrite sensitive system files and install a startup service to gain remote access to the underlaying Linux operating system with root privileges. |
2022-06-06 |
not yet calculated |
CVE-2022-31483 MISC |
carrier — multiple_products |
An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The overflowed data can allow the attacker to manipulate the “normal” code execution to that of their choosing. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. |
2022-06-06 |
not yet calculated |
CVE-2022-31481 MISC |
carrier — multiple_products |
An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of this vulnerability is that an unauthenticated attacker could restrict access to the web interface to legitimate users and potentially requiring them to use the default user dip switch procedure to gain access back. |
2022-06-06 |
not yet calculated |
CVE-2022-31484 MISC |
carrier — multiple_products |
An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303 for the LP series and 1.297 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. |
2022-06-06 |
not yet calculated |
CVE-2022-31486 MISC |
carrier — multiple_products |
An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. |
2022-06-06 |
not yet calculated |
CVE-2022-31485 MISC |
carrier — multiple_products |
An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless. |
2022-06-06 |
not yet calculated |
CVE-2022-31482 MISC |
chshcms — cscms |
A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator’s username and password. |
2022-06-09 |
not yet calculated |
CVE-2022-30898 MISC |
churchcrm — churchcrm |
There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the ‘PersonID’ field in /churchcrm/WhyCameEditor.php. |
2022-06-08 |
not yet calculated |
CVE-2022-31325 MISC |
cla-assistant — cla-assistant |
Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application. |
2022-06-06 |
not yet calculated |
CVE-2022-29617 MISC |
cms_made_simple — cms_made_siple |
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the ‘. |
2022-06-09 |
not yet calculated |
CVE-2021-40961 MISC MISC MISC |
containerd — containerd |
containerd is an open source container runtime. A bug was found in the containerd’s CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd’s CRI implementation; `ExecSync` may be used when running probes or when executing processes via an “exec” facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used. |
2022-06-09 |
not yet calculated |
CVE-2022-31030 CONFIRM MLIST MISC |
convert-svg-core — convert-svg-core |
The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file. |
2022-06-10 |
not yet calculated |
CVE-2022-24429 CONFIRM CONFIRM CONFIRM |
convert-svg-core — convert-svg-core |
The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file. |
2022-06-10 |
not yet calculated |
CVE-2022-24278 CONFIRM CONFIRM CONFIRM CONFIRM |
cookiecutter — cookiecutter |
The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection. |
2022-06-08 |
not yet calculated |
CVE-2022-24065 MISC MISC MISC |
corehr — core_portal |
A vulnerability was found in CoreHR Core Portal up to 27.0.7. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. Upgrading to version 27.0.8 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-09 |
not yet calculated |
CVE-2019-25064 MISC |
couchbase — sync_gateway |
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, the admin credentials provided to the Admin REST API are ignored, resulting in privilege escalation for unauthenticated users. The Public REST API is not impacted by this issue. A workaround is to replace X.509 certificate based authentication with Username and Password authentication inside the bootstrap configuration. |
2022-06-10 |
not yet calculated |
CVE-2022-32563 MISC MISC |
cyberthoth — fast_food_order_system |
A vulnerability classified as problematic has been found in Fast Food Ordering System 1.0. Affected is the file Master.php of the Master List. The manipulation of the argument Description with the input foo “><img src=”” onerror=”alert(document.cookie)”> leads to cross site scripting. It is possible to launch the attack remotely but it requires authentication. Exploit details have been disclosed to the public. |
2022-06-07 |
not yet calculated |
CVE-2022-1991 MISC MISC |
d-link — dir-890L |
** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter ‘descriptor’ at SetVirtualServerSettings.php. |
2022-06-03 |
not yet calculated |
CVE-2022-29778 MISC MISC |
dell — supportassist_client_consumer |
Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system. |
2022-06-10 |
not yet calculated |
CVE-2022-29092 CONFIRM |
dell — supportassist_client_consumer |
Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system. |
2022-06-10 |
not yet calculated |
CVE-2022-29095 CONFIRM |
dell — supportassist_client_consumer |
Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files on the system. |
2022-06-10 |
not yet calculated |
CVE-2022-29094 CONFIRM |
dell — supportassist_client_consumer |
Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system. |
2022-06-10 |
not yet calculated |
CVE-2022-29093 CONFIRM |
discourse — discourse |
Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the `stable` branch and 2.9.0beta5 on the `beta` and `tests-passed` branches, inviting users on sites that use single sign-on could bypass the `must_approve_users` check and invites by staff are always approved automatically. The issue is patched in Discourse version 2.8.4 on the `stable` branch and version `2.9.0.beta5` on the `beta` and `tests-passed` branches. As a workaround, disable invites or increase `min_trust_level_to_allow_invite` to reduce the attack surface to more trusted users. |
2022-06-07 |
not yet calculated |
CVE-2022-31025 CONFIRM MISC MISC MISC MISC |
django-s3file — django-s3file |
django-s3file is a lightweight file upload input for Django and Amazon S3 . In versions prior to 5.5.1 it was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. If the `AWS_LOCATION` setting was set, traversal was limited to that location only. The issue was discovered by the maintainer. There were no reports of the vulnerability being known to or exploited by a third party, prior to the release of the patch. The vulnerability has been fixed in version 5.5.1 and above. There is no feasible workaround. We must urge all users to immediately updated to a patched version. |
2022-06-09 |
not yet calculated |
CVE-2022-24840 MISC CONFIRM |
dolibarr — dolibarr |
Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page. |
2022-06-08 |
not yet calculated |
CVE-2022-30875 MISC MISC |
drupal — saml_sp_2.0_single_sign_on_-_saml_service_provide |
Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Single Sign On (SSO) – SAML Service Provider in certain non-default configurations allow a malicious user to login as any chosen user. The vulnerability is mitigated by the module’s default settings which require the options “Either sign SAML assertions” and “x509 certificate”. This issue affects: Drupal SAML SP 2.0 Single Sign On (SSO) – SAML Service Provider 8.x version 8.x-2.24 and prior versions; 7.x version 7.x-2.57 and prior versions. |
2022-06-03 |
not yet calculated |
CVE-2022-26493 CONFIRM |
dynamicmarkt — dynamicmarkt |
dynamicMarkt <= 3.10 is affected by SQL injection in the parent parameter of index.php. |
2022-06-10 |
not yet calculated |
CVE-2021-41754 MISC MISC |
dynamicmarkt — dynamicmarkt |
dynamicMarkt <= 3.10 is affected by SQL injection in the kat parameter of index.php. |
2022-06-10 |
not yet calculated |
CVE-2021-41756 MISC MISC |
dynamicmarkt — dynamicmarkt |
dynamicMarkt <= 3.10 is affected by SQL injection in the kat1 parameter of index.php. |
2022-06-10 |
not yet calculated |
CVE-2021-41755 MISC MISC |
easyii_cms — easyii_cms |
A vulnerability was found in easyii CMS. It has been classified as problematic. Affected is an unknown function of the file /admin/sign/out. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
2022-06-07 |
not yet calculated |
CVE-2020-36534 MISC MISC |
eatan_cms — eatan_cms |
A vulnerability was found in Eatan CMS. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The attack can be launched remotely. |
2022-06-07 |
not yet calculated |
CVE-2020-36538 MISC |
elastic — elasticsearch |
A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request. |
2022-06-06 |
not yet calculated |
CVE-2022-23712 MISC MISC |
emicklei — go-restful |
Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0. |
2022-06-08 |
not yet calculated |
CVE-2022-1996 CONFIRM MISC |
emlog_pro — emlog_pro |
Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background management. |
2022-06-09 |
not yet calculated |
CVE-2021-40610 MISC |
envoy_proxy — envoy |
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an intermediate buffer before overwriting the body in the decode/encodeBody. This may allow an attacker to zip bomb the decompressor by sending a small highly compressed payload. Maliciously constructed zip files may exhaust system memory and cause a denial of service. Users are advised to upgrade. Users unable to upgrade may consider disabling decompression. |
2022-06-09 |
not yet calculated |
CVE-2022-29225 CONFIRM MISC |
envoy_proxy — envoy |
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions. continueDecoding() shouldn’t ever be called from filters after a local reply has been sent. Users are advised to upgrade. There are no known workarounds for this issue. |
2022-06-09 |
not yet calculated |
CVE-2022-29228 CONFIRM MISC |
envoy_proxy — envoy |
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mechanism for validating access tokens, so by design when the HMAC signed cookie is missing a full authentication flow should be triggered. However, the current implementation assumes that access tokens are always validated thus allowing access in the presence of any access token attached to the request. Users are advised to upgrade. There is no known workaround for this issue. |
2022-06-09 |
not yet calculated |
CVE-2022-29226 MISC CONFIRM |
envoy_proxy — envoy |
Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the request Envoy sends a local reply when the redirect headers are processed, the downstream state indicates that the downstream stream is not complete. On sending the local reply, Envoy will attempt to reset the upstream stream, but as it is actually complete, and deleted, this result in a use-after-free. Users are advised to upgrade. Users unable to upgrade are advised to disable internal redirects if crashes are observed. |
2022-06-09 |
not yet calculated |
CVE-2022-29227 CONFIRM MISC |
envoy_proxy — envoy |
Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold� (prevent removal) upstream hosts obtained via service discovery until configured active health checking fails. If an attacker controls an upstream host and also controls service discovery of that host (via DNS, the EDS API, etc.), an attacker can crash Envoy by forcing removal of the host from service discovery, and then failing the gRPC health check request. This will crash Envoy via a null pointer dereference. Users are advised to upgrade to resolve this vulnerability. Users unable to upgrade may disable gRPC health checking and/or replace it with a different health checking type as a mitigation. |
2022-06-09 |
not yet calculated |
CVE-2022-29224 CONFIRM MISC |
everywhere_cms — everywhere_cms |
A vulnerability was found in Everywhere CMS. It has been classified as critical. Affected is an unknown function. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. |
2022-06-07 |
not yet calculated |
CVE-2020-36537 MISC |
fex-team — kity_minder |
Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the init function at ImageCapture.class.php. |
2022-06-09 |
not yet calculated |
CVE-2022-31830 MISC |
filerun — afian_filerun |
In Afian Filerun 20220202, lack of sanitization of the POST parameter “metadata[]” in `/?module=fileman§ion=get&page=grid` leads to SQL injection. |
2022-06-06 |
not yet calculated |
CVE-2022-30469 MISC MISC |
filezilla — filezilla |
** DISPUTED ** FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via a memory dump.- NOTE: the vendor does not consider this a vulnerability. |
2022-06-07 |
not yet calculated |
CVE-2022-29620 MISC MISC MISC |
firejail — firejail |
A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker’s control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo. |
2022-06-09 |
not yet calculated |
CVE-2022-31214 MISC MISC |
flatcore — flatcore-cms |
FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tags and content sections. |
2022-06-06 |
not yet calculated |
CVE-2021-42245 MISC |
francoisjacquet — rosariosis |
Cross-site Scripting (XSS) – Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0. |
2022-06-08 |
not yet calculated |
CVE-2022-1997 CONFIRM MISC |
francoisjacquet — rosariosis |
Cross-site Scripting (XSS) – Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. |
2022-06-09 |
not yet calculated |
CVE-2022-2036 MISC CONFIRM |
fudforum — fudforum |
FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel. |
2022-06-06 |
not yet calculated |
CVE-2022-30860 MISC |
fudforum — fudforum |
FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel. |
2022-06-06 |
not yet calculated |
CVE-2022-30863 MISC |
fudforum — fudforum |
FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature. |
2022-06-06 |
not yet calculated |
CVE-2022-30861 MISC |
gatsby — gatsby |
The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible when passing input in both webpack (MDX files in src/pages or MDX file imported as a component in frontend / React code) and data mode (querying MDX nodes via GraphQL). Workaround: If an older version of gatsby-plugin-mdx must be used, input passed into the plugin should be sanitized ahead of processing. |
2022-06-10 |
not yet calculated |
CVE-2022-25863 CONFIRM CONFIRM CONFIRM CONFIRM |
git-promise — git-promise |
All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this package. **Note:** Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue. |
2022-06-10 |
not yet calculated |
CVE-2022-24376 CONFIRM CONFIRM |
gitlab — ce/ee |
When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows users with the Developer role to open terminals on other Developers’ running jobs |
2022-06-06 |
not yet calculated |
CVE-2022-1944 MISC CONFIRM |
gitlab — ce/ee |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers to add new members to a project within their group, through the REST API, even after their group owner enabled a setting to prevent members from being added to projects within that group. |
2022-06-06 |
not yet calculated |
CVE-2022-1783 CONFIRM MISC MISC |
gitlab — ce/ee |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group. |
2022-06-06 |
not yet calculated |
CVE-2022-1821 CONFIRM MISC |
gitlab — ee |
A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim’s behalf via specially crafted Jira Issues |
2022-06-06 |
not yet calculated |
CVE-2022-1940 MISC MISC CONFIRM |
gitlab — ee |
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token to misuse it from any location even when IP address restrictions were configured |
2022-06-06 |
not yet calculated |
CVE-2022-1935 MISC CONFIRM |
gitlab — ee |
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP address restrictions were configured |
2022-06-06 |
not yet calculated |
CVE-2022-1936 MISC CONFIRM |
gitlab — gitlab_ee |
An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature (available only on Premium+ subscriptions) may allow any owner of a Premium group to invite arbitrary users through their username and email, then change those users’ email addresses via SCIM to an attacker controlled email address and thus – in the absence of 2FA – take over those accounts. It is also possible for the attacker to change the display name and username of the targeted account. |
2022-06-06 |
not yet calculated |
CVE-2022-1680 MISC CONFIRM |
gitlab — gitlab_runner |
In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs |
2022-06-06 |
not yet calculated |
CVE-2021-39947 MISC CONFIRM |
glpl-project — glpl |
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to version 10.0.1 it is possible to add extra information by SQL injection on search pages. In order to exploit this vulnerability a user must be logged in. |
2022-06-09 |
not yet calculated |
CVE-2022-29250 CONFIRM |
glpl_project — glpl |
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Kanban is a GLPI view to display Projects, Tickets, Changes or Problems on a task board. In versions prior to 10.0.1 a user can exploit a cross site scripting vulnerability in Kanban by injecting HTML code in its user name. Users are advised to upgrade. There are no known workarounds for this issue. |
2022-06-09 |
not yet calculated |
CVE-2022-24876 CONFIRM MISC |
gogs — gogs |
Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes `DisplayName` prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users’ display names for malicious characters. |
2022-06-09 |
not yet calculated |
CVE-2022-31038 MISC MISC CONFIRM |
gogs — gogs |
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9. |
2022-06-09 |
not yet calculated |
CVE-2022-1986 CONFIRM MISC |
gogs — gogs |
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. |
2022-06-09 |
not yet calculated |
CVE-2022-1992 MISC CONFIRM |
gogs — gogs |
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. |
2022-06-09 |
not yet calculated |
CVE-2022-1993 MISC CONFIRM |
google — android |
The Android application HTTP File Server (Version 1.4.1) by ‘slowscript’ is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write. |
2022-06-09 |
not yet calculated |
CVE-2021-40668 MISC MISC |
gosecure– phone_system |
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of “<space><space> followed by <shift><enter>” mishandling. |
2022-06-07 |
not yet calculated |
CVE-2019-9972 MISC MISC |
gosecure– phone_system |
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z (aka postrotate-command) option to tcpdump can be unsafe when used in conjunction with sudo. |
2022-06-07 |
not yet calculated |
CVE-2019-9971 MISC MISC MISC |
gpac — gpac |
GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition (‘infinite loop’) vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file. |
2022-06-08 |
not yet calculated |
CVE-2021-40592 MISC MISC |
gradle_enterprise — gradle_enterprise |
Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure. |
2022-06-06 |
not yet calculated |
CVE-2022-30587 MISC MISC |
gradle_enterprise — gradle_enterprise |
Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution. |
2022-06-06 |
not yet calculated |
CVE-2022-30586 MISC MISC |
grafana — grafana |
Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor’/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. |
2022-06-06 |
not yet calculated |
CVE-2022-32275 MISC MISC MISC |
gunet — open_eclass |
GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter. |
2022-06-11 |
not yet calculated |
CVE-2021-44266 MISC MISC MISC |
guzzle — guzzle |
Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Authorization` header on. This is much the same as to how we don’t forward on the header if the host changes. Prior to this fix, `https` to `http` downgrades did not result in the `Authorization` header being removed, only changes to the host. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach which would be to use their own redirect middleware. Alternately users may simply disable redirects all together if redirects are not expected or required. |
2022-06-10 |
not yet calculated |
CVE-2022-31043 CONFIRM MISC MISC CONFIRM |
guzzle — guzzle |
Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward the `Cookie` header on. Prior to this fix, only cookies that were managed by our cookie middleware would be safely removed, and any `Cookie` header manually added to the initial request would not be stripped. We now always strip it, and allow the cookie middleware to re-add any cookies that it deems should be there. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach to use your own redirect middleware, rather than ours. If you do not require or expect redirects to be followed, one should simply disable redirects all together. |
2022-06-10 |
not yet calculated |
CVE-2022-31042 CONFIRM MISC MISC CONFIRM |
h3c — magic_r100_r100v100r005 |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddMacList parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30925 MISC |
h3c — magic_r100_r100v100r005 |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnet parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30918 MISC |
h3c — magic_r100_r100v100r005 |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the CMD parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30909 MISC |
h3c — magic_r100_r100v100r005 |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID_5G parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30919 MISC |
h3c — magic_r100_r100v100r005 |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTimingtimeWifiAndLed parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30923 MISC |
h3c — magic_r100_r100v100r005 |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddWlanMacList parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30917 MISC |
h3c — magic_r100_r100v100r005 |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnetDebug parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30916 MISC |
h3c — magic_r100_r100v100r005 |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30920 MISC |
h3c — magic_r100_r100v100r005 |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateSnat parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30915 MISC |
h3c — magic_r100_r100v100r005 |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateMacClone parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30914 MISC |
h3c — magic_r100_r100v100r005 |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the ipqos_set_bandwidth parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30913 MISC |
h3c — magic_r100_r100v100r005 |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the GO parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30910 MISC |
h3c — magic_r100_r100v100r005 |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateWanParams parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30912 MISC |
h3c — magic_r100_r100v100r005 |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditMacList parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30926 MISC |
h3c — magic_r100_r100v100r005 |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetAPWifiorLedInfoById parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30924 MISC |
h3c — magic_r100_r100v100r005 |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditWlanMacList parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30922 MISC |
h3c — magic_r100_r100v100r005 |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetMobileAPInfoById parameter at /goform/aspForm. |
2022-06-08 |
not yet calculated |
CVE-2022-30921 MISC |
hcl_software — onetest_server |
Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and server to see if the request is allowed. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information when the Access-Control-Allow-Credentials is enabled. |
2022-06-09 |
not yet calculated |
CVE-2021-27786 MISC |
hitachi_energy — txpert_hub_coretec |
A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. |
2022-06-07 |
not yet calculated |
CVE-2021-35532 CONFIRM |
hitachi_energy — txpert_hub_coretec |
Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. |
2022-06-07 |
not yet calculated |
CVE-2021-35531 CONFIRM |
hitachi_energy — txpert_hub_coretec |
A vulnerability in the application authentication and authorization mechanism in Hitachi Energy’s TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0 2.1.0; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. |
2022-06-07 |
not yet calculated |
CVE-2021-35530 CONFIRM |
humhub — humhub |
A vulnerability was found in HumHub up to 1.0.1 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting (DOM). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-09 |
not yet calculated |
CVE-2017-20027 MISC MISC |
humhub — humhub |
A vulnerability was found in HumHub 0.20.1/1.0.0-beta.3. It has been classified as critical. This affects an unknown part. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-09 |
not yet calculated |
CVE-2017-20028 MISC MISC |
humhub — humhub |
A vulnerability has been found in HumHub up to 1.0.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting (Reflected). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-09 |
not yet calculated |
CVE-2017-20026 MISC MISC |
ibm — infosphere_information_server |
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. |
2022-06-06 |
not yet calculated |
CVE-2022-31768 CONFIRM XF |
ibm — spectrum_copy_data_management |
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow a remote attacker to view product configuration information stored in PostgreSQL, which could be used in further attacks against the system. IBM X-Force ID: 228219. |
2022-06-10 |
not yet calculated |
CVE-2022-31769 XF CONFIRM |
ibm — spectrum_copy_data_management |
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using some fields of the form in the portal UI to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. IBM X-Force ID: 227364. |
2022-06-10 |
not yet calculated |
CVE-2022-30611 XF CONFIRM |
ibm — spectrum_copy_data_management |
IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could exploit this vulnerability to bypass authentication and gain unauthorized access to the Spectrum Copy Data Management catalog which contains metadata. IBM X-Force ID: 223718. |
2022-06-10 |
not yet calculated |
CVE-2022-22426 XF CONFIRM |
ibm — spectrum_copy_data_management |
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 227363. |
2022-06-10 |
not yet calculated |
CVE-2022-30610 XF CONFIRM |
ibm — spectrum_copy_data_management |
IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 225887. |
2022-06-10 |
not yet calculated |
CVE-2022-22479 XF CONFIRM |
ibm — spectrum_protect_plus |
Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are not printed. IBM X-Force ID: 222231. |
2022-06-06 |
not yet calculated |
CVE-2022-22396 CONFIRM XF |
ideaco.ir — idealms |
IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID= pathname. |
2022-06-10 |
not yet calculated |
CVE-2022-31788 MISC MISC |
igel — universal_management_suite |
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key. |
2022-06-09 |
not yet calculated |
CVE-2022-25807 MISC MISC |
igel — universal_management_suite |
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. The transmission of cleartext LDAP bind credentials by the cmd_mgt_load_mgt_tree command allows an attacker (who can intercept or inspect traffic between an authenticated UMS client and server) to compromise those LDAP bind credentials. |
2022-06-09 |
not yet calculated |
CVE-2022-25805 MISC MISC |
igel — universal_management_suite |
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key. |
2022-06-09 |
not yet calculated |
CVE-2022-25806 MISC MISC |
igel — universal_management_suite |
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Insecure permissions for the serverconfig registry key (under JavaSoftPrefsdeigelrmconfig in HKEY_LOCAL_MACHINESOFTWARE) allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the UMS superuser. |
2022-06-09 |
not yet calculated |
CVE-2022-25804 MISC MISC |
ihb_eg_flexnow — ihb_eg_flexnow |
An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by changing the student ID parameter in the HTTP POST request to the FrontControllerSS endpoint. |
2022-06-09 |
not yet calculated |
CVE-2022-30760 MISC MISC |
intelliants — subrion_cms |
An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute. |
2022-06-11 |
not yet calculated |
CVE-2021-41502 MISC |
istio — istio |
Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an Istio ingress Gateway exposed to external traffic. This vulnerability has been resolved in versions 1.12.8, 1.13.5, and 1.14.1. Users are advised to upgrade. There are no known workarounds for this issue. |
2022-06-09 |
not yet calculated |
CVE-2022-31045 CONFIRM MISC |
itarian — endpoint_manage_communication_client |
The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Due to this setting, a malicious actor with low privileges access to a system can escalate his privileges to SYSTEM abusing an insecure openssl.conf lookup. |
2022-06-09 |
not yet calculated |
CVE-2022-25153 CONFIRM CONFIRM |
itarian — saas/on-premise |
Within the Service Desk module of the ITarian platform (SAAS and on-premise), a remote attacker can obtain sensitive information, caused by the failure to set the HTTP Only flag. A remote attacker could exploit this vulnerability to gain access to the management interface by using this vulnerability in combination with a successful Cross-Site Scripting attack on a user. |
2022-06-09 |
not yet calculated |
CVE-2022-25151 CONFIRM CONFIRM |
itarian — saas/on-premise |
The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures. It is possible to require a mandatory approval process. Due to a vulnerability in the approval process, present in any version prior to 6.35.37347.20040, a malicious actor (with a valid session token) can create a procedure, bypass approval, and execute the procedure. This results in the ability for any user with a valid session token to perform arbitrary code execution and full system take-over on all agents. |
2022-06-09 |
not yet calculated |
CVE-2022-25152 CONFIRM CONFIRM |
itop_hub — itop |
ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php. |
2022-06-10 |
not yet calculated |
CVE-2022-31402 MISC MISC MISC |
jamf — private_access |
Jamf Private Access before 2022-05-16 has Incorrect Access Control, in which an unauthorized user can reach a system in the internal infrastructure, aka WND-44801. |
2022-06-07 |
not yet calculated |
CVE-2022-29564 MISC MISC |
jgraph — drawio |
Cross-site Scripting (XSS) – Stored in GitHub repository jgraph/drawio prior to 19.0.2. |
2022-06-09 |
not yet calculated |
CVE-2022-2015 MISC CONFIRM |
jgraph — drawio |
Code Injection in GitHub repository jgraph/drawio prior to 19.0.2. |
2022-06-09 |
not yet calculated |
CVE-2022-2014 MISC CONFIRM |
jizhicms — jizhicms |
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php. |
2022-06-09 |
not yet calculated |
CVE-2022-31390 MISC |
jizhicms — jizhicms |
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php. |
2022-06-09 |
not yet calculated |
CVE-2022-31393 MISC |
jodd_http — jodd_http |
Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequest#set and `jodd.http.HttpRequest#send. These vulnerabilities allow attackers to execute Server-Side Request Forgery (SSRF) via a crafted TCP payload. |
2022-06-06 |
not yet calculated |
CVE-2022-29631 MISC MISC |
joy_ebike — joy_ebike |
joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authentication Bypass by Capture-replay. |
2022-06-07 |
not yet calculated |
CVE-2022-30466 MISC |
jupyter_hub — oauthenticator |
OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowed_idps configuration trait of CILogonOAuthenticator is documented to be a list of domains that indicate the institutions whose users are authorized to access this JupyterHub. This authorization is validated by ensuring that the *email* field provided to us by CILogon has a *domain* that matches one of the domains listed in `allowed_idps`.If `allowed_idps` contains `berkeley.edu`, you might expect only users with valid current credentials provided by University of California, Berkeley to be able to access the JupyterHub. However, CILogonOAuthenticator does *not* verify which provider is used by the user to login, only the email address provided. So a user can login with a GitHub account that has email set to `<something>@berkeley.edu`, and that will be treated exactly the same as someone logging in using the UC Berkeley official Identity Provider. The patch fixing this issue makes a *breaking change* in how `allowed_idps` is interpreted. It’s no longer a list of domains, but configuration representing the `EntityID` of the IdPs that are allowed, picked from the [list maintained by CILogon](https://cilogon.org/idplist/). Users are advised to upgrade. |
2022-06-09 |
not yet calculated |
CVE-2022-31027 CONFIRM |
kromitgmbh — titra |
Cross-site Scripting (XSS) – Stored in GitHub repository kromitgmbh/titra prior to 0.77.0. |
2022-06-09 |
not yet calculated |
CVE-2022-2026 CONFIRM MISC |
kromitgmbh — titra |
Cross-site Scripting (XSS) – DOM in GitHub repository kromitgmbh/titra prior to 0.77.0. |
2022-06-09 |
not yet calculated |
CVE-2022-2029 CONFIRM MISC |
kromitgmbh — titra |
Cross-site Scripting (XSS) – Generic in GitHub repository kromitgmbh/titra prior to 0.77.0. |
2022-06-09 |
not yet calculated |
CVE-2022-2028 CONFIRM MISC |
kromitgmbh — titra |
Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0. |
2022-06-09 |
not yet calculated |
CVE-2022-2027 MISC CONFIRM |
laravel — laravel |
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution (RCE) via an unserialized pop chain in __destruct in IlluminateBroadcastingPendingBroadcast.php and __call in FakerGenerator.php. |
2022-06-07 |
not yet calculated |
CVE-2022-31279 MISC |
lepin — ep-kp001 |
Due to an insecure design, the Lepin EP-KP001 flash drive through KP001_V19 is vulnerable to an authentication bypass attack that enables an attacker to gain access to the stored encrypted data. Normally, the encrypted disk partition with this data is unlocked by entering the correct passcode (6 to 14 digits) via the keypad and pressing the Unlock button. This authentication is performed by an unknown microcontroller. By replacing this microcontroller on a target device with one from an attacker-controlled Lepin EP-KP001 whose passcode is known, it is possible to successfully unlock the target device and read the stored data in cleartext. |
2022-06-10 |
not yet calculated |
CVE-2022-29948 MISC FULLDISC |
libjpeg — libjpeg |
There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan. |
2022-06-10 |
not yet calculated |
CVE-2022-32978 MISC MISC |
librehealth — lh-ehr_base |
Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username. |
2022-06-06 |
not yet calculated |
CVE-2022-31492 MISC MISC MISC |
librehealth — lh-ehr_base |
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS. |
2022-06-06 |
not yet calculated |
CVE-2022-31494 MISC MISC MISC |
librehealth — lh-ehr_base |
LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS. |
2022-06-06 |
not yet calculated |
CVE-2022-31498 MISC MISC MISC |
librehealth — lh-ehr_base |
LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS. |
2022-06-08 |
not yet calculated |
CVE-2022-31497 MISC MISC MISC |
librehealth — lh-ehr_base |
LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access. |
2022-06-09 |
not yet calculated |
CVE-2022-31496 MISC MISC MISC |
librehealth — lh-ehr_base |
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS. |
2022-06-07 |
not yet calculated |
CVE-2022-31495 MISC MISC MISC |
librehealth — lh-ehr_base |
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS. |
2022-06-06 |
not yet calculated |
CVE-2022-31493 MISC MISC MISC |
lighttpd — lighttpd |
Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers. |
2022-06-11 |
not yet calculated |
CVE-2022-30780 MISC MISC MISC MISC |
linux — kernel |
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. |
2022-06-05 |
not yet calculated |
CVE-2022-32296 MISC MISC |
linux — kernel |
An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. |
2022-06-10 |
not yet calculated |
CVE-2022-32981 MISC |
linux — kernel |
A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system. |
2022-06-09 |
not yet calculated |
CVE-2022-1998 MISC MISC |
linux — kernel |
A use-after-free vulnerability was found in the Linux kernel’s Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue. |
2022-06-06 |
not yet calculated |
CVE-2022-1966 MISC MISC MISC FEDORA FEDORA |
mechanize — mechanize |
The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to 2.8.5 the Authorization header is leaked after a redirect to a different port on the same site. Users are advised to upgrade to Mechanize v2.8.5 or later. There are no known workarounds for this issue. |
2022-06-09 |
not yet calculated |
CVE-2022-31033 CONFIRM MISC |
mediatek — apusys_driver |
In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06477946; Issue ID: ALPS06477946. |
2022-06-06 |
not yet calculated |
CVE-2022-21762 MISC |
mediatek — apusys_driver |
In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479532; Issue ID: ALPS06479532. |
2022-06-06 |
not yet calculated |
CVE-2022-21761 MISC |
mediatek — apusys_driver |
In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479562; Issue ID: ALPS06479562. |
2022-06-06 |
not yet calculated |
CVE-2022-21760 MISC |
mediatek — ccu |
In ccu, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06439600; Issue ID: ALPS06439600. |
2022-06-06 |
not yet calculated |
CVE-2022-21758 MISC |
mediatek — imgsensor |
In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479698; Issue ID: ALPS06479698. |
2022-06-06 |
not yet calculated |
CVE-2022-21746 MISC |
mediatek — imgsensor |
In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478078; Issue ID: ALPS06478078. |
2022-06-06 |
not yet calculated |
CVE-2022-21747 MISC |
mediatek — telephony |
In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06511030; Issue ID: ALPS06511030. |
2022-06-06 |
not yet calculated |
CVE-2022-21748 MISC |
mediatek — telephony |
In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06511058; Issue ID: ALPS06511058. |
2022-06-06 |
not yet calculated |
CVE-2022-21749 MISC |
mediatek — wifi_firmware |
In WIFI Firmware, there is a possible memory corruption due to a use after free. This could lead to remote escalation of privilege, when devices are connecting to the attacker-controllable Wi-Fi hotspot, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468872; Issue ID: ALPS06468872. |
2022-06-06 |
not yet calculated |
CVE-2022-21745 MISC |
mediatek — wifi_firmware |
In WIFI Firmware, there is a possible system crash due to a missing count check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468894; Issue ID: ALPS06468894. |
2022-06-06 |
not yet calculated |
CVE-2022-21757 MISC |
mediatek — wlan_driver |
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521283; Issue ID: ALPS06521283. |
2022-06-06 |
not yet calculated |
CVE-2022-21750 MISC |
mediatek — wlan_driver |
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06493873; Issue ID: ALPS06493873. |
2022-06-06 |
not yet calculated |
CVE-2022-21752 MISC |
mediatek — wlan_driver |
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06493873; Issue ID: ALPS06493899. |
2022-06-06 |
not yet calculated |
CVE-2022-21753 MISC |
mediatek — wlan_driver |
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06535953; Issue ID: ALPS06535953. |
2022-06-06 |
not yet calculated |
CVE-2022-21754 MISC |
mediatek — wlan_driver |
In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06545464; Issue ID: ALPS06545464. |
2022-06-06 |
not yet calculated |
CVE-2022-21755 MISC |
mediatek — wlan_driver |
In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06535950; Issue ID: ALPS06535950. |
2022-06-06 |
not yet calculated |
CVE-2022-21756 MISC |
mediatek — wlan_driver |
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06511132; Issue ID: ALPS06511132. |
2022-06-06 |
not yet calculated |
CVE-2022-21751 MISC |
mediatek –android |
In power service, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419106; Issue ID: ALPS06419077. |
2022-06-06 |
not yet calculated |
CVE-2022-21759 MISC |
minio — minio |
MinIO is a multi-cloud object storage solution. Starting with version RELEASE.2019-09-25T18-25-51Z and ending with version RELEASE.2022-06-02T02-11-04Z, MinIO is vulnerable to an unending go-routine buildup while keeping connections established due to HTTP clients not closing the connections. Public-facing MinIO deployments are most affected. Users should upgrade to RELEASE.2022-06-02T02-11-04Z to receive a patch. One possible workaround is to use a reverse proxy to limit the number of connections being attempted in front of MinIO, and actively rejecting connections from such malicious clients. |
2022-06-07 |
not yet calculated |
CVE-2022-31028 CONFIRM MISC MISC MISC |
minmax — minmax |
A vulnerability classified as critical has been found in MINMAX. This affects an unknown part of the file /newsDia.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. |
2022-06-07 |
not yet calculated |
CVE-2020-36535 MISC |
mitsubishi — multiple_products |
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications. |
2022-06-08 |
not yet calculated |
CVE-2022-24296 MISC MISC MISC |
modzero — klapp_app |
A vulnerability has been found in Klapp App and classified as problematic. This vulnerability affects unknown code of the component Authorization. The manipulation leads to information disclosure (Credentials). The attack can be initiated remotely. It is recommended to upgrade the affected app. |
2022-06-07 |
not yet calculated |
CVE-2020-36532 MISC MISC |
modzero — klapp_app |
A vulnerability was found in Klapp App and classified as problematic. This issue affects some unknown processing of the JSON Web Token Handler. The manipulation leads to weak authentication. The attack may be initiated remotely. |
2022-06-07 |
not yet calculated |
CVE-2020-36533 MISC MISC |
monstaftp — monstaftp |
MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function performFetchRequest at HTTPFetcher.php. |
2022-06-09 |
not yet calculated |
CVE-2022-31827 MISC |
monyog_ultimate — monyog_ultimate |
A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This affects an unknown part of the component Cookie Handler. The manipulation of the argument HasServerEdit/IsAdmin leads to privilege escalation. It is possible to initiate the attack remotely. |
2022-06-09 |
not yet calculated |
CVE-2016-15002 MISC MISC |
nbnbk_cms — nbnbk_cms |
A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter. |
2022-06-09 |
not yet calculated |
CVE-2022-31386 MISC |
neorazorx — facturascripts |
Cross-site Scripting (XSS) – Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1. |
2022-06-09 |
not yet calculated |
CVE-2022-2016 MISC CONFIRM |
next_generation_of_genealogy_sitebuilding — next_generation_of_genealogy_sitebuilding |
A vulnerability, which was classified as critical, has been found in The Next Generation of Genealogy Sitebuilding up to 11.1.0. This issue affects some unknown processing of the file /timeline2.php. The manipulation of the argument primaryID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.1.1 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-08 |
not yet calculated |
CVE-2017-20017 MISC |
nocodb — nocodb |
Cross-site Scripting (XSS) – Stored in GitHub repository nocodb/nocodb prior to 0.91.7. |
2022-06-07 |
not yet calculated |
CVE-2022-2022 MISC CONFIRM |
open_edx — open_edx |
Open edX platform before 2022-06-06 allows XSS via the “next” parameter in the logout URL. |
2022-06-09 |
not yet calculated |
CVE-2022-32195 MISC MISC |
opswat — metadefender_core |
As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server. |
2022-06-08 |
not yet calculated |
CVE-2022-32273 MISC MISC |
opswat — metadefender_core |
OPSWAT MetaDefender Core (MDCore) before 5.1.2 has incorrect access control, resulting in privilege escalation. |
2022-06-09 |
not yet calculated |
CVE-2022-32272 MISC MISC |
oracle — multiple_products |
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). |
2022-06-09 |
not yet calculated |
CVE-2022-21499 MISC |
owncloud — core |
ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer. |
2022-06-09 |
not yet calculated |
CVE-2022-31649 MISC MISC |
partkeepr — partkeepr |
A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the ‘name’ field in /api/part_categories. |
2022-06-08 |
not yet calculated |
CVE-2022-30899 MISC |
phplist — phplist |
A vulnerability was found in PHPList 3.2.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Subscription. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-10 |
not yet calculated |
CVE-2017-20032 MISC MISC |
phplist — phplist |
A vulnerability, which was classified as problematic, was found in PHPList 3.2.6. Affected is an unknown function of the file /lists/admin/ of the component Bounce Rule. The manipulation leads to cross site scripting (Persistent). It is possible to launch the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-10 |
not yet calculated |
CVE-2017-20036 MISC MISC |
phplist — phplist |
A vulnerability was found in PHPList 3.2.6 and classified as critical. This issue affects some unknown processing of the file /lists/index.php of the component Edit Subscription. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-10 |
not yet calculated |
CVE-2017-20029 MISC MISC |
phplist — phplist |
A vulnerability was found in PHPList 3.2.6. It has been classified as critical. Affected is an unknown function of the file /lists/admin/ of the component Sending Campain. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-10 |
not yet calculated |
CVE-2017-20030 MISC MISC |
phplist — phplist |
A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting (Persistent). The attack may be initiated remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-10 |
not yet calculated |
CVE-2017-20035 MISC MISC |
phplist — phplist |
A vulnerability was found in PHPList 3.2.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument sortby with the input password leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-10 |
not yet calculated |
CVE-2017-20031 MISC MISC |
phplist — phplist |
A vulnerability classified as problematic has been found in PHPList 3.2.6. This affects an unknown part of the file /lists/admin/. The manipulation of the argument page with the input send'”;><script>alert(8)</script> leads to cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-10 |
not yet calculated |
CVE-2017-20033 MISC MISC |
phplist — phplist |
A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting (Persistent). The attack can be initiated remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-10 |
not yet calculated |
CVE-2017-20034 MISC MISC |
pjsip — pjsip |
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue. |
2022-06-09 |
not yet calculated |
CVE-2022-31031 MISC CONFIRM |
platinum_mobile — platinum_mobile |
A vulnerability, which was classified as critical, was found in Platinum Mobile 1.0.4.850. Affected is /MobileHandler.ashx which leads to broken access control. The attack requires authentication. Upgrading to version 1.0.4.851 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-07 |
not yet calculated |
CVE-2020-36528 MISC MISC |
podman — podman |
A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
2022-06-09 |
not yet calculated |
CVE-2019-25067 MISC MISC |
publiccms — publiccms |
PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java. |
2022-06-03 |
not yet calculated |
CVE-2022-29784 MISC MISC |
pyil — pypl |
The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2. |
2022-06-08 |
not yet calculated |
CVE-2022-30877 MISC MISC MISC |
pyil — pypl |
pyanxdns package in PyPI version 0.2 is vulnerable to code execution backdoor. The impact is: execute arbitrary code (remote). When installing the pyanxdns package of version 0.2, the request package will be installed. |
2022-06-08 |
not yet calculated |
CVE-2022-30882 MISC MISC MISC |
pypl — pypl |
api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor in the request package. |
2022-06-08 |
not yet calculated |
CVE-2022-31313 MISC MISC MISC |
razer — sila_gaming_router |
A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request. |
2022-06-09 |
not yet calculated |
CVE-2022-29013 MISC MISC MISC |
razer — sila_gaming_router |
A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files. |
2022-06-09 |
not yet calculated |
CVE-2022-29014 MISC MISC MISC |
realnetworks — real_player |
In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname (for a DLL file) in a RAM file. |
2022-06-05 |
not yet calculated |
CVE-2022-32291 MISC |
realvnc — vnc_server |
RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM. |
2022-06-10 |
not yet calculated |
CVE-2022-27502 MISC MISC |
redhat — cri-o |
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability. |
2022-06-07 |
not yet calculated |
CVE-2022-1708 MISC MISC MISC |
riverbed — appresponse |
Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a (when configured to use local, RADIUS, or TACACS authentication) logs usernames and passwords if either is entered incorrectly. If a user enters an incorrect username and/or password when logging into the WebUI, these attempted credentials are included in an error message that is logged in the WebUI log file. A log entry does not appear if the username and password provided correctly match a valid set of credentials. This also does not happen if AppResponse is configured to use SAML authentication. The WebUI log file is included in subsequent diagnostic system dumps that are generated. (Only users with Full Control access to the System Configuration permission can generate system dumps. By default, only System Administrators have Full Control access to the System Configuration permission.) |
2022-06-03 |
not yet calculated |
CVE-2021-43271 MISC |
samsung_mobile — find_my_mobile |
Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permissio to get sim card information through device log. |
2022-06-07 |
not yet calculated |
CVE-2022-30742 MISC |
samsung_mobile — find_my_mobile |
Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log. |
2022-06-07 |
not yet calculated |
CVE-2022-30741 MISC |
samsung_mobile — internet |
Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers. |
2022-06-07 |
not yet calculated |
CVE-2022-30740 MISC |
samsung_mobile — internet |
Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script. |
2022-06-07 |
not yet calculated |
CVE-2022-30738 MISC |
samsung_mobile — kies |
DLL hijacking vulnerability in KiesWrapper in Samsung Kies prior to version 2.6.4.22043_1 allows attacker to execute arbitrary code. |
2022-06-07 |
not yet calculated |
CVE-2022-30744 MISC |
samsung_mobile — members |
Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity. |
2022-06-07 |
not yet calculated |
CVE-2022-30748 MISC |
samsung_mobile — my_files |
Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application. |
2022-06-07 |
not yet calculated |
CVE-2022-30731 MISC |
samsung_mobile — pass |
Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication. |
2022-06-07 |
not yet calculated |
CVE-2022-30730 MISC |
samsung_mobile — quick_share |
Improper access control vulnerability in Quick Share prior to version 13.1.2.4 allows attacker to access internal files in Quick Share. |
2022-06-07 |
not yet calculated |
CVE-2022-30745 MISC |
samsung_mobile — smart_things |
Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity. |
2022-06-07 |
not yet calculated |
CVE-2022-30749 MISC |
samsung_mobile — smart_things |
PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent. |
2022-06-07 |
not yet calculated |
CVE-2022-30747 MISC |
samsung_mobile — smart_things |
Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API. |
2022-06-07 |
not yet calculated |
CVE-2022-30746 MISC |
sap — sap_business_objects_business_intelligence_platform |
BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active. |
2022-06-06 |
not yet calculated |
CVE-2020-6220 MISC MISC |
seeddms — seeddms |
The “Add category” functionality inside the “Global Keywords” menu in “SeedDMS” version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code. |
2022-06-06 |
not yet calculated |
CVE-2022-28051 MISC MISC MISC |
seeddms — seeddms |
SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the “Role management” menu and then trigger the payload by loading the “Users management” menu |
2022-06-06 |
not yet calculated |
CVE-2022-28479 MISC MISC |
seeddms — seeddms |
SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The “Remove file” functionality inside the “Log files management” menu does not sanitize user input allowing attackers with admin privileges to delete arbitrary files on the remote system. |
2022-06-06 |
not yet calculated |
CVE-2022-28478 MISC MISC |
semantic-release — semantic-release |
semantic-release is an open source npm package for automated version management and package publishing. In affected versions secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that are excluded from uri encoding by `encodeURI`. Occurrence is further limited to execution contexts where push access to the related repository is not available without modifying the repository url to inject credentials. Users are advised to upgrade. Users unable to upgrade should ensure that secrets that do not contain characters that are excluded from encoding with `encodeURI` when included in a URL are already masked properly. |
2022-06-09 |
not yet calculated |
CVE-2022-31051 CONFIRM MISC MISC MISC |
sevone — network_management_system |
A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely. |
2022-06-07 |
not yet calculated |
CVE-2020-36529 MISC MISC |
sevone — network_management_system |
A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely. |
2022-06-07 |
not yet calculated |
CVE-2020-36531 MISC MISC |
sevone — network_management_system |
A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated remotely. |
2022-06-07 |
not yet calculated |
CVE-2020-36530 MISC MISC |
sialweb_cms — sialweb_cms |
A vulnerability has been found in SialWeb CMS and classified as problematic. This vulnerability affects unknown code of the component Search Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
2022-06-08 |
not yet calculated |
CVE-2020-36544 MISC MISC |
sialweb_cms — sialweb_cms |
A vulnerability, which was classified as critical, was found in SialWeb CMS. This affects an unknown part of the file /about.php. The manipulation of the argument Id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
2022-06-08 |
not yet calculated |
CVE-2020-36543 MISC MISC |
sicunet — access_controller |
A vulnerability has been found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument c leads to privilege escalation. The attack can be launched remotely. |
2022-06-11 |
not yet calculated |
CVE-2017-20037 N/A N/A |
sicunet — access_controller |
A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this issue is some unknown functionality of the file card_scan_decoder.php. The manipulation of the argument No/door leads to privilege escalation. The attack may be launched remotely. |
2022-06-11 |
not yet calculated |
CVE-2017-20038 N/A N/A |
sicunet — access_controller |
A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been classified as very critical. This affects an unknown part. The manipulation leads to weak authentication. It is possible to initiate the attack remotely. |
2022-06-11 |
not yet calculated |
CVE-2017-20039 N/A N/A |
sicunet — access_controller |
A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been declared as problematic. This vulnerability affects unknown code of the component Password Storage. The manipulation leads to weak encryption. Attacking locally is a requirement. |
2022-06-11 |
not yet calculated |
CVE-2017-20040 N/A N/A |
silver_stripe — silverstripe-ominpay |
silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as completed without payment being taken. This is mitigated by the fact that most payment gateways hide this information from users, however some issuing banks offer flawed 3DSecure implementations that may inadvertently expose this data. The following versions have been patched to fix this issue: `2.5.2`, `3.0.2`, `3.1.4`, and `3.2.1`. There are no known workarounds for this vulnerability. |
2022-06-09 |
not yet calculated |
CVE-2022-29254 MISC CONFIRM |
snyk — jpeg-js |
The package jpeg-js before 0.4.4 are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return. |
2022-06-10 |
not yet calculated |
CVE-2022-25851 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
snyk — posix |
This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with type-check. |
2022-06-10 |
not yet calculated |
CVE-2022-21211 CONFIRM |
snyk — metacalc |
The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript’s Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript’s Function constructor. |
2022-06-08 |
not yet calculated |
CVE-2022-21122 MISC MISC MISC |
solare_datensysteme — solar-log |
A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-09 |
not yet calculated |
CVE-2017-20020 MISC MISC |
solare_datensysteme — solar-log |
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-09 |
not yet calculated |
CVE-2017-20024 MISC MISC |
solare_datensysteme — solar-log |
A vulnerability classified as problematic was found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this vulnerability is an unknown functionality of the component Config Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-09 |
not yet calculated |
CVE-2017-20019 MISC MISC |
solare_datensysteme — solar-log |
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privilege escalation. The attack may be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-09 |
not yet calculated |
CVE-2017-20023 MISC MISC |
solare_datensysteme — solar-log |
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipulation leads to privilege escalation. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-09 |
not yet calculated |
CVE-2017-20025 MISC MISC |
solare_datensysteme — solar-log |
A vulnerability has been found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-09 |
not yet calculated |
CVE-2017-20022 MISC MISC |
solare_datensysteme — solar-log |
A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. |
2022-06-09 |
not yet calculated |
CVE-2017-20021 MISC MISC |
sonicwall — ssl-vpn_sma100 |
Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack. |
2022-06-08 |
not yet calculated |
CVE-2022-1703 CONFIRM |
sourcecodester — money_transfer_management_system |
A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1.0, which allows a remote malicious user to gain elevated privileges to the Admin role via any URL. |
2022-06-10 |
not yet calculated |
CVE-2021-44582 MISC MISC |
sourcecodester — prison_management_system |
A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Affected is an unknown function of the file /admin/?page=inmates/view_inmate of the component Inmate Handler. The manipulation of the argument id with the input 1%27%20and%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,0,database(),2,3,4,5,6,7,8,9,0,1,2,3,4–+ leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
2022-06-09 |
not yet calculated |
CVE-2022-2018 MISC MISC |
sourcecodester — prison_management_system |
A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php?f=save of the component New User Creation. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
2022-06-09 |
not yet calculated |
CVE-2022-2019 MISC MISC |
sourcecodester — prison_management_system |
A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input <img src=”” onerror=”alert(1)”> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
2022-06-09 |
not yet calculated |
CVE-2022-2020 MISC MISC |
sourcecodester — prison_management_system |
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pms/admin/visits/view_visit.php of the component Visit Handler. The manipulation of the argument id with the input 2%27and%201=2%20union%20select%201,2,3,4,5,6,7,user(),database()–+ leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
2022-06-09 |
not yet calculated |
CVE-2022-2017 MISC MISC |
sourcecodester — siple_task_scheduling_system |
A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable “id” parameter. |
2022-06-06 |
not yet calculated |
CVE-2022-30927 MISC MISC MISC |
sricam — ip_cctv_camera |
A vulnerability was found in Sricam IP CCTV Camera and classified as critical. This issue affects some unknown processing of the component Device Viewer. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. |
2022-06-08 |
not yet calculated |
CVE-2019-25062 MISC MISC |
sricam — ip_cctv_camera |
A vulnerability was found in Sricam IP CCTV Camera. It has been classified as critical. Affected is an unknown function of the component Device Viewer. The manipulation leads to memory corruption. Local access is required to approach this attack. |
2022-06-08 |
not yet calculated |
CVE-2019-25063 MISC |
stackoverflow — jmespath.rb |
jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable. |
2022-06-06 |
not yet calculated |
CVE-2022-32511 MISC MISC MISC |
tenable — scorm_engive |
A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim’s browser. |
2022-06-09 |
not yet calculated |
CVE-2022-2035 MISC |
thales_group — safenet_keysecure |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in SafeNet KeySecure allows an authenticated user to read arbitrary files from the underlying system on which the product is deployed. |
2022-06-10 |
not yet calculated |
CVE-2021-42811 MISC |
thedaylightstudio — fuel_cms |
A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4. |
2022-06-10 |
not yet calculated |
CVE-2021-44117 MISC MISC |
tigera — multiple_products |
Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod. |
2022-06-06 |
not yet calculated |
CVE-2022-28224 MISC |
toaruos — toaruos |
ToaruOS 1.99.2 is affected by incorrect access control via the kernel. Improper MMU management and having a low GDT address allows it to be mapped in userland. A call gate can then be written to escalate to CPL 0. |
2022-06-08 |
not yet calculated |
CVE-2021-36710 MISC |
tooljet — tooljet |
Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0. |
2022-06-09 |
not yet calculated |
CVE-2022-2037 MISC CONFIRM |
totolink –ex1200t |
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization. |
2022-06-03 |
not yet calculated |
CVE-2021-42891 MISC |
totolink –ex1200t |
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg. |
2022-06-03 |
not yet calculated |
CVE-2021-42893 MISC |
totolink –ex1200t |
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware. |
2022-06-03 |
not yet calculated |
CVE-2021-42892 MISC |
tp-linnk — router_ax50 |
In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation. |
2022-06-09 |
not yet calculated |
CVE-2022-30075 MISC MISC MISC |
trend_micro — security_2021_and_2022 |
Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected machine. |
2022-06-09 |
not yet calculated |
CVE-2022-30702 MISC MISC |
trend_micro — security_2021_and_2022 |
Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for privilege escalation. |
2022-06-09 |
not yet calculated |
CVE-2022-30703 MISC MISC |
trilogy – trilogy |
Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers. |
2022-06-09 |
not yet calculated |
CVE-2022-31026 CONFIRM MISC |
tuleap — tuleap |
Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this vulnerability to retrieve the name of a tracker they cannot access as well as the name of the fields used in reports. |
2022-06-09 |
not yet calculated |
CVE-2022-24896 MISC CONFIRM MISC MISC |
u-boot — u-boot |
Das U-Boot 2022.01 has a Buffer Overflow. |
2022-06-08 |
not yet calculated |
CVE-2022-30552 MISC MISC |
uboot — uboot |
Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552. |
2022-06-08 |
not yet calculated |
CVE-2022-30790 MISC MISC |
vapor — vapor |
Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: `curl -d “array[_0][0][array][_0][0][array]$(for f in $(seq 1100); do echo -n ‘[_0][0][array]’; done)[string][_0]=hello%20world” http://localhost:8080/foo`. The issue is unbounded, attacker controlled stack growth which will at some point lead to a stack overflow and a process crash. This issue has been fixed in version 4.61.1. |
2022-06-09 |
not yet calculated |
CVE-2022-31019 CONFIRM MISC |
verbatim — multiple_products |
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they can be unlocked by an attacker who can then gain unauthorized access to the stored data. The attacker can simply use an undocumented IOCTL command that retrieves the correct password. This affects Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 and Fingerprint Secure Portable Hard Drive Part Number #53650. |
2022-06-08 |
not yet calculated |
CVE-2022-28387 MISC MISC FULLDISC FULLDISC |
verbatim — multiple_products |
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode (Electronic Codebook, aka ECB), an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB mode. This operation mode of block ciphers (e.g., AES) always encrypts identical plaintext data, in this case blocks of 16 bytes, to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion, within ECB, can leak sensitive information even in encrypted data. Thus, the use of the ECB operation mode can put the confidentiality of specific information at risk, even in an encrypted form. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store ‘n’ Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650. |
2022-06-08 |
not yet calculated |
CVE-2022-28382 MISC MISC MISC MISC FULLDISC FULLDISC FULLDISC FULLDISC |
verbatim — multiple_products |
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to insufficient firmware validation, an attacker can store malicious firmware code for the USB-to-SATA bridge controller on the USB drive (e.g., by leveraging physical access during the supply chain). This code is then executed. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store ‘n’ Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650. |
2022-06-08 |
not yet calculated |
CVE-2022-28383 MISC MISC MISC MISC FULLDISC FULLDISC FULLDISC FULLDISC |
verbatim — multiple_products |
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they allow an offline brute-force attack for determining the correct passcode, and thus gaining unauthorized access to the stored encrypted data. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store ‘n’ Go Secure Portable HDD GD25LK01-3637-C VER4.0. |
2022-06-08 |
not yet calculated |
CVE-2022-28384 MISC MISC FULLDISC FULLDISC |
verbatim — multiple_products |
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to missing integrity checks, an attacker can manipulate the content of the emulated CD-ROM drive (containing the Windows and macOS client software). The content of this emulated CD-ROM drive is stored as an ISO-9660 image in the hidden sectors of the USB drive, that can only be accessed using special IOCTL commands, or when installing the drive in an external disk enclosure. By manipulating this ISO-9660 image or replacing it with another one, an attacker is able to store malicious software on the emulated CD-ROM drive. This software may get executed by an unsuspecting victim when using the device. For example, an attacker with temporary physical access during the supply chain could program a modified ISO-9660 image on a device that always accepts an attacker-controlled password for unlocking the device. If the attacker later on gains access to the used USB drive, he can simply decrypt all contained user data. Storing arbitrary other malicious software is also possible. This affects Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 and Fingerprint Secure Portable Hard Drive Part Number #53650. |
2022-06-08 |
not yet calculated |
CVE-2022-28385 MISC MISC FULLDISC FULLDISC |
verbatim — multiple_products |
An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout (e.g., requiring a reformat of the drive after 20 failed unlock attempts) does not work as specified. More than 20 attempts may be made. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store ‘n’ Go Secure Portable HDD GD25LK01-3637-C VER4.0. |
2022-06-08 |
not yet calculated |
CVE-2022-28386 MISC MISC FULLDISC FULLDISC |
vim — vim |
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. |
2022-06-09 |
not yet calculated |
CVE-2022-2000 CONFIRM MISC |
vim — vim |
Use After Free in GitHub repository vim/vim prior to 8.2. |
2022-06-10 |
not yet calculated |
CVE-2022-2042 CONFIRM MISC |
virtua_software — cobranca |
Virtua Cobranca before 12R allows SQL Injection on the login page. |
2022-06-07 |
not yet calculated |
CVE-2021-37589 MISC MISC |
vyperlang — vyper |
Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address (including side effects) could be evaluated twice. This may result in incorrect outcomes for contracts. This issue has been addressed in v0.3.4. |
2022-06-09 |
not yet calculated |
CVE-2022-29255 CONFIRM MISC |
watchguard — multiple_products |
WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to delete arbitrary files from a limited set of directories on the system. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. |
2022-06-07 |
not yet calculated |
CVE-2022-25361 MISC MISC |
wolfcms — wolfcms |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS up to 0.8.3.1. It has been rated as problematic. This issue affects some unknown processing of the file /wolfcms/?/admin/user/add of the component User Add. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
2022-06-09 |
not yet calculated |
CVE-2019-25070 MISC MISC |
wolterskulwer — teammate+_audit |
A blind SQL injection vulnerability in search form in TeamMate+ Audit version 28.0.19.0 allows any authenticated user to create malicious SQL injections, which can result in complete database compromise, gaining information about other users, unauthorized access to audit data etc. |
2022-06-06 |
not yet calculated |
CVE-2021-41932 MISC |
wordpress — amtythumb_wordpress_plugin |
The amtyThumb WordPress plugin through 4.2.0 does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user (and not just Author+ like the original advisory mention) due to the fact that they can execute shortcodes via an AJAX action |
2022-06-08 |
not yet calculated |
CVE-2022-1683 MISC MISC |
wordpress — cp_image_store_with_slideshow_wordpress_plugin |
The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack |
2022-06-08 |
not yet calculated |
CVE-2022-1692 MISC MISC |
wordpress — cube_slider_wordpress_plugin |
The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users such as admin |
2022-06-08 |
not yet calculated |
CVE-2022-1684 MISC MISC |
wordpress — database_backup_for_wordpress_plugin |
The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails to themselves, which contain more details. Or disable the automatic backup schedule |
2022-06-08 |
not yet calculated |
CVE-2022-1577 MISC |
wordpress — fibosearch_wordpress_plugin |
The FiboSearch WordPress plugin before 1.17.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed |
2022-06-08 |
not yet calculated |
CVE-2022-1469 MISC |
wordpress — files_download_delay_wordpress_plugin |
The Files Download Delay WordPress plugin before 1.0.7 does not have authorisation and CSRF checks when reseting its settings, which could allow any authenticated users, such as subscriber to perform such action. |
2022-06-08 |
not yet calculated |
CVE-2022-1570 MISC |
wordpress — five_minute_webshop_wordpress_plugin |
The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection |
2022-06-08 |
not yet calculated |
CVE-2022-1686 MISC MISC |
wordpress — five_minute_webshop_wordpress_plugin |
The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection |
2022-06-08 |
not yet calculated |
CVE-2022-1685 MISC MISC |
wordpress — formcraft_wordpress_plugin |
The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. |
2022-06-08 |
not yet calculated |
CVE-2022-1647 MISC |
wordpress — livesync_for_wordpress_plugin |
The LiveSync for WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
2022-06-08 |
not yet calculated |
CVE-2022-1712 MISC |
wordpress — logo_slider_wordpress_plugin |
The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection |
2022-06-08 |
not yet calculated |
CVE-2022-1687 MISC MISC |
wordpress — multiple_plugins |
The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed |
2022-06-08 |
not yet calculated |
CVE-2022-1569 MISC |
wordpress — note_press_wordpress_plugin |
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection |
2022-06-08 |
not yet calculated |
CVE-2022-1690 MISC MISC |
wordpress — note_press_wordpress_plugin |
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection |
2022-06-08 |
not yet calculated |
CVE-2022-1689 MISC MISC |
wordpress — note_press_wordpress_plugin |
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections |
2022-06-08 |
not yet calculated |
CVE-2022-1688 MISC MISC |
wordpress — photo_gallery_by_10wev_wordpress_plugin |
The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed |
2022-06-08 |
not yet calculated |
CVE-2022-1394 MISC |
wordpress — realty_workstation_wordpress_plugin |
The Realty Workstation WordPress plugin through 1.0.6 does not sanitise and escape the trans_edit parameter before using it in a SQL statement when an agent edit a transaction, leading to an SQL injection |
2022-06-08 |
not yet calculated |
CVE-2022-1691 MISC MISC |
wordpress — throws_spam_away_wordpress_plugin |
The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF checks in place when deleting comments (either all, spam, or pending), allowing attackers to make a logged in admin delete comments via a CSRF attack |
2022-06-08 |
not yet calculated |
CVE-2022-1709 MISC |
wordpress — user_meta_wordpress_plugin |
The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads |
2022-06-08 |
not yet calculated |
CVE-2022-0779 MISC |
wordpress — video_slider_wordpress_plugin |
The Video Slider WordPress plugin before 1.4.8 does not sanitize or escape some of its video settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed |
2022-06-08 |
not yet calculated |
CVE-2022-1541 MISC |
wordpress — woocommerce_green_wallet_gateway_wordpress_plugin |
The WooCommerce Green Wallet Gateway WordPress plugin before 1.0.2 does not escape the error_envision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting vulnerability. |
2022-06-08 |
not yet calculated |
CVE-2022-1673 MISC |
wordpress — wp_born_babies_wordpress_plugin |
The WP Born Babies WordPress plugin through 1.0 does not sanitise and escape some of its fields, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks |
2022-06-08 |
not yet calculated |
CVE-2022-1506 MISC |
wordpress — wp_fundraising_donation_and_crowdfunding_platform_wordpress_plugin |
The WP Fundraising Donation and Crowdfunding Platform WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via one of it’s REST route, leading to an SQL injection exploitable by unauthenticated users |
2022-06-08 |
not yet calculated |
CVE-2022-0788 MISC |
wordpress — wp_siple_adsense_insertion_wordpress_plugin |
The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form. |
2022-06-08 |
not yet calculated |
CVE-2022-1695 MISC |
wordpress — wp_statistics_wordpress_plugin |
The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters |
2022-06-08 |
not yet calculated |
CVE-2022-1005 MISC |
wordpress — wpqa_builder_wordpress_plugin |
The WPQA Builder WordPress plugin before 5.4 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site. |
2022-06-08 |
not yet calculated |
CVE-2022-1598 MISC |
wordpress — wpqa_builder_wordpress_plugin |
The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks |
2022-06-08 |
not yet calculated |
CVE-2022-1597 MISC |
wpscan — ask_me_wordpress_theme |
The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site. |
2022-06-08 |
not yet calculated |
CVE-2022-1424 MISC |
wpscan — ask_me_wordpress_theme |
The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues |
2022-06-08 |
not yet calculated |
CVE-2022-1241 MISC |
wpscan — discy_wordpress_theme |
The Discy WordPress theme before 5.2 does not check for CSRF tokens in the AJAX action discy_reset_options, allowing an attacker to trick an admin into resetting the site settings back to defaults. |
2022-06-08 |
not yet calculated |
CVE-2022-1422 MISC |
wpscan — discy_wordpress_theme |
The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary ‘s settings including payment methods via a CSRF attack |
2022-06-08 |
not yet calculated |
CVE-2022-1421 MISC |
xampp — xampp |
A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component Installer. The manipulation leads to privilege escalation. It is possible to launch the attack remotely. |
2022-06-09 |
not yet calculated |
CVE-2017-20018 MISC MISC |
xen_project — xen |
x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen’s safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited. |
2022-06-09 |
not yet calculated |
CVE-2022-26362 MLIST MISC CONFIRM |
xen_project — xen |
x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen’s safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen’s safety logic doesn’t account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen’s safety logic can incorrectly conclude that the contents of a page is safe. |
2022-06-09 |
not yet calculated |
CVE-2022-26364 MISC MLIST CONFIRM |
xen_project — xen |
x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen’s safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen’s safety logic doesn’t account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen’s safety logic can incorrectly conclude that the contents of a page is safe. |
2022-06-09 |
not yet calculated |
CVE-2022-26363 MISC MLIST CONFIRM |
xiaomi — xiaomi |
A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by out-of-bound read/write and can be exploited by attackers to make denial of service. |
2022-06-08 |
not yet calculated |
CVE-2020-14125 MISC |
xxl-job — xxl-job |
XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo. |
2022-06-03 |
not yet calculated |
CVE-2022-29770 MISC |
zangband — zangband-data |
ZAngband zangband-data 2.7.5 is affected by an integer underflow vulnerability in src/tk/plat.c through the variable fileheader.bfOffBits. |
2022-06-08 |
not yet calculated |
CVE-2021-40589 MISC |
zeroshell — zeroshell |
ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands. |
2022-06-11 |
not yet calculated |
CVE-2021-41738 MISC |
zte — mf297d |
ZTE’s MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack. |
2022-06-09 |
not yet calculated |
CVE-2022-23138 MISC |
zyxel — gs1200 |
An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack. |
2022-06-09 |
not yet calculated |
CVE-2022-0823 CONFIRM |
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments