Vulnerability Summary for the Week of February 28, 2022

Released
Mar 07, 2022
Document ID
SB22-066

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
jetbrains -- teamcityIn JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.2022-02-257.5CVE-2022-24331
MISC
MISC
jetbrains -- teamcityIn JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.2022-02-257.5CVE-2022-24340
MISC
MISC
jetbrains -- youtrackJetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.2022-02-257.5CVE-2022-24442
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- airflowIt was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.2022-02-254.3CVE-2021-45229
MISC
apache -- airflowIn Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.2022-02-256.5CVE-2022-24288
MISC
apache -- jspwikiApache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later.2022-02-256.8CVE-2022-24947
MISC
MLIST
apache -- jspwikiA carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.2 or later.2022-02-254.3CVE-2022-24948
MISC
MLIST
dolibarr -- dolibarrBusiness Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0.2022-02-254CVE-2022-0746
CONFIRM
MISC
hashicorp -- terraform_enterpriseHashiCorp Terraform Enterprise before 202202-1 inserts Sensitive Information into a Log File.2022-02-255CVE-2022-25374
MISC
MISC
jetbrains -- hubIn JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions.2022-02-255CVE-2022-24327
MISC
MISC
jetbrains -- hubIn JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS.2022-02-254CVE-2022-24328
MISC
MISC
jetbrains -- hubJetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.2022-02-254.3CVE-2022-25259
MISC
MISC
jetbrains -- intellij_ideaIn JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible.2022-02-254.6CVE-2022-24345
MISC
MISC
jetbrains -- intellij_ideaIn JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible.2022-02-254.6CVE-2022-24346
MISC
MISC
jetbrains -- kotlinIn JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.2022-02-255CVE-2022-24329
MISC
MISC
jetbrains -- teamcityIn JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.2022-02-254CVE-2022-24337
MISC
MISC
jetbrains -- teamcityIn JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.2022-02-254CVE-2022-24333
MISC
MISC
jetbrains -- teamcityJetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.2022-02-256.8CVE-2022-24335
MISC
MISC
jetbrains -- teamcityJetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.2022-02-254.3CVE-2022-24338
MISC
MISC
jetbrains -- teamcityIn JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.2022-02-256.8CVE-2022-24342
MISC
MISC
jetbrains -- teamcityIn JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.2022-02-255CVE-2022-24341
MISC
MISC
jetbrains -- teamcityIn JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.2022-02-255CVE-2022-24336
MISC
MISC
jetbrains -- teamcityIn JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.2022-02-255CVE-2022-24334
MISC
MISC
jetbrains -- teamcityIn JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.2022-02-255CVE-2022-24332
MISC
MISC
jetbrains -- teamcityIn JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.2022-02-255.8CVE-2022-24330
MISC
MISC
jetbrains -- youtrackIn JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.2022-02-254CVE-2022-24343
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
eyesofnetwork -- eyesofnetworkAn authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS.2022-02-253.5CVE-2022-24612
MISC
google -- fscryptfscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable.2022-02-252.1CVE-2022-25326
CONFIRM
ibm -- viosIBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the smbcd daemon to cause a denial of service. IBM X-Force ID: 212962.2022-02-252.1CVE-2021-38993
XF
CONFIRM
jetbrains -- teamcityJetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.2022-02-253.5CVE-2022-24339
MISC
MISC
jetbrains -- youtrackJetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.2022-02-253.5CVE-2022-24344
MISC
MISC
jetbrains -- youtrackJetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.2022-02-253.5CVE-2022-24347
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info

15zine -- 15zine

The 15Zine WordPress theme before 3.3.0 does not sanitise and escape the cbi parameter before outputing it back in the response via the cb_s_a AJAX action, leading to a Reflected Cross-Site Scripting2022-02-28not yet calculatedCVE-2020-36510
MISC
academy_software_foundation -- openexrA flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.2022-03-04not yet calculatedCVE-2021-20303
MISC
MISC
MISC
academy_software_foundation -- openexrA flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability.2022-03-04not yet calculatedCVE-2021-20302
MISC
MISC
MISC
academy_software_foundation -- openexr
 
A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability.2022-03-04not yet calculatedCVE-2021-20300
MISC
MISC
MISC
air_cargo_management_system -- air_cargo_management_system
 
Air Cargo Management System v1.0 was discovered to contain a SQL injection vulnerability via the ref_code parameter.2022-03-02not yet calculatedCVE-2022-26169
MISC
alfresco -- alfresco_community_edition
 
Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.22022-03-04not yet calculatedCVE-2020-18327
MISC
MISC
algorithmia -- msol
 
A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October 10 2021 of SaaS. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new, specially crafted Algorithm and subsequently launch remote code execution with their desired result.2022-03-01not yet calculatedCVE-2021-42951
MISC
MISC
ametys -- cms
 
The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages), which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords.2022-02-28not yet calculatedCVE-2022-26159
MISC
MISC
MISC
ansible -- ansible_engineA flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.2022-03-03not yet calculatedCVE-2021-3620
MISC
MISC
MISC
any23 -- any23
 
An XML external entity (XXE) injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions < 2.7. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Any23 2.7.2022-03-05not yet calculatedCVE-2022-25312
MISC
MLIST
apache -- poi
 
A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to poi-scratchpad 5.2.1.2022-03-04not yet calculatedCVE-2022-26336
CONFIRM
archeevo -- archeevo
 
Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacker to retrieve local files.2022-03-01not yet calculatedCVE-2022-23377
MISC
argus -- surveillance_dvr
 
Argus Surveillance DVR v4.0 employs weak password encryption.2022-03-01not yet calculatedCVE-2022-25012
MISC
MISC
arm -- arm
 
An Arm product family through 2022-01-03 has an Exposed Dangerous Method or Function.2022-03-03not yet calculatedCVE-2022-22706
MISC
MISC
arm -- astenc
 
ARM astcenc 3.2.0 is vulnerable to Buffer Overflow in function encode_ise().2022-02-28not yet calculatedCVE-2021-44331
MISC
arm -- astenc
 
ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the compression function of the astc-encoder project with -cl option was used, a stack-buffer-overflow occurred in function encode_ise() in function compress_symbolic_block_for_partition_2planes() in "/Source/astcenc_compress_symbolic.cpp".2022-02-28not yet calculatedCVE-2021-43086
MISC
aruba -- aos-cx
 
Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities.2022-03-02not yet calculatedCVE-2021-41000
MISC
aruba -- aos-cx
 
An authenticated remote code execution vulnerability was discovered in the AOS-CX Network Analytics Engine (NAE) in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability.2022-03-02not yet calculatedCVE-2021-41001
MISC
aruba -- aos-cx
 
Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities.2022-03-02not yet calculatedCVE-2021-41003
MISC
aruba -- aos-cx
 
Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities.2022-03-02not yet calculatedCVE-2021-41002
MISC
asgaros_forum -- asgaros_forum
 
The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated user), leading to a SQL injection2022-02-28not yet calculatedCVE-2022-0411
MISC
CONFIRM
atlassian -- jira_server
 
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are before version 8.20.3.2022-02-28not yet calculatedCVE-2021-43945
MISC
audio_file -- audio_file
 
Audio File commit 004065d was discovered to contain a heap-buffer overflow in the function fouBytesToInt():AudioFile.h.2022-02-28not yet calculatedCVE-2022-25023
MISC
auto_spare_parts_management -- auto_spare_parts_management
 
Auto Spare Parts Management v1.0 was discovered to contain a SQL injection vulnerability via the user parameter.2022-03-02not yet calculatedCVE-2022-25398
MISC
axelor -- open_suiteAxelor Open Suite v5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Name parameter.2022-03-03not yet calculatedCVE-2022-25138
MISC
MISC
aya -- ayacms
 
AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php,2022-03-01not yet calculatedCVE-2021-44238
MISC
bank_management_system -- bank_management_system
 
Bank Management System v1.o was discovered to contain a SQL injection vulnerability via the email parameter.2022-03-02not yet calculatedCVE-2022-26171
MISC
basebmpsupportlib -- basebmpsupportlibHeap Overflow in BaseBmpSupportLib.2022-03-03not yet calculatedCVE-2021-38577
MISC
batflat-- cms
 
Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database.2022-03-01not yet calculatedCVE-2021-41652
MISC
MISC
big_fix_compliance -- big_fix_compliance
 
"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."2022-03-04not yet calculatedCVE-2021-27756
MISC
big_fix_insights -- big_fix_insights
 
"Insecure password storage issue. The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere. Since the information is stored in cleartext, attackers could potentially read it and gain access to sensitive information."2022-03-04not yet calculatedCVE-2021-27757
MISC
bluez -- bluetoothd
 
bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers.2022-03-02not yet calculatedCVE-2021-3658
MISC
MISC
MISC
MISC
buildah -- buildah
 
An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials).2022-03-03not yet calculatedCVE-2021-3602
MISC
MISC
MISC
MISC
cacti -- cacti
 
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.2022-03-03not yet calculatedCVE-2022-0730
MISC
car_driving_school_management_system -- car_driving_school_management_system

 

Car Driving School Management System v1.0 is affected by Cross Site Scripting (XSS) in the User Enrollment Form (Username Field). To exploit this Vulnerability, an admin views the registered user details.2022-02-28not yet calculatedCVE-2022-24572
MISC
car_driving_school_management_system -- car_driving_school_management_system
 
Car Driving School Management System v1.0 is affected by SQL injection in the login page. An attacker can use simple SQL login injection payload to get admin access.2022-02-28not yet calculatedCVE-2022-24571
MISC
MISC
MISC
cedar_gate -- ez-net
 
The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability.2022-03-04not yet calculatedCVE-2022-23397
MISC
cherwell -- cherwell service_managementAn issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body.2022-02-28not yet calculatedCVE-2022-26155
MISC
MISC
cherwell -- cherwell service_management
 
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.NET_Sessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels.2022-02-28not yet calculatedCVE-2022-26157
MISC
MISC
cherwell -- cherwell service_management
 
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page.2022-02-28not yet calculatedCVE-2022-26158
MISC
MISC
cherwell -- cherwell service_management
 
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places user-supplied input into the action URL of an HTML form. An attacker can use this vulnerability to construct a URL that, if visited by another application user, will modify the action URL of a form to point to the attacker's server.2022-02-28not yet calculatedCVE-2022-26156
MISC
MISC
cipi -- cipi
 
Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field.2022-03-01not yet calculatedCVE-2022-26332
MISC
MISC
clair -- claircore
 
A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution.2022-03-03not yet calculatedCVE-2021-3762
MISC
MISC
MISC
MISC
MISC
MISC
cmark-grm -- cmark-gfm
 
cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered.2022-03-03not yet calculatedCVE-2022-24724
CONFIRM
cms_made_simple -- cms_made_simple
 
CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file.2022-02-28not yet calculatedCVE-2022-23906
MISC
cms_made_simple -- cms_made_simple
 
CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage.2022-02-28not yet calculatedCVE-2022-23907
MISC
codeigniter4 -- codeigniter4
 
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerability.2022-02-28not yet calculatedCVE-2022-24711
MISC
CONFIRM
codeigniter4 -- codeigniter4
 
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Forgery (CSRF) protection mechanism. Users should upgrade to version 4.1.9. There are workarounds for this vulnerability, but users will still need to code as these after upgrading to v4.1.9. Otherwise, the CSRF protection may be bypassed. If auto-routing is enabled, check the request method in the controller method before processing. If auto-routing is disabled, either avoid using `$routes->add()` and instead use HTTP verbs in routes; or check the request method in the controller method before processing.2022-02-28not yet calculatedCVE-2022-24712
MISC
CONFIRM
contact_forms-drag_and_drop_contact_form_builder -- contact_forms-drag_and_drop_contact_form_builder
 
The Contact Forms - Drag & Drop Contact Form Builder WordPress plugin through 1.0.5 allows high privilege users to download arbitrary files from the web server via a path traversal attack2022-02-28not yet calculatedCVE-2021-24689
MISC
contaierd -- containerd
 
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.2022-03-03not yet calculatedCVE-2022-23648
CONFIRM
MISC
MISC
MISC
MISC
core_tweaks_wp_setup -- core_tweaks_wp_setup
 
The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-set many settings in WordPress, including the admin email, as well as creating a new admin account. There is no CSRF protection in place, allowing an attacker to arbitrary change the admin email or create another admin account and takeover the website via CSRF attacks2022-02-28not yet calculatedCVE-2021-24803
MISC
coreos-installer -- coreos-installer
 
An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data, and achieve full access to the node being installed.2022-03-04not yet calculatedCVE-2021-20319
MISC
MISC
MISC
cosmetics_and_beauty_product_online_store -- cosmetics_and_beauty_product_online_store
 
Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross-site scripting (XSS) attacks via the search parameter under the /cbpos/ app.2022-03-02not yet calculatedCVE-2022-25395
MISC
cosmetics_and_beauty_product_online_store -- cosmetics_and_beauty_product_online_store
 
Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter.2022-03-02not yet calculatedCVE-2022-25396
MISC
cost _calculator -- cost_calculator
 
The Cost Calculator WordPress plugin through 1.6 allows authenticated users (Contributor+ in versions < 1.5, and Admin+ in versions <= 1.6) to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout2022-02-28not yet calculatedCVE-2021-24820
MISC
crazy_bone -- crazy_bone
 
The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and escape the username submitted via the login from when displaying them back in the log dashboard, leading to an unauthenticated Stored Cross-Site scripting2022-02-28not yet calculatedCVE-2022-0385
MISC
customize -- customize
 
The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes (finding the first letter, then the second one, then the third one etc.).2022-02-28not yet calculatedCVE-2022-0345
MISC
cyberark -- identity
 
CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant.2022-03-03not yet calculatedCVE-2022-22700
MISC
MISC
d-link -- dap-1620
 
Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].2022-03-04not yet calculatedCVE-2021-46381
MISC
MISC
d-link -- dir-859
 
D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.2022-03-04not yet calculatedCVE-2022-25106
MISC
MISC
MISC
datarobot -- datarobot
 
A Remote Code Execution (RCE) vulnerability exists in DataRobot through 2021-10-28 because it allows submission of a Docker environment or Java driver.2022-02-28not yet calculatedCVE-2021-45414
MISC
dell -- emc_enterprise_storage_analytics_for_vrealize_operations
 
Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.2022-03-04not yet calculatedCVE-2021-43590
MISC
devolutions -- password_hub_for_ios
 
The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access the application because of authentication bypass. An attacker must rapidly make failed biometric authentication attempts.2022-03-03not yet calculatedCVE-2022-23849
MISC
MISC
dlink -- dir-x1860
 
An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote unauthenticated attacker to send a specially crafted HTTP request and gain knowledge of different absolute paths that are being used by the web application.2022-03-04not yet calculatedCVE-2021-46353
MISC
MISC
dlink -- dir850_et850-1.08trb03
 
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site.2022-03-04not yet calculatedCVE-2021-46379
MISC
MISC
dlink -- dir850_et850-1.08trb03
 
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download.2022-03-04not yet calculatedCVE-2021-46378
MISC
MISC
dolibarr -- dolibarr
 
Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1.2022-03-02not yet calculatedCVE-2022-0819
MISC
CONFIRM
dropbox -- lepton
 
Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligned_dealloc():src/lepton/bitops.cc:108.2022-02-28not yet calculatedCVE-2022-26181
MISC
MISC
MISC
dynamic_widgets -- dynamic_widgets
 
The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the term_tree AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting issue2022-02-28not yet calculatedCVE-2021-24933
MISC
easy_drag_and_drop_all_import -- easy_drag_and_drop_all_import
 
The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting issues2022-02-28not yet calculatedCVE-2022-0360
MISC
CONFIRM
editabletable -- editabletable
 
The EditableTable WordPress plugin through 0.1.4 does not sanitise and escape any of the Table and Column fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed2022-02-28not yet calculatedCVE-2021-24898
MISC
elasticsearch -- elasticsearch
 
A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s browser.2022-03-03not yet calculatedCVE-2022-23710
MISC
elastisearch -- elastisearch
 
A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index.2022-03-03not yet calculatedCVE-2022-23708
MISC
element-it -- http_commander
 
A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field.2022-03-03not yet calculatedCVE-2022-24573
MISC
MISC
espruino -- espruino
 
Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString.2022-03-05not yet calculatedCVE-2022-25044
MISC
MISC
espruno -- espruno
 
Espruino 2v11 release was discovered to contain a stack buffer overflow via src/jsvar.c in jsvGetNextSibling.2022-03-05not yet calculatedCVE-2022-25465
MISC
event_managemnt -- event_managementEvent Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the full_name parameter under register.php.2022-03-02not yet calculatedCVE-2022-25114
MISC
excel_streaming_reader -- excel_streaming_reader
 
Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no known workaround.2022-03-02not yet calculatedCVE-2022-23640
CONFIRM
MISC
extensis -- portfolio
 
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet.2022-03-01not yet calculatedCVE-2022-24253
MISC
MISC
MISC
extensis -- portfolio
 
An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file.2022-03-01not yet calculatedCVE-2022-24254
MISC
MISC
MISC
MISC
extensis -- portfolio
 
An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file.2022-03-01not yet calculatedCVE-2022-24252
MISC
MISC
MISC
extensis -- portfolio
 
Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges.2022-03-01not yet calculatedCVE-2022-24255
MISC
MISC
MISC
extensis -- portfolio
 
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function.2022-03-01not yet calculatedCVE-2022-24251
MISC
MISC
MISC
f-secure -- f-secure
 
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine.2022-03-01not yet calculatedCVE-2021-44747
MISC
finastra -- ssr-pagesssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the `svg` property as an argument to the `build(MessagePageOptions)` function. While there is no known workaround at this time, there is a patch in version 0.1.4.2022-03-01not yet calculatedCVE-2022-24718
MISC
MISC
CONFIRM
finastra -- ssr-pages
 
ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.5, a cross site scripting (XSS) issue can occur when providing untrusted input to the `redirect.link` property as an argument to the `build(MessagePageOptions)` function. While there is no known workaround at this time, there is a patch in version 0.1.5.2022-03-01not yet calculatedCVE-2022-24717
MISC
MISC
MISC
CONFIRM
fluture-js -- fluture-node
 
Fluture-Node is a FP-style HTTP and streaming utils for Node based on Fluture. Using `followRedirects` or `followRedirectsWith` with any of the redirection strategies built into fluture-node 4.0.0 or 4.0.1, paired with a request that includes confidential headers such as Authorization or Cookie, exposes you to a vulnerability where, if the destination server were to redirect the request to a server on a third-party domain, or the same domain over unencrypted HTTP, the headers would be included in the follow-up request and be exposed to the third party, or potential http traffic sniffing. The redirection strategies made available in version 4.0.2 automatically redact confidential headers when a redirect is followed across to another origin. A workaround has been identified by using a custom redirection strategy via the `followRedirectsWith` function. The custom strategy can be based on the new strategies available in fluture-node@4.0.2.2022-03-01not yet calculatedCVE-2022-24719
MISC
MISC
MISC
CONFIRM
fortinet -- fortianalyzerA improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user.2022-03-01not yet calculatedCVE-2022-22300
CONFIRM
fortinet -- fortiap-c
 
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments.2022-03-02not yet calculatedCVE-2022-22301
CONFIRM
fortinet -- fortigate
 
A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets.2022-03-01not yet calculatedCVE-2020-15936
CONFIRM
fortinet -- fortimail
 
An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests.2022-03-01not yet calculatedCVE-2021-32586
CONFIRM
fortinet -- fortimail
 
An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties.2022-03-01not yet calculatedCVE-2021-36166
CONFIRM
fortinet -- fortimanager
 
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file.2022-03-02not yet calculatedCVE-2022-22303
CONFIRM
fortinet -- fortiportal
 
The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame.2022-03-01not yet calculatedCVE-2021-36171
CONFIRM
fortinet -- fortitoken_mobile
 
An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the legitimate user.2022-03-02not yet calculatedCVE-2021-44166
CONFIRM
fortinet -- fortiwlm
 
Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.2022-03-02not yet calculatedCVE-2021-43070
CONFIRM
fortinet -- fortiwlm
 
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the alarm dashboard and controller config handlers.2022-03-01not yet calculatedCVE-2021-43075
CONFIRM
fortinet -- fortiwlm
 
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP monitor handlers.2022-03-01not yet calculatedCVE-2021-43077
CONFIRM
frrouting -- frroutingBuffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c.2022-03-03not yet calculatedCVE-2022-26125
MISC
frrouting -- frroutingA buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c.2022-03-03not yet calculatedCVE-2022-26127
MISC
frrouting -- frroutingA buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c.2022-03-03not yet calculatedCVE-2022-26128
MISC
frrouting -- frroutingBuffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c.2022-03-03not yet calculatedCVE-2022-26126
MISC
frrouting -- frrouting
 
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/message.c.2022-03-03not yet calculatedCVE-2022-26129
MISC
fulifilm -- docucenter-vi
 
A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that obtained access to the administrative web interface of a printer (e.g., by using the default credentials) can download the address book file, which contains the list of users (domain users, FTP users, etc.) stored on the printer, together with their encrypted passwords. The passwords are protected by a weak cipher, such as ROT13, which requires minimal effort to instantly retrieve the original password, giving the attacker a list of valid domain or FTP usernames and passwords.2022-03-03not yet calculatedCVE-2021-43774
MISC
MISC
genixcms -- genixcms
 
In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the intro_title and intro_image parameters.2022-03-03not yet calculatedCVE-2022-24563
MISC
MISC
MISC
getgrav -- grav
 
Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31.2022-02-28not yet calculatedCVE-2022-0743
MISC
CONFIRM
go-ethereum -- go-ethereum
 
A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a victim node's memory pool, causing a denial of service (DoS).2022-03-04not yet calculatedCVE-2022-23327
MISC
MISC
MISC
MISC
go-ethereum -- go-ethereum
 
A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a victim Geth node, which can purge all of pending transactions in a victim node's memory pool and then occupy the memory pool to prevent new transactions from entering the pool, resulting in a denial of service (DoS).2022-03-04not yet calculatedCVE-2022-23328
MISC
MISC
MISC
MISC
golang -- go
 
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.2022-03-05not yet calculatedCVE-2022-24921
CONFIRM
grand_flagallery -- grand_flagallery
 
The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise and escape some of its gallery settings, which could allow high privilege users to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed.2022-02-28not yet calculatedCVE-2021-24903
MISC
grcp -- grcp
 
qrcp through 0.8.4, in receive mode, allows ../ Directory Traversal via the file name specified by the uploader.2022-02-28not yet calculatedCVE-2022-26315
MISC
hakimel -- revealjs
 
Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0.2022-03-01not yet calculatedCVE-2022-0776
MISC
CONFIRM
haproxy -- haproxy
 
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.2022-03-02not yet calculatedCVE-2022-0711
MISC
MISC
MISC
hashicorp -- nomad
 
HashiCorp Nomad and Nomad Enterprise 1.x before 1.0.17, 1.1.x before 1.1.12, and 1.2.x before 1.2.6 has Uncontrolled Resource Consumption.2022-02-28not yet calculatedCVE-2022-24685
MISC
MISC
hazelcast -- hazelcast
 
Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast prior to 5.1.2022-03-03not yet calculatedCVE-2022-0265
MISC
CONFIRM
hestiacp -- hestiacp
 
Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9.2022-03-04not yet calculatedCVE-2022-0752
MISC
CONFIRM
hestiacp -- hestiacp
 
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10.2022-03-04not yet calculatedCVE-2022-0838
MISC
CONFIRM
hestiacp -- hestiacp
 
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9.2022-03-03not yet calculatedCVE-2022-0753
MISC
CONFIRM
hicos -- hicos
 
Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary system command, disrupt system or terminate service.2022-03-01not yet calculatedCVE-2020-12775
MISC
MISC
home_owners_collection_management_system -- home_owners_collection_management_system
 
Home Owners Collection Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the collected_by parameter under the List of Collections module.2022-02-28not yet calculatedCVE-2022-25028
MISC
home_owners_collection_management_system -- home_owners_collection_management_system
 
Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.2022-03-02not yet calculatedCVE-2022-25045
MISC
MISC
home_owners_collection_management_system -- home_owners_collection_management_system
 
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter under /admin/?page=members/view_member&id=2.2022-02-28not yet calculatedCVE-2022-25029
MISC
home_owners_collection_management_system -- home_owners_collection_management_system
 
A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via a crafted PNG file.2022-03-02not yet calculatedCVE-2022-25115
MISC
home_owners_collection_management_system -- home_owners_collection_management_system
 
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php.2022-02-26not yet calculatedCVE-2022-25096
MISC
MISC
MISC
home_owners_collection_management_system -- home_owners_collection_management_system
 
Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.2022-03-02not yet calculatedCVE-2022-25016
MISC
hospital_management_system -- hospital_management_system
 
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php.2022-02-28not yet calculatedCVE-2022-25409
MISC
hospital_management_system -- hospital_management_system
 
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php.2022-02-28not yet calculatedCVE-2022-25408
MISC
hospital_management_system -- hospital_management_system
 
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php.2022-02-28not yet calculatedCVE-2022-25407
MISC
hoteldruid -- hoteldruid
 
HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module.2022-03-03not yet calculatedCVE-2022-22909
MISC
MISC
hp -- hp
 
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.2022-03-02not yet calculatedCVE-2022-23953
MISC
hp -- hp
 
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.2022-03-02not yet calculatedCVE-2022-23958
MISC
hp -- hp
 
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.2022-03-02not yet calculatedCVE-2022-23957
MISC
hp -- hp
 
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.2022-03-02not yet calculatedCVE-2022-23956
MISC
hp -- hp
 
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.2022-03-02not yet calculatedCVE-2022-23955
MISC
hp -- hp
 
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.2022-03-02not yet calculatedCVE-2022-23954
MISC
htmldoc -- htmldoc
 
A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service.2022-03-03not yet calculatedCVE-2021-26259
MISC
MISC
htmldoc -- htmldoc
 
A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in file_extension(),in file.c may lead to execute arbitrary code and denial of service.2022-03-02not yet calculatedCVE-2021-23180
MISC
MISC
MISC
MISC
htmldoc -- htmldoc
 
A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parse_table() in ps-pdf.cxx may lead to execute arbitrary code and denial of service.2022-03-02not yet calculatedCVE-2021-23206
MISC
MISC
MISC
MISC
htmldoc -- htmldoc
 
Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file.2022-03-03not yet calculatedCVE-2021-26948
MISC
htmldoc -- htmldoc
 
A security issue was found in htmldoc v1.9.12 and before. A NULL pointer dereference in the function image_load_jpeg() in image.cxx may result in denial of service.2022-03-02not yet calculatedCVE-2021-23191
MISC
MISC
MISC
MISC
htmly -- htmly
 
A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post.2022-03-01not yet calculatedCVE-2022-25022
MISC
MISC
MISC
MISC
MISC
ibm -- aix
 
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. IBM X-Force ID: 211825.2022-03-01not yet calculatedCVE-2021-38955
CONFIRM
XF
ibm -- aix
 
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 220394.2022-03-02not yet calculatedCVE-2022-22350
XF
CONFIRM
ibm -- aix
 
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213076.2022-03-02not yet calculatedCVE-2021-38996
CONFIRM
XF
ibm -- mq_appliance
 
IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942.2022-03-01not yet calculatedCVE-2021-38986
XF
CONFIRM
ibm -- mq_appliance
 
IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368.2022-03-01not yet calculatedCVE-2022-22321
XF
CONFIRM
ice -- hrmIce Hrm 30.0.0.OS was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "m" parameter in the Dashboard of the current user. This vulnerability allows attackers to compromise session credentials via user interaction with a crafted link.2022-02-28not yet calculatedCVE-2022-25014
MISC
ice -- hrmA stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS allows attackers to steal cookies via a crafted payload inserted into the First Name field.2022-02-28not yet calculatedCVE-2022-25015
MISC
ice -- hrm
 
Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the "key" and "fm" parameters in the component login.php.2022-02-28not yet calculatedCVE-2022-25013
MISC
icl -- scadaflex_ii_scada_controller
 
On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files.2022-02-26not yet calculatedCVE-2022-25359
MISC
MISC
imagemagick_graphicsMagick -- imagemagick_graphicsMagick
 
image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply` method from image_processing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is called internally by Active Storage variants, so Active Storage is vulnerable as well. The vulnerability has been fixed in version 1.12.2 of image_processing. As a workaround, users who process based on user input should always sanitize the user input by allowing only a constrained set of operations.2022-03-01not yet calculatedCVE-2022-24720
MISC
CONFIRM
incapptic -- connect
 
A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3.2022-03-04not yet calculatedCVE-2022-21828
MISC
jfrog -- artifactory
 
JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session.2022-03-02not yet calculatedCVE-2021-45074
MISC
MISC
jfrog -- artifactory
 
JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.2022-03-02not yet calculatedCVE-2021-46270
MISC
MISC
jquery_cookie -- jquery_cookie
 
jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting (XSS).2022-03-02not yet calculatedCVE-2022-23395
MISC
kde -- kcron
 
KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands.2022-02-26not yet calculatedCVE-2022-24986
MISC
MISC
kibana -- kibana
 
A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this privilege could not modify alerting connectors. This effectively means that Read users could disable existing alerting rules.2022-03-03not yet calculatedCVE-2022-23709
MISC
learnpress -- learnpress
 
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this vulnerability in order to rename an arbitrary image file. By doing this, they could destroy the design of the web site.2022-02-28not yet calculatedCVE-2022-0377
MISC
MISC
MISC
lg -- devices
 
When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010.2022-03-04not yet calculatedCVE-2022-23729
MISC
librenms -- librenms
 
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.2.2.2022-02-27not yet calculatedCVE-2022-0772
CONFIRM
MISC
libslic -- libslic
 
A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. Specially crafted stl files can exhaust available memory. An attacker can provide malicious files to trigger this vulnerability.2022-03-01not yet calculatedCVE-2021-44961
MISC
MISC
MISC
libslic -- libslic
 
An out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially crafted stl file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.2022-03-01not yet calculatedCVE-2021-44962
MISC
MISC
MISC
libtpms -- libtpms
 
A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability.2022-03-02not yet calculatedCVE-2021-3623
MISC
MISC
MISC
MISC
MISC
libvirt -- libvirt
 
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.2022-03-02not yet calculatedCVE-2021-3631
MISC
MISC
MISC
MISC
libvirt -- libvirt
 
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.2022-03-02not yet calculatedCVE-2021-3667
MISC
MISC
MISC
libxml2 -- libxml2
 
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.2022-02-26not yet calculatedCVE-2022-23308
MISC
CONFIRM
liferay -- portal
 
Liferay Portal v7.3.6 and below and Liferay DXP v7.3 and below were discovered to contain a cross-site scripting (XSS) vulnerability via the _com_liferay_asset_list_web_portlet_AssetListPortlet_title parameter.2022-03-03not yet calculatedCVE-2021-38265
MISC
MISC
liferay -- portal
 
Liferay Portal through v7.3.6 and Liferay DXP through v7.3 were discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Blog Entry function under the Blog module.2022-03-03not yet calculatedCVE-2021-38267
MISC
MISC
liferay -- portal
 
The Remote App module in Liferay Portal through v7.4.3.8 and Liferay DXP through v7.4 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message.2022-03-03not yet calculatedCVE-2022-25146
MISC
MISC
MISC
liferay -- portal
 
Liferay Portal v7.3.2 and below and Liferay DXP v7.0 and below were discovered to contain a cross-site scripting (XSS) vulnerability via the script console under the Server module.2022-03-03not yet calculatedCVE-2021-38263
MISC
MISC
liferay -- portal
 
Liferay Portal through v7.2.1 and Liferay DXP through v7.2 does not correctly import users from LDAP, allowing remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exists in LDAP.2022-03-02not yet calculatedCVE-2021-38266
MISC
MISC
liferay -- portal
 
The Dynamic Data Mapping module in Liferay Portal through v7.3.6 and Liferay DXP through v7.3 incorrectly sets default permissions for site members, allowing authenticated attackers to add and duplicate forms via the UI or the API.2022-03-02not yet calculatedCVE-2021-38268
MISC
MISC
liferay-- portal
 
Liferay Portal v7.4.1 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the keywords parameter under the Frontend Taglib module.2022-03-03not yet calculatedCVE-2021-38264
MISC
MISC
liferay-- portal
 
Liferay Portal through v7.4.0 and Liferay DXP through v7.1 were discovered to contain a cross-site scripting (XSS) vulnerability via the Gogo Shell module.2022-03-03not yet calculatedCVE-2021-38269
MISC
MISC
linux -- linux_kernal
 
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.2022-03-03not yet calculatedCVE-2022-0492
MISC
MISC
linux -- linux_kernel.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.2022-03-03not yet calculatedCVE-2021-3609
MISC
MISC
MISC
MISC
linux -- linux_kernel
 
A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat.2022-03-04not yet calculatedCVE-2021-3428
MISC
MISC
MISC
linux -- linux_kernel
 
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.2022-03-03not yet calculatedCVE-2021-4002
MISC
MISC
MISC
MISC
linux -- linux_kernel
 
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.2022-02-26not yet calculatedCVE-2020-36516
MISC
linux -- linux_kernel
 
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.2022-03-03not yet calculatedCVE-2021-3640
MISC
MISC
MISC
MISC
MISC
linux -- linux_kernel
 
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.2022-03-04not yet calculatedCVE-2021-3744
MISC
MISC
MISC
MISC
linux -- linux_kernel
 
A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.2022-03-02not yet calculatedCVE-2021-3715
MISC
MISC
MISC
MISC
linux -- linux_kernel
 
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.2022-03-04not yet calculatedCVE-2021-3743
MISC
MISC
MISC
MISC
MISC
MISC
linux -- sctp_stack
 
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.2022-03-02not yet calculatedCVE-2021-3772
MISC
MISC
MISC
MISC
liquibase -- liquibase
 
Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0.2022-03-04not yet calculatedCVE-2022-0839
MISC
CONFIRM
ljharb -- npm-lockfile
 
OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4.2022-03-03not yet calculatedCVE-2022-0841
MISC
CONFIRM
logo_showcase_with_slick_slider -- logo_showcase_with_slick_slider
 
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswss_save_attachment_data AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media.2022-02-28not yet calculatedCVE-2021-24730
MISC
logo_showcase_with_slick_slider -- logo_showcase_with_slick_slider
 
The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does not have CSRF check in the lswss_save_attachment_data AJAX action, allowing attackers to make a logged in high privilege user, change title, description, alt text, and URL of arbitrary uploaded media.2022-02-28not yet calculatedCVE-2021-24913
MISC
CONFIRM
maps_plugin_using_google_maps -- maps_plugin_using_google_maps
 
The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin's settings via a CSRF attack2022-02-28not yet calculatedCVE-2021-25081
MISC
CONFIRM
maps_plugin_using_google_maps -- maps_plugin_using_google_maps
 
The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin's settings.2022-02-28not yet calculatedCVE-2021-25011
MISC
CONFIRM
mark_text -- mark_text
 
Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into /lib/contentState/pasteCtrl.js.2022-03-05not yet calculatedCVE-2022-25069
MISC
MISC
maxsite_cms -- maxsite_cms
 
A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file.2022-02-28not yet calculatedCVE-2022-25411
MISC
maxsite_cms -- maxsite_cms
 
Maxsite CMS v180 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_file_description at /admin/files.2022-02-28not yet calculatedCVE-2022-25410
MISC
maxsite_cms -- maxsite_cms
 
Maxsite CMS v180 was discovered to contain multiple arbitrary file deletion vulnerabilities in /admin_page/all-files-update-ajax.php via the dir and deletefile parameters.2022-02-28not yet calculatedCVE-2022-25412
MISC
maxsite_cms -- maxsite_cms
 
Maxsite CMS v108 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_tags at /admin/page_edit/3.2022-02-28not yet calculatedCVE-2022-25413
MISC
mcms -- mcms
 
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java.2022-03-03not yet calculatedCVE-2022-23899
MISC
mcms -- mcms
 
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS.2022-03-04not yet calculatedCVE-2021-46384
MISC
mcms -- mcms
 
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml.2022-03-03not yet calculatedCVE-2022-23898
MISC
mcms -- mcms
 
MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp.2022-03-03not yet calculatedCVE-2022-25125
MISC
medical_store_management_system -- medical_store_management_system
 
Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php.2022-03-02not yet calculatedCVE-2022-25394
MISC
microweber -- microweber
 
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3.2022-03-01not yet calculatedCVE-2022-0777
CONFIRM
MISC
microweber -- microweber
 
Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to 0.0.4.2022-03-04not yet calculatedCVE-2022-0855
MISC
CONFIRM
microweber -- microweber
 
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11.2022-02-26not yet calculatedCVE-2022-0723
MISC
CONFIRM
microweber -- microweber
 
Business Logic Errors in GitHub repository microweber/microweber prior to 1.3.2022-02-26not yet calculatedCVE-2022-0762
MISC
CONFIRM
microweber -- microweber
 
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2022-02-26not yet calculatedCVE-2022-0763
CONFIRM
MISC
migration,_backup,_staging  -- migration,_backup,_staging
 
The Migration, Backup, Staging WordPress plugin before 0.9.69 does not have authorisation when adding remote storages, and does not sanitise as well as escape a parameter from such unauthenticated requests before outputting it in admin page, leading to a Stored Cross-Site Scripting issue2022-02-28not yet calculatedCVE-2021-24994
MISC
mikrotik -- routeros
 
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests.2022-02-28not yet calculatedCVE-2020-22845
MISC
MISC
mikrotik -- routeros
 
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests.2022-02-28not yet calculatedCVE-2020-22844
MISC
MISC
mini-inventory-and-sales-management-system -- mini-inventory-and-sales-management-system
 
Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF), where an attacker can update/delete items in the inventory. The attacker must be logged into the application create a malicious file for updating the inventory details and items.2022-03-04not yet calculatedCVE-2021-44321
MISC
MISC
modx -- revolutionMODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator.2022-02-26not yet calculatedCVE-2022-26149
MISC
nbdkit -- nbdkit
 
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.2022-03-02not yet calculatedCVE-2021-3716
MISC
MISC
MISC
MISC
MISC
neo4j_graph -- neo4j_graph
 
A directory traversal vulnerability in the Apoc plugins in Neo4J Graph database 4.0.0 through 4.3.6 allows attackers to read local files.2022-03-01not yet calculatedCVE-2021-42767
MISC
MISC
netgear -- wac120_ac
 
Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking.2022-03-04not yet calculatedCVE-2021-46382
MISC
MISC
obyte_wallet -- obyte_wallet
 
Obyte (formerly Byteball) Wallet before 3.4.1 allows XSS. A crafted chat message can lead to remote code execution.2022-02-28not yet calculatedCVE-2022-25642
MISC
MISC
MISC
ohio_supercomputer_center_open -- ondemand
 
The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template.2022-02-26not yet calculatedCVE-2020-27958
MISC
CONFIRM
MISC
ok-file-fomats -- ok-file-fomats
 
David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_read_data() in "/ok_png.c".2022-03-03not yet calculatedCVE-2021-44343
MISC
ok-file-fomats -- ok-file-fomats
 
David Brackeen ok-file-formats 97f78ca is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurs in function ok_jpg_convert_YCbCr_to_RGB() in "/ok_jpg.c:513" .2022-02-28not yet calculatedCVE-2021-44334
MISC
ok-file-fomats -- ok-file-fomats
 
David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurs in function ok_png_transform_scanline() in "/ok_png.c:533".2022-03-03not yet calculatedCVE-2021-44335
MISC
ok-file-fomats -- ok-file-fomats
 
David Brackeen ok-file-formats dev version is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_jpg_generate_huffman_table() in -fi"/ok_jpg.c:403".2022-02-28not yet calculatedCVE-2021-44340
MISC
ok-file-fomats -- ok-file-fomats
 
David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_transform_scanline() in "/ok_png.c:712".2022-02-28not yet calculatedCVE-2021-44339
MISC
ok-file-fomats -- ok-file-fomats
 
David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow via function ok_png_transform_scanline() in "/ok_png.c:494".2022-02-28not yet calculatedCVE-2021-44342
MISC
openemr-- openemr
 
An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register.2022-03-03not yet calculatedCVE-2022-25471
MISC
MISC
MISC
openjpeg -- openjpeg
 
A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.2022-03-04not yet calculatedCVE-2021-3575
MISC
MISC
MISC
openstack-nova -- novnc
 
A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.2022-03-02not yet calculatedCVE-2021-3654
MISC
MISC
MISC
MISC
MISC
MISC
MISC
os4ed -- opensis
 
OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. An attacker can inject a SQL query to extract information from the database.2022-03-03not yet calculatedCVE-2021-40635
MISC
os4ed -- opensis
 
OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract information from the database.2022-03-03not yet calculatedCVE-2021-40636
MISC
os4ed -- opensis
 
OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php. An attacker can inject JavaScript code to get the user's cookie and take over the working session of user.2022-03-03not yet calculatedCVE-2021-40637
MISC
part-db -- part-db
 
OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11.2022-03-04not yet calculatedCVE-2022-0848
CONFIRM
MISC
petereport -- petereport
 
PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding.2022-03-03not yet calculatedCVE-2022-25220
MISC
MISC
petereport -- petereport
 
PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svg_file' parameter.2022-03-03not yet calculatedCVE-2022-23051
MISC
MISC
petereport -- petereport
 
PeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application.2022-03-03not yet calculatedCVE-2022-23052
MISC
MISC
pfsense -- pfsense
 
diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (i.e., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location.2022-03-01not yet calculatedCVE-2021-41282
MISC
MISC
MISC
MISC
php -- php
 
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.2022-02-27not yet calculatedCVE-2021-21708
CONFIRM
pimcore -- pimcore
 
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.2022-03-04not yet calculatedCVE-2022-0832
MISC
CONFIRM
pimcore -- pimcore
 
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.2022-03-04not yet calculatedCVE-2022-0831
CONFIRM
MISC
pluxml -- pluxmlPluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages.2022-03-01not yet calculatedCVE-2022-25018
MISC
MISC
MISC
MISC
pluxml -- pluxml
 
A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post.2022-03-01not yet calculatedCVE-2022-25020
MISC
MISC
MISC
MISC
post_snippets -- post_snippets
 
The Post Snippets WordPress plugin before 3.1.4 does not have CSRF check when importing files, allowing attacker to make a logged In admin import arbitrary snippets. Furthermore, imported snippers are not sanitised and escaped, which could lead to Stored Cross-Site Scripting issues2022-02-28not yet calculatedCVE-2021-25010
MISC
postgres -- postgresA flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.2022-03-04not yet calculatedCVE-2021-3656
MISC
MISC
MISC
MISC
postgres -- postgres
 
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.2022-03-02not yet calculatedCVE-2021-23222
MISC
MISC
MISC
MISC
postgres -- postgres
 
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.2022-03-04not yet calculatedCVE-2021-23214
MISC
MISC
MISC
MISC
postgresql -- postgresql
 
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting.2022-03-02not yet calculatedCVE-2021-3677
MISC
MISC
printix -- secure_cloud_print_management
 
Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE.2022-03-03not yet calculatedCVE-2022-25089
MISC
MISC
MISC
puppetlabs -- firewall
 
In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state.2022-03-02not yet calculatedCVE-2022-0675
MISC
python -- cpythonA flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.2022-03-04not yet calculatedCVE-2021-3737
MISC
MISC
MISC
MISC
MISC
pytorchlightning -- pytorch
 
Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.2022-03-05not yet calculatedCVE-2022-0845
CONFIRM
MISC
qemu -- qemu
 
An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.2022-03-03not yet calculatedCVE-2021-3638
MISC
MISC
MISC
qt -- qt
 
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.2022-03-02not yet calculatedCVE-2022-25634
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
radareorg -- radare2
 
Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6.2022-03-05not yet calculatedCVE-2022-0849
MISC
CONFIRM
remote_desktop_commander_suite_agent -- remote_desktop_commander_suite_agent
 
Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows attackers to escalate privileges to the system level.2022-03-03not yet calculatedCVE-2022-25031
MISC
MISC
rhinode -- trading_paints
 
An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP to check, and request, updates. Thus, attackers can man-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings.2022-03-04not yet calculatedCVE-2021-40846
MISC
MISC
rog -- live_service
 
ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file path, to delete arbitrary system files and disrupt system service.2022-03-01not yet calculatedCVE-2022-22262
MISC
rtl_433 -- rtl_433An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when decoding a crafted file.2022-03-02not yet calculatedCVE-2022-25051
MISC
MISC
MISC
rtl_433 -- rtl_433
 
rtl_433 21.12 was discovered to contain a stack overflow in the function somfy_iohc_decode(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.2022-03-02not yet calculatedCVE-2022-25050
MISC
MISC
MISC
rudloff -- alltube
 
Server-Side Request Forgery (SSRF) in GitHub repository rudloff/alltube prior to 3.0.2.2022-02-28not yet calculatedCVE-2022-0768
MISC
CONFIRM
rundeck -- rundeck
 
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could cause Scheduled Jobs to execute, or not execute on desired calendar days. Severity depends on trust level of authenticated users and impact of running or not running scheduled jobs on days governed by calendar definitions. Version 3.4.5 contains a patch for this issue. There are currently no known workarounds.2022-02-28not yet calculatedCVE-2021-41112
CONFIRM
rundeck -- rundeck
 
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to versions 3.4.5 and 3.3.15, an authenticated user with authorization to read webhooks in one project can craft a request to reveal Webhook definitions and tokens in another project. The user could use the revealed webhook tokens to trigger webhooks. Severity depends on trust level of authenticated users and whether any webhooks exist that trigger sensitive actions. There are patches for this vulnerability in versions 3.4.5 and 3.3.15. There are currently no known workarounds.2022-02-28not yet calculatedCVE-2021-41111
CONFIRM
MISC
samba -- samba
 
In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only pointed at, and when one connection within that association group ended, the database would be left pointing at an invalid 'struct session_info'. The most likely outcome here is a crash, but it is possible that the use-after-free could instead allow different user state to be pointed at and this might allow more privileged access.2022-03-02not yet calculatedCVE-2021-3738
MISC
MISC
MISC
samba -- samba
 
A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.2022-03-02not yet calculatedCVE-2021-23192
MISC
MISC
MISC
sangfor -- vdi_client
 
SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, when they are able to read process memory, to discover the contents of the Username and Password fields.2022-02-26not yet calculatedCVE-2022-22908
MISC
scrapy -- scrapyExposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1.2022-03-02not yet calculatedCVE-2022-0577
MISC
CONFIRM
seacms -- seacms
 
seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php.2022-03-02not yet calculatedCVE-2022-23878
MISC
secomea -- gatemanagerThis issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged in GateManager admin to delete system Files or Directories.2022-03-04not yet calculatedCVE-2021-32008
MISC
security_audit -- security_audit
 
The Security Audit WordPress plugin through 1.0.0 does not sanitise and escape the Data Id setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2022-02-28not yet calculatedCVE-2021-24901
MISC
shescape -- shescape
 
Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix systems when using Bash with the `escape` or `escapeAll` functions from the _shescape_ API with the `interpolation` option set to `true`. Other tested shells, Dash and Zsh, are not affected. Depending on how the output of _shescape_ is used, directory traversal may be possible in the application using _shescape_. The issue was patched in version 1.5.1. As a workaround, manually escape all instances of the tilde character (`~`) using `arg.replace(/~/g, "\\~")`.2022-03-03not yet calculatedCVE-2022-24725
MISC
MISC
CONFIRM
simple_bakery_shop_management -- simpole_bakery_shop_management
 
Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via the username parameter.2022-03-02not yet calculatedCVE-2022-25393
MISC
simple_membership -- simple_membership
 
The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack2022-02-28not yet calculatedCVE-2022-0328
MISC
CONFIRM
simple_mobile_comparison_website -- simple_mobile_comparison_website
 
Simple Mobile Comparison Website v1.0 was discovered to contain a SQL injection vulnerability via the search parameter.2022-03-02not yet calculatedCVE-2022-26170
MISC
simple_real_estate_portal_system -- simple_real_estate_portal_system
 
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.2022-03-02not yet calculatedCVE-2022-25399
MISC
smmentrypoint -- smmentrypoint
 
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.2022-03-03not yet calculatedCVE-2021-38578
MISC
spectrum -- scale
 
A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests. IBM X-Force ID: 191599.2022-03-01not yet calculatedCVE-2020-4925
CONFIRM
XF
statcounter -- statcounter
 
The StatCounter WordPress plugin before 2.0.7 does not sanitise and escape the Project ID and Secure Code settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed2022-02-28not yet calculatedCVE-2021-24920
CONFIRM
MISC
stepmania -- stepmania
 
The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entire file system.2022-03-01not yet calculatedCVE-2022-25010
MISC
stmicroelectronics -- stsafej
 
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform.2022-03-04not yet calculatedCVE-2021-43393
MISC
MISC
stmicroelectronics -- stsafej
 
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform.2022-03-04not yet calculatedCVE-2021-43392
MISC
MISC
storagegrid -- storagegridStorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS) of the Local Distribution Router (LDR) service.2022-03-04not yet calculatedCVE-2022-23233
MISC
storagegrid -- storagegrid
 
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user accounts to access S3 data to which they previously had access. StorageGRID 11.6.0 obtains the user account status from Active Directory or Azure and will block S3 access for disabled user accounts during the subsequent background synchronization. User accounts that are expired or locked for Active Directory or Azure, or user accounts that are disabled, expired, or locked in identity sources other than Active Directory or Azure must be manually removed from group memberships or have their S3 keys manually removed from Tenant Manager in all versions of StorageGRID (formerly StorageGRID Webscale).2022-03-04not yet calculatedCVE-2022-23232
MISC
strapi -- strapi
 
Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0.2022-02-26not yet calculatedCVE-2022-0764
CONFIRM
MISC
subrion -- cmsCross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.2022-03-04not yet calculatedCVE-2020-18326
MISC
MISC
MISC
subrion -- cmsMultilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.2022-03-04not yet calculatedCVE-2020-18325
MISC
MISC
MISC
subrion -- cms
 
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.2022-03-04not yet calculatedCVE-2020-18324
MISC
MISC
MISC
support_board -- support_board
 
The Support Board WordPress plugin before 3.3.6 does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attackers to make logged in users do unwanted actions. For example, make an admin delete arbitrary files2022-02-28not yet calculatedCVE-2021-24823
MISC
MISC
symentec -- management_agent
 
The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations.2022-03-04not yet calculatedCVE-2022-25623
MISC
tang -- tang
 
A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys.2022-03-02not yet calculatedCVE-2021-4076
MISC
MISC
MISC
taocms -- taocms
 
There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit.2022-03-01not yet calculatedCVE-2022-23380
MISC
taocms -- taocms
 
An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field.2022-03-01not yet calculatedCVE-2022-23387
MISC
MISC
tenda -- tenda_ax3
 
There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will be splice to stack by function sscanf without any security check,which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data.2022-03-04not yet calculatedCVE-2021-46393
MISC
tenda -- tenda_ax3
 
There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is directly retrieved from the http request parameter startIp. Then v13 will be splice to stack by function sscanf without any security check, which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data.2022-03-04not yet calculatedCVE-2021-46394
MISC
testimonial -- testimonial
 
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection2022-02-28not yet calculatedCVE-2022-23911
CONFIRM
MISC
testimonial -- testimonial
 
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting2022-02-28not yet calculatedCVE-2022-23912
MISC
CONFIRM
ti_woocommerce_wishlist -- ti_woocommerce_wishlistThe TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint, allowing unauthenticated attackers to perform SQL injection attacks2022-02-28not yet calculatedCVE-2022-0412
MISC
CONFIRM
tor -- browser
 
Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn't properly free memory.2022-02-26not yet calculatedCVE-2021-46702
MISC
tp-link -- archer
 
There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the X_TP_ExternalIPv6Address HTTP parameter, allowing a remote attacker to run arbitrary commands on the router with root privileges.2022-03-04not yet calculatedCVE-2021-44827
MISC
MISC
MISC
transloadit -- transloadit
 
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository transloadit/uppy prior to 3.3.1.2022-03-03not yet calculatedCVE-2022-0528
CONFIRM
MISC
tricentis -- qtest
 
Tricentis qTest before 10.4 allows stored XSS by an authenticated attacker.2022-02-26not yet calculatedCVE-2022-26146
MISC
MISC
trusted_firmware -- mA
 
Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations.2022-03-01not yet calculatedCVE-2021-43619
CONFIRM
MISC
MISC
MISC
tsmuxer -- tsmuxer
 
An integer overflow in DTSStreamReader::findFrame() of tsMuxer git-2678966 allows attackers to cause a Denial of Service (DoS) via a crafted file.2022-03-02not yet calculatedCVE-2021-45860
MISC
MISC
tsmuxer -- tsmuxer
 
There is an Assertion `num <= INT_BIT' failed at BitStreamReader::skipBits in /bitStream.h:132 of tsMuxer git-c6a0277.2022-03-02not yet calculatedCVE-2021-45861
MISC
MISC
tsmuxer -- tsmuxer
 
tsMuxer git-2678966 was discovered to contain a heap-based buffer overflow via the function HevcUnit::updateBits in hevc.cpp.2022-03-02not yet calculatedCVE-2021-45863
MISC
MISC
tsmuxer -- tsmuxer
 
tsMuxer git-c6a0277 was discovered to contain a segmentation fault via DTSStreamReader::findFrame in dtsStreamReader.cpp.2022-03-02not yet calculatedCVE-2021-45864
MISC
MISC
twisted -- twisted
 
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds.2022-03-03not yet calculatedCVE-2022-21716
MISC
CONFIRM
MISC
MISC
uri.js -- uri.js
 
URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse can be used as a workaround.2022-03-03not yet calculatedCVE-2022-24723
CONFIRM
MISC
MISC
MISC
use_any_font_custom_font_uploader -- use_any_font_custom_font_uploader
 
The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the backend, it could also lead to Stored XSS issues2022-02-28not yet calculatedCVE-2021-24977
MISC
veritas -- infoscale_operations_manager
 
An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input data, allowing a remote authenticated administrator to read arbitrary files on the system via Directory Traversal. By manipulating the resource name in GET requests referring to files with absolute paths, it is possible to access arbitrary files stored on the filesystem, including application source code, configuration files, and critical system files.2022-03-04not yet calculatedCVE-2022-26484
MISC
veritas -- infoscale_operations_manager
 
An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. A reflected cross-site scripting (XSS) vulnerability in admin/cgi-bin/listdir.pl allows authenticated remote administrators to inject arbitrary web script or HTML into an HTTP GET parameter (which reflect the user input without sanitization).2022-03-04not yet calculatedCVE-2022-26483
MISC
victor -- cms
 
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability.2022-03-04not yet calculatedCVE-2022-26201
MISC
MISC
viewcomponent -- viewcomponent
 
VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the view_component gem. Data received via user input and passed as an interpolation argument to the `translate` method is not properly sanitized before display. Versions 2.31.2 and 2.49.1 have been released and fully mitigate the vulnerability. As a workaround, avoid passing user input to the `translate` function, or sanitize the inputs before passing them.2022-03-02not yet calculatedCVE-2022-24722
MISC
CONFIRM
MISC
MISC
vmware -- spring_cloud_gatewayIn spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.2022-03-03not yet calculatedCVE-2022-22947
MISC
vmware -- spring_cloud_gateway
 
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.2022-03-04not yet calculatedCVE-2022-22946
MISC
vmware -- tools_for_windows
 
VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest OS due to an uncontrolled search path element.2022-03-03not yet calculatedCVE-2022-22943
MISC
vmware -- workspace_one_boxer
 
VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrary script within a user's window.2022-03-02not yet calculatedCVE-2022-22944
MISC
wago -- 750-8212_pfc200_g2_2eth_rs
 
Chained Cross Site Request Forgery (CSRF) with Reflected Cross Site Scripting (XSS) vulnerability in WAGO 750-8212 PFC200 G2 2ETH RS leads to session hijacking.2022-03-04not yet calculatedCVE-2021-46380
MISC
watchguard -- firebox
 
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.2022-03-04not yet calculatedCVE-2022-26318
CONFIRM
weblate -- weblate
 
The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution.2022-03-04not yet calculatedCVE-2022-23915
CONFIRM
CONFIRM
CONFIRM
CONFIRM
weblate -- weblate
 
Weblate is a web based localization tool with tight version control integration. Prior to version 4.11.1, Weblate didn't properly sanitize some arguments passed to Git and Mercurial, allowing them to change their behavior in an unintended way. Instances where untrusted users cannot create new components are not affected. The issues were fixed in the 4.11.1 release.2022-03-04not yet calculatedCVE-2022-24727
MISC
CONFIRM
MISC
webmin -- webmin
 
Improper Authorization in GitHub repository webmin/webmin prior to 1.990.2022-03-02not yet calculatedCVE-2022-0829
CONFIRM
MISC
webmin -- webmin
 
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.2022-03-02not yet calculatedCVE-2022-0824
MISC
CONFIRM
whmc_bridge -- whmc_bridge
 
The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting2022-02-28not yet calculatedCVE-2021-25112
CONFIRM
MISC
wire -- wire-avswire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 7.1.12. There are currently no known workarounds.2022-03-01not yet calculatedCVE-2021-41193
CONFIRM
MISC
wordline -- hidccemonitorsvcWordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service path which allows attackers to escalate privileges to the system level.2022-03-03not yet calculatedCVE-2021-45819
MISC
wp_accessibility_helper -- wp_accessibility_helper
 
The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue2022-02-28not yet calculatedCVE-2022-0150
MISC
CONFIRM
wp_cloudy -- wp_cloudyThe WP Cloudy, weather plugin WordPress plugin before 4.4.9 does not escape the post_id parameter before using it in a SQL statement in the admin dashboard, leading to a SQL Injection issue2022-02-28not yet calculatedCVE-2021-24864
MISC
CONFIRM
wp_paginate -- wp_paginateThe WP-Paginate WordPress plugin before 2.1.4 does not sanitise and escape its preset settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed2022-02-28not yet calculatedCVE-2021-4222
MISC
MISC
wp_responsive_menu -- wp_responsive_menu
 
The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have capability and CSRF checks in the wpr_live_update AJAX action, as well as do not sanitise and escape some of the data submitted. As a result, any authenticated, such as subscriber could update the plugin's settings and perform Cross-Site Scripting attacks against all visitor and users on the frontend2022-02-28not yet calculatedCVE-2021-24971
MISC
wp_review_slider -- wp_review_sliderThe WP Review Slider WordPress plugin before 11.0 does not sanitise and escape the pid parameter when copying a Twitter source, which could allow a high privilege users to perform SQL Injections attacks2022-02-28not yet calculatedCVE-2022-0383
CONFIRM
MISC
wp_rss_aggregator -- wp_rss_aggregator
 
The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting2022-02-28not yet calculatedCVE-2022-0189
CONFIRM
MISC
wp_user -- wp_user
 
The WP User WordPress plugin before 7.0 does not sanitise and escape some parameters in pages where the [wp_user] shortcode is used, leading to Reflected Cross-Site Scripting issues2022-02-28not yet calculatedCVE-2021-25034
MISC
wp_visitor_statistics -- wp_visitor_statistics
 
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.5 does not have authorisation and CSRF checks in the updateIpAddress AJAX action, allowing any authenticated user to call it, or make a logged in user do it via a CSRF attack and add an arbitrary IP address to exclude. Furthermore, due to the lack of validation, sanitisation and escaping, users could set a malicious value and perform Cross-Site Scripting attacks against logged in admin2022-02-28not yet calculatedCVE-2021-25042
MISC
wpscan -- orange_form_wordpress_plugin
 
The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the or_delete_filed one which is available to both unauthenticated and authenticated users could allow attackers to delete arbitrary posts.The AJAX calls performing actions on posts also do not ensure that the post belong to them (or that they are allowed to perform such action on it)2022-02-28not yet calculatedCVE-2021-24688
MISC
wpscan -- orange_form_wordpress_plugin
 
In the Orange Form WordPress plugin through 1.0, the process_bulk_action() function in "admin/orange-form-email.php" performs an unprepared SQL query with an unsanitized parameter ($id). Only admin can access the page that invokes the function, but because of lack of CSRF protection, it is actually exploitable and could allow attackers to make a logged in admin delete arbitrary posts for example2022-02-28not yet calculatedCVE-2021-24704
MISC
ws_form -- ws_form
 
The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a privileged user will view the related submission2022-02-28not yet calculatedCVE-2022-23988
MISC
ws_form -- ws_form
 
The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape their Form Name, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2022-02-28not yet calculatedCVE-2022-23987
MISC
yoast_seo -- yoast_seo
 
The Yoast SEO WordPress plugin before 17.3 discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.2022-02-28not yet calculatedCVE-2021-25118
CONFIRM
MISC
zepl -- notebooksRemote Code Execution (RCE) vulnerability exists in Zepl Notebooks all previous versions before October 25 2021. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new organization by which additional users can be added for various collaboration abilities, which allows malicious user to create new Zepl Notebooks with various languages, contexts, and deployment scenarios. Upon creating a new notebook with specially crafted malicious code, a user can then launch remote code execution.2022-03-03not yet calculatedCVE-2021-42950
MISC
MISC
zoho -- manageengine_desktop_central
 
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.2022-03-02not yet calculatedCVE-2022-23779
MISC
zoho -- manageengine_key_manager_plus
 
An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export.2022-03-02not yet calculatedCVE-2022-24447
MISC
MISC
zoho -- manageengine_key_manager_plus
 
An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator.2022-03-01not yet calculatedCVE-2022-24446
MISC
MISC
zoho -- manageengine_sharepoint_manager_plus
 
Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled.2022-03-02not yet calculatedCVE-2022-24306
MISC
zoho -- manageengine_sharepoint_manager_plus
 
Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation.2022-03-02not yet calculatedCVE-2022-24305
MISC
zulip -- zulip
 
Improper Access Control in GitHub repository zulip/zulip prior to 4.10.2022-02-26not yet calculatedCVE-2021-3967
CONFIRM
MISC
zulip -- zulip_serverZulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a topic with several participants; a victim who then opens an overflow tooltip including this full name on the recent topics page could trigger execution of JavaScript code controlled by the attacker. Users running a Zulip server from the main branch should upgrade from main (2022-03-01 or later) again to deploy this fix.2022-03-02not yet calculatedCVE-2022-23656
CONFIRM
MISC
zyxel -- zywall_2_plus_internet_security_appliance
 
ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking.2022-03-01not yet calculatedCVE-2021-46387
MISC
MISC
MISC
MISC
zyxel_networks -- zyxel
 
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device.2022-03-01not yet calculatedCVE-2021-4039
CONFIRM

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.