Vulnerability Summary for the Week of February 21, 2022

Released
Feb 28, 2022
Document ID
SB22-059

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
airspan -- mimosa_management_platformMMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.2022-02-1810CVE-2022-21141
MISC
airspan -- mimosa_management_platformMMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locations, which may allow an attacker to inject arbitrary commands.2022-02-1810CVE-2022-21143
MISC
airspan -- mimosa_management_platformMMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.2022-02-1810CVE-2022-21196
MISC
airspan -- mimosa_management_platformThis vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing routes on those cloud-hosting platforms, accessing secret keys, changing configurations, etc. Affecting MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1.2022-02-1810CVE-2022-21215
MISC
gravitl -- netmakerUse of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1.2022-02-1810CVE-2022-0664
CONFIRM
MISC
libexpat_project -- libexpatIn Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.2022-02-187.5CVE-2022-25315
MISC
MLIST
DEBIAN
linux -- linux_kernelA flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5.2022-02-187.2CVE-2022-0646
MISC
mingsoft -- mcmsAn arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code.2022-02-187.5CVE-2021-46036
MISC
moxa -- tn-5916-wv-t_firmwareMoxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gateways, and MGate 5101-PBM-MN v2.1 series protocol gateways were discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via crafted packets.2022-02-187.8CVE-2021-46082
MISC
MISC
mruby -- mrubyHeap-based Buffer Overflow in Homebrew mruby prior to 3.2.2022-02-187.5CVE-2022-0631
MISC
CONFIRM
object-extend_project -- object-extendThe package object-extend from 0.0.0 are vulnerable to Prototype Pollution via object-extend.2022-02-187.5CVE-2021-23702
CONFIRM
online_shopping_portal_project -- online_shopping_portalOnline Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities via the email and contactno parameters.2022-02-187.5CVE-2021-46110
MISC
samba -- sambaA flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.2022-02-188.5CVE-2020-25717
MISC
MISC
samba -- sambaThe Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.2022-02-219CVE-2021-44142
CONFIRM
CERT-VN
CONFIRM
MISC
tmax -- toofficeAn improper input validation leading to arbitrary file creation was discovered in ToWord of ToOffice. Remote attackers use this vulnerability to execute arbitrary file included malicious code.2022-02-187.5CVE-2021-26618
MISC
tp-link -- tl-wa850re_firmwareTP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges.2022-02-187.5CVE-2022-22922
MISC
MISC
zerof -- web_serverZEROF Web Server 2.0 allows /HandleEvent SQL Injection.2022-02-187.5CVE-2022-25322
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
airspan -- mimosa_management_platformMMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created.2022-02-185CVE-2022-0138
MISC
airspan -- mimosa_management_platformMMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed passwords.2022-02-184CVE-2022-21800
MISC
airspan -- mimosa_management_platformMMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow an attacker to perform a SQL injection and obtain sensitive information.2022-02-185CVE-2022-21176
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15368.2022-02-186.8CVE-2021-46574
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15024.2022-02-186.8CVE-2021-46565
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15027.2022-02-186.8CVE-2021-46566
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15028.2022-02-186.8CVE-2021-46567
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15030.2022-02-186.8CVE-2021-46568
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15031.2022-02-186.8CVE-2021-46569
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15364.2022-02-186.8CVE-2021-46570
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15365.2022-02-186.8CVE-2021-46571
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15366.2022-02-186.8CVE-2021-46572
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15367.2022-02-186.8CVE-2021-46573
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15371.2022-02-186.8CVE-2021-46577
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15370.2022-02-186.8CVE-2021-46576
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15369.2022-02-186.8CVE-2021-46575
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15372.2022-02-186.8CVE-2021-46578
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15374.2022-02-186.8CVE-2021-46580
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15375.2022-02-186.8CVE-2021-46581
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15376.2022-02-186.8CVE-2021-46582
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K image can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15377.2022-02-186.8CVE-2021-46583
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K image can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15378.2022-02-186.8CVE-2021-46584
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15379.2022-02-186.8CVE-2021-46585
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15380.2022-02-186.8CVE-2021-46586
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15023.2022-02-186.8CVE-2021-46564
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15373.2022-02-186.8CVE-2021-46579
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15381.2022-02-186.8CVE-2021-46587
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15400.2022-02-186.8CVE-2021-46606
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14987.2022-02-186.8CVE-2021-46562
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15402.2022-02-184.3CVE-2021-46608
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15386.2022-02-186.8CVE-2021-46592
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15391.2022-02-186.8CVE-2021-46597
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15392.2022-02-186.8CVE-2021-46598
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15395.2022-02-186.8CVE-2021-46601
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15397.2022-02-186.8CVE-2021-46603
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG images. Crafted data in a PNG image can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15398.2022-02-186.8CVE-2021-46604
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15399.2022-02-186.8CVE-2021-46605
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14990.2022-02-186.8CVE-2021-46563
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15401.2022-02-184.3CVE-2021-46607
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15382.2022-02-186.8CVE-2021-46588
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15396.2022-02-184.3CVE-2021-46602
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15394.2022-02-184.3CVE-2021-46600
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15393.2022-02-184.3CVE-2021-46599
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15390.2022-02-184.3CVE-2021-46596
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15389.2022-02-184.3CVE-2021-46595
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15388.2022-02-184.3CVE-2021-46594
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15387.2022-02-184.3CVE-2021-46593
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15383.2022-02-184.3CVE-2021-46589
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15385.2022-02-186.8CVE-2021-46591
MISC
MISC
bentley -- microstationThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15384.2022-02-186.8CVE-2021-46590
MISC
MISC
bitdefender -- antivirus_plusA Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. This issue affects: Bitdefender Antivirus Plus versions prior to 24.0.26.136. Bitdefender Internet Security versions prior to 24.0.26.136. Bitdefender Total Security versions prior to 24.0.26.136.2022-02-184.4CVE-2020-8107
MISC
cerebrate-project -- cerebrateAn issue was discovered in Cerebrate through 1.4. Username enumeration could occur.2022-02-185CVE-2022-25320
MISC
cerebrate-project -- cerebrateAn issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing groups.2022-02-184CVE-2022-25318
MISC
cerebrate-project -- cerebrateAn issue was discovered in Cerebrate through 1.4. XSS could occur in the bookmarks component.2022-02-184.3CVE-2022-25321
MISC
MISC
cerebrate-project -- cerebrateAn issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled.2022-02-185CVE-2022-25319
MISC
cerebrate-project -- cerebrateAn issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description.2022-02-184.3CVE-2022-25317
MISC
dart -- dart_software_development_kitDart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with authorization header and it redirects to an attackers site, they might not expect attacker site to receive authorization header. We recommend updating the Dart SDK to version 2.16.0 or beyond.2022-02-184CVE-2022-0451
MISC
MISC
dlink -- dsl-2730e_firmwareD-Link DSL-2730E CT-20131125 devices allow XSS via the username parameter to the password page in the maintenance configuration.2022-02-184.3CVE-2021-46108
MISC
MISC
eclipse -- lemminxA flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoning of external schema files due to directory traversal.2022-02-186.4CVE-2022-0673
MISC
github -- enterprise_serverA remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.21, 3.1.13, 3.2.5. This vulnerability was reported via the GitHub Bug Bounty program.2022-02-186.5CVE-2021-41599
MISC
MISC
MISC
ibm -- guardium_data_encryptionIBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 213964.2022-02-184.3CVE-2021-39026
XF
CONFIRM
ibm -- maximo_asset_managementIBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 210892.2022-02-185CVE-2021-38935
XF
CONFIRM
libexpat_project -- libexpatIn Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.2022-02-184.3CVE-2022-25313
MISC
MLIST
DEBIAN
libexpat_project -- libexpatIn Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.2022-02-185CVE-2022-25314
MISC
MLIST
DEBIAN
liveconfig -- liveconfigA Path Traversal vulnerability for a log file in LiveConfig 2.12.2 allows authenticated attackers to read files on the underlying server.2022-02-184CVE-2021-40841
MISC
MISC
microweber -- microweberCross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.2022-02-194.3CVE-2022-0690
MISC
CONFIRM
microweber -- microweberUse multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11.2022-02-195CVE-2022-0689
MISC
CONFIRM
microweber -- microweberCRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.2022-02-185CVE-2022-0666
MISC
CONFIRM
microweber -- microweberCross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.2022-02-194.3CVE-2022-0678
CONFIRM
MISC
microweber -- microweberGeneration of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.2022-02-185CVE-2022-0660
CONFIRM
MISC
mingsoft -- mcmsMCMS v5.2.5 was discovered to contain an arbitrary file deletion vulnerability via the component oldFileName.2022-02-185.8CVE-2021-46062
MISC
mingsoft -- mcmsMCMS v5.2.4 was discovered to contain an arbitrary file deletion vulnerability via the component /template/unzip.do.2022-02-185.5CVE-2021-46037
MISC
mingsoft -- mcmsMCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module.2022-02-186.4CVE-2021-46063
MISC
quadlayers -- perfect_brands_for_woocommerceThe vulnerability discovered in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4) allows server information exposure.2022-02-185CVE-2022-23982
CONFIRM
CONFIRM
quadlayers -- perfect_brands_for_woocommerceThe vulnerability allows Subscriber+ level users to create brands in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4).2022-02-184CVE-2022-23981
CONFIRM
CONFIRM
redhat -- vscode-xmlA flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file.2022-02-186.4CVE-2022-0671
MISC
MISC
samba -- sambaMultiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.2022-02-186.5CVE-2020-25722
MISC
MISC
samba -- sambaA flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.2022-02-184.3CVE-2016-2124
MISC
MISC
santesoft -- dicom_viewer_proThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14972.2022-02-184.3CVE-2022-24055
MISC
santesoft -- dicom_viewer_proThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. Crafted data in a DCM file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process Was ZDI-CAN-15098.2022-02-186.8CVE-2022-24059
MISC
santesoft -- dicom_viewer_proThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. Crafted data in a J2K file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15077.2022-02-186.8CVE-2022-24057
MISC
santesoft -- dicom_viewer_proThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. Crafted data in a J2K file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15076.2022-02-186.8CVE-2022-24056
MISC
webcc_project -- webccThis affects the package sprinfall/webcc before 0.3.0. It is possible to traverse directories to fetch arbitrary files from the server.2022-02-185CVE-2022-25298
MISC
MISC
wireshark -- wiresharkLarge loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file2022-02-184.3CVE-2022-0585
CONFIRM
MISC
FEDORA
FEDORA
zerof -- web_serverZEROF Web Server 2.0 allows /admin.back XSS.2022-02-184.3CVE-2022-25323
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
eclipse -- lemminxA flaw was found in LemMinX in versions prior to 0.19.0. Insecure redirect could allow unauthorized access to sensitive information locally if LemMinX is run under a privileged user.2022-02-182.1CVE-2022-0672
MISC
erudika -- scooldScoold 1.47.2 is a Q&A/knowledge base platform written in Java. When writing a Q&A, the markdown editor is vulnerable to a XSS attack when using uppercase letters.2022-02-183.5CVE-2021-46372
MISC
samba -- sambaAll versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.2022-02-213.5CVE-2021-44141
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
accesspress_themes -- plugins_and_themes
 
Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion2022-02-21not yet calculatedCVE-2021-24867
MISC
MISC
accounting_journal_management -- accounting_journal_management
 
Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijacking. The parameter manage_user from User lists is vulnerable to XSS-Stored and PHPSESSID attacks. The malicious user can attack the system by using the already session which he has from inside and outside of the network.2022-02-24not yet calculatedCVE-2022-24582
MISC
ad_inserter -- ad_inserter
 
The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting2022-02-21not yet calculatedCVE-2022-0288
MISC
advanced_database_cleaner -- advanced_database_cleaner
 
The Advanced Database Cleaner WordPress plugin before 3.0.4 does not sanitise and escape $_GET keys and values before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues2022-02-21not yet calculatedCVE-2021-24921
MISC
alecto -- camera
 
Settings/network settings/wireless settings on the Alecto DVC-215IP camera version 63.1.1.173 and below shows the Wi-Fi passphrase hidden, but by editing/removing the style of the password field the password becomes visible which grants access to an internal network connected to the camera.2022-02-24not yet calculatedCVE-2022-24610
MISC
alluxio -- alluxio
 
In Alluxio before 2.7.3, the logserver does not validate the input stream. NOTE: this is not the same as the CVE-2021-44228 Log4j vulnerability.2022-02-20not yet calculatedCVE-2022-23848
CONFIRM
amazon -- echo_dot
 
Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote attackers) or by pairing a malicious Bluetooth device (in the case of physically proximate attackers), aka an "Alexa versus Alexa (AvA)" attack.2022-02-24not yet calculatedCVE-2022-25809
MISC
anti-malware_security_and_brute-force_firewall -- anti-malware_security_and_brute-force_firewall
 
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.94 does not sanitise and escape the POST data before outputting it back in attributes of an admin page, leading to a Reflected Cross-Site scripting. Due to the presence of specific parameter value, available to admin users, this can only be exploited by an admin against another admin user.2022-02-21not yet calculatedCVE-2021-25101
MISC
anuko -- time_trackerAnuko Time Tracker is an open source, web-based time tracking application written in PHP. ttUser.class.php in Time Tracker versions prior to 1.20.0.5646 was not escaping primary group name for display. Because of that, it was possible for a logged in user to modify primary group name with elements of JavaScript. Such script could then be executed in user browser on subsequent requests on pages where primary group name was displayed. This is vulnerability has been fixed in version 1.20.0.5646. Users who are unable to upgrade may modify ttUser.class.php to use an additional call to htmlspecialchars when printing group name.2022-02-24not yet calculatedCVE-2022-24708
MISC
CONFIRM
anuko -- time_tracker
 
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. UNION SQL injection and time-based blind injection vulnerabilities existed in Time Tracker Puncher plugin in versions of anuko timetracker prior to 1.20.0.5642. This was happening because the Puncher plugin was reusing code from other places and was relying on an unsanitized date parameter in POST requests. Because the parameter was not checked, it was possible to craft POST requests with malicious SQL for Time Tracker database. This issue has been resolved in in version 1.20.0.5642. Users unable to upgrade are advised to add their own checks to input.2022-02-24not yet calculatedCVE-2022-24707
MISC
CONFIRM
anycomment -- anycomment
 
The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack2022-02-21not yet calculatedCVE-2022-0134
MISC
anycomment -- anycomment
 
The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users2022-02-21not yet calculatedCVE-2022-0279
MISC
apache -- airflowIn Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.2022-02-25not yet calculatedCVE-2022-24288
MISC
apache -- airflow
 
It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.2022-02-25not yet calculatedCVE-2021-45229
MISC
apache -- apache_jspwiki
 
A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.2 or later.2022-02-25not yet calculatedCVE-2022-24948
MISC
MLIST
apache -- apache_jspwiki
 
Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later.2022-02-25not yet calculatedCVE-2022-24947
MISC
MLIST
atlassian -- jira_service_management_server_and_data_center
 
Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa. The affected versions are before version 4.21.0.2022-02-24not yet calculatedCVE-2021-43943
N/A
audio_file_library -- audio_file_library
 
In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.2022-02-24not yet calculatedCVE-2022-24599
MISC
awful_salmonella_tar -- awful_salmonella_tar
 
A ..%2F path traversal vulnerability exists in the path handler of awful-salmonella-tar before 0.0.4. Attackers can only list directories (not read files). This occurs because the safe-path? Scheme predicate is not used for directories.2022-02-18not yet calculatedCVE-2022-25358
MISC
MISC
b2-sdk-python -- b2-sdk-python
 
b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use (TOCTOU) race condition. SDK users of the SqliteAccountInfo format are vulnerable while users of the InMemoryAccountInfo format are safe. The SqliteAccountInfo saves API keys (and bucket name-to-id mapping) in a local database file ($XDG_CONFIG_HOME/b2/account_info, ~/.b2_account_info or a user-defined path). When first created, the file is world readable and is (typically a few milliseconds) later altered to be private to the user. If the directory containing the file is readable by a local attacker then during the brief period between file creation and permission modification, a local attacker can race to open the file and maintain a handle to it. This allows the local attacker to read the contents after the file after the sensitive information has been saved to it. Consumers of this SDK who rely on it to save data using SqliteAccountInfo class should upgrade to the latest version of the SDK. Those who believe a local user might have opened a handle using this race condition, should remove the affected database files and regenerate all application keys. Users should upgrade to b2-sdk-python 1.14.1 or later.2022-02-23not yet calculatedCVE-2022-23651
MISC
MISC
CONFIRM
b2_command-line_tool  -- b2_command_line_tool
 
B2 Command Line Tool is the official command line tool for the backblaze cloud storage service. Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use (TOCTOU) race condition. The command line tool saves API keys (and bucket name-to-id mapping) in a local database file (`$XDG_CONFIG_HOME/b2/account_info`, `~/.b2_account_info` or a user-defined path) when `b2 authorize-account` is first run. This happens regardless of whether a valid key is provided or not. When first created, the file is world readable and is (typically a few milliseconds) later altered to be private to the user. If the directory is readable by a local attacker and the user did not yet run `b2 authorize-account` then during the brief period between file creation and permission modification, a local attacker can race to open the file and maintain a handle to it. This allows the local attacker to read the contents after the file after the sensitive information has been saved to it. Users that have not yet run `b2 authorize-account` should upgrade to B2 Command-Line Tool v3.2.1 before running it. Users that have run `b2 authorize-account` are safe if at the time of the file creation no other local users had read access to the local configuration file. Users that have run `b2 authorize-account` where the designated path could be opened by another local user should upgrade to B2 Command-Line Tool v3.2.1 and remove the database and regenerate all application keys. Note that `b2 clear-account` does not remove the database file and it should not be used to ensure that all open handles to the file are invalidated. If B2 Command-Line Tool cannot be upgraded to v3.2.1 due to a dependency conflict, a binary release can be used instead. Alternatively a new version could be installed within a virtualenv, or the permissions can be changed to prevent local users from opening the database file.2022-02-23not yet calculatedCVE-2022-23653
CONFIRM
MISC
baicloud-cms -- baicloud-cms
 
BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection vulnerabilities via the tongji and baidu_map parameters in /user/ztconfig.php.2022-02-19not yet calculatedCVE-2021-44302
MISC
bentley -- microstation_connectThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15507.2022-02-18not yet calculatedCVE-2021-46635
MISC
MISC
bentley -- microstation_connectThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15508.2022-02-18not yet calculatedCVE-2021-46636
MISC
MISC
bentley -- microstation_connectThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15510.2022-02-18not yet calculatedCVE-2021-46638
MISC
MISC
bentley -- microstation_connectThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15511.2022-02-18not yet calculatedCVE-2021-46639
MISC
MISC
bentley -- microstation_connectThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. Crafted data in a BMP image can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15531.2022-02-18not yet calculatedCVE-2021-46645
MISC
MISC
bentley -- microstation_connectThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15537.2022-02-18not yet calculatedCVE-2021-46651
MISC
MISC
bentley -- microstation_connectThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15535.2022-02-18not yet calculatedCVE-2021-46649
MISC
MISC
bentley -- microstation_connectThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15464.2022-02-18not yet calculatedCVE-2021-46634
MISC
MISC
bentley -- microstation_connectThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15509.2022-02-18not yet calculatedCVE-2021-46637
MISC
MISC
bentley -- microstation_connectThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15534.2022-02-18not yet calculatedCVE-2021-46648
MISC
MISC
bentley -- microstation_connectThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15533.2022-02-18not yet calculatedCVE-2021-46647
MISC
MISC
bentley -- microstation_connectThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15532.2022-02-18not yet calculatedCVE-2021-46646
MISC
MISC
bentley -- microstation_connectThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15536.2022-02-18not yet calculatedCVE-2021-46650
MISC
MISC
bentley -- microstation_connect
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15530.2022-02-18not yet calculatedCVE-2021-46644
MISC
MISC
bentley -- microstation_connect
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15463.2022-02-18not yet calculatedCVE-2021-46633
MISC
MISC
bentley -- viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15515.2022-02-18not yet calculatedCVE-2021-46643
MISC
MISC
bentley -- viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15457.2022-02-18not yet calculatedCVE-2021-46627
MISC
MISC
bentley -- viewThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15459.2022-02-18not yet calculatedCVE-2021-46629
MISC
MISC
bentley -- viewThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15460.2022-02-18not yet calculatedCVE-2021-46630
MISC
MISC
bentley -- viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15461.2022-02-18not yet calculatedCVE-2021-46631
MISC
MISC
bentley -- viewThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15462.2022-02-18not yet calculatedCVE-2021-46632
MISC
MISC
bentley -- viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15630.2022-02-18not yet calculatedCVE-2021-46655
MISC
MISC
bentley -- viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JT files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15455.2022-02-18not yet calculatedCVE-2021-46625
MISC
MISC
bentley -- viewThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15454.2022-02-18not yet calculatedCVE-2021-46624
MISC
MISC
bentley -- viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15631.2022-02-18not yet calculatedCVE-2021-46656
MISC
MISC
bentley -- viewThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15453.2022-02-18not yet calculatedCVE-2021-46623
MISC
MISC
bentley -- viewThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15458.2022-02-18not yet calculatedCVE-2021-46628
MISC
MISC
bentley -- view
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15538.2022-02-18not yet calculatedCVE-2021-46652
MISC
MISC
bentley -- view
 
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15540.2022-02-18not yet calculatedCVE-2021-46654
MISC
MISC
bentley -- view
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15539.2022-02-18not yet calculatedCVE-2021-46653
MISC
MISC
bentley -- view
 
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15514.2022-02-18not yet calculatedCVE-2021-46642
MISC
MISC
bentley -- view
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15456.2022-02-18not yet calculatedCVE-2021-46626
MISC
MISC
bentley -- view
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN file. Crafted data in a DNG file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15513.2022-02-18not yet calculatedCVE-2021-46641
MISC
MISC
bentley -- view
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15512.2022-02-18not yet calculatedCVE-2021-46640
MISC
MISC
bentley -- microstation_connectThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15411.2022-02-18not yet calculatedCVE-2021-46617
MISC
MISC
bentley -- microstation_connectThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JT files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15415.2022-02-18not yet calculatedCVE-2021-46621
MISC
MISC
bentley -- microstation_connectThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15410.2022-02-18not yet calculatedCVE-2021-46616
MISC
MISC
bentley -- microstation_connectThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15414.2022-02-18not yet calculatedCVE-2021-46620
MISC
MISC
bentley -- microstation_connectThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15413.2022-02-18not yet calculatedCVE-2021-46619
MISC
MISC
bentley -- microstation_connectThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15412.2022-02-18not yet calculatedCVE-2021-46618
MISC
MISC
bentley -- microstation_connectThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15416.2022-02-18not yet calculatedCVE-2021-46622
MISC
MISC
bentley -- microstation_connectThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15409.2022-02-18not yet calculatedCVE-2021-46615
MISC
MISC
bentley -- microstation_connectThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15406.2022-02-18not yet calculatedCVE-2021-46612
MISC
MISC
bentley -- microstation_connectThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15405.2022-02-18not yet calculatedCVE-2021-46611
MISC
MISC
bentley -- microstation_connectThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15404.2022-02-18not yet calculatedCVE-2021-46610
MISC
MISC
bentley -- microstation_connectThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15407.2022-02-18not yet calculatedCVE-2021-46613
MISC
MISC
bentley -- microstation_connectBentley MicroStation CONNECT 10.16.0.80 J2K File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15408.2022-02-18not yet calculatedCVE-2021-46614
MISC
MISC
bentley -- microstation_connectThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15403.2022-02-18not yet calculatedCVE-2021-46609
MISC
MISC
blender -- blender
 
An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.2022-02-24not yet calculatedCVE-2022-0545
MISC
blender -- blender
 
An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.2022-02-24not yet calculatedCVE-2022-0544
MISC
blender -- blender
 
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.2022-02-24not yet calculatedCVE-2022-0546
MISC
bloofoxcms -- bloofoxcmsMultiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2) lang_id, (3) tmpl_id, (4) mod_rewrite (5) eta_doctype. (6) meta_charset, (7) default_group, and (8) page group parameters in the settings mode in admin/index.php.2022-02-24not yet calculatedCVE-2021-44610
MISC
bloofoxcms -- bloofoxcms
 
Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) file parameter and (2) type parameter in an edit action in index.php.2022-02-24not yet calculatedCVE-2021-44608
MISC
bmc_tracki-it! -- bmc_track-it!
 
This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-14618.2022-02-18not yet calculatedCVE-2022-24047
MISC
MISC
brocade -- fabric_os
 
Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system.2022-02-21not yet calculatedCVE-2021-27797
MISC
brocade -- fabric_os
 
A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user” or “factory” account, to read the contents of any file on the filesystem utilizing one of a few available binaries.2022-02-21not yet calculatedCVE-2021-27796
MISC
bsafe -- bsafeOnly customers with active BSAFE maintenance contracts can receive details about this vulnerability. Public disclosure of the vulnerability details will be shared at a later date.2022-02-23not yet calculatedCVE-2022-24409
CONFIRM
buffer_button -- buffer_button
 
The Buffer Button WordPress plugin through 1.0 was vulnerable to Authenticated Stored Cross Site Scripting (XSS) within the Twitter username to mention text field.2022-02-21not yet calculatedCVE-2021-25058
MISC
c-dataonu4ferw -- c-dataonu4ferw
 
A command injection vulnerability in the function formImportOMCIShell of C-DATA ONU4FERW V2.1.13_X139 allows attackers to execute arbitrary commands via a crafted file.2022-02-25not yet calculatedCVE-2021-44132
MISC
capsule_operator -- capsule_operator
 
capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious `Connection` header to start a privilege escalation attack towards the Kubernetes API Server. This vulnerability allows for an exploit of the `cluster-admin` Role bound to `capsule-proxy`. There are no known workarounds for this issue.2022-02-22not yet calculatedCVE-2022-23652
MISC
CONFIRM
MISC
checkmk -- checkmkIn Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS).2022-02-24not yet calculatedCVE-2022-24566
MISC
checkmk -- checkmk
 
Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user.2022-02-21not yet calculatedCVE-2022-24564
MISC
checkmk -- checkmk
 
Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications.2022-02-24not yet calculatedCVE-2022-24565
MISC
chocobozzz -- peertubeImproper Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0.2022-02-23not yet calculatedCVE-2022-0726
CONFIRM
MISC
chocobozzz -- peertube
 
Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0.2022-02-23not yet calculatedCVE-2022-0727
MISC
CONFIRM
cimplicity -- cimplicity
 
The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system.2022-02-25not yet calculatedCVE-2022-21798
MISC
cimplicity -- cimplicity
 
Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is only possible if the attacker has login access to a machine actively running CIMPLICITY, the CIMPLICITY server is not already running a project, and the server is licensed for multiple projects.2022-02-25not yet calculatedCVE-2022-23921
MISC
cisco -- nx-os_software
 
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the NX-API of an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. Note: The NX-API feature is disabled by default.2022-02-23not yet calculatedCVE-2022-20650
CISCO
cisco -- nxos_softwareA vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause BFD traffic to be dropped on an affected device. This vulnerability is due to a logic error in the BFD rate limiter functionality. An attacker could exploit this vulnerability by sending a crafted stream of traffic through the device. A successful exploit could allow the attacker to cause BFD traffic to be dropped, resulting in BFD session flaps. BFD session flaps can cause route instability and dropped traffic, resulting in a denial of service (DoS) condition. This vulnerability applies to both IPv4 and IPv6 traffic.2022-02-23not yet calculatedCVE-2022-20623
CISCO
cisco -- nxos_softwareA vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of incoming CFSoIP packets. An attacker could exploit this vulnerability by sending crafted CFSoIP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.2022-02-23not yet calculatedCVE-2022-20624
CISCO
cisco -- nxos_software
 
A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of Cisco Discovery Protocol messages that are processed by the Cisco Discovery Protocol service. An attacker could exploit this vulnerability by sending a series of malicious Cisco Discovery Protocol messages to an affected device. A successful exploit could allow the attacker to cause the Cisco Discovery Protocol service to fail and restart. In rare conditions, repeated failures of the process could occur, which could cause the entire device to restart.2022-02-23not yet calculatedCVE-2022-20625
CISCO
cobbler -- cobblerAn issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)2022-02-19not yet calculatedCVE-2021-45082
MISC
MISC
cobbler -- cobblerAn issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler local installation. In the case of an easy-to-guess password, it's trivial to obtain the plaintext string. The settings.yaml file contains secrets such as the hashed default password.2022-02-20not yet calculatedCVE-2021-45083
MISC
MISC
cobbler -- cobbler
 
An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS.2022-02-20not yet calculatedCVE-2021-45081
MISC
MLIST
coming_soon_and_maintenance -- coming_soon_and_maintenanceThe Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack2022-02-21not yet calculatedCVE-2022-0199
CONFIRM
MISC
coming_soon_and_maintenance -- coming_soon_and_maintenance
 
The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users2022-02-21not yet calculatedCVE-2022-0164
MISC
CONFIRM
corenlp -- corenlp
 
An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159).2022-02-24not yet calculatedCVE-2021-44550
MISC
cosign -- cosign
 
Cosign provides container signing, verification, and storage in an OCI registry for the sigstore project. Prior to version 1.5.2, Cosign can be manipulated to claim that an entry for a signature exists in the Rekor transparency log even if it doesn't. This requires the attacker to have pull and push permissions for the signature in OCI. This can happen with both standard signing with a keypair and "keyless signing" with Fulcio. If an attacker has access to the signature in OCI, they can manipulate cosign into believing the entry was stored in Rekor even though it wasn't. The vulnerability has been patched in v1.5.2 of Cosign. The `signature` in the `signedEntryTimestamp` provided by Rekor is now compared to the `signature` that is being verified. If these don't match, then an error is returned. If a valid bundle is copied to a different signature, verification should fail. Cosign output now only informs the user that certificates were verified if a certificate was in fact verified. There is currently no known workaround.2022-02-18not yet calculatedCVE-2022-23649
CONFIRM
MISC
cryptomator -- cryptomator
 
Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements. An attacker can exploit this by creating a malicious .dylib file that can be executed via the DYLD_INSERT_LIBRARIES environment variable.2022-02-19not yet calculatedCVE-2022-25366
MISC
MISC
cuppa_cms -- cuppa_cms
 
The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files.2022-02-24not yet calculatedCVE-2022-25401
MISC
cybonet -- pineapp_mail_relayCybonet - PineApp Mail Relay Local File Inclusion. Attacker can send a request to : /manage/mailpolicymtm/log/eml_viewer/email.content.body.php?filesystem_path=ENCDODED PATH and by doing that, the attacker can read Local Files inside the server.2022-02-24not yet calculatedCVE-2022-22793
MISC
cybonet -- pineapp_mail_relay
 
Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /manage/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 and by doing that, the attacker can run Remote Code Execution in one liner.2022-02-24not yet calculatedCVE-2022-22794
MISC
cyrus_sasl -- cyrus_sasl
 
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.2022-02-24not yet calculatedCVE-2022-24407
MLIST
CONFIRM
MISC
database_backup -- database_backup
 
The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue2022-02-21not yet calculatedCVE-2022-0255
MISC
docker_desktop -- docker_desktop
 
Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774.2022-02-19not yet calculatedCVE-2022-25365
MISC
dolibarr -- dolibarr
 
Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0.2022-02-23not yet calculatedCVE-2022-0731
MISC
CONFIRM
dolibarr -- dolibarr
 
Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0.2022-02-25not yet calculatedCVE-2022-0746
CONFIRM
MISC
download_manager -- download_manager
 
The Download Manager WordPress plugin before 3.2.34 does not sanitise and escape the package_ids parameter before using it in a SQL statement, leading to a SQL injection, which can also be exploited to cause a Reflected Cross-Site Scripting issue2022-02-21not yet calculatedCVE-2021-25069
CONFIRM
MISC
drogonframework/drogon -- drogonframework/drogon
 
This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save() method may enable attackers to write files to arbitrary locations outside the designated target folder.2022-02-21not yet calculatedCVE-2022-25297
CONFIRM
CONFIRM
CONFIRM
duck -- duck
 
duck before 0.10 did not properly handle loading of untrusted code from the current directory.2022-02-19not yet calculatedCVE-2016-1239
MISC
duplicate_page_or_post -- duplicate_page_or_post
 
The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings, or perform such attack via CSRF. Furthermore, due to the lack of escaping, this could lead to Stored Cross-Site Scripting issues2022-02-21not yet calculatedCVE-2021-25075
MISC
ec-cube -- ec-cube
 
EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users.2022-02-24not yet calculatedCVE-2022-25355
MISC
MISC
ec-cube -- ec-cube
 
Cross-site request forgery (CSRF) vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 (for EC-CUBE 4 series) and ver1.0.0 to 1.0.4 (for EC-CUBE 3 series) allows a remote unauthenticated attacker to hijack the authentication of an administrator via a specially crafted page, and Mail Magazine Templates and/or transmitted history information may be deleted unintendedly.2022-02-24not yet calculatedCVE-2022-21179
MISC
MISC
ectouch -- ectouch
 
ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter.2022-02-24not yet calculatedCVE-2022-25098
MISC
emerson -- openenterprise
 
Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.2022-02-24not yet calculatedCVE-2020-10640
CONFIRM
emerson -- openenterprise
 
Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained.2022-02-24not yet calculatedCVE-2020-10636
CONFIRM
emerson -- openenterprise
 
Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner.2022-02-24not yet calculatedCVE-2020-10632
CONFIRM
envoy -- envoyEnvoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered data is over the limit by sending 413 or 500 responses. However when the buffer overflows while response is processed by the filter chain the operation may not be aborted correctly and result in accessing a freed memory block. If this happens Envoy will crash resulting in a denial of service.2022-02-22not yet calculatedCVE-2021-43825
MISC
CONFIRM
envoy -- envoyEnvoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that default tls settings are used. Users are advised to upgrade.2022-02-22not yet calculatedCVE-2022-21654
MISC
CONFIRM
envoy -- envoyEnvoy is an open source edge and service proxy, designed for cloud-native applications. The envoy common router will segfault if an internal redirect selects a route configured with direct response or redirect actions. This will result in a denial of service. As a workaround turn off internal redirects if direct response entries are configured on the same listener.2022-02-22not yet calculatedCVE-2022-21655
CONFIRM
MISC
envoy -- envoyEnvoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling <envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config>` and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade.2022-02-22not yet calculatedCVE-2021-43826
CONFIRM
MISC
envoy -- envoy
 
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that contain the necessary extendedKeyUsage (id-kp-serverAuth and id-kp-clientAuth, respectively). This means that a peer may present an e-mail certificate (e.g. id-kp-emailProtection), either as a leaf certificate or as a CA in the chain, and it will be accepted for TLS. This is particularly bad when combined with the issue described in pull request #630, in that it allows a Web PKI CA that is intended only for use with S/MIME, and thus exempted from audit or supervision, to issue TLS certificates that will be accepted by Envoy. As a result Envoy will trust upstream certificates that should not be trusted. There are no known workarounds to this issue. Users are advised to upgrade.2022-02-22not yet calculatedCVE-2022-21657
MISC
CONFIRM
envoy -- envoy
 
Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Name or uniformResourceIndicator to be authenticated as a domain name. This confusion allows for the bypassing of nameConstraints, as processed by the underlying OpenSSL/BoringSSL implementation, exposing the possibility of impersonation of arbitrary servers. As a result Envoy will trust upstream certificates that should not be trusted.2022-02-22not yet calculatedCVE-2022-21656
MISC
CONFIRM
envoy -- envoy
 
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CONNECT request is sent to JWT filter configured with regex match. This provides a denial of service attack vector. The only workaround is to not use regex in the JWT filter. Users are advised to upgrade.2022-02-22not yet calculatedCVE-2021-43824
CONFIRM
MISC
envoy -- envoy
 
Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS) all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle connections that can lead to stack exhaustion and abnormal process termination when a cluster has a large number of idle connections. This infinite recursion causes Envoy to crash. Users are advised to upgrade.2022-02-22not yet calculatedCVE-2022-23606
MISC
CONFIRM
eset -- eset
 
Use-after-free in eset_rtp kernel module used in ESET products for Linux allows potential attacker to trigger denial-of-service condition on the system.2022-02-25not yet calculatedCVE-2022-0615
MISC
essential_addons_for_elementor_life -- essential_addons_for_elementor_life
 
The Essential Addons for Elementor Lite WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the settings parameter found in the ~/includes/Traits/Helper.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 5.0.8.2022-02-24not yet calculatedCVE-2022-0683
MISC
MISC
exportfeed -- exportfeed
 
The ExportFeed WordPress plugin through 2.0.1.0 does not sanitise and escape the product_id POST parameter before using it in a SQL statement, leading to a SQL injection vulnerability exploitable by high privilege users2022-02-21not yet calculatedCVE-2021-4208
MISC
eyesofnetwork -- eyesofnetwork
 
An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS.2022-02-25not yet calculatedCVE-2022-24612
MISC
fatek_automation -- fvdesignerThe affected product is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code2022-02-25not yet calculatedCVE-2022-25170
MISC
fatek_automation -- fvdesigner
 
The affected product is vulnerable to an out-of-bounds read while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution.2022-02-25not yet calculatedCVE-2022-21209
MISC
fatek_automation -- fvdesigner
 
The affected product is vulnerable to an out-of-bounds write while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution.2022-02-25not yet calculatedCVE-2022-23985
MISC
feedwordpress -- feedwordpress
 
The FeedWordPress plugin before 2022.0123 is affected by a Reflected Cross-Site Scripting (XSS) within the "visibility" parameter.2022-02-21not yet calculatedCVE-2021-25055
CONFIRM
MISC
fgribreau -- node-request-retry
 
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository fgribreau/node-request-retry prior to 7.0.0.2022-02-23not yet calculatedCVE-2022-0654
MISC
CONFIRM
filecloud -- filecloud
 
All versions of FileCloud prior to 21.3 are vulnerable to user enumeration. The vulnerability exists in the parameter "path" passing "/SHARED/<username>". A malicious actor could identify the existence of users by requesting share information on specified share paths.2022-02-24not yet calculatedCVE-2022-24633
MISC
firstmall -- firstmall
 
This issues due to insufficient verification of the various input values from user’s input. The vulnerability allows remote attackers to execute malicious code in Firstmall via navercheckout_add function.2022-02-25not yet calculatedCVE-2021-26617
MISC
five_start_business_profile_schema -- five_start_business_profile_schema
 
The Five Star Business Profile and Schema WordPress plugin before 2.1.7 does not have any authorisation and CSRF in its bpfwp_welcome_add_contact_page and bpfwp_welcome_set_contact_information AJAX action, allowing any authenticated users, such as subscribers, to call them. Furthermore, due to the lack of sanitisation, it also lead to Stored Cross-Site Scripting issues2022-02-21not yet calculatedCVE-2021-25060
MISC
float -- float
 
The Float menu WordPress plugin before 4.3.1 does not have CSRF check in place when deleting menu, which could allow attackers to make a logged in admin delete them via a CSRF attack2022-02-21not yet calculatedCVE-2022-0313
CONFIRM
MISC
fortiguard -- fortios
 
Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting (XSS) attack by sending a request to the error page with malicious GET parameters.2022-02-24not yet calculatedCVE-2021-26092
CONFIRM
foxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader Foxit reader 11.0.1.0719 macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the OnMouseExit method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14848.2022-02-18not yet calculatedCVE-2022-24356
MISC
MISC
foxit -- pdf_readerThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16115.2022-02-18not yet calculatedCVE-2022-24368
MISC
MISC
foxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. Crafted data in a JP2 image can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16087.2022-02-18not yet calculatedCVE-2022-24369
MISC
MISC
foxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15743.2022-02-18not yet calculatedCVE-2022-24357
MISC
MISC
foxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15853.2022-02-18not yet calculatedCVE-2022-24366
MISC
MISC
foxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15852.2022-02-18not yet calculatedCVE-2022-24365
MISC
MISC
foxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15703.2022-02-18not yet calculatedCVE-2022-24358
MISC
MISC
foxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15877.2022-02-18not yet calculatedCVE-2022-24367
MISC
MISC
foxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15987.2022-02-18not yet calculatedCVE-2022-24362
MISC
MISC
foxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15861.2022-02-18not yet calculatedCVE-2022-24363
MISC
MISC
foxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15811.2022-02-18not yet calculatedCVE-2022-24361
MISC
MISC
foxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15744.2022-02-18not yet calculatedCVE-2022-24360
MISC
MISC
foxit -- pdf_readerThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15851.2022-02-18not yet calculatedCVE-2022-24364
MISC
MISC
foxit -- pdf_reader
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15702.2022-02-18not yet calculatedCVE-2022-24359
MISC
MISC
foxit -- pdf_reader
 
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader Foxit reader 11.0.1.0719 macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA forms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14819.2022-02-18not yet calculatedCVE-2022-24370
MISC
MISC
foxit -- pdf_reader
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15812.2022-02-18not yet calculatedCVE-2022-24971
MISC
MISC
fuel-cms -- fuel-cms
 
A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file.2022-02-24not yet calculatedCVE-2021-44607
MISC
fuschia -- fuschia
 
An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. A local attacker could modify objects in the VMO that they do not have permission to. We recommend upgrading past commit d97c05d2301799ed585620a9c5c739d36e7b5d3d or any of the listed versions.2022-02-25not yet calculatedCVE-2022-0247
CONFIRM
givewp -- givewp
 
The GiveWP WordPress plugin before 2.17.3 does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting2022-02-21not yet calculatedCVE-2021-25100
CONFIRM
MISC
givewp -- givewp
 
The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request via the give_checkout_login AJAX action, leading to a Reflected Cross-Site Scripting2022-02-21not yet calculatedCVE-2021-25099
MISC
CONFIRM
givewp -- givewp
 
The GiveWP WordPress plugin before 2.17.3 does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting2022-02-21not yet calculatedCVE-2022-0252
CONFIRM
MISC
google -- fscryptThe PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to version 0.3.3 or above2022-02-25not yet calculatedCVE-2022-25327
CONFIRM
google -- fscryptfscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable.2022-02-25not yet calculatedCVE-2022-25326
CONFIRM
google -- fscrypt
 
The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or above2022-02-25not yet calculatedCVE-2022-25328
CONFIRM
harmonyos -- harmonyos
 
The interface of a certain HarmonyOS module has a UAF vulnerability. Successful exploitation of this vulnerability may lead to information leakage.2022-02-25not yet calculatedCVE-2021-22478
MISC
harmonyos -- harmonyos
 
The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to heap memory overflow.2022-02-25not yet calculatedCVE-2021-22480
MISC
harmonyos -- harmonyos
 
The interface of a certain HarmonyOS module has an invalid address access vulnerability. Successful exploitation of this vulnerability may lead to kernel crash.2022-02-25not yet calculatedCVE-2021-22479
MISC
hashicorp -- consul_and_consul_enterprise
 
HashiCorp Consul and Consul Enterprise 1.8.0 through 1.9.14, 1.10.7, and 1.11.2 has Uncontrolled Resource Consumption.2022-02-24not yet calculatedCVE-2022-24687
MISC
MISC
hashicorp -- terraform_enterprise
 
HashiCorp Terraform Enterprise before 202202-1 inserts Sensitive Information into a Log File.2022-02-25not yet calculatedCVE-2022-25374
MISC
MISC
hcl_software -- sametime_for_android"Sametime Android PathTraversal Vulnerability"2022-02-21not yet calculatedCVE-2021-27753
MISC
hcl_software -- sametime_for_android"Sametime Android potential path traversal vulnerability when using File class"2022-02-21not yet calculatedCVE-2021-27755
MISC
header_footer_code_manager -- header_footer_code_manager
 
The Header Footer Code Manager plugin <= 1.1.16 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter.2022-02-24not yet calculatedCVE-2022-0710
MISC
hms -- hmsAn incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files.2022-02-24not yet calculatedCVE-2022-25402
MISC
hms -- hms
 
HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php.2022-02-24not yet calculatedCVE-2022-25403
MISC

home_owners_collection_management_system -- home_owners_collection_management_system

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php.2022-02-26not yet calculatedCVE-2022-25096
MISC

home_owners_collection_management_system -- home_owners_collection_management_system

Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request.2022-02-26not yet calculatedCVE-2022-25095
MISC

home_owners_collection_management_system -- home_owners_collection_management_system

Home Owners Collection Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the parameter "cover" in SystemSettings.php.2022-02-26not yet calculatedCVE-2022-25094
MISC
homebrew -- mrubyOut-of-bounds Read in Homebrew mruby prior to 3.2.2022-02-19not yet calculatedCVE-2022-0630
MISC
CONFIRM
homebrew -- mruby
 
NULL Pointer Dereference in Homebrew mruby prior to 3.2.2022-02-19not yet calculatedCVE-2022-0632
CONFIRM
MISC
honeywell -- devicesHoneywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for camera control) after ARP cache poisoning has been achieved.2022-02-24not yet calculatedCVE-2021-39364
MISC
MISC
CONFIRM
honeywell -- devices
 
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ARP cache poisoning has been achieved.2022-02-24not yet calculatedCVE-2021-39363
MISC
MISC
CONFIRM
horizontcms -- horizontcmsA vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.2022-02-24not yet calculatedCVE-2022-25101
MISC
horizontcms -- horizontcms
 
HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via the component /admin/file-manager/.2022-02-24not yet calculatedCVE-2022-25104
MISC
hospital_patient_record_management_system -- hospital_patient_record_management_systemHospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/view_doctor.php.2022-02-24not yet calculatedCVE-2022-25003
MISC
hospital_patient_record_management_system -- hospital_patient_record_management_system
 
A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.2022-02-24not yet calculatedCVE-2022-24232
MISC
hospital_patient_record_management_system -- hospital_patient_record_management_system
 
Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/manage_doctor.php.2022-02-24not yet calculatedCVE-2022-25004
MISC
hpe -- ilo_amplifier_pack
 
Multiple buffer overflow security vulnerabilities have been identified in HPE iLO Amplifier Pack version(s): Prior to 2.12. These vulnerabilities could be exploited by a highly privileged user to remotely execute code that could lead to a loss of confidentiality, integrity, and availability. HPE has provided a software update to resolve this vulnerability in HPE iLO Amplifier Pack.2022-02-24not yet calculatedCVE-2021-29220
MISC
hpe -- integrated_lights-out_4_firmware
 
A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 (iLO 4) firmware version(s): Prior to 2.60. This vulnerability could be remotely exploited to allow an attacker to supply invalid input to the iLO 4 webserver, causing it to respond with a redirect to an attacker-controlled domain. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 4 (iLO 4).2022-02-24not yet calculatedCVE-2022-23701
MISC
hpe -- oneview_global_dashboard
 
A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard.2022-02-24not yet calculatedCVE-2021-29217
MISC
hpe -- oneview_global_dashboard
 
A remote cross-site scripting vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard.2022-02-24not yet calculatedCVE-2021-29216
MISC
htmldoc -- htmldoc
 
A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service.2022-02-24not yet calculatedCVE-2021-26252
MISC
huawei -- devices
 
The laser command injection vulnerability exists on AIS-BW80H-00 versions earlier than AIS-BW80H-00 9.0.3.4(H100SP13C00). The devices cannot effectively defend against external malicious interference. Attackers need the device to be visually exploitable and successful triggering of this vulnerability could execute voice commands on the device.2022-02-25not yet calculatedCVE-2021-40043
MISC
huawei -- products
 
Some Huawei products have an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to kernel crash.2022-02-25not yet calculatedCVE-2021-22441
MISC
huawei -- smartphones
 
There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service availability.2022-02-25not yet calculatedCVE-2021-22489
MISC
MISC
huawei -- smartphones
 
There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause unauthorized read and write of some files.2022-02-25not yet calculatedCVE-2021-22448
MISC
huawei -- smartphones
 
There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service integrity.2022-02-25not yet calculatedCVE-2021-37027
MISC
MISC
huawei -- smartphones
 
There is a software integer overflow leading to a TOCTOU condition in smartphones. Successful exploitation of this vulnerability may cause random address access.2022-02-25not yet calculatedCVE-2021-22437
MISC
huawei -- smartphones
 
There is a memory address out of bounds vulnerability in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.2022-02-25not yet calculatedCVE-2021-22434
MISC
MISC
huawei -- smartphones
 
There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access.2022-02-25not yet calculatedCVE-2021-22432
MISC
MISC
huawei -- smartphones
 
There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.2022-02-25not yet calculatedCVE-2021-22433
MISC
MISC
huawei -- smartphones
 
There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.2022-02-25not yet calculatedCVE-2021-22429
MISC
MISC
huawei -- smartphones
 
There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerability may affect service confidentiality.2022-02-25not yet calculatedCVE-2021-22395
MISC
MISC
huawei -- smartphones
 
There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.2022-02-25not yet calculatedCVE-2021-22426
MISC
MISC
huawei -- smartphones
 
There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause integer overflows.2022-02-25not yet calculatedCVE-2021-22319
MISC
MISC
huawei -- smartphones
 
There is a logic bypass vulnerability in smartphones. Successful exploitation of this vulnerability may cause code injection.2022-02-25not yet calculatedCVE-2021-22430
MISC
MISC
huawei -- smartphones
 
There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access.2022-02-25not yet calculatedCVE-2021-22431
MISC
MISC
huawei -- smartphones
 
There is a buffer overflow vulnerability in smartphones. Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration.2022-02-25not yet calculatedCVE-2021-22394
MISC
MISC
huawei -- walletThere is an improper permission management vulnerability in the Wallet apps. Successful exploitation of this vulnerability may affect service confidentiality.2022-02-25not yet calculatedCVE-2021-37103
MISC
ibm -- aix
 
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213073.2022-02-24not yet calculatedCVE-2021-38995
CONFIRM
XF
ibm -- aix
 
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213072.2022-02-24not yet calculatedCVE-2021-38994
CONFIRM
XF
ibm -- aix
 
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the smbcd daemon to cause a denial of service. IBM X-Force ID: 212962.2022-02-25not yet calculatedCVE-2021-38993
XF
CONFIRM
ibm -- planning_analytics
 
IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891.2022-02-21not yet calculatedCVE-2022-22308
XF
CONFIRM
ibm -- sterlingIBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM X-Force ID: 219395.2022-02-23not yet calculatedCVE-2022-22336
XF
CONFIRM
ibm -- sterling
 
IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned inside the Secure Zone could submit a specially crafted HTTP request to disrupt service. IBM X-Force ID: 219133.2022-02-23not yet calculatedCVE-2022-22333
XF
CONFIRM
ibm -- sterling
 
IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144.2022-02-24not yet calculatedCVE-2022-22349
XF
CONFIRM
ibm -- websphere_application_server
 
IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 213968.2022-02-24not yet calculatedCVE-2021-39038
CONFIRM
XF
image_photo_gallery_final_tiles_grid -- image_photo_gallery_final_tiles_grid
 
The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.5.3 does not sanitise and escape the Description field when editing a gallery, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks against other users having access to the gallery dashboard2022-02-21not yet calculatedCVE-2022-0186
MISC
imagemagick -- imagemagick
 
A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault.2022-02-24not yet calculatedCVE-2021-3610
MISC
MISC
imagemagick -- imagemagick
 
A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.2022-02-24not yet calculatedCVE-2021-3596
MISC
MISC
istio -- istio
 
Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet. There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent.2022-02-22not yet calculatedCVE-2022-23635
MISC
MISC
CONFIRM
jetbrains -- hub
 
In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions.2022-02-25not yet calculatedCVE-2022-24327
MISC
MISC
jetbrains -- hub
 
JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.2022-02-25not yet calculatedCVE-2022-25259
MISC
MISC
jetbrains -- hub
 
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).2022-02-25not yet calculatedCVE-2022-25260
MISC
MISC
jetbrains -- hub
 
In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS.2022-02-25not yet calculatedCVE-2022-24328
MISC
MISC
jetbrains -- hub
 
In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.2022-02-25not yet calculatedCVE-2022-25262
MISC
MISC
jetbrains -- intellij_idea
 
In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible.2022-02-25not yet calculatedCVE-2022-24346
MISC
MISC
jetbrains -- intellij_idea
 
In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible.2022-02-25not yet calculatedCVE-2022-24345
MISC
MISC
jetbrains -- kotlin
 
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.2022-02-25not yet calculatedCVE-2022-24329
MISC
MISC
jetbrains -- multiple_products
 
JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1.2022-02-25not yet calculatedCVE-2021-45977
MISC
MISC
jetbrains -- teamcity
 
In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.2022-02-25not yet calculatedCVE-2022-24330
MISC
MISC
jetbrains -- teamcity
 
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.2022-02-25not yet calculatedCVE-2022-24336
MISC
MISC
jetbrains -- teamcity
 
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.2022-02-25not yet calculatedCVE-2022-25263
MISC
MISC
jetbrains -- teamcity
 
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.2022-02-25not yet calculatedCVE-2022-24334
MISC
MISC
jetbrains -- teamcity
 
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.2022-02-25not yet calculatedCVE-2022-24337
MISC
MISC
jetbrains -- teamcity
 
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.2022-02-25not yet calculatedCVE-2022-25264
MISC
MISC
jetbrains -- teamcity
 
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.2022-02-25not yet calculatedCVE-2022-24331
MISC
MISC
jetbrains -- teamcity
 
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.2022-02-25not yet calculatedCVE-2022-24340
MISC
MISC
jetbrains -- teamcity
 
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.2022-02-25not yet calculatedCVE-2022-24335
MISC
MISC
jetbrains -- teamcity
 
JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.2022-02-25not yet calculatedCVE-2022-25261
MISC
MISC
jetbrains -- teamcity
 
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.2022-02-25not yet calculatedCVE-2022-24339
MISC
MISC
jetbrains -- teamcity
 
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.2022-02-25not yet calculatedCVE-2022-24341
MISC
MISC
jetbrains -- teamcity
 
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.2022-02-25not yet calculatedCVE-2022-24332
MISC
MISC
jetbrains -- teamcity
 
In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.2022-02-25not yet calculatedCVE-2022-24342
MISC
MISC
jetbrains -- teamcity
 
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.2022-02-25not yet calculatedCVE-2022-24338
MISC
MISC
jetbrains -- teamcity
 
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.2022-02-25not yet calculatedCVE-2022-24333
MISC
MISC
jetbrains -- youtrackIn JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.2022-02-25not yet calculatedCVE-2022-24343
MISC
MISC
jetbrains -- youtrack
 
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.2022-02-25not yet calculatedCVE-2022-24442
MISC
MISC
jetbrains -- youtrack
 
JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.2022-02-25not yet calculatedCVE-2022-24344
MISC
MISC
jetbrains -- youtrack
 
JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.2022-02-25not yet calculatedCVE-2022-24347
MISC
MISC
jquery-upload-file -- jquery-upload-file
 
A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name.2022-02-25not yet calculatedCVE-2021-37504
MISC
MISC
MISC
MISC
MISC
MISC
MISC
karma -- karma
 
The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query parameter.2022-02-25not yet calculatedCVE-2021-23495
CONFIRM
CONFIRM
CONFIRM
kde_kcron -- kde_kcron
 
KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands.2022-02-26not yet calculatedCVE-2022-24986
MISC
MISC
kuka.sim -- pro
 
Simulation models for KUKA.Sim Pro version 3.1 are hosted by a server maintained by KUKA. When these devices request a model, the server transmits the model in plaintext.2022-02-24not yet calculatedCVE-2020-10635
CONFIRM
laravel -- fortify
 
Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept.2022-02-24not yet calculatedCVE-2022-25838
MISC
libreoffice -- libreoffice
 
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag, which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5.2022-02-24not yet calculatedCVE-2021-25636
MISC
libsixel -- libsixel
 
In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free.2022-02-19not yet calculatedCVE-2021-46700
MISC
libxml -- libxml
 
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.2022-02-26not yet calculatedCVE-2022-23308
MISC
CONFIRM
limesurvey -- limesurvey
 
A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file.2022-02-24not yet calculatedCVE-2021-44967
MISC
MISC
linux -- linux+kernel
 
An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.2022-02-20not yet calculatedCVE-2022-25375
MISC
MISC
MISC
MLIST
linux -- linux_kernel
 
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.2022-02-24not yet calculatedCVE-2022-25636
MISC
MISC
MLIST
linux -- linux_kernel
 
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.2022-02-26not yet calculatedCVE-2020-36516
MISC
liveconfig -- liveconfig
 
A Stored XSS issue exists in the admin/users user administration form in LiveConfig 2.12.2.2022-02-18not yet calculatedCVE-2021-40840
MISC
MISC
mariadb -- connectMariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.2022-02-18not yet calculatedCVE-2022-24048
MISC
MISC
mariadb -- connectMariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207.2022-02-18not yet calculatedCVE-2022-24050
MISC
MISC
mariadb -- connectMariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193.2022-02-18not yet calculatedCVE-2022-24051
MISC
MISC
mariadb -- connect
 
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.2022-02-18not yet calculatedCVE-2022-24052
MISC
MISC
mattermost -- mattermost
 
Mattermost 6.3.0 and earlier fails to protect email addresses of the creator of the team via one of the APIs, which allows authenticated team members to access this information resulting in sensitive & private information disclosure.2022-02-21not yet calculatedCVE-2022-0708
MISC
mediawiki -- mediawiki
 
MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV element that has an attacker-controlled URL in the title attribute.2022-02-18not yet calculatedCVE-2017-0371
MISC
MISC
metadata-extractor -- metadata-extractorWhen reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor library.2022-02-24not yet calculatedCVE-2022-24614
MISC
metadata-extractor -- metadata-extractormetadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. This could be used to mount a denial of service attack against services that use metadata-extractor library.2022-02-24not yet calculatedCVE-2022-24613
MISC
mflow -- mflow
 
Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1.2022-02-23not yet calculatedCVE-2022-0736
CONFIRM
MISC
microweber -- microweberCross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11.2022-02-26not yet calculatedCVE-2022-0723
MISC
CONFIRM
microweber -- microweberBusiness Logic Errors in GitHub repository microweber/microweber prior to 1.3.2022-02-26not yet calculatedCVE-2022-0762
MISC
CONFIRM
microweber -- microweberCross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2022-02-23not yet calculatedCVE-2022-0719
MISC
CONFIRM
microweber -- microweberInsertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3.2022-02-23not yet calculatedCVE-2022-0721
CONFIRM
MISC
microweber -- microweber
 
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2022-02-26not yet calculatedCVE-2022-0763
CONFIRM
MISC
microweber -- microweber
 
Business Logic Errors in Packagist microweber/microweber prior to 1.2.11.2022-02-20not yet calculatedCVE-2022-0688
MISC
CONFIRM
microweber -- microweber
 
Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.2022-02-23not yet calculatedCVE-2022-0724
CONFIRM
MISC
modx_revolution -- modx_revolution
 
MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator.2022-02-26not yet calculatedCVE-2022-26149
MISC
mruby -- mruby
 
Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2.2022-02-23not yet calculatedCVE-2022-0717
CONFIRM
MISC
multiple_mobile_devices -- multiple_mobile_devices
 
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.2022-02-24not yet calculatedCVE-2022-0732
CERT-VN
CONFIRM
MISC
CERT-VN
node.js -- node.js
 
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable.2022-02-24not yet calculatedCVE-2021-44533
MISC
MISC
node.js -- node.js
 
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.2022-02-24not yet calculatedCVE-2021-44532
MISC
MISC
node.js -- node.js
 
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.2022-02-24not yet calculatedCVE-2021-44531
MISC
MISC
node.js -- node.js
 
Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to.2022-02-24not yet calculatedCVE-2022-21824
MISC
MISC
npm -- npm
 
@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Users are advised to upgrade to version 3.0.367 or later. There are no known workarounds for this issue.2022-02-24not yet calculatedCVE-2022-24709
CONFIRM
MISC
npm -- url-parseAuthorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.2022-02-20not yet calculatedCVE-2022-0686
CONFIRM
MISC
npm -- url-parse
 
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.2022-02-21not yet calculatedCVE-2022-0691
MISC
CONFIRM
octobercms -- octobercms
 
Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to build 474 or v1.1.10. The only known workaround is to manually apply the patch (e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a) which adds server signature validation.2022-02-24not yet calculatedCVE-2022-23655
MISC
CONFIRM
octobercms -- octobercms
 
Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass `cms.safe_mode` / `cms.enableSafeMode` in order to execute arbitrary code. This issue only affects admin panels that rely on safe mode and restricted permissions. To exploit this vulnerability, an attacker must first have access to the backend area. The issue has been patched in Build 474 (v1.0.474) and v1.1.10. Users unable to upgrade should apply https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe to your installation manually.2022-02-23not yet calculatedCVE-2022-21705
MISC
CONFIRM
ohio_supercomputer_center -- open_ondemand
 
The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template.2022-02-26not yet calculatedCVE-2020-27958
MISC
CONFIRM
MISC
okta -- advanced_server_access_client_for_windows
 
Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL.2022-02-21not yet calculatedCVE-2022-24295
MISC
opencmt -- opencmt
 
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions.2022-02-20not yet calculatedCVE-2022-22126
CONFIRM
openmct -- openmct
 
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions.2022-02-20not yet calculatedCVE-2022-23053
CONFIRM
openmct -- openmct
 
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions.2022-02-20not yet calculatedCVE-2022-23054
CONFIRM
openmrs -- openmrs
 
OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions are subject to arbitrary file exfiltration due to failure to sanitize request when satisfying GET requests for `/images` & `/initfilter/scripts`. This can allow an attacker to access any file on a system running OpenMRS that is accessible to the user id OpenMRS is running under. Affected implementations should update to the latest patch version of OpenMRS Core for the minor version they use. These are: 2.1.5, 2.2.1, 2.3.5, 2.4.5 and 2.5.3. As a general rule, this vulnerability is already mitigated by Tomcat's URL normalization in Tomcat 7.0.28+. Users on older versions of Tomcat should consider upgrading their Tomcat instance as well as their OpenMRS instance.2022-02-22not yet calculatedCVE-2022-23612
CONFIRM
MISC
MISC
MISC
opensuse -- libsolvTwo heap overflow vulnerabilities exist in oenSUSE libsolv through 13 Dec 2020 in the resolve_installed function at src/solver.c: line 1728 & 1766.2022-02-21not yet calculatedCVE-2021-44573
MISC
MISC
MISC
opensuse -- libsolvA heap overflow vulnerability exisfts in openSUSE libsolv through 13 Dec 2020 in the prefer_suggested function at src/policy.c: line 442.2022-02-21not yet calculatedCVE-2021-44571
MISC
MISC
opensuse -- libsolvA heap-buffer openSUSE libsolv through 13 Dec 2020 exists in the solver_solve function at src/solver.c: line 3445.2022-02-21not yet calculatedCVE-2021-44569
MISC
MISC
opensuse -- libsolvTwo heap-overflow vulnerabilities exist in openSUSE libsolv through 13 Dec 2020 bugs in the propagate function at src/solver.c: line 490 and 524.2022-02-21not yet calculatedCVE-2021-44577
MISC
MISC
MISC
opensuse -- libsolvTwo memory vulnerabilities exists in openSUSE libsolv through 13 Dec 2020 in the resolve_weak function at src/solver.c: line 2222 and 2249.2022-02-21not yet calculatedCVE-2021-44576
MISC
MISC
MISC
opensuse -- libsolvTwo heap-overflow vulnerabilities exists in openSUSE/libsolv through 13 Dec 2020 in the bugs in the solver_get_recommendations funtion function at src/solver.c: line 4286 & line 4305 FOR_PROVIDES.2022-02-21not yet calculatedCVE-2021-44570
MISC
MISC
MISC
opensuse -- libsolvTwo heap-overflow vulnerabilities exists in openSUSE libsolv through 13 Dec 2020 in the makeruledecisions function at src/solver.c: line 147 and 307.2022-02-21not yet calculatedCVE-2021-44575
MISC
MISC
MISC
opensuse -- libsolvA heap-overflow vulnerability exists in openSUSE libsolv through 13 Dec 2020 in the resolve_jobrules function at src/solver.c at line 1599.2022-02-21not yet calculatedCVE-2021-44574
MISC
MISC
opensuse -- libsolv
 
Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service.2022-02-21not yet calculatedCVE-2021-44568
MISC
MISC
MISC
oracle -- talent_acquisition_cloud-taleo_enterprise_edition
 
A potential vulnerability in the Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. This high severity potential vulnerability allows attackers to perform remote code execution on Taleo Enterprise Edition system. Successful attacks of this vulnerability can result in unauthorized remote code execution within Taleo Enterprise Edition and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. All affected customers were notified of CVE-2021-35689 by Oracle.2022-02-24not yet calculatedCVE-2021-35689
MISC
paquitosoftware -- notimoo
 
A cross-site scripting (XSS) vulnerability in PaquitoSoftware Notimoo v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted title or message in a notification.2022-02-25not yet calculatedCVE-2021-42244
MISC
pcmanager -- pcmanager
 
PCManager versions 11.1.1.95 has a privilege escalation vulnerability. Successful exploit could allow the attacker to access certain resource beyond its privilege.2022-02-25not yet calculatedCVE-2021-40046
MISC
pexip -- infinity
 
Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote attacker can use excessive resources, temporarily causing denial of service.2022-02-18not yet calculatedCVE-2022-23228
MISC
pexip -- infinity_connect
 
Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus, untrusted code may execute.2022-02-18not yet calculatedCVE-2021-29655
MISC
pexip -- infinity_connect
 
Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. The allow list is not properly checked.2022-02-18not yet calculatedCVE-2021-29656
MISC
phpuploader -- phpuploader
 
Cross-site scripting vulnerability in phpUploader v1.2 and earlier allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors.2022-02-24not yet calculatedCVE-2022-24435
MISC
MISC
phpuploader -- phpuploader
 
SQL injection vulnerability in the phpUploader v1.2 and earlier allows a remote unauthenticated attacker to obtain the information in the database via unspecified vectors.2022-02-24not yet calculatedCVE-2022-23986
MISC
MISC
pimcore -- pimcore
 
Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2.2022-02-22not yet calculatedCVE-2022-0665
CONFIRM
MISC
piwigo -- piwigo
 
Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. In this way, admin can steal webmaster's cookies to get the webmaster's access.2022-02-24not yet calculatedCVE-2022-24620
MISC
pjsip -- pjsip
 
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue.2022-02-22not yet calculatedCVE-2022-23608
CONFIRM
MISC
plesk -- cms
 
** DISPUTED ** Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows an attacker to insert data on the user and admin panel. NOTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users.2022-02-20not yet calculatedCVE-2021-45007
MISC
plesk -- cms
 
** DISPUTED ** Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. OTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users.2022-02-21not yet calculatedCVE-2021-45008
MISC
polkit -- polkit
 
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned2022-02-21not yet calculatedCVE-2021-4115
MISC
MISC
MISC
popup_builder -- popup_builder
 
The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vulnerability via wrappers such as PHAR2022-02-21not yet calculatedCVE-2021-25082
MISC
CONFIRM
popup_builder -- popup_builder
 
The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection2022-02-21not yet calculatedCVE-2022-0228
MISC
CONFIRM
premid -- premid
 
PreMiD 2.2.0 allows unintended access via the websocket transport. An attacker can receive events from a socket and emit events to a socket, potentially interfering with a victim's "now playing" status on Discord.2022-02-20not yet calculatedCVE-2021-46701
MISC
MISC
pritunl_client -- pritunl_client
 
Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go.2022-02-20not yet calculatedCVE-2022-25372
MISC
MISC
processwire -- cms
 
A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php.2022-02-24not yet calculatedCVE-2020-27467
MISC
profile_builder-user_profile_and_user_registration_forms -- profile_builder-user_profile_and_user_registration_forms
 
The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1.2022-02-24not yet calculatedCVE-2022-0653
MISC
MISC
qemu -- qemu
 
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition.2022-02-18not yet calculatedCVE-2021-3930
MISC
CONFIRM
qemu -- qemu
 
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability.2022-02-24not yet calculatedCVE-2021-3608
MISC
MISC
qemu -- qemu
 
An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.2022-02-24not yet calculatedCVE-2021-3607
MISC
MISC
qlik -- sense_enterprise
 
A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authenticated requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured.2022-02-21not yet calculatedCVE-2022-0564
CONFIRM
CONFIRM
CONFIRM
qnap -- device
 
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later2022-02-25not yet calculatedCVE-2021-34361
CONFIRM
qnap -- device
 
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later2022-02-25not yet calculatedCVE-2021-34359
CONFIRM
radare2 -- radare2
 
A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0, 5.5.4 and 5.5.2. Mapping a huge section filled with zeros of an ELF64 binary for MIPS architecture can lead to uncontrolled resource consumption and DoS.2022-02-24not yet calculatedCVE-2021-4021
MISC
radareorg -- radare2
 
Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.2022-02-23not yet calculatedCVE-2022-0476
MISC
CONFIRM
radareorg -- radare2
 
Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.2022-02-24not yet calculatedCVE-2022-0695
CONFIRM
MISC
radareorg -- radare2
 
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.2022-02-22not yet calculatedCVE-2022-0713
CONFIRM
MISC
radareorg -- radare2
 
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.2022-02-22not yet calculatedCVE-2022-0676
CONFIRM
MISC
radareorg -- radare2
 
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4.2022-02-22not yet calculatedCVE-2022-0712
MISC
CONFIRM
redis -- redis
 
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.2022-02-18not yet calculatedCVE-2022-0543
MISC
DEBIAN
MISC
MLIST
rockwell_automation -- 1734-aentr
 
The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings.2022-02-24not yet calculatedCVE-2020-14504
MISC
rockwell_automation -- 1734-aentr
 
The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface.2022-02-24not yet calculatedCVE-2020-14502
MISC
rockwell_automation -- factorytalk
 
The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE.2022-02-24not yet calculatedCVE-2020-14481
MISC
rockwell_automation -- factorytalk
 
Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials.2022-02-24not yet calculatedCVE-2020-14480
MISC
rockwell_automation -- factorytalk
 
A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the attacker to arbitrarily read any local file via system-level services.2022-02-24not yet calculatedCVE-2020-14478
MISC
rosariosis -- rosariosis
 
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields.2022-02-24not yet calculatedCVE-2021-44565
MISC
MISC
MISC
rosariosis -- rosariosis
 
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php.2022-02-24not yet calculatedCVE-2021-44566
MISC
MISC
MISC
rosariosis -- rosariosis
 
An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.2022-02-24not yet calculatedCVE-2021-44567
MISC
MISC
MISC
MISC
rudloff -- alltube
 
Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1.2022-02-21not yet calculatedCVE-2022-0692
CONFIRM
MISC
sangforcsclient.exe -- sangforcsclient.exe
 
SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, when they are able to read process memory, to discover the contents of the Username and Password fields.2022-02-26not yet calculatedCVE-2022-22908
MISC
sante -- dicom_viewer_proThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15100.2022-02-18not yet calculatedCVE-2022-24061
MISC
sante -- dicom_viewer_proThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. Crafted data in a J2K file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15095.2022-02-18not yet calculatedCVE-2022-24058
MISC
sante -- dicom_viewer_proThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. Crafted data in a DCM file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15099.2022-02-18not yet calculatedCVE-2022-24060
MISC
sante -- dicom_viewer_proThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 13.2.0.21165. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15104.2022-02-18not yet calculatedCVE-2022-24062
MISC
sante -- dicom_viewer_pro
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 13.2.0.21165. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15105.2022-02-18not yet calculatedCVE-2022-24063
MISC
sante -- dicom_viewer_pro
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.8.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15161.2022-02-18not yet calculatedCVE-2022-24064
MISC
sas -- web_report_studio
 
SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfs_request_backlabel_list and saspfs_request_backurl_list. The first one affects the content of the button placed in the top left. The second affects the page to which the user is directed after pressing the button, e.g., a malicious web page. In addition, the second parameter executes JavaScript, which means XSS is possible by adding a javascript: URL.2022-02-19not yet calculatedCVE-2022-25256
MISC
MISC
CONFIRM
scadaflex -- scada_controller
 
On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files.2022-02-26not yet calculatedCVE-2022-25359
MISC
MISC
seatd-- seatd
 
seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname.2022-02-24not yet calculatedCVE-2022-25643
MISC
MISC
MISC
sha256crypt -- sha256crypt
 
sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.2022-02-19not yet calculatedCVE-2016-20013
MISC
MISC
MISC
shield_security -- shield_security
 
The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.2022-02-21not yet calculatedCVE-2022-0211
MISC
showdoc -- showdoc
 
Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2.2022-02-19not yet calculatedCVE-2022-0409
CONFIRM
MISC
simcenter -- femap
 
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15048)2022-02-22not yet calculatedCVE-2021-46162
CONFIRM
simcenter -- femap
 
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains a stack based buffer overflow vulnerability while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15061)2022-02-22not yet calculatedCVE-2021-46699
CONFIRM
sonos -- one_speaker
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 (S2 systems) and 11.2.13 build 57923290 (S1 systems). Authentication is not required to exploit this vulnerability. The specific flaw exists within the ALAC audio codec. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15798.2022-02-18not yet calculatedCVE-2022-24049
MISC
sonos -- one_speaker
 
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 (S2 systems) and 11.2.13 build 57923290 (S1 systems). Authentication is not required to exploit this vulnerability. The specific flaw exists within the anacapd daemon. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15828.2022-02-18not yet calculatedCVE-2022-24046
MISC
sourcegraph -- sourcegraph
 
Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the `gitserver` service. The service acts as a git exec proxy, and fails to properly restrict calling `git config`. This allows an attacker to set the git `core.sshCommand` option, which sets git to use the specified command instead of ssh when they need to connect to a remote system. Exploitation of this vulnerability depends on how Sourcegraph is deployed. An attacker able to make HTTP requests to internal services like gitserver is able to exploit it. This issue is patched in Sourcegraph version 3.37. As a workaround, ensure that requests to gitserver are properly protected.2022-02-18not yet calculatedCVE-2022-23642
CONFIRM
MISC
spiffy_calendar -- spiffy_calendar
 
Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0).2022-02-21not yet calculatedCVE-2022-25599
CONFIRM
CONFIRM
strapi -- strapi
 
Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0.2022-02-26not yet calculatedCVE-2022-0764
CONFIRM
MISC
subrion -- cms
 
A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file.2022-02-24not yet calculatedCVE-2021-43724
MISC
survey_maker -- survey_maker
 
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Survey Maker WordPress plugin (versions <= 2.0.6).2022-02-21not yet calculatedCVE-2021-26256
CONFIRM
CONFIRM
swtpm -- swtpm
 
swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds.2022-02-18not yet calculatedCVE-2022-23645
CONFIRM
MISC
MISC
MISC
MISC
tenda -- routersTenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR.2022-02-24not yet calculatedCVE-2022-25414
MISC
tenda -- routersTenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo.2022-02-24not yet calculatedCVE-2022-25417
MISC
tenda -- routers
 
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi.2022-02-24not yet calculatedCVE-2022-25418
MISC
tongda2000 -- tongda2000Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete_query.php via the DELETE_STR parameter.2022-02-24not yet calculatedCVE-2022-25406
MISC
tongda2000 -- tongda2000Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete.php via the DELETE_STR parameter.2022-02-24not yet calculatedCVE-2022-25404
MISC
tongda2000 -- tongda2000
 
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in change_box.php via the DELETE_STR parameter.2022-02-24not yet calculatedCVE-2022-25405
MISC
tor_browser -- tor_browser
 
Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn't properly free memory.2022-02-26not yet calculatedCVE-2021-46702
MISC
totolink -- technology_routersA command injection vulnerability in the function setUpgradeFW of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.2022-02-19not yet calculatedCVE-2022-25134
MISC
totolink -- technology_routersA command injection vulnerability in the function isAssocPriDevice of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.2022-02-19not yet calculatedCVE-2022-25133
MISC
totolink -- technology_routersA command injection vulnerability in the function updateWifiInfo of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet.2022-02-19not yet calculatedCVE-2022-25130
MISC
totolink -- technology_routersA command injection vulnerability in the function recv_mesh_info_sync of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.2022-02-19not yet calculatedCVE-2022-25135
MISC
totolink -- technology_routersA command injection vulnerability in the function meshSlaveUpdate of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet.2022-02-19not yet calculatedCVE-2022-25136
MISC
totolink -- technology_routersTOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.2022-02-24not yet calculatedCVE-2022-25079
MISC
totolink -- technology_routersA command injection vulnerability in the function recvSlaveCloudCheckStatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet.2022-02-19not yet calculatedCVE-2022-25131
MISC
totolink -- technology_routersTOTOLink A3100R V4.1.2cu.5050_B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.2022-02-24not yet calculatedCVE-2022-25077
MISC
totolink -- technology_routersTOTOLink A800R V4.1.2cu.5137_B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.2022-02-24not yet calculatedCVE-2022-25076
MISC
totolink -- technology_routersTOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.2022-02-24not yet calculatedCVE-2022-25082
MISC
totolink -- technology_routersTOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.2022-02-24not yet calculatedCVE-2022-25078
MISC
totolink -- technology_routersTOTOLink T10 V5.9c.5061_B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.2022-02-24not yet calculatedCVE-2022-25081
MISC
totolink -- technology_routersTOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.2022-02-24not yet calculatedCVE-2022-25075
MISC
totolink -- technology_routersA command injection vulnerability in the function meshSlaveDlfw of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.2022-02-19not yet calculatedCVE-2022-25132
MISC
totolink -- technology_routersTOTOLink A830R V5.9c.4729_B20191112 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.2022-02-24not yet calculatedCVE-2022-25080
MISC
totolink -- technology_routers
 
TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.2022-02-24not yet calculatedCVE-2022-25084
MISC
totolink -- technology_routers
 
TOTOLink A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.2022-02-24not yet calculatedCVE-2022-25083
MISC
totolink -- technology_routers
 
A command injection vulnerability in the function recvSlaveUpgstatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet.2022-02-19not yet calculatedCVE-2022-25137
MISC
tp-link -- routersThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 1.1.4 Build 20211022 rel.59103(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15835.2022-02-18not yet calculatedCVE-2022-24354
MISC
tp-link -- routersTP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr.2022-02-25not yet calculatedCVE-2022-25064
MISC
MISC
MISC
tp-link -- routersTP-Link Archer A54 Archer A54(US)_V1_210111 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.2022-02-24not yet calculatedCVE-2022-25072
MISC
tp-link -- routersTL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fillObjByStr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.2022-02-24not yet calculatedCVE-2022-25073
MISC
tp-link -- routersTP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing.2022-02-25not yet calculatedCVE-2022-25060
MISC
MISC
MISC
tp-link -- routersTP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.2022-02-25not yet calculatedCVE-2022-25061
MISC
MISC
MISC
tp-link -- routersTP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.2022-02-25not yet calculatedCVE-2022-25062
MISC
MISC
MISC
tp-link -- routers
 
TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.2022-02-24not yet calculatedCVE-2022-25074
MISC
tp-link -- routers
 
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of file name extensions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13910.2022-02-18not yet calculatedCVE-2022-24355
MISC
translation_exchange -- translation_exchange
 
The Translation Exchange WordPress plugin through 1.0.14 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS) within the Project Key text field found in the plugin's settings.2022-02-21not yet calculatedCVE-2021-25057
MISC
trend_micro -- antivirus_for_max
 
A link following privilege escalation vulnerability in Trend Micro Antivirus for Max 11.0.2150 and below could allow a local attacker to modify a file during the update process and escalate their privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2022-02-24not yet calculatedCVE-2022-24671
N/A
N/A
trend_micro -- apex_one
 
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2022-02-24not yet calculatedCVE-2022-24680
N/A
N/A
N/A
trend_micro -- multiple_productsAn security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations.2022-02-24not yet calculatedCVE-2022-24678
N/A
N/A
N/A
trend_micro -- multiple_products
 
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2022-02-24not yet calculatedCVE-2022-24679
N/A
N/A
N/A
trend_micro -- serverprotectTrend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. An unauthenticated remote attacker with access to the Information Server could exploit this to register to the server and perform authenticated actions.2022-02-24not yet calculatedCVE-2022-25329
N/A
N/A
trend_micro -- serverprotect
 
Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the process or achieve remote code execution.2022-02-24not yet calculatedCVE-2022-25330
N/A
N/A
trend_micro -- serverprotection
 
Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process.2022-02-24not yet calculatedCVE-2022-25331
N/A
N/A
tricentis -- qtest
 
Tricentis qTest before 10.4 allows stored XSS by an authenticated attacker.2022-02-26not yet calculatedCVE-2022-26146
MISC
MISC
trillium -- notes
 
A Denial of Service vulnerabilty exists in Trilium Notes 0.48.6 in the setupPage function2022-02-24not yet calculatedCVE-2021-43745
MISC
typo3 -- kitodo_presentation_extension
 
An issue was discovered in the Kitodo.Presentation (aka dif) extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs to this component. This results in SSRF, allowing attackers to view the content of any file or webpage the webserver has access to.2022-02-19not yet calculatedCVE-2022-24980
CONFIRM
MISC
typo3 -- varnishcache_extension
 
An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site Includes (ESI) content element renderer component does not include an access check. This allows an unauthenticated user to render various content elements, resulting in insecure direct object reference (IDOR), with the potential of exposing internal content elements.2022-02-19not yet calculatedCVE-2022-24979
CONFIRM
MISC
usbguard -- usbguard
 
An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future.2022-02-24not yet calculatedCVE-2019-25058
MISC
MISC
MISC
usbredir -- usbredir
 
A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination.2022-02-24not yet calculatedCVE-2021-3700
MISC
MISC
util-linux -- util-linux
 
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.2022-02-21not yet calculatedCVE-2022-0563
MISC
v2fly -- v2ray
 
Off-by-one Error in GitHub repository v2fly/v2ray-core prior to 4.44.0.2022-02-23not yet calculatedCVE-2021-4070
CONFIRM
MISC
ver -- ver
 
Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-23916.2022-02-24not yet calculatedCVE-2022-24374
MISC
MISC
ver -- ver
 
Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to Ver.2.11.41 allows a remote unauthenticated attacker to bypass authentication under the specific condition.2022-02-24not yet calculatedCVE-2022-21142
MISC
MISC
ver -- ver
 
Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-24374.2022-02-24not yet calculatedCVE-2022-23916
MISC
MISC
ver -- ver
 
Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to obtain an arbitrary file on the server via unspecified vectors.2022-02-24not yet calculatedCVE-2022-23810
MISC
MISC
vim -- vim
 
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.2022-02-22not yet calculatedCVE-2022-0714
MISC
CONFIRM
FEDORA
FEDORA
vim -- vim
 
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.2022-02-23not yet calculatedCVE-2022-0729
CONFIRM
MISC
FEDORA
FEDORA
vim -- vim
 
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.2022-02-21not yet calculatedCVE-2022-0696
MISC
CONFIRM
FEDORA
vim -- vim
 
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.2022-02-20not yet calculatedCVE-2022-0685
CONFIRM
MISC
FEDORA
visual_voice_mail -- visual_voice_mail
 
** DISPUTED ** The Visual Voice Mail (VVM) application through 2022-02-24 for Android allows persistent access if an attacker temporarily controls an application that has the READ_SMS permission, and reads an IMAP credentialing message that is (by design) not displayed to the victim within the AOSP SMS/MMS messaging application. (Often, the IMAP credentials are usable to listen to voice mail messages sent before the vulnerability was exploited, in addition to new ones.) NOTE: some vendors characterize this as not a "concrete and exploitable risk."2022-02-25not yet calculatedCVE-2022-23835
MISC
MISC
waline -- waline
 
In waline 1.6.1, an attacker can submit messages using X-Forwarded-For to forge any IP address.2022-02-25not yet calculatedCVE-2022-24594
MISC
MISC
watchguard -- firebox_and_xtm
 
WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. This vulnerability impacts Fireware OS before 11.7.2_U1, 12.x before 12.1.3_U3, and 12.2.x through 12.5.x before 12.5.7_U3.2022-02-24not yet calculatedCVE-2022-23176
CONFIRM
MISC
watchguard -- firebox_and_xtm_appliances
 
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management user credentials. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.2022-02-24not yet calculatedCVE-2022-25363
CONFIRM
watchguard -- firebox_and_xtm_appliances
 
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.2022-02-24not yet calculatedCVE-2022-25360
CONFIRM
watchguard -- firebox_xtm_appliancesA wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.2022-02-24not yet calculatedCVE-2022-25292
CONFIRM
watchguard -- firebox_xtm_appliancesAn integer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to trigger a heap-based buffer overflow and potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.2022-02-24not yet calculatedCVE-2022-25291
CONFIRM
watchguard -- firebox_xtm_appliancesWatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to retrieve certificate private keys. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.2022-02-24not yet calculatedCVE-2022-25290
CONFIRM
watchguard -- firebox_xtm_appliances
 
A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.2022-02-24not yet calculatedCVE-2022-25293
CONFIRM
wbce_cms -- wbce_cms
 
A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.2022-02-24not yet calculatedCVE-2022-25099
MISC
webankpartners -- wecube-platform
 
A Directory Traversal vulnerability exists in WeBankPartners wecube-platform 3.2.1 via the file variable in PluginPackageController.java.2022-02-24not yet calculatedCVE-2021-45746
MISC
weblate -- weblate
 
Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutralization it is possible to perform cross-site scripting via these fields. The issues were fixed in the 4.11 release. Users unable to upgrade are advised to add their own neutralize logic.2022-02-25not yet calculatedCVE-2022-24710
CONFIRM
MISC
MISC
MISC
wiki.js -- wiki.js
 
Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different target page ID while keeping the path intact. The access control incorrectly check the path access against the user-provided values instead of the actual path associated to the page ID. Commit https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b fixes this vulnerability by checking access control on the path associated with the page ID instead of the user-provided value. When the path is different than the current value, a second access control check is then performed on the user-provided path before the move operation.2022-02-22not yet calculatedCVE-2022-23654
CONFIRM
MISC
wikidocs -- wikidocs
 
WikiDocs version 0.1.18 has multiple reflected XSS vulnerabilities on different pages.2022-02-19not yet calculatedCVE-2022-23376
MISC
MISC
MISC
MISC
wikidocs -- wikidocs
 
WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can upload a malicious file using the image upload form through index.php.2022-02-19not yet calculatedCVE-2022-23375
MISC
MISC
MISC
MISC
win-911 -- win-911
 
WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and executables. A low-privilege attacker could write a malicious DLL file to the Operator Workspace directory to achieve privilege escalation and the permissions of the user running the program.2022-02-24not yet calculatedCVE-2022-23104
CONFIRM
CONFIRM
win-911 -- win-911
 
WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed.2022-02-24not yet calculatedCVE-2022-23922
CONFIRM
CONFIRM
wireguard -- wireguard
 
Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Prior to versions 0.8.5, 0.9.4, and 010.0, there is a hard-coded cryptographic key in the code base which can be exploited to run admin commands on a remote server if the exploiter know the address and username of the admin. This effects the server (netmaker) component, and not clients. This has been patched in Netmaker v0.8.5, v0.9.4, and v0.10.0. There are currently no known workarounds.2022-02-18not yet calculatedCVE-2022-23650
MISC
MISC
MISC
CONFIRM
wolfssl -- wolfssl
 
In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message.2022-02-24not yet calculatedCVE-2022-25638
CONFIRM
MISC
wolfssl -- wolfssl
 
In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate.2022-02-24not yet calculatedCVE-2022-25640
MISC
woocs -- woocs
 
The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting2022-02-21not yet calculatedCVE-2022-0234
MISC
CONFIRM
wp_content_copy_protection_and_no_right_click -- wp_content_copy_protection_and_no_right_click
 
Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4).2022-02-21not yet calculatedCVE-2022-23983
CONFIRM
CONFIRM
wp_statistics -- wp_statisticsThe WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.2022-02-24not yet calculatedCVE-2022-25148
MISC
MISC
MISC
wp_statistics -- wp_statisticsThe WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the ~/includes/class-wp-statistics-ip.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions up to and including 13.1.5.2022-02-24not yet calculatedCVE-2022-25305
MISC
MISC
MISC
wp_statistics -- wp_statisticsThe WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions up to and including 13.1.5.2022-02-24not yet calculatedCVE-2022-25306
MISC
MISC
MISC
wp_statistics -- wp_statistics
 
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.2022-02-24not yet calculatedCVE-2022-25149
MISC
MISC
MISC
wp_statistics -- wp_statistics
 
The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions up to and including 13.1.5.2022-02-24not yet calculatedCVE-2022-25307
MISC
MISC
MISC
wp_statistics -- wp_statistics
 
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.2022-02-24not yet calculatedCVE-2022-0651
MISC
MISC
MISC
wpdiscuz -- wpdiscuz
 
Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11).2022-02-21not yet calculatedCVE-2022-23984
CONFIRM
CONFIRM
xerte_project -- xerteAn Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. Attackers can manipulate the files destination by abusing path traversal in the 'mediapath' variable.2022-02-24not yet calculatedCVE-2021-44664
MISC
MISC
MISC
xerte_project -- xerteA Directory Traversal vulnerability exists in the Xerte Project Xerte through 3.10.3 when downloading a project file via download.php.2022-02-24not yet calculatedCVE-2021-44665
MISC
xerte_project -- xerteA Remote Code Execution (RCE) vulnerability exists in the Xerte Project Xerte through 3.8.4 via a crafted php file through elfinder in connetor.php.2022-02-24not yet calculatedCVE-2021-44663
MISC
MISC
MISC
xerte_project -- xerte
 
A Site Scripting (XSS) vulnerability exists in the Xerte Project Xerte through 3.8.4 via the link parameter in print.php.2022-02-24not yet calculatedCVE-2021-44662
MISC
MISC
MISC
zenario -- cms
 
Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server.2022-02-24not yet calculatedCVE-2022-23043
MISC
MISC
zepl -- notebooks
 
Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets including cloud metadata services.2022-02-25not yet calculatedCVE-2021-42952
MISC
MISC
zfaka -- zfaka
 
An issue was found in Zfaka <= 1.4.5. The verification of the background file upload function check is not strict, resulting in remote command execution.2022-02-21not yet calculatedCVE-2022-24553
MISC
MISC
zip4j -- zip4j
 
zip4j up to 2.9.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. This could be used to mount a denial of service attack against services that use zip4j library.2022-02-24not yet calculatedCVE-2022-24615
MISC
zte -- products
 
There is a directory traversal vulnerability in some home gateway products of ZTE. Due to the lack of verification of user modified destination path, an attacker with specific permissions could modify the FTP access path to access and modify the system path contents without authorization, which will cause information leak and affect device operation.2022-02-24not yet calculatedCVE-2022-23135
MISC
zulip -- zulip
 
Improper Access Control in GitHub repository zulip/zulip prior to 4.10.2022-02-26not yet calculatedCVE-2021-3967
CONFIRM
MISC
zulip -- zulip
 
Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where an invitation created in one organization (potentially as a role with elevated permissions) can be used to join any other organization. This bypasses any restrictions on required domains on users' email addresses, may be used to gain access to organizations which are only accessible by invitation, and may be used to gain access with elevated privileges. This issue has been patched in release 4.10. There are no known workarounds for this issue. ### Patches _Has the problem been patched? What versions should users upgrade to?_ ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ ### References _Are there any links users can visit to find out more?_ ### For more information If you have any questions or comments about this advisory, you can discuss them on the [developer community Zulip server](https://zulip.com/developer-community/), or email the [Zulip security team](mailto:security@zulip.com).2022-02-26not yet calculatedCVE-2022-21706
CONFIRM
MISC
MISC
MISC
zyxel -- armor_firmwareA cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary commands if they coerce or trick a local user to visit a compromised website with malicious scripts.2022-02-24not yet calculatedCVE-2021-4030
CONFIRM
zyxel -- armor_firmware
 
A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface.2022-02-24not yet calculatedCVE-2021-4029
CONFIRM

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.