Vulnerability Summary for the Week of April 25, 2022

Released
May 02, 2022
Document ID
SB22-122

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
jfinalcms_project -- jfinalcmsJFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function.2022-04-227.5CVE-2022-27341
MISC
link-admin_project -- link-adminLink-Admin v0.0.1 was discovered to contain a SQL injection vulnerability via DictRest.ResponseResult().2022-04-227.5CVE-2022-27342
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
ibm -- cognos_analyticsIBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399.2022-04-226.8CVE-2021-38886
XF
CONFIRM
pimcore -- pimcoreSQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data2022-04-225CVE-2022-1429
MISC
CONFIRM
ibm -- cognos_analyticsIBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. IBM X-Force ID: 209693.2022-04-224.3CVE-2021-38904
XF
CONFIRM
microweber -- microweberReflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction.2022-04-224.3CVE-2022-1439
CONFIRM
MISC
crypt-server_project -- crypt-serverCrypt Server before 3.3.0 allows XSS in the index view. This is related to serial, computername, and username.2022-04-224.3CVE-2022-29589
MISC
MISC
ibm -- cognos_analyticsIBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813.2022-04-224CVE-2021-20464
CONFIRM
XF
ibm -- cognos_analyticsIBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access. IBM X-Force ID: 204468.2022-04-224CVE-2021-29824
CONFIRM
XF
ibm -- cognos_analyticsIBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697.2022-04-224CVE-2021-38905
XF
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
ibm -- cognos_analyticsIBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 209691.2022-04-223.5CVE-2021-38903
CONFIRM
XF
ibm -- cognos_analyticsIBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240.2022-04-223.5CVE-2021-38946
CONFIRM
XF

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
artifex -- ghostscript
 
Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839.2022-04-25not yet calculatedCVE-2019-25059
MISC
MLIST
wordpress -- dw_question_&_answer_pro_wordpress_plugin
 
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments.2022-04-25not yet calculatedCVE-2021-24800
MISC
wordpress -- dw_question_&_answer_pro_wordpress_plugin
 
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as update a comment or a question status.2022-04-25not yet calculatedCVE-2021-24805
MISC
wordpress -- advanced_page_visit_counter_wordpress_plugin
 
The Advanced Page Visit Counter WordPress plugin through 5.0.8 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection2022-04-25not yet calculatedCVE-2021-24957
MISC
wordpress -- tatsu_wordpress_plugin
 
The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker.2022-04-25not yet calculatedCVE-2021-25094
MISC
MISC
wordpress-- english_wordpress_admin_wordpress_plugin
 
The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue2022-04-25not yet calculatedCVE-2021-25111
MISC
sophos -- authenticator_for_android
 
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.2022-04-27not yet calculatedCVE-2021-25266
CONFIRM
maxboard -- maxboard
 
Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files.2022-04-26not yet calculatedCVE-2021-26628
MISC
tobesoft -- xplatformA path traversal vulnerability in XPLATFORM's runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..\’.2022-04-26not yet calculatedCVE-2021-26629
MISC
ibm -- qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user's dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030.2022-04-27not yet calculatedCVE-2021-29776
CONFIRM
XF
nomachine -- nomachine_for_windows
 
NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM.2022-04-28not yet calculatedCVE-2021-33436
MISC
MISC
MISC
MISC
bender/ebee -- charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable.2022-04-27not yet calculatedCVE-2021-34587
CONFIRM
bender/ebee -- charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .2022-04-27not yet calculatedCVE-2021-34588
CONFIRM
bender/ebee -- charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface.2022-04-27not yet calculatedCVE-2021-34589
CONFIRM
bender/ebee -- charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed.2022-04-27not yet calculatedCVE-2021-34590
CONFIRM
bender/ebee -- charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd.2022-04-27not yet calculatedCVE-2021-34591
CONFIRM
bender/ebee -- charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields.2022-04-27not yet calculatedCVE-2021-34592
CONFIRM
bender/ebee -- cc612
 
In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI.2022-04-27not yet calculatedCVE-2021-34601
CONFIRM
bender/ebee -- charge_controllers
 
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges.2022-04-27not yet calculatedCVE-2021-34602
CONFIRM
3scale -- apicast
 
A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address.2022-04-27not yet calculatedCVE-2021-3523
MISC
solarwinds -- serv-u
 
A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.2022-04-25not yet calculatedCVE-2021-35250
MISC
MISC
metasys -- ads/adx/oas
 
Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator.2022-04-29not yet calculatedCVE-2021-36207
CERT
CONFIRM
veryfixpro -- veryfixpro
 
VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user's account, rendering the benefits of storing hashed passwords in the database useless.2022-04-25not yet calculatedCVE-2021-36460
MISC
MISC
MISC
wordpress --alexander_ustimenko's_psychological_tests_&_quizzes_plugin
 
Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher user rights.2022-04-26not yet calculatedCVE-2021-36867
CONFIRM
CONFIRM
tripetto -- tripetto_plugin
 
Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's Tripetto plugin <= 5.1.4 on WordPress via SVG image upload.2022-04-26not yet calculatedCVE-2021-36895
CONFIRM
CONFIRM
lenovo -- pcmanager
 
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error.2022-04-22not yet calculatedCVE-2021-3721
MISC
lenovo -- pcmanager
 
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation.2022-04-22not yet calculatedCVE-2021-3722
MISC
lenovo -- multiple_products
 
An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.2022-04-22not yet calculatedCVE-2021-3849
CONFIRM
ibm -- qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341.2022-04-27not yet calculatedCVE-2021-38869
CONFIRM
XF
ibm -- qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397.2022-04-27not yet calculatedCVE-2021-38874
XF
CONFIRM
ibm -- qradar
 
IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchange without entity authentication. IBM X-Force ID: 208756.2022-04-27not yet calculatedCVE-2021-38878
CONFIRM
XF
ibm -- qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 2100212022-04-27not yet calculatedCVE-2021-38919
CONFIRM
XF
ibm -- qradar_siem
 
IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037.2022-04-27not yet calculatedCVE-2021-38939
XF
CONFIRM
ibm -- infosphere_information_server
 
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211408.2022-04-28not yet calculatedCVE-2021-38952
CONFIRM
XF
lenovo -- multiple_products
 
An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.2022-04-22not yet calculatedCVE-2021-3897
CONFIRM
motorola -- multiple_products
 
Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being accessible by an attacker.2022-04-22not yet calculatedCVE-2021-3898
MISC
ibm -- planning_analytics_workspaceIBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 214025.2022-04-25not yet calculatedCVE-2021-39040
XF
CONFIRM
ibm -- urbancode_deploy
 
IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.2022-04-29not yet calculatedCVE-2021-39082
CONFIRM
XF
lenovo -- lenovovariable_smi_handler
 
A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code.2022-04-22not yet calculatedCVE-2021-3970
MISC
lenovo -- notebook
 
A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable.2022-04-22not yet calculatedCVE-2021-3971
MISC
lenovo -- notebook
 
A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.2022-04-22not yet calculatedCVE-2021-3972
MISC
red_hat -- gnome-shell
 
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine.2022-04-29not yet calculatedCVE-2021-3982
MISC
MISC
artica -- proxy
 
There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi.2022-04-25not yet calculatedCVE-2021-40680
FULLDISC
eclipse -- openj9
 
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles.2022-04-27not yet calculatedCVE-2021-41041
CONFIRM
CONFIRM
novelplus -- novel-plus
 
novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution.2022-04-28not yet calculatedCVE-2021-41921
MISC
magic_cms_msvod -- magic_cms_msvod
 
The Magic CMS MSVOD v10 video system has a SQL injection vulnerability. Attackers can use vulnerabilities to obtain sensitive information in the database.2022-04-29not yet calculatedCVE-2021-41942
MISC
encode-- oss_httpx
 
Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.2022-04-28not yet calculatedCVE-2021-41945
MISC
MISC
MISC
MISC
MISC
subrion_cms -- subrion_cms
 
A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2.1 version via "List of subjects".2022-04-29not yet calculatedCVE-2021-41948
MISC
pingidentity -- pingid_windows_login
 
A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass.2022-04-30not yet calculatedCVE-2021-41992
MISC
MISC
pingidentity -- pingid_adnroid
 
A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.2022-04-30not yet calculatedCVE-2021-41993
MISC
MISC
pingidentity -- pingid_ios
 
A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.2022-04-30not yet calculatedCVE-2021-41994
MISC
MISC
pingidentity -- pingid_desktop
 
PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP.2022-04-30not yet calculatedCVE-2021-42001
MISC
MISC
aemu -- aemu
 
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.2022-04-29not yet calculatedCVE-2021-4206
MISC
MISC
aemu -- aemu
 
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.2022-04-29not yet calculatedCVE-2021-4207
MISC
MISC
lenovo -- nvme_driver
 
A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.2022-04-22not yet calculatedCVE-2021-4210
MISC
lenovo -- smbios_event_log_driver
 
A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.2022-04-22not yet calculatedCVE-2021-4211
MISC
lenovo -- nlegacy_bios_mode_driverA potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.2022-04-22not yet calculatedCVE-2021-4212
MISC
wordpress -- sp_project_&_document_manager_wordpress_plugin
 
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites.2022-04-25not yet calculatedCVE-2021-4225
MISC
MISC
elcomplus -- smartptt
 
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system.2022-04-28not yet calculatedCVE-2021-43930
CONFIRM
elcomplus -- smartptt

 

Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page.2022-04-28not yet calculatedCVE-2021-43932
CONFIRM
elcomplus -- smartptt

 

Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate upload requests, enabling a malicious user to potentially upload arbitrary files.2022-04-28not yet calculatedCVE-2021-43934
CONFIRM
elcomplus -- smartptt_scada_server
 
Elcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.2022-04-29not yet calculatedCVE-2021-43937
CONFIRM
elcomplus -- smartptt_scada_server

 

Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization.2022-04-29not yet calculatedCVE-2021-43938
CONFIRM
elcomplus -- smartptt_scada
 
Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level administration authorization by issuing requests directly to the desired endpoints.2022-04-28not yet calculatedCVE-2021-43939
CONFIRM
wondershare -- dr._fone
 
Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges.2022-04-29not yet calculatedCVE-2021-44595
MISC
MISC
MISC
wondershare -- dr._foneWondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges2022-04-29not yet calculatedCVE-2021-44596
MISC
MISC
MISC
terramaster -- terramaster
 
An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app.2022-04-25not yet calculatedCVE-2021-45836
MISC
terramaster -- terramaster
 
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del.2022-04-25not yet calculatedCVE-2021-45837
MISC
terramaster -- terramaster
 
It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint.2022-04-25not yet calculatedCVE-2021-45839
MISC
terramaster -- terramaster
 
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop.2022-04-25not yet calculatedCVE-2021-45840
MISC
terramaster -- terramaster
 
In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users (disabled by default) can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest.2022-04-25not yet calculatedCVE-2021-45841
MISC
terramaster -- terramaster
 
It is possible to obtain the first administrator's hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint.2022-04-25not yet calculatedCVE-2021-45842
MISC
franklin_fueling_systems -- ts-550_evo
 
Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information.2022-04-27not yet calculatedCVE-2021-46420
MISC
franklin_fueling_systems -- t5_series
 
Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information.2022-04-27not yet calculatedCVE-2021-46421
MISC
telesquare -- sdt-cw3b1Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.2022-04-27not yet calculatedCVE-2021-46422
MISC
telesquare -- tlr-2005ksh
 
Telesquare TLR-2005KSH 1.0.0 is affected by an unauthenticated file download vulnerability that allows a remote attacker to download a full configuration file.2022-04-27not yet calculatedCVE-2021-46423
MISC
telesquare -- tlr-2005ksh
 
Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request.2022-04-27not yet calculatedCVE-2021-46424
MISC
d-link -- dir-825_g1
 
In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization.2022-04-27not yet calculatedCVE-2021-46441
MISC
MISC
D-Link DIR-825 G1
 
In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization.2022-04-27not yet calculatedCVE-2021-46442
MISC
MISC
wordpress -- easy_google_maps_wordpress_plugin
 
The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting2022-04-25not yet calculatedCVE-2021-46780
MISC
wordpress -- supsystic_wordpress_plugin
 
The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sanitise and escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting2022-04-25not yet calculatedCVE-2021-46781
MISC
wordpress -- supsystic_wordpress_plugin
 
The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting2022-04-25not yet calculatedCVE-2021-46782
MISC
lenovo -- pcmanager
 
A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation.2022-04-22not yet calculatedCVE-2022-0192
MISC
wordpress -- mycred_wordpress_plugin
 
The myCred WordPress plugin before 2.4.3.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog2022-04-25not yet calculatedCVE-2022-0287
MISC
lenovo -- system_update
 
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window.2022-04-22not yet calculatedCVE-2022-0354
MISC
MISC
wordpress -- mycred_wordpress_lugin
 
The myCred WordPress plugin before 2.4.4 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts.2022-04-25not yet calculatedCVE-2022-0363
MISC
wordpress -- thirstyaffiliates_affiliate_link_manager_wordpress_plugin
 
The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website2022-04-25not yet calculatedCVE-2022-0398
MISC
gitlab -- gitlab
 
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from the package registries which could result in a Denial of Service under specific conditions.2022-04-25not yet calculatedCVE-2022-0477
MISC
CONFIRM
wordpress -- flo-launch_wordpress_plugin
 
The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value.2022-04-25not yet calculatedCVE-2022-0541
MISC
wordpress -- thirstyaffiliates_affiliate_link_manager_wordpress_plugin
 
The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 lacks authorization checks in the ta_insert_external_image action, allowing a low-privilege user (with a role as low as Subscriber) to add an image from an external URL to an affiliate link. Further the plugin lacks csrf checks, allowing an attacker to trick a logged in user to perform the action by crafting a special request.2022-04-25not yet calculatedCVE-2022-0634
MISC
lenovo -- thin_installer
 
A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash.2022-04-22not yet calculatedCVE-2022-0636
MISC
wordpress -- web_to_print_shop_udraw_wordpress_plugin
 
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc)2022-04-25not yet calculatedCVE-2022-0656
MISC
wordpress -- 5_stars_rating_funnel_wordpress_plugin
 
The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress plugin before 1.2.54 does not properly sanitise, validate and escape lead ids before using them in a SQL statement via the rrtngg_delete_leads AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue. There is an attempt to sanitise the input, using sanitize_text_field(), however such function is not intended to prevent SQL injections.2022-04-25not yet calculatedCVE-2022-0657
MISC
wordpress -- master_elements_wordpress_plugin
 
The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL Injection2022-04-25not yet calculatedCVE-2022-0693
MISC
wordpress -- users_ultra_wordpress_plugin
 
The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote AJAX action (available to both unauthenticated and authenticated users), leading to an SQL Injection.2022-04-25not yet calculatedCVE-2022-0769
MISC
wordpress -- donations_wordpress_plugin
 
The Donations WordPress plugin through 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement via the nd_donations_single_cause_form_validate_fields_php_function AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection2022-04-25not yet calculatedCVE-2022-0782
MISC
wordpress -- wpdevart_wordpress_plugin
 
The Social comments by WpDevArt WordPress plugin before 2.5.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfiltered_html is disallowed2022-04-25not yet calculatedCVE-2022-0876
MISC
wordpress-- anti-malware_secruity_and_brute-force_firewall_wordpress_lugin
 
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters2022-04-25not yet calculatedCVE-2022-0953
MISC
linux -- linux
 
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.2022-04-29not yet calculatedCVE-2022-0984
MISC
linux -- linux
 
Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability.2022-04-29not yet calculatedCVE-2022-0985
MISC
linux -- linux_kernel
 
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.2022-04-29not yet calculatedCVE-2022-1015
MISC
MISC
MISC
wordpress -- page_restriction_wordpress_plugin
 
The Page Restriction WordPress (WP) WordPress plugin before 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users.2022-04-25not yet calculatedCVE-2022-1027
MISC
linux -- linux_kernel
 
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.2022-04-29not yet calculatedCVE-2022-1048
MISC
MISC
wordpress -- mycred_plugin
 
The myCred WordPress plugin before 2.4.4 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog2022-04-25not yet calculatedCVE-2022-1092
MISC
wordpress -- wordpress
 
The amr users WordPress plugin before 4.59.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed2022-04-25not yet calculatedCVE-2022-1094
MISC
lenovo -- thinkpad
 
During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.2022-04-22not yet calculatedCVE-2022-1107
MISC
lenovo -- thinkpad
 
A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code.2022-04-22not yet calculatedCVE-2022-1108
MISC
imagemagicks -- relinquishdcminfo
 
A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.2022-04-29not yet calculatedCVE-2022-1114
MISC
wordpress -- menubar_plugin
 
The Menubar WordPress plugin before 5.8 does not sanitise and escape the command parameter before outputting it back in the response via the menubar AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting2022-04-25not yet calculatedCVE-2022-1152
MISC
wordpress -- layerslider_plugin
 
The LayerSlider WordPress plugin before 7.1.2 does not sanitise and escape Project's slug before outputting it back in various place, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed2022-04-25not yet calculatedCVE-2022-1153
MISC
wordpress -- books_and_papers_plugin
 
The Books & Papers WordPress plugin through 0.20210223 does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed2022-04-25not yet calculatedCVE-2022-1156
MISC
getgrav -- grav
 
stored xss in GitHub repository getgrav/grav prior to 1.7.33.2022-04-26not yet calculatedCVE-2022-1173
MISC
CONFIRM
linux -- linux_kernel
 
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early.2022-04-29not yet calculatedCVE-2022-1195
MISC
MISC
MISC
MISC
MISC
podman -- podman
 
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.2022-04-29not yet calculatedCVE-2022-1227
MISC
MISC
wordpress -- opensea_plugin
 
The Opensea WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, like its "Referer address" field, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2022-04-25not yet calculatedCVE-2022-1228
MISC
linux -- linux
 
A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign.2022-04-29not yet calculatedCVE-2022-1249
MISC
linux -- linux_kernel
 
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.2022-04-29not yet calculatedCVE-2022-1353
MISC
MISC
wordpress -- admin_word_count_column
 
The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique2022-04-25not yet calculatedCVE-2022-1390
MISC
MISC
wordpress -- cab_fare_calculator_plugin
 
The Cab fare calculator WordPress plugin through 1.0.3 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.2022-04-25not yet calculatedCVE-2022-1391
MISC
MISC
wordpress -- videos_sync_pdf_plugin
 
The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues2022-04-25not yet calculatedCVE-2022-1392
MISC
MISC
wordpress -- donorbox_plugin
 
The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed2022-04-25not yet calculatedCVE-2022-1396
MISC
MISC
delta_electronics -- asda-soft
 
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition.2022-04-29not yet calculatedCVE-2022-1402
MISC
delta_electronics -- asda-soft
 
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition.2022-04-29not yet calculatedCVE-2022-1403
MISC
mruby -- mruby
 
Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited.2022-04-23not yet calculatedCVE-2022-1427
CONFIRM
MISC
yarkeev -- yarkeev
 
Command Injection vulnerability in git-interface@2.1.1 in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a `--upload-pack` command-line argument feature of git is also supported for `git clone`, which would then allow for any operating system command to be spawned by the attacker.2022-04-22not yet calculatedCVE-2022-1440
MISC
CONFIRM
gpac -- gpac
 
MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow.2022-04-25not yet calculatedCVE-2022-1441
MISC
MISC
radareorg -- radare2
 
heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service.2022-04-23not yet calculatedCVE-2022-1444
CONFIRM
MISC
snipe -- snipe-it
 
Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie.2022-04-24not yet calculatedCVE-2022-1445
MISC
CONFIRM
radareorg -- radare2
 
Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html).2022-04-24not yet calculatedCVE-2022-1451
CONFIRM
MISC
radareorg -- radare2
 
Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html).2022-04-24not yet calculatedCVE-2022-1452
CONFIRM
MISC
facturascripts -- facturascripts
 
Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user's machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account.2022-04-25not yet calculatedCVE-2022-1457
CONFIRM
MISC
openemr -- openemr
 
Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1.2022-04-25not yet calculatedCVE-2022-1458
MISC
CONFIRM
openemr -- openemr
 
Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1.2022-04-25not yet calculatedCVE-2022-1459
MISC
CONFIRM
openemr -- openemrNon Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1.2022-04-25not yet calculatedCVE-2022-1461
MISC
CONFIRM
getsimple -- content_management_system
 
Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.2022-04-26not yet calculatedCVE-2022-1466
MISC
MISC
MISC
getsimple -- content_management_systemA vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like <script>alert(1)</script> leads to cross site scripting. The attack may be launched remotely but requires authentication. Expoit details have been disclosed within the advisory.2022-04-27not yet calculatedCVE-2022-1503
MISC
MISC
microweber -- microweber
 
XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks.2022-04-27not yet calculatedCVE-2022-1504
CONFIRM
MISC
chafa -- chafa
 
chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file.2022-04-27not yet calculatedCVE-2022-1507
MISC
CONFIRM
hestiacp -- hestiacp
 
Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.2022-04-28not yet calculatedCVE-2022-1509
CONFIRM
MISC
snipe -- snipe-it
 
Improper Access Control in GitHub repository snipe/snipe-it prior to 5.4.4.2022-04-28not yet calculatedCVE-2022-1511
CONFIRM
MISC
facturascripts -- facturascripts
 
Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user's machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account.2022-04-28not yet calculatedCVE-2022-1514
MISC
CONFIRM
emlog -- emlog_pro
 
A vulnerability, which was classified as problematic, was found in Emlog Pro up to 1.2.2. This affects the POST parameter handling of articles. The manipulation with the input <script>alert(1);</script> leads to cross site scripting. It is possible to initiate the attack remotely but it requires a signup and login by the attacker. The exploit has been disclosed to the public and may be used.2022-04-29not yet calculatedCVE-2022-1526
MISC
MISC
livehelperchat -- livehelperchat
 
Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Attacker can execute malicious JS on Application :)2022-04-29not yet calculatedCVE-2022-1530
MISC
CONFIRM
rtx -- rtx
 
SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in GitHub repository rtxteam/rtx prior to checkpoint_2022-04-20 . This vulnerability is critical as it can lead to remote code execution and thus complete server takeover.2022-04-29not yet calculatedCVE-2022-1531
MISC
CONFIRM
libmobi -- libmobi
 
Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. This vulnerability is capable of arbitrary code execution.2022-04-29not yet calculatedCVE-2022-1533
CONFIRM
MISC
libmobi -- libmobi
 
Buffer Over-read at parse_rawml.c:1416 in GitHub repository bfabiszewski/libmobi prior to 0.11. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.2022-04-29not yet calculatedCVE-2022-1534
MISC
CONFIRM
automad -- automad
 
A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home</title><script>alert("home")</script><title> leads to a cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit details have disclosed to the public and may be used.2022-04-29not yet calculatedCVE-2022-1536
N/A
N/A
scoold -- scoold
 
Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server.2022-04-29not yet calculatedCVE-2022-1543
CONFIRM
MISC
sonicwall -- sonicos
 
Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable.2022-04-27not yet calculatedCVE-2022-22275
CONFIRM
sonicwall -- sonicos
 
A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user.2022-04-27not yet calculatedCVE-2022-22276
CONFIRM
sonicwall -- sonicos
 
A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext.2022-04-27not yet calculatedCVE-2022-22277
CONFIRM
sonicwall -- sonicos_cfs
 
A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack2022-04-27not yet calculatedCVE-2022-22278
CONFIRM
ibm -- security_identity_manager
 
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 217369.2022-04-27not yet calculatedCVE-2022-22312
CONFIRM
XF
ibm -- urbancode_deploy
 
IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper handling of permissions. IBM X-Force ID: 217955.2022-04-27not yet calculatedCVE-2022-22315
CONFIRM
XF
ibm -- infosphere_information_server
 
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218370.2022-04-28not yet calculatedCVE-2022-22322
CONFIRM
XF
ibm -- security_identity_manager
 
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 218379.2022-04-27not yet calculatedCVE-2022-22323
XF
CONFIRM
ibm -- qradar
 
IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220041.2022-04-27not yet calculatedCVE-2022-22345
XF
CONFIRM
ibm -- planning_analytics_local
 
IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 222066.2022-04-25not yet calculatedCVE-2022-22392
XF
CONFIRM
ibm -- infosphere_information_server
 
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223720.2022-04-28not yet calculatedCVE-2022-22427
XF
CONFIRM
ibm -- infosphere_information_serverIBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. IBM X-Force ID: 224426.2022-04-28not yet calculatedCVE-2022-22441
XF
CONFIRM
ibm -- infosphere_information_serverIBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224440.2022-04-28not yet calculatedCVE-2022-22443
XF
CONFIRM
miele -- benchmark_programming_tool
 
In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed by users with administrative privileges. An attacker could thereby obtain higher permissions. The attacker must already have access to the corresponding local system to be able to exchange the files.2022-04-27not yet calculatedCVE-2022-22521
MISC
FULLDISC
MISC
zoom -- client_for_meetings
 
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor updating an unsuspecting user’s currently installed version to a less secure version.2022-04-28not yet calculatedCVE-2022-22781
MISC
zoom -- client_for_meetings
 
The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user’s host machine.2022-04-28not yet calculatedCVE-2022-22782
MISC
zoom -- on-premise_meeting_connector_controller
 
A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker.2022-04-28not yet calculatedCVE-2022-22783
MISC
esapi -- esapi
 
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the 'input' path. This vulnerability is patched in release 2.3.0.0 of ESAPI. As a workaround, it is possible to write one's own implementation of the Validator interface. However, maintainers do not recommend this.2022-04-25not yet calculatedCVE-2022-23457
MISC
MISC
CONFIRM
xilinx -- xilinx
 
In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue.2022-04-27not yet calculatedCVE-2022-23822
MISC
MISC
apache -- doris
 
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.2022-04-26not yet calculatedCVE-2022-23942
CONFIRM
MLIST
MLIST
linysys -- linksys
 
Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share.2022-04-27not yet calculatedCVE-2022-24372
MISC
MISC
MISC
solar -- appscreener
 
Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document.2022-04-28not yet calculatedCVE-2022-24449
MISC
MISC
apache -- couchdb
 
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.2022-04-26not yet calculatedCVE-2022-24706
MISC
MISC
MLIST
redis -- redis
 
Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.2022-04-27not yet calculatedCVE-2022-24735
MISC
CONFIRM
MISC
MISC
redis -- redis
 
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.2022-04-27not yet calculatedCVE-2022-24736
MISC
CONFIRM
MISC
MISC
pjsip -- pjsip
 
PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository. As a workaround, apps can reject a WAV file received from an unknown source or validate the file first.2022-04-25not yet calculatedCVE-2022-24792
MISC
CONFIRM
discourse -- discourse-assign
 
Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the whole User / Group object, which leaked some private information. The data was only being serialized to people who could view assignment info, which is limited to staff by default. For the vast majority of sites, this data was only leaked to trusted staff member, but for sites with assign features enabled publicly, the data was accessible to more people than just staff. Version 1.0.1 contains a patch. There are currently no known workarounds.2022-04-26not yet calculatedCVE-2022-24866
MISC
CONFIRM
shopware -- shopware
 
Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.2022-04-28not yet calculatedCVE-2022-24873
MISC
MISC
CONFIRM
shopware -- shopwareShopware is an open source e-commerce software platform. Versions prior to 5.7.9 are vulnerable to malfunction of cross-site request forgery (CSRF) token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.2022-04-28not yet calculatedCVE-2022-24879
CONFIRM
MISC
MISC
tethik -- tethik
 
flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he `captcha.validate()` function would return `None` if passed no value (e.g. by submitting an having an empty form). If implementing users were checking the return value to be **False**, the captcha verification check could be bypassed. Version 1.2.1 fixes the issue. Users can workaround the issue by not explicitly checking that the value is False. Checking the return value less explicitly should still work.2022-04-25not yet calculatedCVE-2022-24880
MISC
MISC
MISC
CONFIRM
ballcat -- ballcat
 
Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but input verification is not done. The fault is rectified in version 1.0.0.beta.2.2022-04-26not yet calculatedCVE-2022-24881
MISC
CONFIRM
MISC
freerdp -- freerdp
 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.2022-04-26not yet calculatedCVE-2022-24882
MISC
MISC
CONFIRM
MISC
freerdp -- freerdp
 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left.2022-04-26not yet calculatedCVE-2022-24883
MISC
CONFIRM
MISC
MISC
nextcloud -- android
 
Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are currently no known workarounds.2022-04-27not yet calculatedCVE-2022-24885
MISC
MISC
CONFIRM
nextcloud -- android
 
Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. Version 3.19.0 contains a fix for this issue. There are currently no known workarounds.2022-04-27not yet calculatedCVE-2022-24886
MISC
MISC
CONFIRM
nextcloud -- talk
 
Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds.2022-04-27not yet calculatedCVE-2022-24887
MISC
MISC
CONFIRM
nextcloud -- server
 
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders that have these characters in the middle of their names, so this might be an opportunity for injection. This issue is fixed in versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1. There are currently no known workarounds.2022-04-27not yet calculatedCVE-2022-24888
MISC
MISC
CONFIRM
nextcloud -- server
 
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus expanding their attack surface unnecessarily. This issue is fixed in versions 21.0.8 , 22.2.4, and 23.0.1.2022-04-27not yet calculatedCVE-2022-24889
CONFIRM
MISC
MISC
esapi -- esapi
 
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi.xml** configuration file that can cause "javascript:" URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration files to change the "onsiteURL" regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers' release notes and security bulletin.2022-04-27not yet calculatedCVE-2022-24891
MISC
CONFIRM
MISC
shopware -- shopware
 
Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an attacker to take over the victim's account if they somehow gain access to the victims email account and find an unused password reset token in the emails. This issue is fixed in version 5.7.9.2022-04-28not yet calculatedCVE-2022-24892
MISC
MISC
CONFIRM
xwiki -- xwiki
 
org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Starting in version 2.7 and prior to versions 12.10.10, 13.4.4, and 13.8-rc-1, it is possible for a script to access any file accessing to the user running XWiki application server with XML External Entity Injection through the XML script service. The problem has been patched in versions 12.10.10, 13.4.4, and 13.8-rc-1. There is no easy workaround for fixing this vulnerability other than upgrading and being careful when giving Script rights.2022-04-28not yet calculatedCVE-2022-24898
MISC
MISC
CONFIRM
piano_led -- piano_led
 
Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The `os.path.join` call is unsafe for use with untrusted input. When the `os.path.join` call encounters an absolute path, it ignores all the parameters it has encountered till that point and starts working with the new absolute path. Since the "malicious" parameter represents an absolute path, the result of `os.path.join` ignores the static directory completely. Hence, untrusted input is passed via the `os.path.join` call to `flask.send_file` can lead to path traversal attacks. A patch with a fix is available on the `master` branch of the GitHub repository. This can also be fixed by preventing flow of untrusted data to the vulnerable `send_file` function. In case the application logic necessiates this behaviour, one can either use the `flask.safe_join` to join untrusted paths or replace `flask.send_file` calls with `flask.send_from_directory` calls.2022-04-29not yet calculatedCVE-2022-24900
MISC
CONFIRM
MISC
MISC
MISC
lexmark -- multiple_products
 
Lexmark products through 2022-02-10 have Incorrect Access Control.2022-04-28not yet calculatedCVE-2022-24935
MISC
MISC
tagify -- tagify
 
This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload.2022-04-29not yet calculatedCVE-2022-25854
CONFIRM
CONFIRM
CONFIRM
CONFIRM
czproject -- czproject
 
The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable($url, array $refs = NULL) function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.2022-04-25not yet calculatedCVE-2022-25866
CONFIRM
CONFIRM
CONFIRM
nextcloud -- android
 
The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server.2022-04-25not yet calculatedCVE-2022-26111
MISC
MISC
hoteldruid -- hotel_management_software
 
HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.2022-04-26not yet calculatedCVE-2022-26564
MISC
MISC
liferay -- liferay
 
Cross-site scripting (XSS) vulnerability in Journal module's web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via web content template names.2022-04-25not yet calculatedCVE-2022-26596
MISC
liferay -- liferay
 
Cross-site scripting (XSS) vulnerability in the Layout module's Open Graph integration in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the site name.2022-04-25not yet calculatedCVE-2022-26597
MISC
element-plus -- element-plus
 
element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column.2022-04-25not yet calculatedCVE-2022-27103
MISC
MISC
MISC
adobe -- xpdf
 
xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary.2022-04-25not yet calculatedCVE-2022-27135
MISC
MISC
MISC
cifa-utils -- cifa-utils
 
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.2022-04-27not yet calculatedCVE-2022-27239
MISC
MISC
MISC
MISC
MISC
hms -- hms
 
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php.2022-04-26not yet calculatedCVE-2022-27299
MISC
amro -- amro
 
Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL.2022-04-25not yet calculatedCVE-2022-27311
MISC
zammad -- zammad
 
An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.2022-04-27not yet calculatedCVE-2022-27331
MISC
zammad -- zammad
 
An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS).2022-04-27not yet calculatedCVE-2022-27332
MISC
seacms -- seacms
 
Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php.2022-04-27not yet calculatedCVE-2022-27336
MISC
mcms -- mcms
 
MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data.2022-04-22not yet calculatedCVE-2022-27340
MISC
MISC
tenda -- tenda
 
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot.2022-04-25not yet calculatedCVE-2022-27374
MISC
tenda -- tendaTenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet.2022-04-25not yet calculatedCVE-2022-27375
MISC
gallerycms -- gallerycms
 
A stored cross-site scripting (XSS) vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the album_name parameter.2022-04-25not yet calculatedCVE-2022-27428
MISC
jizhicms -- jizhicms
 
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.2022-04-25not yet calculatedCVE-2022-27429
MISC
monstaftp -- monstaftp
 
Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to execute arbitrary code via a crafted file uploaded to the web server.2022-04-26not yet calculatedCVE-2022-27468
MISC
MISC
monstaftp -- monstaftp
 
Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF).2022-04-26not yet calculatedCVE-2022-27469
MISC
MISC
wordpress -- wordpress
 
Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher role via &wpt_test_page_submit_button_caption parameter.2022-04-26not yet calculatedCVE-2022-27854
CONFIRM
CONFIRM
wordpress -- shea_bunge_footer_text 
 
Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge's Footer Text plugin <= 2.0.3 on WordPress.2022-04-28not yet calculatedCVE-2022-27860
CONFIRM
CONFIRM
palantir -- palantir
 
Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information (session tokens). This issue was fixed in 2.249.1.2022-04-26not yet calculatedCVE-2022-27888
MISC
controlup -- real-time_agent
 
In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this.2022-04-27not yet calculatedCVE-2022-27905
MISC
cuppacms -- cuppacms
 
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php.2022-04-26not yet calculatedCVE-2022-27984
MISC
MISC
cuppacms -- cuppacmsCuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php.2022-04-26not yet calculatedCVE-2022-27985
MISC
MISC
typemill -- typemill
 
Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.2022-04-25not yet calculatedCVE-2022-28053
MISC
verydows -- verydows
 
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\file_controller.php.2022-04-26not yet calculatedCVE-2022-28058
MISC
MISC
verydows -- verydows
 
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\database_controller.php.2022-04-26not yet calculatedCVE-2022-28059
MISC
MISC
victor_cms -- victor_cms
 
SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php.2022-04-28not yet calculatedCVE-2022-28060
MISC
MISC
MISC
htmldoc -- htmldoc
 
A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS).2022-04-27not yet calculatedCVE-2022-28085
MISC
MISC
scbs -- online_sports_venue_reservation_systemSCBS Online Sports Venue Reservation System v1.0 was discovered to contain a local file inclusion vulnerability which allow attackers to execute arbitrary code via a crafted PHP file.2022-04-25not yet calculatedCVE-2022-28093
MISC
MISC
MISC
scbs -- online_sports_venue_reservation_systemSCBS Online Sports Venue Reservation System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the fid parameter at booking.php.2022-04-25not yet calculatedCVE-2022-28094
MISC
MISC
MISC
turtlapp -- turtle_note
 
Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing attackers to execute HTML injection.2022-04-28not yet calculatedCVE-2022-28101
MISC
MISC
php -- mysql_admin_panel_generator
 
A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php.2022-04-28not yet calculatedCVE-2022-28102
MISC
MISC
dscms -- dscms
 
DSCMS v3.0 was discovered to contain an arbitrary file deletion vulnerability via /controller/Adv.php.2022-04-28not yet calculatedCVE-2022-28114
MISC
navigate_cms -- navigate_cms
 
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter.2022-04-28not yet calculatedCVE-2022-28117
MISC
MISC
nvidia -- jetson_linux_driver
 
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality.2022-04-27not yet calculatedCVE-2022-28193
MISC
nvidia -- jetson_linux_driver
 
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where, if TFTP is enabled, a local attacker can cause a memory buffer overflow, which may lead to code execution, loss of Integrity, limited denial of service, and some impact to confidentiality.2022-04-27not yet calculatedCVE-2022-28194
MISC
nvidia -- jetson_linux_driver
 
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity.2022-04-27not yet calculatedCVE-2022-28195
MISC
nvidia -- jetson_linux_driver
 
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and limited denial of service.2022-04-27not yet calculatedCVE-2022-28196
MISC
nvidia -- jetson_linux_driver
 
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult- to-exploit vulnerability may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity.2022-04-27not yet calculatedCVE-2022-28197
MISC
nvidia -- omniverse_nucleus_and_cache
 
NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact confidentiality, integrity, and availability.2022-04-29not yet calculatedCVE-2022-28198
MISC
ciphermail -- webmail_messenger
 
An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys (found in a Roundcube configuration file) that are used to protect Webmail user passwords and two-factor authentication (2FA).2022-04-26not yet calculatedCVE-2022-28218
MISC
MISC
MISC
wordpress -- country_selector_plugin
 
Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request2022-04-25not yet calculatedCVE-2022-28290
MISC
mediawiki -- mediawiki
 
An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,2022-04-30not yet calculatedCVE-2022-28323
MISC
MISC
MISC
nopsolutions -- nopcommercenopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info.2022-04-26not yet calculatedCVE-2022-28448
MISC
nopsolutions -- nopcommerce
 
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system.2022-04-26not yet calculatedCVE-2022-28449
MISC
nopsolutions -- nopcommerce
 
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the "Text" parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser.2022-04-26not yet calculatedCVE-2022-28450
MISC
lms_red_planet_laundry_management_system -- lms_red_planet_laundry_management_system
 
Red Planet Laundry Management System 1.0 is vulnerable to SQL Injection.2022-04-29not yet calculatedCVE-2022-28452
MISC
MISC
MISC
MISC
limbas -- limbas
 
Limbas 4.3.36.1319 is vulnerable to Cross Site Scripting (XSS).2022-04-28not yet calculatedCVE-2022-28454
MISC
MISC
MISC
apifox -- apifox
 
Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code execution.2022-04-27not yet calculatedCVE-2022-28464
MISC
wbce -- wbce
 
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS).2022-04-28not yet calculatedCVE-2022-28477
MISC
MISC
allmediaserver -- allmediaserver
 
ALLMediaServer 1.6 is vulnerable to Buffer Overflow via MediaServer.exe.2022-04-29not yet calculatedCVE-2022-28480
MISC
giflib -- giflb
 
There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.2022-04-25not yet calculatedCVE-2022-28506
MISC
MISC
MISC
zcms -- zcmsZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=sp_set_config.2022-04-26not yet calculatedCVE-2022-28521
MISC
MISC
zcms -- zcmsZCMS v20170206 was discovered to contain a stored cross-site scripting (XSS) vulnerability via index.php?m=home&c=message&a=add.2022-04-26not yet calculatedCVE-2022-28522
MISC
MISC
hongcms -- hongcms
 
HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete.2022-04-26not yet calculatedCVE-2022-28523
MISC
ed01-cms -- ed01-cms
 
ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.php.2022-04-26not yet calculatedCVE-2022-28524
MISC
ed01-cms -- ed01-cms
 
ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edit_user&id=1.2022-04-26not yet calculatedCVE-2022-28525
MISC
dhcms -- dhcms
 
dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del.2022-04-26not yet calculatedCVE-2022-28527
MISC
bloofox -- bloofoxcms
 
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit.2022-04-26not yet calculatedCVE-2022-28528
MISC
hoosk -- hoosk
 
XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars.2022-04-25not yet calculatedCVE-2022-28586
MISC
qualys -- assetview
 
Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege.2022-04-28not yet calculatedCVE-2022-28719
MISC
MISC
f-secure -- atlant
 
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the fsicapd component used in certain F-Secure products while scanning larger packages/fuzzed files consume too much memory eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.2022-04-25not yet calculatedCVE-2022-28871
MISC
mahara -- mahara
 
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable.2022-04-28not yet calculatedCVE-2022-28892
MISC
greencms -- greencms
 
GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=.2022-04-26not yet calculatedCVE-2022-28918
MISC
smallsrv -- smallsrv
 
Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request.2022-04-29not yet calculatedCVE-2022-28994
MISC
rippled -- rippledA heap-based buffer overflow exists in rippled before 1.8.5. The vulnerability allows attackers to cause a crash or execute commands remotely on a rippled node, which may lead to XRPL mainnet DoS or compromise. This exposes all digital assets on the XRPL to a security threat.2022-04-25not yet calculatedCVE-2022-29077
MISC
MISC
MISC
ejs -- ejs_for_node.js
 
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).2022-04-25not yet calculatedCVE-2022-29078
MISC
MISC
zoho -- manageengine_access_manager_plus
 
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring.2022-04-28not yet calculatedCVE-2022-29081
MISC
MISC
ericom -- powerterm_webconnect
 
The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an XSS payload from the AppPortal cookie into the page.2022-04-28not yet calculatedCVE-2022-29152
MISC
MISC
coreboot -- coreboot
 
An issue was discovered in coreboot 4.13 through 4.16. On APs, arbitrary code execution in SMM may occur.2022-04-25not yet calculatedCVE-2022-29264
MISC
MISC
apache -- nifi
 
Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: - EvaluateXPath - EvaluateXQuery - ValidateXml Apache NiFi flow configurations that include these Processors are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services.2022-04-30not yet calculatedCVE-2022-29265
CONFIRM
MISC
wordpress -- hermit_plugin
 
Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids).2022-04-28not yet calculatedCVE-2022-29410
CONFIRM
CONFIRM
wordpress -- hermit_plugin
 
SQL Injection (SQLi) vulnerability in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id).2022-04-28not yet calculatedCVE-2022-29411
CONFIRM
CONFIRM
wordpress -- hermit_plugin
 
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit ????? plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source.2022-04-28not yet calculatedCVE-2022-29412
CONFIRM
CONFIRM
wordpress -- hermit_plugin
 
Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress via &title parameter.2022-04-28not yet calculatedCVE-2022-29413
CONFIRM
CONFIRM
wpkube -- subscribe_to_comments_reloaded_plugin
 
Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subscription.2022-04-29not yet calculatedCVE-2022-29414
CONFIRM
CONFIRM
wordpress -- ravpage_plugin
 
Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in Mati Skiba @ Rav Messer's Ravpage plugin <= 2.16 at WordPress.2022-04-28not yet calculatedCVE-2022-29415
CONFIRM
CONFIRM
wordpress -- shortpixel_adaptive_images_plugin
 
Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings.2022-04-25not yet calculatedCVE-2022-29417
CONFIRM
CONFIRM
wordpress -- night_mode_plugin
 
Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) in Mark Daniels Night Mode plugin <= 1.0.0 on WordPress via vulnerable parameters: &ntmode_page_setting[enable-me], &ntmode_page_setting[bg-color], &ntmode_page_setting[txt-color], &ntmode_page_setting[anc_color].2022-04-25not yet calculatedCVE-2022-29418
CONFIRM
CONFIRM
wordpress -- 3xsocializer_plugin
 
SQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher.2022-04-25not yet calculatedCVE-2022-29419
CONFIRM
CONFIRM
wordpress -- rara_one_click_demo_import_plugin
 
Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory.2022-04-29not yet calculatedCVE-2022-29451
CONFIRM
CONFIRM
mitel -- mivoice_connect
 
The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.2022-04-26not yet calculatedCVE-2022-29499
CONFIRM
line_corporation -- line_for_windows
 
Due to build misconfiguration in openssl dependency, LINE for Windows before 7.8 is vulnerable to DLL injection that could lead to privilege escalation.2022-04-27not yet calculatedCVE-2022-29505
MISC
htmlunit -- nekohtml_parserHtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product.2022-04-25not yet calculatedCVE-2022-29546
CONFIRM
northern.tech --mender_enterpriseThe Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking.2022-04-28not yet calculatedCVE-2022-29555
MISC
MISC
northern.tech -- mender_enterpriseThe iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints.2022-04-28not yet calculatedCVE-2022-29556
MISC
MISC
mahara -- mahara
 
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action.2022-04-28not yet calculatedCVE-2022-29584
MISC
MISC
mahara -- mahara
 
In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of).2022-04-28not yet calculatedCVE-2022-29585
MISC
MISC
universis -- universis-api
 
A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to a vulnerable endpoint (such as /api/students/me/messages/) to, for example, retrieve personal information or change grades.2022-04-25not yet calculatedCVE-2022-29603
MISC
MISC
zammad -- zammad
 
A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification.2022-04-27not yet calculatedCVE-2022-29700
MISC
zammad -- zammad
 
A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.2022-04-27not yet calculatedCVE-2022-29701
MISC
zoneminder -- zoneminder
 
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.2022-04-26not yet calculatedCVE-2022-29806
MISC
MISC
MISC
MISC
hashicorp -- go-getter
 
The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile.2022-04-27not yet calculatedCVE-2022-29810
MISC
MISC
MISC
jetbrains -- hub
 
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.2022-04-28not yet calculatedCVE-2022-29811
MISC
jetbrains -- intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient2022-04-28not yet calculatedCVE-2022-29812
MISC
jetbrains -- intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible2022-04-28not yet calculatedCVE-2022-29813
MISC
jetbrains -- intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible2022-04-28not yet calculatedCVE-2022-29814
MISC
jetbrains -- intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible2022-04-28not yet calculatedCVE-2022-29815
MISC
jetbrains -- intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible2022-04-28not yet calculatedCVE-2022-29816
MISC
jetbrains -- intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible2022-04-28not yet calculatedCVE-2022-29817
MISC
jetbrains -- intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed2022-04-28not yet calculatedCVE-2022-29818
MISC
jetbrains -- intellij_idea
 
In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible2022-04-28not yet calculatedCVE-2022-29819
MISC
jetbrains -- pycharm
 
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible2022-04-28not yet calculatedCVE-2022-29820
MISC
jetbrains -- rider
 
In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible2022-04-28not yet calculatedCVE-2022-29821
MISC
automation_anywhere -- automation360_22
 
A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages.2022-04-29not yet calculatedCVE-2022-29856
MISC
MISC
ambiot -- amb1_sdk
 
component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for Ameba1) before 2022-03-11 mishandles data structures for DHCP packet data.2022-04-27not yet calculatedCVE-2022-29859
MISC
cif-utils -- cifs_utils
 
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.2022-04-28not yet calculatedCVE-2022-29869
MISC
MISC
mdeiawiki -- private_domainsThe Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension's configuration. The attacker must trigger a POST request to Special:PrivateDomains.2022-04-29not yet calculatedCVE-2022-29903
MISC
MISC
mediawiki -- semanticdrilldown
 
The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints.2022-04-29not yet calculatedCVE-2022-29904
MISC
MISC
mediawiki -- fanboxes
 
The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF.2022-04-29not yet calculatedCVE-2022-29905
MISC
MISC
mediawiki -- quizgame
 
The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user.2022-04-29not yet calculatedCVE-2022-29906
MISC
MISC
mediawiki_nimbus_skin
 
The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages.2022-04-29not yet calculatedCVE-2022-29907
MISC
MISC
oracle -- usu_oracle_optimization
 
USU Oracle Optimization before 5.17.5 lacks Polkit authentication, which allows smartcollector users to achieve root access via pkexec. NOTE: this is not an Oracle Corporation product.2022-04-29not yet calculatedCVE-2022-29934
MISC
oracle -- usu_oracle_optimization
 
USU Oracle Optimization before 5.17.5 allows attackers to discover the quantum credentials via an agent-installer download. NOTE: this is not an Oracle Corporation product.2022-04-29not yet calculatedCVE-2022-29935
MISC
oracle -- usu_oracle_optimization
 
USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. NOTE: this is not an Oracle Corporation product.2022-04-29not yet calculatedCVE-2022-29936
MISC
oracle -- usu_oracle_optimization
 
USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product.2022-04-29not yet calculatedCVE-2022-29937
MISC
dji -- aeroscope
 
DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol.2022-04-29not yet calculatedCVE-2022-29945
MISC
MISC
MISC
woodpecker -- woodpecker
 
Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping.2022-04-29not yet calculatedCVE-2022-29947
MISC
MISC
glewlwyd -- glewlwyd
 
static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6.2 allows directory traversal.2022-04-29not yet calculatedCVE-2022-29967
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.