Vulnerability Summary for the Week of May 30, 2022

Released
Jun 06, 2022
Document ID
SB22-157

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
microsoft -- windows_server_2012Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.2022-06-019.3CVE-2022-30190
N/A

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
cisco -- common_services_platform_collectorMultiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-05-274.3CVE-2022-20666
CISCO
cisco -- common_services_platform_collectorMultiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-05-274.3CVE-2022-20667
CISCO
cisco -- common_services_platform_collectorMultiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-05-274.3CVE-2022-20668
CISCO
cisco -- common_services_platform_collectorMultiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-05-274.3CVE-2022-20669
CISCO
cisco -- common_services_platform_collectorMultiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-05-274.3CVE-2022-20670
CISCO
cisco -- common_services_platform_collectorMultiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-05-274.3CVE-2022-20671
CISCO
libmobi_project -- libmobiBuffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.2022-05-275.8CVE-2022-1907
CONFIRM
MISC
libmobi_project -- libmobiBuffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.2022-05-275.8CVE-2022-1908
CONFIRM
MISC
vim -- vimUse After Free in GitHub repository vim/vim prior to 8.2.2022-05-276.8CVE-2022-1898
MISC
CONFIRM
FEDORA
FEDORA

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
organizr -- organizrCross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200.2022-05-273.5CVE-2022-1909
MISC
CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
389-ds-base -- 389-ds-base
 
An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data.2022-06-02not yet calculatedCVE-2022-1949
MISC
dell -- powerscale_onefs
 
Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise.2022-06-01not yet calculatedCVE-2022-29098
CONFIRM
ncodeastro -- wedding_management_system
 
Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_manage_account_details.php?booking_id=31&user_id=2022-06-02not yet calculatedCVE-2022-30834
MISC
abb -- e-design
 
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine.2022-06-02not yet calculatedCVE-2022-29483
MISC
abb -- e-design
 
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine.2022-06-02not yet calculatedCVE-2022-28702
MISC
aceware -- aceweb_online_portal
 
ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp.2022-06-02not yet calculatedCVE-2022-24238
MISC
MISC
MISC
aceware -- aceweb_online_portal
 
ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp.2022-06-02not yet calculatedCVE-2022-24239
MISC
MISC
MISC
aceware -- aceweb_online_portal
 
ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp.2022-06-02not yet calculatedCVE-2022-24240
MISC
MISC
MISC
aceware -- aceweb_online_portal
 
ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp.2022-06-02not yet calculatedCVE-2022-24241
MISC
MISC
MISC
aceware -- aceweb_online_portal
 
ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software.2022-06-02not yet calculatedCVE-2022-24581
MISC
MISC
MISC
adbyby -- adbyby
 
adbyby v2.7 allows external users to make connections via port 8118. This can cause a program logic error and lead to a Denial of Service (DoS) via high CPU usage due to a large number of connections.2022-06-03not yet calculatedCVE-2022-29767
MISC
afian_filerun -- afian_filerun
 
In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user.2022-06-02not yet calculatedCVE-2022-30470
MISC
aleksis -- aleksis-core
 
An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set.2022-06-03not yet calculatedCVE-2022-29773
MISC
allenhwkim -- proctree
 
OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers to execute arbitrary commands via the fix function.2022-06-02not yet calculatedCVE-2021-34082
MISC
MISC
apache -- tika
 
We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3.2022-05-31not yet calculatedCVE-2022-30973
CONFIRM
MLIST
appcheck -- dnn_cms_platform
 
The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services.2022-06-02not yet calculatedCVE-2021-40186
MISC
argie -- simple_inventory_system
 
Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/login.php.2022-06-02not yet calculatedCVE-2022-31339
MISC
argie -- simple_inventory_system
 
Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/table_edit_ajax.php.2022-06-02not yet calculatedCVE-2022-31340
MISC
attlassian -- multiple_procuts
 
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.2022-06-03not yet calculatedCVE-2022-26134
MISC
badminton -- center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/view_product.php?id=.2022-06-02not yet calculatedCVE-2022-32001
MISC
badminton -- center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports/daily_sales_report&date=.2022-06-02not yet calculatedCVE-2022-31985
MISC
badminton -- center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports/daily_court_rental_report&date=.2022-06-02not yet calculatedCVE-2022-31986
MISC
badminton -- center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/manage_court.php?id=.2022-06-02not yet calculatedCVE-2022-32002
MISC
badminton -- center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/view_court.php?id=.2022-06-02not yet calculatedCVE-2022-32003
MISC
badminton -- center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/manage_product.php?id=.2022-06-02not yet calculatedCVE-2022-32004
MISC
badminton -- center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/services/view_service.php?id=.2022-06-02not yet calculatedCVE-2022-32006
MISC
badminton -- center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/services/manage_service.php?id=.2022-06-02not yet calculatedCVE-2022-32005
MISC
badminton -- center_management_system
 
Badminton Center Management System V1.0 is vulnerable to SQL Injection via parameter 'id' in /bcms/admin/court_rentals/update_status.php.2022-06-02not yet calculatedCVE-2022-30490
MISC
MISC
badminton -- center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_product.2022-06-02not yet calculatedCVE-2022-31990
MISC
badminton -- center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=reports/daily_services_report&date=.2022-06-02not yet calculatedCVE-2022-31988
MISC
badminton -- center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=user/manage_user&id=.2022-06-02not yet calculatedCVE-2022-31989
MISC
badminton -- center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_court.2022-06-02not yet calculatedCVE-2022-31991
MISC
badminton -- center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/manage_service_transaction&id=.2022-06-02not yet calculatedCVE-2022-32000
MISC
badminton -- center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/view_details&id=.2022-06-02not yet calculatedCVE-2022-31998
MISC
badminton -- center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=court_rentals/view_court_rental&id=.2022-06-02not yet calculatedCVE-2022-31992
MISC
badminton -- center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_service.2022-06-02not yet calculatedCVE-2022-31993
MISC
badminton -- center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=sales/view_details&id.2022-06-02not yet calculatedCVE-2022-31994
MISC
badminton -- center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=sales/manage_sale&id=.2022-06-02not yet calculatedCVE-2022-31996
MISC
barco -- control_room_mangement_suiteBarco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS.2022-06-02not yet calculatedCVE-2022-26976
MISC
MISC
barco -- control_room_mangement_suite
 
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS.2022-06-02not yet calculatedCVE-2022-26972
MISC
MISC
barco -- control_room_mangement_suite
 
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. This upload can be executed without authentication.2022-06-02not yet calculatedCVE-2022-26971
MISC
MISC
barco -- control_room_mangement_suite
 
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Lack of input sanitization in the upload mechanism leads to reflected XSS.2022-06-02not yet calculatedCVE-2022-26974
MISC
MISC
barco -- control_room_mangement_suite
 
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details.2022-06-02not yet calculatedCVE-2022-26973
MISC
MISC
barco -- control_room_mangement_suite
 
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication.2022-06-02not yet calculatedCVE-2022-26975
MISC
MISC
barco -- control_room_mangement_suite
 
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS.2022-06-02not yet calculatedCVE-2022-26977
MISC
MISC
barco -- control_room_mangement_suite
 
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leading to reflected XSS.2022-06-02not yet calculatedCVE-2022-26978
MISC
MISC
bbs-go -- bbs-go
 
bbs-go <= 3.3.0 including Custom Edition is vulnerable to stored XSS.2022-06-02not yet calculatedCVE-2021-38221
MISC
MISC
bbultman -- gitsome
 
OS Command Injection vulnerability in bbultman gitsome through 0.2.3 allows attackers to execute arbitrary commands via a crafted tag name of the target git repository.2022-06-02not yet calculatedCVE-2021-34081
MISC
MISC
bd -- pyxis
 
Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information.2022-06-02not yet calculatedCVE-2022-22767
CONFIRM
bd_synapsys
 
BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII).2022-06-02not yet calculatedCVE-2022-30277
CONFIRM
bfabiszewski -- libmobi
 
Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.2022-06-03not yet calculatedCVE-2022-1987
CONFIRM
MISC
bigbluebutton -- bigbluebutton
 
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and up to versions 2.3.18 and 2.4.1, an attacker could send messages to a locked chat within a grace period of 5s after the lock setting was enacted. The attacker needs to be a participant in the meeting. Versions 2.3.18 and 2.4.1 contain a patch for this issue. There are currently no known workarounds.2022-06-02not yet calculatedCVE-2022-29234
MISC
MISC
MISC
MISC
CONFIRM
bigbluebutton -- bigbluebutton
 
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and up to versions 2.3.18 and 2.4-rc-6, an attacker who is able to obtain the meeting identifier for a meeting on a server can find information related to an external video being shared, like the current timestamp and play/pause. The problem has been patched in versions 2.3.18 and 2.4-rc-6 by modifying the stream to send the data only for users in the meeting. There are currently no known workarounds.2022-06-02not yet calculatedCVE-2022-29235
MISC
CONFIRM
MISC
MISC
MISC
bigbluebutton -- bigbluebutton
 
BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and prior to 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service (ReDoS) attacks. By using specific a RegularExpression, an attacker can cause denial of service for the bbb-html5 service. The useragent library performs checking of device by parsing the input of User-Agent header and lets it go through lookupUserAgent() (alias of useragent.lookup() ). This function handles input by regexing and attackers can abuse that by providing some ReDos payload using `SmartWatch`. The maintainers removed `htmlclient/useragent` from versions 2.3.19, 2.4.7, and 2.5.0-beta.2. As a workaround, disable NginX forwarding the requests to the handler according to the directions in the GitHub Security Advisory.2022-06-01not yet calculatedCVE-2022-29169
MISC
CONFIRM
MISC
bigbluebutton -- bigbluebutton
 
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and up to versions 2.3.18 and 2.4-rc-6, an attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previously introduced grace period. The attacker must be a meeting participant. The problem has been patched in versions 2.3.18 and 2.4-rc-6. There are currently no known workarounds.2022-06-02not yet calculatedCVE-2022-29236
CONFIRM
MISC
MISC
MISC
MISC
bigbluebutton -- bigbluebutton
 
BigBlueButton is an open source web conferencing system. Starting with version 2.2 and prior to versions 2.3.9 and 2.4-beta-1, an attacker can circumvent access controls to obtain the content of public chat messages from different meetings on the server. The attacker must be a participant in a meeting on the server. BigBlueButton versions 2.3.9 and 2.4-beta-1 contain a patch for this issue. There are currently no known workarounds.2022-06-01not yet calculatedCVE-2022-29232
CONFIRM
MISC
MISC
MISC
bigbluebutton -- bigbluebutton
 
BigBlueButton is an open source web conferencing system. In BigBlueButton starting with 2.2 but before 2.3.18 and 2.4-rc-1, an attacker can circumvent access controls to gain access to all breakout rooms of the meeting they are in. The permission checks rely on knowledge of internal ids rather than on verification of the role of the user. Versions 2.3.18 and 2.4-rc-1 contain a patch for this issue. There are currently no known workarounds.2022-06-02not yet calculatedCVE-2022-29233
MISC
MISC
CONFIRM
MISC
MISC
bitdefender -- eufy_indoor_2k_indoor_camera
 
A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote code execution. This issue affects: Eufy Indoor 2K Indoor Camera 2.0.9.3 version and prior versions.2022-05-31not yet calculatedCVE-2021-3555
CONFIRM
black_rainbow -- nimbus
 
Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting (XSS).2022-06-02not yet calculatedCVE-2022-24967
MISC
MISC
bleve -- bleve
 
Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP (bleve/http) handlers for exposing the access to the indexes. For instance, the CreateIndexHandler (`http/index_create.go`) and DeleteIndexHandler (`http/index_delete.go`) enable an attacker to create a bleve index (directory structure) anywhere where the user running the server has the write permissions and to delete recursively any directory owned by the same user account. Users who have used the bleve/http package for exposing access to bleve index without the explicit handling for the Role Based Access Controls(RBAC) of the index assets would be impacted by this issue. There is no patch for this issue because the http package is purely intended to be used for demonstration purposes. Bleve was never designed handle the RBACs, nor it was ever advertised to be used in that way. The collaborators of this project have decided to stay away from adding any authentication or authorization to bleve project at the moment. The bleve/http package is mainly for demonstration purposes and it lacks exhaustive validation of the user inputs as well as any authentication and authorization measures. It is recommended to not use bleve/http in production use cases.2022-06-01not yet calculatedCVE-2022-31022
CONFIRM
MISC
bonitasoft -- bonita-web
 
Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API endpoints. This can lead to remote code execution by abusing the privileged API actions.2022-06-02not yet calculatedCVE-2022-25237
MISC
MISC
bottlepy -- bottle
 
Bottle before 0.12.20 mishandles errors during early request binding.2022-06-02not yet calculatedCVE-2022-31799
MISC
MISC
MISC
browsbox -- cms
 
BrowsBox CMS v4.0 was discovered to contain a SQL injection vulnerability.2022-06-02not yet calculatedCVE-2022-29704
MISC
MISC
caddy_server -- caddy
 
Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.2022-06-02not yet calculatedCVE-2022-29718
MISC
car_rental_management_system -- car_rental_management_system
 
Car Rental Management System v1.0 is vulnerable to SQL Injection via /ip/car-rental-management-system/admin/ajax.php?action=login.2022-06-02not yet calculatedCVE-2022-32022
MISC
car_rental_management_system -- car_rental_management_system
 
Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=save_car.2022-06-02not yet calculatedCVE-2022-32019
MISC
car_rental_management_system -- car_rental_management_system
 
Car Rental Management System v1.0 is vulnerable to SQL Injection via car-rental-management-system/booking.php?car_id=.2022-06-02not yet calculatedCVE-2022-32024
MISC
car_rental_management_system -- car_rental_management_system
 
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/view_car.php?id=.2022-06-02not yet calculatedCVE-2022-32025
MISC
car_rental_management_system -- car_rental_management_system
 
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_booking.php?id=.2022-06-02not yet calculatedCVE-2022-32026
MISC
car_rental_management_system -- car_rental_management_system
 
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/index.php?page=manage_car&id=.2022-06-02not yet calculatedCVE-2022-32027
MISC
car_rental_management_system -- car_rental_management_system
 
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php?id=.2022-06-02not yet calculatedCVE-2022-32028
MISC
car_rental_management_system -- car_rental_management_system
 
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_movement.php?id=.2022-06-02not yet calculatedCVE-2022-32021
MISC
car_rental_management_system -- car_rental_management_systemCar Rental Management System v1.0 is vulnerable to Arbitrary code execution via ip/car-rental-management-system/admin/ajax.php?action=save_settings.2022-06-02not yet calculatedCVE-2022-32020
MISC
chatbot -- chatbot_app_with_suggestionChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=user/manage_user&id=.2022-06-02not yet calculatedCVE-2022-31969
MISC
chatbot -- chatbot_app_with_suggestionChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/manage_response&id=.2022-06-02not yet calculatedCVE-2022-31970
MISC
chatbot -- chatbot_app_with_suggestionChatBot App with Suggestion v1.0 is vulnerable to Delete any file via /simple_chat_bot/classes/Master.php?f=delete_img.2022-06-02not yet calculatedCVE-2022-31966
MISC
chatbot -- chatbot_app_with_suggestionChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/view_response&id=.2022-06-02not yet calculatedCVE-2022-31971
MISC
cisco -- common_services_platform_collector_software
 
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-05-27not yet calculatedCVE-2022-20674
CISCO
cisco -- common_services_platform_collector_software
 
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-05-27not yet calculatedCVE-2022-20673
CISCO
cisco -- common_services_platform_collector_software
 
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-05-27not yet calculatedCVE-2022-20672
CISCO
cisco -- enterprise_chat_and_email
 
A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials.2022-05-27not yet calculatedCVE-2022-20802
CISCO
cisco -- multiple_products
 
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.2022-05-27not yet calculatedCVE-2022-20806
CISCO
cisco -- multiple_products
 
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.2022-05-27not yet calculatedCVE-2022-20807
CISCO
cisco -- secure_network_analytics
 
A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system. This vulnerability is due to insufficient user input validation by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting arbitrary commands in the web-based management interface. A successful exploit could allow the attacker to make configuration changes on the affected device or cause certain services to restart unexpectedly.2022-05-27not yet calculatedCVE-2022-20797
CISCO
cisco -- ucs_director
 
A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to affected web applications. A successful exploit could allow the attacker to rewrite web page content, access sensitive information stored in the applications, and alter data by submitting forms.2022-05-27not yet calculatedCVE-2022-20765
CISCO
coalfire -- winaprs
 
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in WinAPRS 2.9.0. A buffer overflow in DIGI address processing for VHF KISS packets allows a remote attacker to cause a denial of service (daemon crash) via a malicious AX.25 packet over the air. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.2022-06-02not yet calculatedCVE-2022-24700
MISC
MISC
coalfire -- winaprs
 
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in WinAPRS 2.9.0. A buffer overflow in the VHF KISS TNC component allows a remote attacker to achieve remote code execution via malicious AX.25 packets over the air. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.2022-06-02not yet calculatedCVE-2022-24702
MISC
MISC
MISC
MISC
coalfire -- winaprs
 
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in WinAPRS 2.9.0. A buffer overflow in national.txt processing allows a local attacker to cause a denial of service or possibly achieve code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.2022-06-02not yet calculatedCVE-2022-24701
MISC
MISC
codeastro -- simple_bus_ticket_booking_system
 
Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection via /SimpleBusTicket/index.php.2022-06-02not yet calculatedCVE-2022-30817
MISC
codeastro -- wedding_management_systemWedding Management System v1.0 is vulnerable to SQL Injection via \admin\blog_events_edit.php.2022-06-02not yet calculatedCVE-2022-30823
MISC
codeastro -- wedding_management_systemWedding Management System v1.0 is vulnerable to SQL Injection via admin\client_assign.php.2022-06-02not yet calculatedCVE-2022-30826
MISC
codeastro -- wedding_management_systemWedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_edit.php?booking=31&user_id=.2022-06-02not yet calculatedCVE-2022-30833
MISC
codeastro -- wedding_management_systemWedding Management System v1.0 is vulnerable to SQL Injection via \admin\client_edit.php.2022-06-02not yet calculatedCVE-2022-30825
MISC
codeastro -- wedding_management_system
 
Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\package_edit.php.2022-06-02not yet calculatedCVE-2022-30827
MISC
codeastro -- wedding_management_system
 
Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\photos_edit.php.2022-06-02not yet calculatedCVE-2022-30828
MISC
codeastro -- wedding_management_system
 
In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_profile.php" file.2022-06-02not yet calculatedCVE-2022-30822
MISC
codeastro -- wedding_management_system
 
Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\feature_edit.php.2022-06-02not yet calculatedCVE-2022-30830
MISC
codeastro -- wedding_management_system
 
In Wedding Management System v1.0, the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of "package_edit.php" file.2022-06-02not yet calculatedCVE-2022-30821
MISC
codeastro -- wedding_management_system
 
Wedding Management System v1.0 is vulnerable to SQL Injection via Wedding-Management/wedding_details.php.2022-06-02not yet calculatedCVE-2022-30831
MISC
codeastro -- wedding_management_system
 
Wedding Management System v1.0 is vulnerable to SQL injection via /Wedding-Management/admin/blog_events_edit.php?id=31.2022-06-02not yet calculatedCVE-2022-30818
MISC
codeastro -- wedding_management_system
 
Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_assign.php?booking=31&user_id=.2022-06-02not yet calculatedCVE-2022-30832
MISC
codeastro -- wedding_management_system
 
Wedding Management System v1.0 is vulnerable to SQL Injection. via /Wedding-Management/admin/budget.php?booking_id=.2022-06-02not yet calculatedCVE-2022-30835
MISC
codeastro -- wedding_management_system
 
Wedding Management System v1.0 is vulnerable to SQL Injection. via Wedding-Management/admin/select.php.2022-06-02not yet calculatedCVE-2022-30836
MISC
codeastro -- wedding_management_system
 
Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\users_edit.php.2022-06-02not yet calculatedCVE-2022-30829
MISC
codeastro -- wedding_management_system
 
In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_edit.php" file.2022-06-02not yet calculatedCVE-2022-30820
MISC
codeastro -- wedding_management_system
 
In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "photos_edit.php" file.2022-06-02not yet calculatedCVE-2022-30819
MISC
complete_online_job_search_system -- complete_online_job_search_system
 
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/category/index.php?view=edit&id=.2022-06-02not yet calculatedCVE-2022-32013
MISC
complete_online_job_search_system -- complete_online_job_search_system
 
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=category&search=.2022-06-02not yet calculatedCVE-2022-32015
MISC
complete_online_job_search_system -- complete_online_job_search_system
 
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/employee/index.php?view=edit&id=.2022-06-02not yet calculatedCVE-2022-32012
MISC
complete_online_job_search_system -- complete_online_job_search_system
 
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/applicants/index.php?view=view&id=.2022-06-02not yet calculatedCVE-2022-32011
MISC
complete_online_job_search_system -- complete_online_job_search_system
 
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/user/index.php?view=edit&id=.2022-06-02not yet calculatedCVE-2022-32010
MISC
complete_online_job_search_system -- complete_online_job_search_system
 
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/vacancy/index.php?view=edit&id=.2022-06-02not yet calculatedCVE-2022-32008
MISC
complete_online_job_search_system -- complete_online_job_search_system
 
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/company/index.php?view=edit&id=.2022-06-02not yet calculatedCVE-2022-32007
MISC
complete_online_job_search_system -- complete_online_job_search_system
 
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bycompany.2022-06-02not yet calculatedCVE-2022-32016
MISC
complete_online_job_search_system -- complete_online_job_search_system
 
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=byfunction.2022-06-02not yet calculatedCVE-2022-32014
MISC
complete_online_job_search_system -- complete_online_job_search_system
 
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bytitle.2022-06-02not yet calculatedCVE-2022-32017
MISC
complete_online_job_search_system -- complete_online_job_search_system
 
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=hiring&search=.2022-06-02not yet calculatedCVE-2022-32018
MISC
couchbase_server
 
Couchbase Server before 7.1.0 has Incorrect Access Control.2022-06-02not yet calculatedCVE-2021-33504
MISC
MISC
creatiwity -- witycms
 
An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file.2022-06-02not yet calculatedCVE-2022-29725
MISC
cveproject -- cve-services
 
CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were called in production, it is possible that it would write the plaintext key to disk. A patch is not available as of time of publication but is anticipated as a "hot fix" for version 1.1.1 and for the 2.x branch.2022-06-02not yet calculatedCVE-2022-31004
MISC
CONFIRM
d-link -- dir-890l
 
** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php.2022-06-03not yet calculatedCVE-2022-29778
MISC
MISC
d-link -- dir-890l_dir890la1_fw107b09
 
The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users easily. The attackers can exploit the vulnerability to carry out arbitrary code by means of sending a specially constructed payload to port 49152.2022-06-02not yet calculatedCVE-2022-30521
MISC
MISC
dell -- bsafe_micro_edition_suite
 
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate Validation vulnerability.2022-06-01not yet calculatedCVE-2020-26184
CONFIRM
dell -- bsafe_micro_edition_suite
 
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability.2022-06-01not yet calculatedCVE-2020-26185
CONFIRM
dell -- emc_powerstore
 
Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker.2022-06-02not yet calculatedCVE-2022-26868
CONFIRM
dell -- multiple_products
 
Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users.2022-06-02not yet calculatedCVE-2022-29084
CONFIRM
dell -- multiple_products
 
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.2022-06-02not yet calculatedCVE-2022-29085
CONFIRM
dell -- powerstore
 
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file.2022-06-02not yet calculatedCVE-2022-26867
CONFIRM
dell -- powerstore
 
Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.2022-06-02not yet calculatedCVE-2022-26866
CONFIRM
dell -- powerstore
 
PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.2022-06-02not yet calculatedCVE-2022-22557
CONFIRM
dell -- powerstore
 
Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution.2022-06-02not yet calculatedCVE-2022-26869
CONFIRM
delll -- powerstore
 
Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the Denial of Service.2022-06-02not yet calculatedCVE-2022-22556
CONFIRM
delta_controls -- entelitouch
 
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request.2022-06-02not yet calculatedCVE-2022-29735
MISC
MISC
delta_controls -- entelitouch
 
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack.2022-06-02not yet calculatedCVE-2022-29733
MISC
MISC
delta_controls -- entelitouch
 
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.2022-06-02not yet calculatedCVE-2022-29732
MISC
MISC
dhis2 -- dhis2
 
DHIS2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability affects the `/api/programs/orgUnits?programs=` API endpoint in DHIS2 versions prior to 2.36.10.1 and 2.37.6.1. The system is vulnerable to attack only from users that are logged in to DHIS2, and there is no known way of exploiting the vulnerability without first being logged in as a DHIS2 user. The vulnerability is not exposed to a non-malicious user and requires a conscious attack to be exploited. A successful exploit of this vulnerability could allow the malicious user to read, edit and delete data in the DHIS2 instance's database. Security patches are now available for DHIS2 versions 2.36.10.1 and 2.37.6.1. One may apply mitigations at the web proxy level as a workaround. More information about these mitigations is available in the GitHub Security Advisory.2022-06-01not yet calculatedCVE-2022-24848
MISC
MISC
MISC
CONFIRM
drupal -- saml_sp
 
Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider in certain non-default configurations allow a malicious user to login as any chosen user. The vulnerability is mitigated by the module's default settings which require the options "Either sign SAML assertions" and "x509 certificate". This issue affects: Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider 8.x version 8.x-2.24 and prior versions; 7.x version 7.x-2.57 and prior versions.2022-06-03not yet calculatedCVE-2022-26493
CONFIRM
drytents -- curekit
 
In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal.2022-05-31not yet calculatedCVE-2022-23082
MISC
CONFIRM
ecommerce-project-with-php-and-mysqli-fruits-bazar -- ecommerce-project-with-php-and-mysqli-fruits-bazar
 
Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable to Cross Site Scripting (XSS) in \admin\add_cata.php via the ctg_name parameters.2022-06-02not yet calculatedCVE-2022-30482
MISC
MISC
MISC
ecommerce-project-with-php-and-mysqli-fruits-bazar -- ecommerce-project-with-php-and-mysqli-fruits-bazar
 
Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable to SQL Injection in \search_product.php via the keyword parameters.2022-06-02not yet calculatedCVE-2022-30478
MISC
MISC
MISC
eg_innovations -- eg_agent
 
eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM.2022-06-02not yet calculatedCVE-2022-29594
MISC
egavilan_media -- contact-form-with-messages-entry-management
 
EGavilan Media Contact-Form-With-Messages-Entry-Management 1.0 is vulnerable to SQL Injection via Addmessage.php. This allows a remote attacker to compromise Application SQL database.2022-06-02not yet calculatedCVE-2021-44097
MISC
MISC
egavilan_media -- expense-management-system
 
EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Injection via /expense_action.php. This allows a remote attacker to compromise Application SQL database.2022-06-02not yet calculatedCVE-2021-44098
MISC
MISC
egavilan_media -- user-registration-and-login-system-with-admin-panel
 
EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profile_action - update_user. This allows a remote attacker to compromise Application SQL database.2022-06-02not yet calculatedCVE-2021-44096
MISC
MISC
elabftw -- elabftw
 
eLabFTW is an electronic lab notebook manager for research teams. Prior to version 4.3.0, a vulnerability allows an authenticated user with an administrator role in a team to assign itself system administrator privileges within the application, or create a new system administrator account. The issue has been corrected in eLabFTW version 4.3.0. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A system administrator account can manage all accounts, teams and edit system-wide settings within the application. The impact is not deemed as high, as it requires the attacker to have access to an administrator account. Regular user accounts cannot exploit this to gain admin rights. A workaround for one if the issues is removing the ability of administrators to create accounts.2022-05-31not yet calculatedCVE-2022-31007
CONFIRM
MISC
elitecms -- elitecms
 
elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php.2022-06-02not yet calculatedCVE-2022-30808
MISC
elitecms -- elitecms
 
elitecms v1.01 is vulnerable to Delete any file via /admin/delete_image.php?file=.2022-06-02not yet calculatedCVE-2022-30804
MISC
elitecms -- elitecms
 
elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php.2022-06-02not yet calculatedCVE-2022-30816
MISC
elitecms -- elitecms
 
elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar=2022-06-02not yet calculatedCVE-2022-30815
MISC
elitecms -- elitecms
 
elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php.2022-06-02not yet calculatedCVE-2022-30814
MISC
elitecms -- elitecms
 
elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php.2022-06-02not yet calculatedCVE-2022-30813
MISC
elitecms -- elitecms
 
elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php.2022-06-02not yet calculatedCVE-2022-30810
MISC
elitecms -- elitecms
 
elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=.2022-06-02not yet calculatedCVE-2022-30809
MISC
embedhis -- appweb_community_edition
 
An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function.2022-06-02not yet calculatedCVE-2021-33254
MISC
fedora -- fedora
 
With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.2022-06-02not yet calculatedCVE-2022-1789
MISC
MISC
MISC
FEDORA
FEDORA
FEDORA
flightradar24 -- flightradar24
 
An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys.2022-06-02not yet calculatedCVE-2021-43512
MISC
MISC
MISC
flower -- flower
 
Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes.2022-06-02not yet calculatedCVE-2022-30034
MISC
MISC
fluid_attacks -- keep_my_notes
 
An attacker with physical access to the victim's device can bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation.2022-06-02not yet calculatedCVE-2022-1716
MISC
MISC
food-order-and-table-reservation-system -- food-order-and-table-reservation-system
 
Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Injection in categorywise-menu.php via the catid parameters.2022-06-02not yet calculatedCVE-2022-30481
MISC
MISC
MISC
form.io -- form.io
 
A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL.2022-06-02not yet calculatedCVE-2020-28246
MISC
MISC
freeswitch -- sofia-sip
 
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this issue.2022-05-31not yet calculatedCVE-2022-31001
MISC
CONFIRM
freeswitch -- sofia-sip
 
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a patch for this issue.2022-05-31not yet calculatedCVE-2022-31002
MISC
CONFIRM
freeswitch -- sofia-sip
 
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\0` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution. Version 1.13.8 contains a patch for this issue.2022-05-31not yet calculatedCVE-2022-31003
MISC
CONFIRM
freetype_demo_programs -- freetype_demo_programs
 
ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.2022-06-02not yet calculatedCVE-2022-31782
MISC
friendsofflarum -- upload
 
FriendsofFlarum (FoF) Upload is an extension that handles file uploads intelligently for your forum. If FoF Upload prior to version 1.2.3 is configured to allow the uploading of SVG files ('image/svg+xml'), navigating directly to an SVG file URI could execute arbitrary Javascript code decided by an attacker. This Javascript code could include the execution of HTTP web requests to Flarum, or any other web service. This could allow data to be leaked by an authenticated Flarum user, or, possibly, for data to be modified maliciously. This issue has been patched with v1.2.3, which now sanitizes uploaded SVG files. As a workaround, remove the ability for users to upload SVG files through FoF Upload.2022-06-02not yet calculatedCVE-2022-30999
MISC
MISC
MISC
CONFIRM
gitee -- tpcms
 
An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file.2022-06-02not yet calculatedCVE-2022-29624
MISC
MISC
gitee -- ofcms
 
OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json.2022-06-02not yet calculatedCVE-2022-29653
MISC
github-action-merge-dependabot -- github-action-merge-dependabot
 
github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests (PRs). Prior to version 3.2.0, github-action-merge-dependabot does not check if a commit created by dependabot is verified with the proper GPG key. There is just a check if the actor is set to `dependabot[bot]` to determine if the PR is a legit PR. Theoretically, an owner of a seemingly valid and legit action in the pipeline can check if the PR is created by dependabot and if their own action has enough permissions to modify the PR in the pipeline. If so, they can modify the PR by adding a second seemingly valid and legit commit to the PR, as they can set arbitrarily the username and email in for commits in git. Because the bot only checks if the actor is valid, it would pass the malicious changes through and merge the PR automatically, without getting noticed by project maintainers. It would probably not be possible to determine where the malicious commit came from, as it would only say `dependabot[bot]` and the corresponding email-address. Version 3.2.0 contains a patch for this issue.2022-05-31not yet calculatedCVE-2022-29220
MISC
CONFIRM
MISC
go-gitea -- gitea
 
Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9.2022-05-29not yet calculatedCVE-2022-1928
MISC
CONFIRM
gogs -- gogs
 
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8.2022-06-01not yet calculatedCVE-2022-1285
MISC
CONFIRM
gogs-- gogs
 
Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker (registered user) can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that configuration can contain an option such as sshCommand, which is executed when a master branch is a remote branch (using an ssh:// URI). The remote branch can also be configured by editing the Git configuration file. One can create a new file in a new repository, using the GUI, with "\" as its name, and then rename this file to .git/config with the custom configuration content (and then save it).2022-06-02not yet calculatedCVE-2021-32546
MISC
MISC
google -- google-it
 
Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved from google to a shell command, potentially exposing the server to RCE.2022-06-02not yet calculatedCVE-2021-34083
MISC
MISC
MISC
hackerone -- curlA insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.2022-06-02not yet calculatedCVE-2022-27776
MISC
hackerone -- curl
 
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.2022-06-02not yet calculatedCVE-2022-30115
MISC
hackerone -- curl
 
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.2022-06-02not yet calculatedCVE-2022-27782
MISC
hackerone -- curl
 
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.2022-06-02not yet calculatedCVE-2022-27775
MISC
hackerone -- curl
 
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.2022-06-02not yet calculatedCVE-2022-27781
MISC
hackerone -- curl
 
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.2022-06-02not yet calculatedCVE-2022-27780
MISC
hackerone -- curl
 
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.2022-06-02not yet calculatedCVE-2022-27779
MISC
hackerone -- curl
 
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.2022-06-02not yet calculatedCVE-2022-27778
MISC
hackerone -- curl
 
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.2022-06-02not yet calculatedCVE-2022-27774
MISC
hashicorp -- multipule_products
 
HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1.2022-06-02not yet calculatedCVE-2022-30324
MISC
MISC
hcl_software -- traveler
 
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.2022-05-27not yet calculatedCVE-2021-27780
CONFIRM
hcl_software -- traveler
 
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.2022-05-27not yet calculatedCVE-2021-27781
CONFIRM
hcl_software -- traveler
 
HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. An attacker could exploit this vulnerability to execute a malicious script to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.2022-06-01not yet calculatedCVE-2021-27778
CONFIRM
horner_automation -- ccscape_csfont
 
The affected product is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.2022-06-02not yet calculatedCVE-2022-27184
MISC
horner_automation -- cscape - csfont
 
The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code2022-06-02not yet calculatedCVE-2022-30540
MISC
horner_automation -- cscape_csfont
 
The affected product is vulnerable to an out-of-bounds write via uninitialized pointer, which may allow an attacker to execute arbitrary code.2022-06-02not yet calculatedCVE-2022-28690
MISC
horner_automation -- cscape_csfont
 
The affected product is vulnerable to an out-of-bounds read via uninitialized pointer, which may allow an attacker to execute arbitrary code.2022-06-02not yet calculatedCVE-2022-29488
MISC
ibm -- multiple_products
 
IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.2022-05-31not yet calculatedCVE-2022-22361
XF
CONFIRM
ict -- protege_gxwx
 
An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users.2022-06-02not yet calculatedCVE-2022-29731
MISC
MISC
ict -- protege_gxwx
 
A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.2022-06-02not yet calculatedCVE-2022-29734
MISC
MISC
idce_mv's_application -- idce_mv's_application
 
SQL injection in Logon Page of IDCE MV's application, version 1.0, allows an attacker to inject SQL payloads in the user field, connecting to a database to access enterprise's private and sensitive information.2022-06-02not yet calculatedCVE-2022-30496
MISC
MISC
janobe -- online_ordering_system
 
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?view=edit&id=.2022-06-02not yet calculatedCVE-2022-31335
MISC
janobe -- online_ordering_system
 
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/loaddata.php.2022-06-02not yet calculatedCVE-2022-31336
MISC
janobe -- online_ordering_system
 
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/category/index.php?view=edit&id=.2022-06-02not yet calculatedCVE-2022-31337
MISC
janobe -- online_ordering_system
 
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=.2022-06-02not yet calculatedCVE-2022-31338
MISC
janobe -- online_ordering_system_by_janobe
 
Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection via /ordering/admin/orders/loaddata.php.2022-06-02not yet calculatedCVE-2022-31329
MISC
janobe -- online_ordering_system_by_janobe
 
Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering/admin/products/index.php?view=edit&id=.2022-06-02not yet calculatedCVE-2022-31328
MISC
janobe -- online_ordering_system_by_janobe
 
Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=products&id=.2022-06-02not yet calculatedCVE-2022-31327
MISC
jfinal_cms -- jfinal_cms
 
A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request.2022-06-02not yet calculatedCVE-2022-29648
MISC
jfrog -- devcert_npm_package
 
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method2022-06-02not yet calculatedCVE-2022-1929
MISC
jfrog -- jquery-validation_npm_package
 
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method2022-06-02not yet calculatedCVE-2021-43306
MISC
jfrog -- markdown-link-extractor_npm_package
 
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function2022-06-02not yet calculatedCVE-2021-43308
MISC
jfrog -- semver-regex_npm_package
 
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method2022-06-02not yet calculatedCVE-2021-43307
MISC
keysight_technologies -- multiple_products
 
The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files.2022-06-02not yet calculatedCVE-2022-1661
MISC
keysight_technologies -- keysight_n6854a_and_n6841a_rf
 
The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary code.2022-06-02not yet calculatedCVE-2022-1660
MISC
knime -- analytics_platformIn KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions.2022-06-02not yet calculatedCVE-2022-31500
MISC
MISC
krcert/cc -- maxboard
 
SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoard can cause information leakage and privilege escalation. This vulnerabilities can be exploited by manipulating a variable with a desired value and inserting and arbitrary file.2022-06-02not yet calculatedCVE-2021-26633
MISC
krcert/cc -- maxboard
 
In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code execution.2022-06-02not yet calculatedCVE-2021-26635
MISC
krcert/cc -- maxboard
 
SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. Attackers can use these vulnerabilities to perform attacks such as stealing server management rights using a web shell.2022-06-02not yet calculatedCVE-2021-26634
MISC
libdwarf -- libdwarflibdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c.2022-06-02not yet calculatedCVE-2022-32200
MISC
MISC
MISC
libinput -- libinput
 
A format string vulnerability was found in libinput2022-06-02not yet calculatedCVE-2022-1215
MISC
libjpeg -- libjpeg
 
libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use.2022-06-02not yet calculatedCVE-2022-31796
MISC
MISC
libjpeg -- libjpeg
 
In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp.2022-06-02not yet calculatedCVE-2022-32202
MISC
MISC
libjpeg -- libjpeg
 
In libjpeg 1.63, there is a NULL pointer dereference in Component::SubXOf in component.hpp.2022-06-02not yet calculatedCVE-2022-32201
MISC
MISC
liblouis -- liblouis
 
Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace.2022-06-02not yet calculatedCVE-2022-31783
MISC
MISC
libmobi -- libmobi
 
libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mobi file.2022-06-02not yet calculatedCVE-2022-29788
MISC
librenms -- librenms
 
LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters.2022-06-02not yet calculatedCVE-2022-29712
MISC
librenms -- librenms
 
LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php.2022-06-02not yet calculatedCVE-2022-29711
MISC
MISC
lifion -- lifion-verify-dependencies
 
lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project's package.json file.2022-06-02not yet calculatedCVE-2021-34078
MISC
MISC
linkplay -- sound_bar
 
LinkPlay Sound Bar v1.0 allows attackers to escalate privileges via a hardcoded password for the SSL certificate.2022-06-02not yet calculatedCVE-2022-28605
MISC
linux -- kernal
 
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.2022-06-02not yet calculatedCVE-2022-1652
MISC
MISC
MISC
linux -- kernel
 
A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially2022-06-02not yet calculatedCVE-2022-1943
MISC
linux -- kernel
 
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.2022-06-02not yet calculatedCVE-2022-32250
MISC
MISC
MLIST
MLIST
linux -- kernel's_io_uring
 
A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system.2022-06-02not yet calculatedCVE-2022-1786
MISC
linux -- teletype
 
An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.2022-06-02not yet calculatedCVE-2022-1462
MISC
mattermost -- mattermostUncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post.2022-06-02not yet calculatedCVE-2022-1982
MISC
mautic -- mautic
 
A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript2022-06-01not yet calculatedCVE-2021-27914
CONFIRM
mcms -- mcms
 
An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file.2022-06-02not yet calculatedCVE-2022-30506
MISC
mcms -- mcms
 
An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do.2022-06-02not yet calculatedCVE-2022-29647
MISC
mgm_security_partners -- bigbluebutton
 
BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the "Share room access" dialog if the victim has shared access to the particular room with the attacker previously.2022-06-02not yet calculatedCVE-2022-26497
MISC
MISC
microsoft -- edge
 
Microsoft Edge (Chromium-based) Spoofing Vulnerability.2022-06-01not yet calculatedCVE-2022-26905
N/A
microsoft -- edge
 
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30128.2022-06-01not yet calculatedCVE-2022-30127
N/A
microsoft -- edge
 
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30127.2022-06-01not yet calculatedCVE-2022-30128
N/A
mintzo -- docker-tester
 
OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file.2022-06-02not yet calculatedCVE-2021-34079
MISC
MISC
mitsubishi -- multiple_products
 
Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number "24061" or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number "24061" or prior and Mitsubishi Electric MELSEC iQ-R Series RD81MES96N firmware version "08" or prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on the target products by sending specially crafted packets.2022-06-02not yet calculatedCVE-2022-25163
MISC
MISC
mruby -- mruby
 
Use After Free in GitHub repository mruby/mruby prior to 3.2.2022-05-31not yet calculatedCVE-2022-1934
MISC
CONFIRM
neorazorx -- facturascripts
 
Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09.2022-06-03not yet calculatedCVE-2022-1988
MISC
CONFIRM
neos_cms -- neos_cms
 
Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also be present in all intermediate versions.2022-06-02not yet calculatedCVE-2022-30429
MISC
netapp -- e-series_santricity_os_controller_software
 
E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users.2022-06-02not yet calculatedCVE-2022-23236
MISC
netapp -- e-series_santricity_os_controller_software
 
E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host header injection attacks that could allow an attacker to redirect users to malicious websites.2022-06-02not yet calculatedCVE-2022-23237
MISC
netcloud -- server
 
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4, missing input-size validation of new session names allows users to create app passwords with long names. These long names are then loaded into memory on usage, resulting in impacted performance. Versions 22.2.7 and 23.0.4 contain a fix for this issue. There are currently no known workarounds available.2022-05-31not yet calculatedCVE-2022-29243
MISC
MISC
CONFIRM
netscout -- ngeniusone
 
NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution.2022-06-02not yet calculatedCVE-2021-45983
MISC
MISC
netscout -- ngeniusone
 
NetScout nGeniusONE 6.3.2 allows Arbitrary File Upload by a privileged user.2022-06-02not yet calculatedCVE-2021-45982
MISC
MISC
netscout -- ngeniusone
 
NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack.2022-06-02not yet calculatedCVE-2021-45981
MISC
MISC
nextcloud -- richdocuments
 
richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fix for this issue. There are currently no known workarounds available.2022-06-02not yet calculatedCVE-2022-31024
MISC
CONFIRM
MISC
nginx -- njs
 
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h.2022-06-02not yet calculatedCVE-2022-30503
MISC
MISC
nginx -- njs
 
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.2022-06-02not yet calculatedCVE-2022-29779
MISC
MISC
nginx -- njs
 
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c.2022-06-02not yet calculatedCVE-2022-29780
MISC
MISC
npm -- es128_ssl-utils
 
OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions.2022-06-02not yet calculatedCVE-2021-34080
MISC
online_car_wash_booking_system -- online_car_wash_booking_systemOnline Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_booking.2022-06-02not yet calculatedCVE-2022-31344
MISC
online_car_wash_booking_system -- online_car_wash_booking_systemOnline Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle.2022-06-02not yet calculatedCVE-2022-31347
MISC
online_car_wash_booking_system -- online_car_wash_booking_systemOnline Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/bookings/update_status.php?id=.2022-06-02not yet calculatedCVE-2022-31348
MISC
online_car_wash_booking_system -- online_car_wash_booking_systemOnline Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manage_price.php?id=.2022-06-02not yet calculatedCVE-2022-31351
MISC
online_car_wash_booking_system -- online_car_wash_booking_systemOnline Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_service.php?id=.2022-06-02not yet calculatedCVE-2022-31353
MISC
online_car_wash_booking_system -- online_car_wash_booking_systemOnline Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=get_vehicle_service.2022-06-02not yet calculatedCVE-2022-31354
MISC
online_car_wash_booking_system -- online_car_wash_booking_system
 
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=.2022-06-02not yet calculatedCVE-2022-31350
MISC
online_car_wash_booking_system -- online_car_wash_booking_system
 
Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manage_service.php?id=.2022-06-02not yet calculatedCVE-2022-31352
MISC
online_car_wash_booking_system -- online_car_wash_booking_system
 
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_service.2022-06-02not yet calculatedCVE-2022-31346
MISC
online_car_wash_booking_system -- online_car_wash_booking_system
 
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=user/manage_user&id=.2022-06-02not yet calculatedCVE-2022-31345
MISC
online_car_wash_booking_system -- online_car_wash_booking_system
 
Online Car Wash Booking System v1.0 is vulnerable to Delete any file via /ocwbs/classes/Master.php?f=delete_img.2022-06-02not yet calculatedCVE-2022-31342
MISC
online_car_wash_booking_system -- online_car_wash_booking_system
 
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/view_details&id=.2022-06-02not yet calculatedCVE-2022-31343
MISC
online_fire_reporting_system -- online_fire_reporting_system
 
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=.2022-06-02not yet calculatedCVE-2022-31974
MISC
online_fire_reporting_system -- online_fire_reporting_system
 
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manage_team&id=.2022-06-02not yet calculatedCVE-2022-31980
MISC
online_fire_reporting_system -- online_fire_reporting_system
 
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team.2022-06-02not yet calculatedCVE-2022-31977
MISC
online_fire_reporting_system -- online_fire_reporting_system
 
Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=delete_img.2022-06-02not yet calculatedCVE-2022-31973
MISC
online_fire_reporting_system -- online_fire_reporting_system
 
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_inquiry.2022-06-02not yet calculatedCVE-2022-31978
MISC
online_fire_reporting_system -- online_fire_reporting_system
 
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_user&id=.2022-06-02not yet calculatedCVE-2022-31975
MISC
online_fire_reporting_system -- online_fire_reporting_system
 
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/view_team&id=.2022-06-02not yet calculatedCVE-2022-31981
MISC
online_fire_reporting_system -- online_fire_reporting_system
 
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request&id=.2022-06-02not yet calculatedCVE-2022-31982
MISC
online_fire_reporting_system -- online_fire_reporting_system
 
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request.2022-06-02not yet calculatedCVE-2022-31976
MISC
online_fire_reporting_system -- online_fire_reporting_system
 
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/manage_request&id=.2022-06-02not yet calculatedCVE-2022-31983
MISC
online_fire_reporting_system -- online_fire_reporting_system
 
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/take_action.php?id=.2022-06-02not yet calculatedCVE-2022-31984
MISC
onlyoffice -- document_server
 
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp.2022-06-02not yet calculatedCVE-2022-29776
MISC
MISC
onlyoffice -- document_server
 
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h.2022-06-02not yet calculatedCVE-2022-29777
MISC
MISC
oretnom23 -- merchandise_online_store
 
Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information.2022-06-02not yet calculatedCVE-2022-30423
MISC
oretnom23 -- online_ordering_system
 
Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductetails.php.2022-06-02not yet calculatedCVE-2022-30794
MISC
oretnom23 -- online_ordering_system
 
Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductimage.php.2022-06-02not yet calculatedCVE-2022-30795
MISC
oretnom23 -- online_ordering_system
 
Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/viewreport.php.2022-06-02not yet calculatedCVE-2022-30798
MISC
oretnom23 -- online_ordering_system
 
Online Ordering System v1.0 by oretnom23 has SQL injection via store/orderpage.php.2022-06-02not yet calculatedCVE-2022-30799
MISC
oretnom23 -- online_ordering_system
 
Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php.2022-06-02not yet calculatedCVE-2022-30797
MISC
owl_labs -- meeting_owlOwl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used.2022-06-02not yet calculatedCVE-2022-31463
MISC
MISC
owl_labs -- meeting_owl
 
Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data.2022-06-02not yet calculatedCVE-2022-31462
MISC
MISC
owl_labs -- meeting_owl
 
Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value.2022-06-02not yet calculatedCVE-2022-31460
MISC
MISC
owl_labs -- meeting_owl
 
Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth.2022-06-02not yet calculatedCVE-2022-31459
MISC
MISC
owl_labs -- meeting_owl
 
Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message.2022-06-02not yet calculatedCVE-2022-31461
MISC
MISC
packet_storm -- responsive_online_blog
 
Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php.2022-06-02not yet calculatedCVE-2022-29659
MISC
MISC
MISC
pbootcms -- pbootcms
 
Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index.2022-06-02not yet calculatedCVE-2020-20971
MISC
percona -- xtrabackup
 
Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table. NOTE: this issue exists because of an incomplete fix for CVE-2020-10997.2022-06-02not yet calculatedCVE-2022-26944
MISC
MISC
phpabook -- phpabook
 
phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "auth_user" parameter in index.php script.2022-06-02not yet calculatedCVE-2022-30352
MISC
MISC
pidgin -- pidgin
 
An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968.2022-06-02not yet calculatedCVE-2022-26491
MISC
MISC
MISC
MISC
MISC
play_framework -- play_framework
 
Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by configuring its `DefaultHttpErrorHandler` to do so based on the application mode. In its Scala API Play also provides a static object `DefaultHttpErrorHandler` that is configured to always show verbose errors. This is used as a default value in some Play APIs, so it is possible to inadvertently use this version in production. It is also possible to improperly configure the `DefaultHttpErrorHandler` object instance as the injected error handler. Both of these situations could result in verbose errors displaying to users in a production application, which could expose sensitive information from the application. In particular, the constructor for `CORSFilter` and `apply` method for `CORSActionBuilder` use the static object `DefaultHttpErrorHandler` as a default value. This is patched in Play Framework 2.8.16. The `DefaultHttpErrorHandler` object has been changed to use the prod-mode behavior, and `DevHttpErrorHandler` has been introduced for the dev-mode behavior. A workaround is available. When constructing a `CORSFilter` or `CORSActionBuilder`, ensure that a properly-configured error handler is passed. Generally this should be done by using the `HttpErrorHandler` instance provided through dependency injection or through Play's `BuiltInComponents`. Ensure that the application is not using the `DefaultHttpErrorHandler` static object in any code that may be run in production.2022-06-02not yet calculatedCVE-2022-31023
CONFIRM
MISC
MISC
play_framework -- play_framework
 
Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the `Form#bindFromRequest` method on a JSON request body or the `Form#bind` method directly on a JSON value. If the JSON data being bound to the form contains a deeply-nested JSON object or array, the form binding implementation may consume all available heap space and cause an `OutOfMemoryError`. If executing on the default dispatcher and `akka.jvm-exit-on-fatal-error` is enabled—as it is by default—then this can crash the application process. `Form.bindFromRequest` is vulnerable when using any body parser that produces a type of `AnyContent` or `JsValue` in Scala, or one that can produce a `JsonNode` in Java. This includes Play's default body parser. This vulnerability been patched in version 2.8.16. There is now a global limit on the depth of a JSON object that can be parsed, which can be configured by the user if necessary. As a workaround, applications that do not need to parse a request body of type `application/json` can switch from the default body parser to another body parser that supports only the specific type of body they expect.2022-06-02not yet calculatedCVE-2022-31018
CONFIRM
MISC
MISC
polonel -- trudesk
 
Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3.2022-05-31not yet calculatedCVE-2022-1947
MISC
CONFIRM
polonel -- trudesk
 
Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3.2022-05-31not yet calculatedCVE-2022-1926
CONFIRM
MISC
polonel -- trudesk
 
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository polonel/trudesk prior to 1.2.3.2022-05-31not yet calculatedCVE-2022-1893
MISC
CONFIRM
polonel -- trudesk
 
Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3.2022-05-31not yet calculatedCVE-2022-1931
CONFIRM
MISC
polonel -- trudesk
 
Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3.2022-05-31not yet calculatedCVE-2022-1808
MISC
CONFIRM
project_worlds_official -- hospital_management_system_in_php
 
Project Worlds Official Hospital Management System in php 1.0 is vulnerable to SQL Injection on login page organization. ¶¶ A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database.2022-06-02not yet calculatedCVE-2021-44095
MISC
MISC
MISC
protobufjs -- protobufjs
 
The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions 2. by parsing/loading .proto files2022-05-27not yet calculatedCVE-2022-25878
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
publiccms -- publiccms
 
PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java.2022-06-03not yet calculatedCVE-2022-29784
MISC
MISC
python -- waitress
 
Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed. This issue has been fixed in Waitress 2.1.2 by no longer allowing the WSGI thread to close the socket. Instead, that is always delegated to the main thread. There is no work-around for this issue. However, users using waitress behind a reverse proxy server are less likely to have issues if the reverse proxy always reads the full response.2022-05-31not yet calculatedCVE-2022-31015
MISC
MISC
CONFIRM
MISC
qdecoder -- qdecoder
 
qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding.2022-06-03not yet calculatedCVE-2022-32265
MISC
MISC
MISC
real_player -- real_player
 
In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder (DLL planting could also occur).2022-06-03not yet calculatedCVE-2022-32270
MISC
MISC
real_player -- real_player
 
In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary local files.2022-06-03not yet calculatedCVE-2022-32271
MISC
MISC
real_player -- real_player
 
In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). This leads to arbitrary code execution.2022-06-03not yet calculatedCVE-2022-32269
MISC
MISC
red_hat_inc -- multiple_products
 
The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.2022-06-02not yet calculatedCVE-2022-1419
MISC
rescue_dispatch_management_system -- rescue_dispatch_management_systemRescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/manage_report.php?id=.2022-06-02not yet calculatedCVE-2022-31956
MISC
rescue_dispatch_management_system -- rescue_dispatch_management_systemRescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/respondent_types/manage_respondent_type.php?id=.2022-06-02not yet calculatedCVE-2022-31965
MISC
rescue_dispatch_management_system -- rescue_dispatch_management_systemRescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/respondent_types/view_respondent_type.php?id=.2022-06-02not yet calculatedCVE-2022-31964
MISC
rescue_dispatch_management_system -- rescue_dispatch_management_systemRescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/view_incident.php?id=.2022-06-02not yet calculatedCVE-2022-31962
MISC
rescue_dispatch_management_system -- rescue_dispatch_management_systemRescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/manage_incident.php?id=.2022-06-02not yet calculatedCVE-2022-31961
MISC
rescue_dispatch_management_system -- rescue_dispatch_management_systemRescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/teams/manage_team.php?id=.2022-06-02not yet calculatedCVE-2022-31959
MISC
rescue_dispatch_management_system -- rescue_dispatch_management_systemRescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/teams/view_team.php?id=.2022-06-02not yet calculatedCVE-2022-31957
MISC
rescue_dispatch_management_system -- rescue_dispatch_management_systemRescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/view_report.php?id=.2022-06-02not yet calculatedCVE-2022-31953
MISC
rescue_dispatch_management_system -- rescue_dispatch_management_system
 
Rescue Dispatch Management System v1.0 is vulnerable to Delete any file via /rdms/classes/Master.php?f=delete_img.2022-06-02not yet calculatedCVE-2022-31945
MISC
rescue_dispatch_management_system -- rescue_dispatch_management_system
 
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_team.2022-06-02not yet calculatedCVE-2022-31946
MISC
rescue_dispatch_management_system -- rescue_dispatch_management_system
 
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_report.2022-06-02not yet calculatedCVE-2022-31948
MISC
rescue_dispatch_management_system -- rescue_dispatch_management_system
 
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_respondent_type.2022-06-02not yet calculatedCVE-2022-31951
MISC
rescue_dispatch_management_system -- rescue_dispatch_management_system
 
Rescue Dispatch Management System v1.0 is vulnerable to SQL injection via /rdms/classes/Master.php?f=delete_incident.2022-06-02not yet calculatedCVE-2022-31952
MISC
resi -- gemini-net
 
resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints,2022-06-02not yet calculatedCVE-2022-29540
MISC
MISC
riverbed -- appresponse
 
Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a (when configured to use local, RADIUS, or TACACS authentication) logs usernames and passwords if either is entered incorrectly. If a user enters an incorrect username and/or password when logging into the WebUI, these attempted credentials are included in an error message that is logged in the WebUI log file. A log entry does not appear if the username and password provided correctly match a valid set of credentials. This also does not happen if AppResponse is configured to use SAML authentication. The WebUI log file is included in subsequent diagnostic system dumps that are generated. (Only users with Full Control access to the System Configuration permission can generate system dumps. By default, only System Administrators have Full Control access to the System Configuration permission.)2022-06-03not yet calculatedCVE-2021-43271
MISC
rockwell_automation -- logix_controllers
 
A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online.2022-06-02not yet calculatedCVE-2022-1797
CONFIRM
CONFIRM
rsa -- archer
 
RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type.2022-06-02not yet calculatedCVE-2021-33615
MISC
MISC
MISC
ruby_gem -- dragonfly
 
An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL.2022-06-02not yet calculatedCVE-2021-33473
MISC
MISC
schneider_electric_se -- multiple_products
 
A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)2022-06-02not yet calculatedCVE-2022-30238
MISC
schneider_electric_se -- multiple_products
 
A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)2022-06-02not yet calculatedCVE-2022-30232
MISC
schneider_electric_se -- multiple_products
 
A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)2022-06-02not yet calculatedCVE-2022-30233
MISC
schneider_electric_se -- multiple_products
 
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)2022-06-02not yet calculatedCVE-2022-30234
MISC
schneider_electric_se -- multiple_products
 
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)2022-06-02not yet calculatedCVE-2022-30235
MISC
schneider_electric_se -- multiple_products
 
A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)2022-06-02not yet calculatedCVE-2022-30236
MISC
schneider_electric_se -- multiple_products
 
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)2022-06-02not yet calculatedCVE-2022-30237
MISC
sercomm -- multiple_products
 
A Command Injection vulnerability in httpd web server (setup.cgi) in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connection_type parameter of the statussupport_diagnostic_tracing.json endpoint.2022-06-02not yet calculatedCVE-2021-44080
MISC
MISC
siemens-healthineers -- multiple_products
 
A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.2022-06-01not yet calculatedCVE-2022-29875
CONFIRM
siteserver -- sscms
 
siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS).2022-06-02not yet calculatedCVE-2022-30349
MISC
solidusio -- solidus
 
solidus_backend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery (CSRF) vulnerability. The vulnerability allows attackers to change the state of an order's adjustments if they hold its number, and the execution happens on a store administrator's computer. Users should upgrade to solidus_backend 3.1.6, 3.0.6, or 2.11.16 to receive a patch.2022-06-01not yet calculatedCVE-2022-31000
MISC
CONFIRM
solutions_atlantic -- regulatory_reporting_system
 
Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to an reflected Cross-Site Scripting (XSS) vulnerability via RRSWeb/maint/ShowDocument/ShowDocument.aspx .2022-06-02not yet calculatedCVE-2022-29598
MISC
MISC
solutions_atlantic -- regulatory_reporting_system
 
Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to Local File Inclusion (LFI). Any authenticated user has the ability to reference internal system files within requests made to the RRSWeb/maint/ShowDocument/ShowDocument.aspx page. The server will successfully respond with the file contents of the internal system file requested. This ability could allow for adversaries to extract sensitive data and/or files from the underlying file system, gain knowledge about the internal workings of the system, or access source code of the application.2022-06-02not yet calculatedCVE-2022-29597
MISC
MISC
sourcecodester -- online_market_place_site
 
An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers.2022-06-02not yet calculatedCVE-2022-29627
MISC
sourcecodester -- online_market_place_site
 
A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page parameter.2022-06-02not yet calculatedCVE-2022-29628
MISC
sourcecodester -- product_show_room_site
 
A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been declared as problematic. This vulnerability affects p=contact. The manipulation of the Message textbox with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely but requires authentication. Exploit details have been disclosed to the public.2022-06-02not yet calculatedCVE-2022-1979
MISC
MISC
sourcecodester -- product_show_room_site
 
A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been rated as problematic. This issue affects the file /admin/?page=system_info/contact_info. The manipulation of the textbox Telephone with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely but requires authentication. Expliot details have been disclosed to the public.2022-06-02not yet calculatedCVE-2022-1980
MISC
MISC
sourcecodester -- school_dormitory_management_system
 
School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126.2022-06-02not yet calculatedCVE-2022-30514
MISC
MISC
sourcecodester -- school_dormitory_management_system
 
School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/daily_collection_report.php:59.2022-06-02not yet calculatedCVE-2022-30510
MISC
MISC
sourcecodester -- school_dormitory_management_system
 
School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/view_details.php:4.2022-06-02not yet calculatedCVE-2022-30511
MISC
MISC
sourcecodester -- school_dormitory_management_system
 
School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:1252022-06-02not yet calculatedCVE-2022-30513
MISC
MISC
sourcecodester -- school_dormitory_management_system
 
School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/payment_history.php:31.2022-06-02not yet calculatedCVE-2022-30512
MISC
MISC
ssh.net -- ssh.net 
 
SSH.NET is a Secure Shell (SSH) library for .NET. In versions 2020.0.0 and 2020.0.1, during an `X25519` key exchange, the client’s private key is generated with `System.Random`. `System.Random` is not a cryptographically secure random number generator, it must therefore not be used for cryptographic purposes. When establishing an SSH connection to a remote host, during the X25519 key exchange, the private key is generated with a weak random number generator whose seed can be brute forced. This allows an attacker who is able to eavesdrop on the communications to decrypt them. Version 2020.0.2 contains a patch for this issue. As a workaround, one may disable support for `curve25519-sha256` and `curve25519-sha256@libssh.org` key exchange algorithms.2022-05-31not yet calculatedCVE-2022-29245
CONFIRM
MISC
MISC
MISC
starwindsoftware -- multiple_products
 
StarWind SAN and NAS v0.2 build 1914 allow remote code execution.2022-06-03not yet calculatedCVE-2022-32268
MISC
swftools -- swftoolsAn issue was discovered in swftools through 20201222. A heap buffer overflow exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execution.2022-06-02not yet calculatedCVE-2021-42199
MISC
swftools -- swftoolsAn issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_DeleteFilter() located in swffilter.c. It allows an attacker to cause Denial of Service.2022-06-02not yet calculatedCVE-2021-42202
MISC
swftools -- swftoolsAn issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function handleEditText() located in swfdump.c. It allows an attacker to cause code Execution.2022-06-02not yet calculatedCVE-2021-42195
MISC
swftools -- swftools
 
An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function main() located in swfdump.c. It allows an attacker to cause Denial of Service.2022-06-02not yet calculatedCVE-2021-42200
MISC
swftools -- swftools
 
An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause code execution.2022-06-02not yet calculatedCVE-2021-42204
MISC
swftools -- swftools
 
An issue was discovered in swftools through 20201222. A heap-use-after-free exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execution.2022-06-02not yet calculatedCVE-2021-42203
MISC
swftools -- swftools
 
An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function traits_parse() located in abc.c. It allows an attacker to cause Denial of Service.2022-06-02not yet calculatedCVE-2021-42196
MISC
swftools -- swftools
 
An issue was discovered in swftools through 20201222 through a memory leak in the swftools when swfdump is used. It allows an attacker to cause code execution.2022-06-02not yet calculatedCVE-2021-42197
MISC
swftools -- swftools
 
An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause Denial of Service.2022-06-02not yet calculatedCVE-2021-42198
MISC
swftools -- swftools
 
An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetD64() located in rfxswf.c. It allows an attacker to cause code execution.2022-06-02not yet calculatedCVE-2021-42201
MISC
tenda_technology -- hg6
 
Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. This vulnerability is exploited via a crafted POST request.2022-06-02not yet calculatedCVE-2022-30425
MISC
MISC
MISC
tidb -- tidb
 
TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access. Only users using TiDB 5.3.0 are affected by this vulnerability. TiDB version 5.3.1 contains a patch for this issue. Other mitigation strategies include turning off Security Enhanced Mode (SEM), disabling local login for non-root accounts, and ensuring that the same IP cannot be logged in as root and normal user at the same time.2022-05-31not yet calculatedCVE-2022-31011
MISC
CONFIRM
tiktok -- tiktok
 
The TikTok application before 23.8.4 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click.2022-06-02not yet calculatedCVE-2022-28799
MISC
MISC
MISC
totolink -- ex1200tTOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack.2022-06-03not yet calculatedCVE-2021-42888
MISC
totolink -- ex1200t
 
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack.2022-06-03not yet calculatedCVE-2021-42890
MISC
totolink -- ex1200t
 
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization.2022-06-03not yet calculatedCVE-2021-42889
MISC
totolink -- ex1200t
 
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin.2022-06-02not yet calculatedCVE-2021-42875
MISC
MISC
MISC
totolink -- ex1200t
 
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg.2022-06-03not yet calculatedCVE-2021-42893
MISC
totolink -- ex1200t
 
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware.2022-06-03not yet calculatedCVE-2021-42892
MISC
totolink -- ex1200t
 
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization.2022-06-03not yet calculatedCVE-2021-42891
MISC
totolink -- ex1200t
 
TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file.2022-06-03not yet calculatedCVE-2021-42886
MISC
totolink -- ex1200t
 
TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system.2022-06-02not yet calculatedCVE-2021-42877
MISC
MISC
MISC
totolink -- ex1200t
 
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack.2022-06-03not yet calculatedCVE-2021-42884
MISC
totolink -- ex1200t
 
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack.2022-06-03not yet calculatedCVE-2021-42885
MISC
totolink -- ex1200t
 
TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code.2022-06-02not yet calculatedCVE-2021-42872
MISC
MISC
MISC
totolink -- ex1200t
 
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.2022-06-03not yet calculatedCVE-2021-42887
MISC
trend_micro_inc -- maximum_security_2022
 
Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files.2022-05-27not yet calculatedCVE-2022-30687
N/A
N/A
trend_micro_inc -- multiple_products
 
An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2022-05-27not yet calculatedCVE-2022-30700
N/A
N/A
trend_micro_inc -- multiple_products
 
An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2022-05-27not yet calculatedCVE-2022-30701
N/A
N/A
trend_micro -- eol_product_cve_installer_of_trend_micro_password_manager_(consumer)
 
EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Please note that this was reported on an EOL version of the product, and users are advised to upgrade to the latest supported version (5.x).2022-05-27not yet calculatedCVE-2022-28394
N/A
N/A
N/A
turistforeningen -- node-s3-uploader
 
OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function.2022-06-02not yet calculatedCVE-2021-34084
MISC
unicorn-engine -- unicorn_engine
 
Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine initialization.2022-06-02not yet calculatedCVE-2022-29695
MISC
MISC
unicorn-engine -- unicorn_engine
 
Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ram_free.2022-06-02not yet calculatedCVE-2022-29694
MISC
MISC
MISC
MISC
MISC
unicorn-engine -- unicorn_engine
 
Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c.2022-06-02not yet calculatedCVE-2022-29693
MISC
MISC
unicorn-engine -- unicorn_engine
 
Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulnerability via the hook function.2022-06-02not yet calculatedCVE-2022-29692
MISC
vapor -- vaporVapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a workaround, disable FileMiddleware and serve via a Content Delivery Network.2022-05-31not yet calculatedCVE-2022-31005
CONFIRM
MISC
MISC
vartalap -- chat_server
 
Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function `this.authProvider.verifyAccessKey` is an async function, as the code is not using `await` to wait for the verification result. Every time the function responds back with success, along with an unhandled exception if the token is invalid. A patch is available in version 2.6.0.2022-05-31not yet calculatedCVE-2022-31013
MISC
CONFIRM
MISC
verizon -- 4g_lte_network_extender_ga4.38
 
Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page.2022-06-02not yet calculatedCVE-2022-29729
MISC
MISC
vim -- vim
 
Use After Free in GitHub repository vim/vim prior to 8.2.2022-06-02not yet calculatedCVE-2022-1968
CONFIRM
MISC
vim -- vim
 
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.2022-05-27not yet calculatedCVE-2022-1897
CONFIRM
MISC
FEDORA
FEDORA
vim -- vim
 
Buffer Over-read in GitHub repository vim/vim prior to 8.2.2022-05-29not yet calculatedCVE-2022-1927
CONFIRM
MISC
FEDORA
FEDORA
vim -- vim
 
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.2022-05-31not yet calculatedCVE-2022-1942
CONFIRM
MISC
webankpartners -- wecube
 
An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted ZIP file.2022-06-02not yet calculatedCVE-2022-28945
MISC
MISC
MISC
MISC
wordpress -- amazon_link_wordpress_plugin
 
The Amazon Link WordPress plugin through 3.2.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.2022-05-30not yet calculatedCVE-2022-1645
MISC
wordpress -- bannerman_wordpress_plugin
 
The BannerMan WordPress plugin through 0.2.4 does not sanitize or escape its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed (such as in multisite)2022-05-30not yet calculatedCVE-2022-1275
MISC
wordpress -- birthdays_widget_wordpress_plugin
 
The Birthdays Widget WordPress plugin through 1.7.18 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed2022-05-30not yet calculatedCVE-2022-1643
MISC
wordpress -- bluk_page_creator_wordpress_plugin
 
The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF.2022-05-30not yet calculatedCVE-2022-1611
MISC
wordpress -- call&book_mobile_bar_wordpress_plugin
 
The Call&Book Mobile Bar WordPress plugin through 1.2.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.2022-05-30not yet calculatedCVE-2022-1644
MISC
wordpress -- change_wp_admin_login_wordpress_plugin
 
The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector2022-05-30not yet calculatedCVE-2022-1589
MISC
wordpress -- content_mask_wordpress_plugin
 
The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options2022-05-30not yet calculatedCVE-2022-1203
MISC
wordpress -- easy_faq_with_expanding_text_wordpress_plugin
 
The Easy FAQ with Expanding Text WordPress plugin through 3.2.8.3.1 does not sanitise and escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks when unfiltered_html is disallowed2022-05-30not yet calculatedCVE-2022-1395
MISC
wordpress -- enable_svg_wordpress_plugin
 
The Enable SVG WordPress plugin before 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads2022-05-30not yet calculatedCVE-2022-1562
MISC
wordpress -- external_links_in_new_window/new_tab_wordpress_plugin
 
The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible.2022-05-30not yet calculatedCVE-2022-1582
MISC
wordpress -- external_links_in_new_window/new_tab_wordpress_plugin
 
The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to occur.2022-05-30not yet calculatedCVE-2022-1583
MISC
wordpress -- fatcat_apps_easy_pricing_tables_plugin
 
Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at WordPress.2022-06-02not yet calculatedCVE-2021-36866
CONFIRM
CONFIRM
wordpress -- form_maker_by_10web_wordpress_plugin
 
The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed2022-05-30not yet calculatedCVE-2022-1564
MISC
wordpress -- hpb_dashboard_wordpress_plugin
 
The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.2022-05-30not yet calculatedCVE-2022-1542
MISC
wordpress -- imbd_info_box_wordpress_plugin
 
The IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed2022-05-30not yet calculatedCVE-2022-1294
MISC
wordpress -- jivochat_live_chat_wordpress_plugin
 
The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript.2022-05-30not yet calculatedCVE-2022-0642
MISC
wordpress -- no_future_posts_wordpress_plugin
 
The No Future Posts WordPress plugin through 1.4 does not escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed2022-05-30not yet calculatedCVE-2022-1387
MISC
wordpress -- poll_maker_wordpress_plugin
 
The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed2022-05-30not yet calculatedCVE-2022-1456
MISC
wordpress -- quotes_llama_wordpress_plugin
 
The Quotes llama WordPress plugin through 0.7 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file2022-05-30not yet calculatedCVE-2022-1566
MISC
wordpress -- simple_real_estate_pack_wordpress_plugin
 
The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed2022-05-30not yet calculatedCVE-2022-1646
MISC
wordpress -- slideshow_wordpress_plugin
 
The Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed2022-05-30not yet calculatedCVE-2022-1299
MISC
wordpress -- smush_wordpress_plugin
 
The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin to upload a malicious configuration file2022-05-30not yet calculatedCVE-2022-1009
MISC
wordpress -- social_share_buttons_supsystic_plugin
 
Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress.2022-06-02not yet calculatedCVE-2021-36890
CONFIRM
CONFIRM
wordpress -- stafflist_wordpress_plugin
 
The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection2022-05-30not yet calculatedCVE-2022-1556
MISC
MISC
wordpress -- team_members_wordpress_plugin
 
The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed2022-05-30not yet calculatedCVE-2022-1568
MISC
wordpress -- user_meta_wordpress_pluginThe User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed2022-05-30not yet calculatedCVE-2022-0376
MISC
wordpress -- vikbooking_hotel_booking_engine_&_pms_wordpress_plugin
 
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.9 does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting2022-05-30not yet calculatedCVE-2022-1528
MISC
wordpress -- wp_2fa_wordpress_plugin
 
The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting2022-05-30not yet calculatedCVE-2022-1527
MISC
xwiki_platform -- filter_ui
 
XWiki Platform Filter UI provides a generic user interface to convert from a XWiki Filter input stream to an output stream with settings for each stream. Starting with versions 6.0-milestone-2 and 5.4.4 and prior to versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3, XWiki Platform Filter UI contains a possible cross-site scripting vector in the `Filter.FilterStreamDescriptorForm` wiki page related to pretty much all the form fields printed in the home page of the application. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest workaround is to edit the wiki page `Filter.FilterStreamDescriptorForm` (with wiki editor) according to the instructions in the GitHub Security Advisory.2022-05-31not yet calculatedCVE-2022-29258
MISC
CONFIRM
MISC
xxl-job -- xxl-job
 
XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo.2022-06-03not yet calculatedCVE-2022-29770
MISC
zero_science_lab -- usr_iot_4g_lte_industrial_cellular_vpn_router
 
USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the device.2022-06-02not yet calculatedCVE-2022-29730
MISC
MISC
zzcms -- zzcms
 
An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma.2022-06-02not yet calculatedCVE-2019-12350
MISC
zzcms -- zzcms
 
An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing comma.2022-06-02not yet calculatedCVE-2019-12351
MISC
zzcms -- zzcms
 
An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dl_sendsms.php via the id parameter.2022-06-02not yet calculatedCVE-2019-12349
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.