Vulnerability Summary for the Week of June 27, 2022

Released
Jul 04, 2022
Document ID
SB22-185

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
codesys -- gatewayIn CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.2022-06-247.5CVE-2022-31802
CONFIRM
ibm -- cognos_analyticsIBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238.2022-06-247.5CVE-2021-38945
CONFIRM
XF
illumina -- local_run_managerLRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network.2022-06-2410CVE-2022-1517
MISC
illumina -- local_run_managerLRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.2022-06-2410CVE-2022-1519
MISC
illumina -- local_run_managerLRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure.2022-06-247.5CVE-2022-1518
MISC
melag -- ftp_serverWhen installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system.2022-06-249CVE-2021-41635
MISC
online_student_rate_system_project -- online_student_rate_systemA vulnerability exists in Online Student Rate System v1.0 that allows any user to register as an administrator without needing to be authenticated.2022-06-247.5CVE-2021-39409
MISC
simple_ads_manager_project -- simple_ads_managerA vulnerability classified as critical was found in Simple Ads Manager Plugin. This vulnerability affects unknown code. The manipulation leads to code injection. The attack can be initiated remotely.2022-06-247.5CVE-2017-20095
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
1234n -- minicmsA Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link.2022-06-245.8CVE-2022-33121
MISC
codesys -- gatewayIn CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact.2022-06-245CVE-2022-31803
CONFIRM
codesys -- gatewayThe CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.2022-06-245CVE-2022-31804
CONFIRM
codesys -- runtime_toolkitMultiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which can cause an out-of-bounds read or write access, resulting in denial-of-service condition or local memory overwrite, which can lead to a change of local files. User interaction is not required.2022-06-245.5CVE-2022-32142
CONFIRM
codesys -- runtime_toolkitMultiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a denial-of-service condition. User interaction is not required.2022-06-244CVE-2022-32141
CONFIRM
codesys -- runtime_toolkitMultiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User interaction is not required.2022-06-245.5CVE-2022-1965
CONFIRM
codesys -- runtime_toolkitIn multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously successfully authenticated himself to the controller. A successful Attack may lead to a denial of service, change of local files, or drain of confidential Information. User interaction is not required2022-06-246.5CVE-2022-32143
CONFIRM
codesys -- runtime_toolkitIn multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or memory overwrite.2022-06-246.5CVE-2022-32138
CONFIRM
codesys -- runtime_toolkitIn multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service. User interaction is not required.2022-06-244CVE-2022-32136
CONFIRM
codesys -- runtime_toolkitIn multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. User Interaction is not required.2022-06-244CVE-2022-32139
CONFIRM
codesys -- runtime_toolkitMultiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition. User Interaction is not required.2022-06-244CVE-2022-32140
CONFIRM
codesys -- runtime_toolkitIn multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. User interaction is not required.2022-06-246.5CVE-2022-32137
CONFIRM
dradisframework -- dradisDradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token.2022-06-244.3CVE-2022-30028
MISC
gimp -- gimpAn issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS).2022-06-244.3CVE-2022-32990
MISC
ibm -- cognos_analyticsIBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682.2022-06-244CVE-2021-29768
CONFIRM
XF
ibm -- jazz_team_serverIBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 194891.2022-06-245CVE-2021-20355
XF
CONFIRM
ibm -- jazz_team_serverIBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 206091.2022-06-244.9CVE-2021-29865
XF
CONFIRM
ibm -- jazz_team_serverIBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198931.2022-06-244CVE-2021-20544
XF
CONFIRM
ibm -- jazz_team_serverIBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.2022-06-244CVE-2021-20421
CONFIRM
XF
ibm -- jazz_team_serverIBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 209057.2022-06-245CVE-2021-38879
CONFIRM
XF
illumina -- local_run_managerLRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data.2022-06-246.4CVE-2022-1521
MISC
illumina -- local_run_managerLRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials.2022-06-244.3CVE-2022-1524
MISC
melag -- ftp_serverA user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid FTP usernames.2022-06-245CVE-2021-41634
MISC
melag -- ftp_serverThe authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username.2022-06-245CVE-2021-41638
MISC
online_student_rate_system_project -- online_student_rate_systemCross Site Scripting (XSS) vulnerability exists in Online Student Rate System 1.0 via the page parameter on the index.php file2022-06-244.3CVE-2021-39408
MISC
prison_management_system_project -- prison_management_systemPrison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_inmate.php:32022-06-246.5CVE-2022-32404
MISC
MISC
prison_management_system_project -- prison_management_systemPrison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/view_cell.php:42022-06-246.5CVE-2022-32393
MISC
MISC
prison_management_system_project -- prison_management_systemPrison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/manage_crime.php:42022-06-246.5CVE-2022-32395
MISC
MISC
prison_management_system_project -- prison_management_systemPrison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/view_inmate.php:32022-06-246.5CVE-2022-32394
MISC
MISC
prison_management_system_project -- prison_management_systemPrison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/visits/manage_visit.php:42022-06-246.5CVE-2022-32396
MISC
MISC
prison_management_system_project -- prison_management_systemPrison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/manage_cell.php:42022-06-246.5CVE-2022-32398
MISC
MISC
prison_management_system_project -- prison_management_systemPrison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/prisons/view_prison.php:42022-06-246.5CVE-2022-32405
MISC
MISC
prison_management_system_project -- prison_management_systemPrison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_record.php:42022-06-246.5CVE-2022-32403
MISC
MISC
prison_management_system_project -- prison_management_systemPrison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/prisons/manage_prison.php:42022-06-246.5CVE-2022-32402
MISC
MISC
prison_management_system_project -- prison_management_systemPrison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_privilege.php:42022-06-246.5CVE-2022-32401
MISC
MISC
prison_management_system_project -- prison_management_systemPrison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/visits/view_visit.php:42022-06-246.5CVE-2022-32397
MISC
MISC
prison_management_system_project -- prison_management_systemPrison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/user/manage_user.php:4.2022-06-246.5CVE-2022-32400
MISC
MISC
prison_management_system_project -- prison_management_systemPrison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/view_crime.php:42022-06-246.5CVE-2022-32399
MISC
MISC
prison_management_system_project -- prison_management_systemPrison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/manage_action.php:42022-06-246.5CVE-2022-32392
MISC
MISC
prison_management_system_project -- prison_management_systemPrison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/view_action.php:42022-06-246.5CVE-2022-32391
MISC
MISC
validate_color_project -- validate_colorA Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-color v2.1.0 when handling crafted invalid rgb(a) strings.2022-06-245CVE-2021-40892
MISC
wp-filebase_download_manager_project -- wp-filebase_download_managerA vulnerability was found in WP-Filebase Download Manager Plugin 3.4.4. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely.2022-06-244.3CVE-2017-20097
MISC
MISC
wp-spamfree_anti-spam_project -- wp-spamfree_anti-spamA vulnerability classified as problematic has been found in WP-SpamFree Anti-Spam Plugin 2.1.1.4. This affects an unknown part. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely.2022-06-244.3CVE-2017-20096
MISC
MISC
wpdownloadmanager -- wordpress_download_managerA vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely.2022-06-244.3CVE-2017-20093
MISC
MISC
yoast -- google_analytics_dashboardA vulnerability classified as problematic was found in Google Analytics Dashboard Plugin 2.1.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched remotely.2022-06-244.3CVE-2017-20092
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
eyoucms -- eyoucmsA stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page.2022-06-243.5CVE-2022-33122
MISC
galaxkey -- galaxkeyPersistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the 'subject' field. The payload executes when the recipient logs into their mailbox.2022-06-263.5CVE-2020-27509
MISC
MISC
ibm -- jazz_team_serverIBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 198929.2022-06-243.5CVE-2021-20543
XF
CONFIRM
ibm -- jazz_team_serverIBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208345.2022-06-243.5CVE-2021-38871
XF
CONFIRM
ibm -- jazz_team_serverIBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149.2022-06-242.1CVE-2021-20551
CONFIRM
XF
melag -- ftp_serverWeak access control permissions in MELAG FTP Server 2.2.0.4 allow the "Everyone" group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all FTP users.2022-06-243.6CVE-2021-41637
MISC
melag -- ftp_serverMELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file.2022-06-242.1CVE-2021-41639
MISC
newstatpress_project -- newstatpressA vulnerability, which was classified as problematic, has been found in NewStatPress Plugin 1.2.4. This issue affects some unknown processing. The manipulation leads to basic cross site scripting (Persistent). The attack may be initiated remotely. Upgrading to version 1.2.5 is able to address this issue. It is recommended to upgrade the affected component.2022-06-243.5CVE-2017-20094
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
admidio -- admidioAdmidio 4.1.2 version is affected by stored cross-site scripting (XSS).2022-06-28not yet calculatedCVE-2022-23896
MISC
aerogear -- aerogear
 
The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can't be reached or can slow the server down by purposefully wasting it's time with slow endpoints. Similarly, one can provide whatever HTTP end point they want. This turns the server into a DDOS vector or an anonymizer for the posting of malware and so on.2022-07-01not yet calculatedCVE-2014-3648
MISC
aerogear -- aerogear
 
Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input.2022-07-01not yet calculatedCVE-2014-3650
MISC
MISC
ampere -- alta_and_altramax
 
On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component.2022-07-01not yet calculatedCVE-2022-32295
MISC
MISC
android -- ebook_app
 
SQL Injection vulnerability in viaviwebtech Android EBook App (Books App, PDF, ePub, Online Book Reading, Download Books) 10 via the author_id parameter to api.php.2022-07-01not yet calculatedCVE-2021-32428
MISC
MISC
MISC
MISC
apache -- shiro
 
Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.2022-06-29not yet calculatedCVE-2022-32532
MISC
apache -- systemdsThe Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a "low-priority but useful improvement". SystemDS is a distributed system and needs to serialize/deserialize data but in many code paths (e.g., on Spark broadcast/shuffle or writing to sequence files) the byte stream is anyway protected by additional CRC fingerprints. In this particular case though, the number of decoders is upper-bounded by twice the number of columns, which means an attacker would need to modify two entries in the byte stream in a consistent manner. By adding these checks robustness was strictly improved with almost zero overhead. These code changes are available in versions higher than 2.2.1.2022-06-27not yet calculatedCVE-2022-26477
MISC
apache -- apache
 
The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.2022-06-27not yet calculatedCVE-2022-33879
MISC
MLIST
apifest -- oauth
 
ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization code to the redirect URI submitted with the authorization request, without checking whether the redirect URI is registered by the client who initiated the request. This allows an attacker to craft a request with a manipulated redirect URI (redirect_uri parameter), which is under the attacker's control, and consequently obtain the leaked authorization code when the server redirects the client to the manipulated redirect URI with an authorization code. NOTE: this is similar to CVE-2019-3778.2022-06-29not yet calculatedCVE-2020-26877
MISC
MISC
MISC
apple -- air_transfer
 
A vulnerability was found in Air Transfer 1.0.14/1.2.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.2022-06-27not yet calculatedCVE-2017-20100
MISC
MISC
apple -- album_lock
 
A vulnerability was found in Album Lock 4.0 and classified as critical. Affected by this issue is some unknown functionality of the file /getImage. The manipulation of the argument filePaht leads to path traversal. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.2022-06-27not yet calculatedCVE-2017-20102
MISC
MISC
apple -- iphone
 
A vulnerability was found in Apple iPhone up to 12.4.1. It has been declared as critical. Affected by this vulnerability is Siri. Playing an audio or video file might be able to initiate Siri on the same device which makes it possible to execute commands remotely. Exploit details have been disclosed to the public. The existence and implications of this vulnerability are doubted by Apple even though multiple public videos demonstrating the attack exist. Upgrading to version 13.0 migt be able to address this issue. It is recommended to upgrade affected devices. NOTE: Apple claims, that after examining the report they do not see any actual security implications.2022-06-25not yet calculatedCVE-2019-25071
N/A
N/A
N/A
argo -- cdArgo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a `javascript:` link in the UI. When clicked by a victim user, the script will execute with the victim's permissions (up to and including admin). The script would be capable of doing anything which is possible in the UI or via the API, such as creating, modifying, and deleting Kubernetes resources. A patch for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no completely-safe workarounds besides upgrading.2022-06-27not yet calculatedCVE-2022-31035
MISC
MISC
CONFIRM
argo -- cd
 
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must be an authenticated Argo CD user authorized to deploy Applications from a repository which contains (or can be made to contain) a large file. The fix for this vulnerability is available in versions 2.3.5, 2.2.10, 2.1.16, and later. There are no known workarounds. Users are recommended to upgrade.2022-06-25not yet calculatedCVE-2022-31016
CONFIRM
argo -- cd
 
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is (or may be) used in a Helm-type Application may commit a symlink which points to an out-of-bounds file. If the target file is a valid YAML file, the attacker can read the contents of that file. Sensitive files which could be leaked include manifest files from other Applications' source repositories (potentially decrypted files, if you are using a decryption plugin) or any YAML-formatted secrets which have been mounted as files on the repo-server. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. If you are using a version >=v2.3.0 and do not have any Helm-type Applications you may disable the Helm config management tool as a workaround.2022-06-27not yet calculatedCVE-2022-31036
MISC
CONFIRM
argo -- cd
 
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a relatively-predictable (time-based) seed in a non-cryptographically-secure pseudo-random number generator made the parameter less random than required by the relevant spec or by general best practices. In some cases, using too short a value made the entropy even less sufficient. The attacks on login flows which are meant to be mitigated by these parameters are difficult to accomplish but can have a high impact potentially granting an attacker admin access to Argo CD. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no known workarounds for this vulnerability.2022-06-27not yet calculatedCVE-2022-31034
MISC
CONFIRM
ast -- parserAn issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input.2022-06-30not yet calculatedCVE-2022-33082
MISC
asus -- dsl-n14u-b1
 
Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the "*list" parameters (e.g. filter_lwlist, keyword_rulelist, etc) in every ".asp" page containing a list of stored strings. The following asp files are affected: (1) cgi-bin/APP_Installation.asp, (2) cgi-bin/Advanced_ACL_Content.asp, (3) cgi-bin/Advanced_ADSL_Content.asp, (4) cgi-bin/Advanced_ASUSDDNS_Content.asp, (5) cgi-bin/Advanced_AiDisk_ftp.asp, (6) cgi-bin/Advanced_AiDisk_samba.asp, (7) cgi-bin/Advanced_DSL_Content.asp, (8) cgi-bin/Advanced_Firewall_Content.asp, (9) cgi-bin/Advanced_FirmwareUpgrade_Content.asp, (10) cgi-bin/Advanced_GWStaticRoute_Content.asp, (11) cgi-bin/Advanced_IPTV_Content.asp, (12) cgi-bin/Advanced_IPv6_Content.asp, (13) cgi-bin/Advanced_KeywordFilter_Content.asp, (14) cgi-bin/Advanced_LAN_Content.asp, (15) cgi-bin/Advanced_Modem_Content.asp, (16) cgi-bin/Advanced_PortTrigger_Content.asp, (17) cgi-bin/Advanced_QOSUserPrio_Content.asp, (18) cgi-bin/Advanced_QOSUserRules_Content.asp, (19) cgi-bin/Advanced_SettingBackup_Content.asp, (20) cgi-bin/Advanced_System_Content.asp, (21) cgi-bin/Advanced_URLFilter_Content.asp, (22) cgi-bin/Advanced_VPN_PPTP.asp, (23) cgi-bin/Advanced_VirtualServer_Content.asp, (24) cgi-bin/Advanced_WANPort_Content.asp, (25) cgi-bin/Advanced_WAdvanced_Content.asp, (26) cgi-bin/Advanced_WMode_Content.asp, (27) cgi-bin/Advanced_WWPS_Content.asp, (28) cgi-bin/Advanced_Wireless_Content.asp, (29) cgi-bin/Bandwidth_Limiter.asp, (30) cgi-bin/Guest_network.asp, (31) cgi-bin/Main_AccessLog_Content.asp, (32) cgi-bin/Main_AdslStatus_Content.asp, (33) cgi-bin/Main_Spectrum_Content.asp, (34) cgi-bin/Main_WebHistory_Content.asp, (35) cgi-bin/ParentalControl.asp, (36) cgi-bin/QIS_wizard.asp, (37) cgi-bin/QoS_EZQoS.asp, (38) cgi-bin/aidisk.asp, (39) cgi-bin/aidisk/Aidisk-1.asp, (40) cgi-bin/aidisk/Aidisk-2.asp, (41) cgi-bin/aidisk/Aidisk-3.asp, (42) cgi-bin/aidisk/Aidisk-4.asp, (43) cgi-bin/blocking.asp, (44) cgi-bin/cloud_main.asp, (45) cgi-bin/cloud_router_sync.asp, (46) cgi-bin/cloud_settings.asp, (47) cgi-bin/cloud_sync.asp, (48) cgi-bin/device-map/DSL_dashboard.asp, (49) cgi-bin/device-map/clients.asp, (50) cgi-bin/device-map/disk.asp, (51) cgi-bin/device-map/internet.asp, (52) cgi-bin/error_page.asp, (53) cgi-bin/index.asp, (54) cgi-bin/index2.asp, (55) cgi-bin/qis/QIS_PTM_manual_setting.asp, (56) cgi-bin/qis/QIS_admin_pass.asp, (57) cgi-bin/qis/QIS_annex_setting.asp, (58) cgi-bin/qis/QIS_bridge_cfg_tmp.asp, (59) cgi-bin/qis/QIS_detect.asp, (60) cgi-bin/qis/QIS_finish.asp, (61) cgi-bin/qis/QIS_ipoa_cfg_tmp.asp, (62) cgi-bin/qis/QIS_manual_setting.asp, (63) cgi-bin/qis/QIS_mer_cfg.asp, (64) cgi-bin/qis/QIS_mer_cfg_tmp.asp, (65) cgi-bin/qis/QIS_ppp_cfg.asp, (66) cgi-bin/qis/QIS_ppp_cfg_tmp.asp, (67) cgi-bin/qis/QIS_wireless.asp, (68) cgi-bin/query_wan_status.asp, (69) cgi-bin/query_wan_status2.asp, and (70) cgi-bin/start_apply.asp.2022-07-01not yet calculatedCVE-2022-32988
MISC
MISC
automox -- agent_for_osxThe Automox Agent installation package before 37 on macOS allows an unprivileged user to obtain root access because of incorrect access control on a file used within the PostInstall script.2022-07-01not yet calculatedCVE-2022-27904
MISC
MISC
bento4 -- bento4
 
In Bento4 1.6.0-638, there is an allocator is out of memory in the function AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity in Ap4Array.h:172, as demonstrated by GPAC. This can cause a denial of service (DOS).2022-06-27not yet calculatedCVE-2021-40941
MISC
bento4 -- bento4
 
In Bento4 1.6.0-638, there is a null pointer reference in the function AP4_DescriptorListInspector::Action function in Ap4Descriptor.h:124 , as demonstrated by GPAC. This can cause a denial of service (DOS).2022-06-28not yet calculatedCVE-2021-40943
MISC
bestofinc -- online_hotel_booking_system_proA vulnerability classified as critical has been found in Online Hotel Booking System Pro Plugin 1.0. Affected is an unknown function of the file /front/roomtype-details.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.2022-06-30not yet calculatedCVE-2017-20124
N/A
N/A
bestofinc -- online_hotel_booking_system_pro
 
A vulnerability classified as critical was found in Online Hotel Booking System Pro 1.2. Affected by this vulnerability is an unknown functionality of the file /roomtype-details.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.2022-06-30not yet calculatedCVE-2017-20125
N/A
N/A
bfabiszewski -- libmobi
 
NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11.2022-07-01not yet calculatedCVE-2022-2279
CONFIRM
MISC
bigbluebutton -- bigbluebutton
 
BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim's client. When a user receives a private chat from the attacker (whose username contains malicious JavaScript), the script gets executed. Additionally when the victim receives a notification that the attacker has left the session. This issue has been patched in version 2.4.8 and 2.5.0. There are no known workarounds for this issue.2022-06-27not yet calculatedCVE-2022-31065
CONFIRM
MISC
MISC
bigbluebutton -- bigbluebutton
 
BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker (with xss in the name) starts a chat. in the victim's client the JavaScript will be executed. This issue has been addressed in version 2.4.8 and 2.5.0. There are no known workarounds for this issue.2022-06-27not yet calculatedCVE-2022-31064
MISC
CONFIRM
MISC
MISC
FULLDISC
MISC
bigbluebutton -- greenlight
 
Greenlight is a simple front-end interface for your BigBlueButton server. In affected versions an attacker can view any room's settings even though they are not authorized to do so. Only the room owner and administrator should be able to view a room's settings. This issue has been patched in release version 2.12.6.2022-06-27not yet calculatedCVE-2022-31039
CONFIRM
MISC
bitrix -- site_manager
 
A vulnerability classified as problematic was found in Bitrix Site Manager 12.06.2015. Affected by this vulnerability is an unknown functionality of the component Contact Form. The manipulation of the argument text with the input <img src="http://1"; on onerror="$(’p').text(’Hacked’)" /> leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.2022-06-30not yet calculatedCVE-2017-20122
N/A
N/A
brocade -- sannav
 
Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log2022-06-27not yet calculatedCVE-2022-28167
MISC
CONFIRM
brocade -- sannav
 
In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082.2022-06-27not yet calculatedCVE-2022-28166
MISC
CONFIRM
brocade -- sannav
 
In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords.2022-06-27not yet calculatedCVE-2022-28168
MISC
CONFIRM
centum -- multiple_versions
 
Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration.2022-06-28not yet calculatedCVE-2022-30707
MISC
MISC
MISC
MISC
cilan2 -- iotA stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.2022-06-30not yet calculatedCVE-2022-33087
MISC
clever -- underscore.deep
 
Underscore.deep is a collection of Underscore mixins that operate on nested objects. Versions of `underscore.deep` prior to version 0.5.3 are vulnerable to a prototype pollution vulnerability. An attacker can craft a malicious payload and pass it to `deepFromFlat`, which would pollute any future Objects created. Any users that have `deepFromFlat` or `deepPick` (due to its dependency on `deepFromFlat`) in their code should upgrade to version 0.5.3 as soon as possible. Users unable to upgrade may mitigate this issue by modifying `deepFromFlat` to prevent specific keywords which will prevent this from happening.2022-06-28not yet calculatedCVE-2022-31106
MISC
CONFIRM
cloudflare -- warp_client_for_windowsCloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files.2022-06-28not yet calculatedCVE-2022-2145
MISC
college_management_sytem -- college_management_system
 
College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file.2022-07-01not yet calculatedCVE-2022-32420
MISC
d-link -- dir-645
 
D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi.2022-06-27not yet calculatedCVE-2022-32092
MISC
MISC
dahuasecurity -- dahuasecurityWhen an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login packet.2022-06-28not yet calculatedCVE-2022-30563
MISC
dahuasecurity --dahuasecurityWhen an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash.2022-06-28not yet calculatedCVE-2022-30560
MISC
dahuasecurity --dahuasecurityWhen an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login packet.2022-06-28not yet calculatedCVE-2022-30561
MISC
dahuasecurity --dahuasecurity
 
If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page.2022-06-28not yet calculatedCVE-2022-30562
MISC
das -- u-boot
 
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.2022-06-30not yet calculatedCVE-2022-34835
MISC
MISC
MISC
das -- u-boot
 
Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().2022-07-01not yet calculatedCVE-2022-33103
MISC
MISC
dcmtk -- dcmtkDCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack.2022-06-28not yet calculatedCVE-2021-41689
MISC
MISC
dcmtk -- dcmtkDCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can use it to launch a DoS attack.2022-06-28not yet calculatedCVE-2021-41690
MISC
MISC
dcmtk -- dcmtk
 
DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack.2022-06-28not yet calculatedCVE-2021-41688
MISC
MISC
dcmtk -- dcmtk
 
DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack.2022-06-28not yet calculatedCVE-2021-41687
MISC
MISC
deep.assign -- deep.assigndeep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').2022-06-30not yet calculatedCVE-2021-40663
MISC
MISC
dell -- powerscale_onefsDell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources.2022-06-28not yet calculatedCVE-2022-31229
MISC
dell -- powerscale_onefs
 
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access.2022-06-28not yet calculatedCVE-2022-31230
MISC
delta_electronics -- diaenergieA cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field.2022-06-27not yet calculatedCVE-2022-33005
MISC
devolutions -- remote_desktop_manager
 
Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8.2022-06-27not yet calculatedCVE-2022-2221
MISC
discourse -- discourse
 
Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn't match the invite's email or does not adhere to the email domain restriction of an invite link. The impact of this flaw is aggravated when the invite has been configured to add the user that accepts the invite into restricted groups. Once a user has been incorrectly added to a restricted group, the user may then be able to view content which that are restricted to the respective group. Users are advised to upgrade to the current stable releases. There are no known workarounds to this issue.2022-06-27not yet calculatedCVE-2022-31096
CONFIRM
distributed_data_systems -- webhmi
 
A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 can store a script that could impact other logged in users.2022-07-01not yet calculatedCVE-2022-2254
CONFIRM
distributed_data_systems -- webhmi
 
A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the host server.2022-07-01not yet calculatedCVE-2022-2253
CONFIRM
dompdf -- dompdfServer-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.2022-06-28not yet calculatedCVE-2022-0085
MISC
CONFIRM
easy_table_plugin -- easy_table_plugin
 
A vulnerability classified as problematic has been found in Easy Table Plugin 1.6. This affects an unknown part of the file /wordpress/wp-admin/options-general.php. The manipulation with the input "><script>alert(1)</script> leads to basic cross site scripting. It is possible to initiate the attack remotely.2022-06-29not yet calculatedCVE-2017-20108
MISC
MISC
ecshop -- eschop
 
ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.2022-06-28not yet calculatedCVE-2021-41460
MISC
edimax -- ic-3140w
 
The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password.2022-06-29not yet calculatedCVE-2021-40597
MISC
MISC
MISC
elcomplus -- smartics
 
An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0.2022-06-27not yet calculatedCVE-2022-2088
CONFIRM
elcomplus -- smartics
 
Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files.2022-06-27not yet calculatedCVE-2022-2106
CONFIRM
elcomplus -- smartics
 
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters.2022-06-27not yet calculatedCVE-2022-2140
CONFIRM
embarcadero -- dev-cppA binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execute arbitrary code via a crafted .exe file.2022-06-29not yet calculatedCVE-2022-33036
MISC
ember.js -- ember.js
 
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view's `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain ("XSS"). This vulnerability only affects applications that assign or bind user-provided content to `tagName`.2022-06-30not yet calculatedCVE-2013-4170
MISC
MISC
MISC
espcms -- espcms
 
ESPCMS P8 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the fetch_filename function at \espcms_public\espcms_templates\ESPCMS_Templates.2022-06-30not yet calculatedCVE-2022-33085
MISC
espressif -- bluetootj_mesh_sdk
 
ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (`ESP-BLE-MESH`), a memory corruption vulnerability can be triggered during provisioning, because there is no check for the `SegN` field of the Transaction Start PDU. This can result in memory corruption related attacks and potentially attacker gaining control of the entire system. Patch commits are available on the 4.1, 4.2, 4.3 and 4.4 branches and users are recommended to upgrade. The upgrade is applicable for all applications and users of `ESP-BLE-MESH` component from `ESP-IDF`. As it is implemented in the Bluetooth Mesh stack, there is no workaround for the user to fix the application layer without upgrading the underlying firmware.2022-06-25not yet calculatedCVE-2022-24893
CONFIRM
exemys -- rme1
 
By using a specific credential string, an attacker with network access to the device’s web interface could circumvent the authentication scheme and perform administrative operations.2022-06-30not yet calculatedCVE-2022-2197
MISC
eyeofnetwork -- eyeofnetwork
 
EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it is possible to execute any command, which will be executed when we make a test of the configuration ("send test mail").2022-06-30not yet calculatedCVE-2021-40643
MISC
MISC
form --contact_form_wordpress_pluginThe Form - Contact Form WordPress plugin through 1.2.0 does not sanitize and escape Custom text fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed2022-06-27not yet calculatedCVE-2022-1326
MISC
fusionpbx -- fusionpbx
 
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php.2022-07-01not yet calculatedCVE-2021-37524
MISC
MISC
getgrav -- gravCode Injection in GitHub repository getgrav/grav prior to 1.7.34.2022-06-29not yet calculatedCVE-2022-2073
MISC
CONFIRM
gitee -- gitee
 
When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception.2022-06-27not yet calculatedCVE-2021-33654
MISC
gitee -- gitee
 
When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception.2022-06-27not yet calculatedCVE-2021-33653
MISC
gitee -- gitee
 
When the Reduce operator run operation is executed, if there is a value of 0 in the parameter axis_sizes element, it will cause a division by 0 exception.2022-06-27not yet calculatedCVE-2021-33652
MISC
gitee -- gitee
 
When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers.2022-06-27not yet calculatedCVE-2021-33648
MISC
gitee -- gitee
 
When performing the inference shape operation of the Tile operator, if the input data type is not int or int32, it will access data outside of bounds of heap allocated buffers.2022-06-27not yet calculatedCVE-2021-33647
MISC
gitee -- gitee
 
When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers.2022-06-27not yet calculatedCVE-2021-33650
MISC
gitee -- gitee
 
When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_multiplier is 0, it will cause a division by 0 exception.2022-06-27not yet calculatedCVE-2021-33651
MISC
gitee -- gitee
 
When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will access data outside of bounds of input_shape which allocated from heap buffers.2022-06-27not yet calculatedCVE-2021-33649
MISC
gitlab -- ce/eeImproper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions2022-07-01not yet calculatedCVE-2022-2227
MISC
MISC
CONFIRM
gitlab -- ce/ee
 
An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of.2022-07-01not yet calculatedCVE-2022-2229
CONFIRM
MISC
MISC
gitlab -- ce/ee
 
An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description.2022-07-01not yet calculatedCVE-2022-1999
MISC
CONFIRM
gitlab -- ce/ee
 
A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf.2022-07-01not yet calculatedCVE-2022-2230
MISC
CONFIRM
MISC
gitlab -- ee
 
An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group milestones are associated with any project releases.2022-07-01not yet calculatedCVE-2022-2281
MISC
MISC
CONFIRM
gitlab -- ee
 
Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP address restrictions were configured.2022-07-01not yet calculatedCVE-2022-1983
MISC
CONFIRM
gitlab -- ee
 
Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling from outside the allowed IP range2022-07-01not yet calculatedCVE-2022-2228
CONFIRM
MISC
gitlab -- ee
 
Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link2022-07-01not yet calculatedCVE-2022-2235
MISC
MISC
CONFIRM
gitlab -- ee
 
An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains, that allow-list may be bypassed if a Maintainer uses the 'Invite a group' feature to invite a group that has members that don't comply with domain allow-list.2022-07-01not yet calculatedCVE-2022-1981
MISC
MISC
CONFIRM
gitlab -- ee/ce
 
An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL.2022-07-01not yet calculatedCVE-2022-2250
CONFIRM
MISC
MISC
gitlab -- ee/ce
 
An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project's error tracking feature.2022-07-01not yet calculatedCVE-2022-2244
CONFIRM
MISC
MISC
gitlab -- ee/ce
 
An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in non-linked sentry projects.2022-07-01not yet calculatedCVE-2022-2243
MISC
MISC
CONFIRM
gitlab -- gitlab
 
An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making it possible to be retrieved under certain conditions.2022-07-01not yet calculatedCVE-2022-0167
MISC
CONFIRM
gitlab -- gitlab
 
An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification.2022-07-01not yet calculatedCVE-2022-2270
CONFIRM
MISC
MISC
gitlab -- ce/eeA Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers2022-07-01not yet calculatedCVE-2022-1954
MISC
CONFIRM
MISC
gitlab -- ce/ee
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab reveals if a user has enabled two-factor authentication on their account in the HTML source, to unauthenticated users.2022-07-01not yet calculatedCVE-2022-1963
MISC
MISC
CONFIRM
gitlab -- gitlab
 
A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where it was possible for an unauthorised user to execute arbitrary code on the server using the project import feature.2022-07-01not yet calculatedCVE-2022-2185
CONFIRM
MISC
MISC
glpi -- glpi
 
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is not authenticated. This issue has been addressed in version 10.0.2 and all affected users are advised to upgrade.2022-06-28not yet calculatedCVE-2022-31068
MISC
CONFIRM
glpi -- glpi
 
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a SQL injection can be made using package deployment tasks. This issue has been resolved in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should delete the `front/deploypackage.public.php` file if they are not using the `deploy tasks` feature.2022-06-27not yet calculatedCVE-2022-31082
MISC
CONFIRM
glpi -- glpi
 
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms (Ticket/Change/Problem) permit sql injection on the actor fields. This issue has been resolved in version 10.0.2 and all affected users are advised to upgrade.2022-06-28not yet calculatedCVE-2022-31056
CONFIRM
glpi -- glpi
 
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.2022-06-28not yet calculatedCVE-2022-31061
CONFIRM
MISC
gnupg -- gnupg
 
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.2022-07-01not yet calculatedCVE-2022-34903
MISC
MISC
MISC
MLIST
gpac -- gpac
 
The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.2022-06-28not yet calculatedCVE-2021-40608
MISC
gpac -- gpac
 
The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.2022-06-28not yet calculatedCVE-2021-40606
MISC
gpac -- gpac
 
The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.2022-06-28not yet calculatedCVE-2021-40607
MISC
gpac -- gpac
 
The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.2022-06-28not yet calculatedCVE-2021-40609
MISC
gpac -- mp4boxIn GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS).2022-06-28not yet calculatedCVE-2021-40944
MISC
gpac -- mp4box
 
In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c:1454, as demonstrated by GPAC. This can cause a denial of service (DOS).2022-06-27not yet calculatedCVE-2021-40942
MISC
gps-sdr-sim -- gps-sdr-sim
 
There is a buffer overflow in gps-sdr-sim v1.0 when parsing long command line parameters, which can lead to DoS or code execution.2022-06-30not yet calculatedCVE-2021-37778
MISC
gunet -- open_eclass_platformAn issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal.2022-06-27not yet calculatedCVE-2022-33116
MISC
MISC
MISC
MISC
guzzle -- guzzle
 
Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify an `Authorization` header. On making a request which responds with a redirect to a URI with a different origin (change in host, scheme or port), if we choose to follow it, we should remove the `CURLOPT_HTTPAUTH` option before continuing, stopping curl from appending the `Authorization` header to the new request. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. If you do not require or expect redirects to be followed, one should simply disable redirects all together. Alternatively, one can specify to use the Guzzle steam handler backend, rather than curl.2022-06-27not yet calculatedCVE-2022-31090
MISC
CONFIRM
guzzle -- guzzle
 
Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the `Authorization` and `Cookie` headers from the request, before containing. Previously, we would only consider a change in host or scheme. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. An alternative approach would be to use your own redirect middleware, rather than ours, if you are unable to upgrade. If you do not require or expect redirects to be followed, one should simply disable redirects all together.2022-06-27not yet calculatedCVE-2022-31091
MISC
CONFIRM
halo_cms -- halo_cmsHalo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function.2022-06-27not yet calculatedCVE-2022-32995
MISC
halo_cms -- halo_cmsHalo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload.2022-06-27not yet calculatedCVE-2022-32994
MISC
hikvision -- hybrid_san/cluster_storage
 
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device.2022-06-27not yet calculatedCVE-2022-28171
MISC
hikvision -- hybrid_san_cluster_storage
 
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending messages with malicious commands to the affected device.2022-06-27not yet calculatedCVE-2022-28172
MISC
hongcms -- hongcmsAn issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.2022-07-01not yet calculatedCVE-2022-32412
MISC
hongcms -- hongcmsAn issue in the languages config file of HongCMS v3.0 allows attackers to getshell.2022-07-01not yet calculatedCVE-2022-32411
MISC
hospital_management_system -- hospital_management_systemHospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php.2022-07-01not yet calculatedCVE-2022-32094
MISC
hospital_management_system -- hospital_management_systemHospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php.2022-07-01not yet calculatedCVE-2022-32093
MISC
hospital_management_system -- hospital_management_systemHospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php.2022-07-01not yet calculatedCVE-2022-32095
MISC
hpe -- nonstop_dsm/scm
 
A remote disclosure of sensitive information vulnerability was discovered in HPE NonStop DSM/SCM version: T6031H03^ADP. HPE has provided a software update to resolve this vulnerability in HPE NonStop DSM/SCM.2022-06-28not yet calculatedCVE-2022-28621
MISC
hpe -- storeonceA potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2.2022-06-27not yet calculatedCVE-2022-28622
MISC
ibm -- cloudpak
 
IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these containers could execute arbitrary commands. IBM X-Force ID: 211048.2022-06-30not yet calculatedCVE-2021-38941
XF
CONFIRM
ibm -- infosphere_information_server
 
An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system that may contain non-sensitive debugging information like stack traces. IBM X-Force ID: 221323.2022-07-01not yet calculatedCVE-2022-22373
XF
CONFIRM
ibm -- security_guardium
 
IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.2022-06-29not yet calculatedCVE-2021-39074
CONFIRM
XF
ibm -- spectrum_protectIBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets. This can result in a denial of service for IBM Spectrum Protect client operations. IBM X-Force ID: 225348.2022-06-30not yet calculatedCVE-2022-22474
XF
CONFIRM
ibm -- spectrum_protect
 
While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942.2022-06-30not yet calculatedCVE-2022-22496
XF
CONFIRM
ibm -- spectrum_protect
 
An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326.2022-06-30not yet calculatedCVE-2022-22487
XF
CONFIRM
ibm -- spectrum_protect
 
IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886.2022-06-30not yet calculatedCVE-2022-22478
CONFIRM
XF
ibm -- spectrum_protect
 
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID: 226940.2022-06-30not yet calculatedCVE-2022-22494
CONFIRM
XF
ibm -- spectrum_protect_plus_container_backup_and_restoreIBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper disclosure of session information. By retrieving the logs of a container an attacker could exploit this vulnerability to bypass login security of the IBM Spectrum Protect Plus server and gain unauthorized access based on the permissions of the IBM Spectrum Protect Plus user to the vulnerable Spectrum Protect Plus server software. IBM X-Force ID: 225340.2022-06-30not yet calculatedCVE-2022-22472
CONFIRM
XF
ibm -- sterling_b2b_integrator
 
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could disclose sensitive version information that could aid in future attacks against the system. IBM X-Force ID: 211414.2022-06-30not yet calculatedCVE-2021-38954
CONFIRM
XF
ibm -- urban_code_deploy
 
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008.2022-07-01not yet calculatedCVE-2022-22367
CONFIRM
XF
ibm -- urban_code_deploy
 
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106.2022-07-01not yet calculatedCVE-2022-22366
CONFIRM
XF
ilias -- ilias
 
In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts.2022-06-29not yet calculatedCVE-2022-31266
MISC
MISC
image_galery -- grid_gallery_ wordpress_ pluginThe Image Gallery - Grid Gallery WordPress plugin through 1.1.1 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed2022-06-27not yet calculatedCVE-2022-1327
MISC
ionicabizau -- parse-pathExposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0.2022-06-27not yet calculatedCVE-2022-0722
MISC
CONFIRM
ionicabizau -- parse-pathAuthorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0.2022-06-28not yet calculatedCVE-2022-0624
CONFIRM
MISC
ionicabizau -- parse-url
 
Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0.2022-06-27not yet calculatedCVE-2022-2218
MISC
CONFIRM
ionicabizau -- parse-url
 
Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0.2022-06-27not yet calculatedCVE-2022-2217
MISC
CONFIRM
ionicabizau -- parse-url
 
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0.2022-06-27not yet calculatedCVE-2022-2216
MISC
CONFIRM
ivpn -- client
 
A vulnerability has been found in IVPN Client 2.6.6120.33863 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument --up cmd leads to improper privilege management. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.6.2 is able to address this issue. It is recommended to upgrade the affected component.2022-06-29not yet calculatedCVE-2017-20112
MISC
MISC
MISC
jaredhanson -- passport
 
This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.2022-07-01not yet calculatedCVE-2022-25896
CONFIRM
CONFIRM
CONFIRM
jenkins -- build-metrics_pluginJenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them.2022-06-30not yet calculatedCVE-2022-34785
CONFIRM
jenkins -- build-metrics_pluginJenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission.2022-06-30not yet calculatedCVE-2022-34784
CONFIRM
jenkins -- build_notifications_pluginJenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.2022-06-30not yet calculatedCVE-2022-34801
CONFIRM
jenkins -- build_notifications_pluginJenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.2022-06-30not yet calculatedCVE-2022-34800
CONFIRM
jenkins -- cisco_spark_pluginJenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.2022-06-30not yet calculatedCVE-2022-34808
CONFIRM
jenkins -- deployment_dashboard_pluginJenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.2022-06-30not yet calculatedCVE-2022-34799
CONFIRM
jenkins -- deployment_dashboard_pluginA cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials.2022-06-30not yet calculatedCVE-2022-34797
CONFIRM
jenkins -- deployment_dashboard_pluginJenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.2022-06-30not yet calculatedCVE-2022-34795
CONFIRM
jenkins -- deployment_dashboard_pluginA missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.2022-06-30not yet calculatedCVE-2022-34796
CONFIRM
jenkins -- deployment_dashboard_pluginJenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials.2022-06-30not yet calculatedCVE-2022-34798
CONFIRM
jenkins -- elasticsearch_query_pluginJenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.2022-06-30not yet calculatedCVE-2022-34807
CONFIRM
jenkins -- extreme_feedback_panel_pluginJenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.2022-06-30not yet calculatedCVE-2022-34790
CONFIRM
jenkins -- failed_job_deactivator_pluginJenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints, allowing attackers with Overall/Read permission to disable jobs.2022-06-30not yet calculatedCVE-2022-34818
CONFIRM
jenkins -- failed_job_deactivator_pluginA cross-site request forgery (CSRF) vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs.2022-06-30not yet calculatedCVE-2022-34817
CONFIRM
jenkins -- gitlab_plugin
 
Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.2022-06-30not yet calculatedCVE-2022-34777
CONFIRM
jenkins -- hpe_network_virtualization_pluginJenkins HPE Network Virtualization Plugin 1.0 stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.2022-06-30not yet calculatedCVE-2022-34816
CONFIRM
jenkins -- jigomerge_plugin
 
Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.2022-06-30not yet calculatedCVE-2022-34806
CONFIRM
jenkins -- plot_pluginJenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.2022-06-30not yet calculatedCVE-2022-34783
CONFIRM
jenkins -- project_inheritance_plugin
 
Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked.2022-06-30not yet calculatedCVE-2022-34787
CONFIRM
jenkins -- recipe_pluginMissing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.2022-06-30not yet calculatedCVE-2022-34794
CONFIRM
jenkins -- recipe_pluginJenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.2022-06-30not yet calculatedCVE-2022-34793
CONFIRM
jenkins -- recipe_pluginA cross-site request forgery (CSRF) vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML.2022-06-30not yet calculatedCVE-2022-34792
CONFIRM
jenkins -- request_rename_or_delete_pluginA cross-site request forgery (CSRF) vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs.2022-06-30not yet calculatedCVE-2022-34815
CONFIRM
jenkins -- request_rename_or_delete_pluginJenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration page listing pending requests.2022-06-30not yet calculatedCVE-2022-34814
CONFIRM
jenkins -- requests-plugin_pluginAn incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests.2022-06-30not yet calculatedCVE-2022-34782
CONFIRM
jenkins -- rocketchat_notifier_pluginJenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.2022-06-30not yet calculatedCVE-2022-34802
CONFIRM
jenkins -- rqm_pluginA missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.2022-06-30not yet calculatedCVE-2022-34810
CONFIRM
jenkins -- rqm_pluginJenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.2022-06-30not yet calculatedCVE-2022-34809
CONFIRM
jenkins -- skype_notifier_plugin
 
Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.2022-06-30not yet calculatedCVE-2022-34805
CONFIRM
jenkins -- testng_results_pluginJenkins TestNG Results Plugin 554.va4a552116332 and earlier renders the unescaped test descriptions and exception messages provided in test results if certain job-level options are set, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or control test results.2022-06-30not yet calculatedCVE-2022-34778
CONFIRM
jenkins -- validating_email_parameter_pluginJenkins Validating Email Parameter Plugin 1.10 and earlier does not escape the name and description of its parameter type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.2022-06-30not yet calculatedCVE-2022-34791
CONFIRM
jenkins -- xebialabs_xl_release_pluginA cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.2022-06-30not yet calculatedCVE-2022-34780
CONFIRM
jenkins -- xebialabs_xl_release_pluginA missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.2022-06-30not yet calculatedCVE-2022-34779
CONFIRM
jenkins -- xebialabs_xl_release_pluginMissing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.2022-06-30not yet calculatedCVE-2022-34781
CONFIRM
jenkins -- xpath_configuration_viewer_pluginA cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions.2022-06-30not yet calculatedCVE-2022-34812
CONFIRM
jenkins -- xpath_configuration_viewer_pluginA missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page.2022-06-30not yet calculatedCVE-2022-34811
CONFIRM
jenkins -- xpath_configuration_viewer_pluginA missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions.2022-06-30not yet calculatedCVE-2022-34813
CONFIRM
jenkins -- matrix_reloaded_pluginA cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds.2022-06-30not yet calculatedCVE-2022-34789
CONFIRM
jenkins -- matrix_reloaded_pluginJenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.2022-06-30not yet calculatedCVE-2022-34788
CONFIRM
jenkins -- opsgenie_pluginJenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission (config.xml), or access to the Jenkins controller file system.2022-06-30not yet calculatedCVE-2022-34803
CONFIRM
jenkins -- opsgenie_pluginJenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain text as part of the global Jenkins configuration form and job configuration forms, potentially resulting in their exposure.2022-06-30not yet calculatedCVE-2022-34804
CONFIRM
jenkins -- rich_text_publisher_plugin
 
Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.2022-06-30not yet calculatedCVE-2022-34786
CONFIRM
jetbrains -- hub
 
In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services2022-07-01not yet calculatedCVE-2022-34894
MISC
jira -- data_center_and_server_mobile_plugin
 
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.2022-06-30not yet calculatedCVE-2022-26135
MISC
MISC
MISC
jorani -- joraniBenjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php.2022-06-28not yet calculatedCVE-2022-34133
MISC
MISC
jorani -- joraniBenjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php.2022-06-28not yet calculatedCVE-2022-34134
MISC
MISC
jorani -- joraniBenjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php.2022-06-28not yet calculatedCVE-2022-34132
MISC
MISC
joy_ebike -- wolf
 
Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote attackers to jam the key fob request via RF.2022-06-29not yet calculatedCVE-2022-30467
MISC
MISC
jpegoptim -- jpegoptimJPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.2022-07-01not yet calculatedCVE-2022-32325
MISC
kjur -- jsrsasign
 
The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT signature if it has Base64URL and dot safe string before executing JWS.verify() or JWS.verifyJWT() method.2022-07-01not yet calculatedCVE-2022-25898
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
kubeedge -- kubeedge
 
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates with the CSI Driver on the cloud side, the attack is limited to the local host network. As such, an attacker would already need to be an authenticated user of the Cloud. Additionally it will be affected only when users turn on the unixsocket switch in the config file cloudcore.yaml. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. Users unable to upgrade should sisable the unixsocket switch of CloudHub in the config file cloudcore.yaml.2022-06-27not yet calculatedCVE-2022-31076
MISC
CONFIRM
kubeedge -- kubeedge
 
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a consequence, the CSI Driver controller will be in denial of service. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. At the time of writing, no workaround exists.2022-06-27not yet calculatedCVE-2022-31077
MISC
CONFIRM
MISC
l2blocker -- l2blocker
 
Authentication bypass vulnerability in the setup screen of L2Blocker(on-premise) Ver4.8.5 and earlier and L2Blocker(Cloud) Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative paths or channels for Sensor.2022-06-27not yet calculatedCVE-2022-33202
MISC
MISC
ldap -- account_managerLDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor argument. This can lead to code execution if non-LAM classes are instantiated that execute code during object creation. This issue has been fixed in version 8.0.2022-06-27not yet calculatedCVE-2022-31084
MISC
CONFIRM
ldap -- account_manager
 
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Code Execution if the /config/templates/pdf/ directory is accessible for remote users. This is not a default configuration of LAM. This issue has been fixed in version 8.0. There are no known workarounds for this issue.2022-06-27not yet calculatedCVE-2022-31086
CONFIRM
MISC
ldap -- account_manager
 
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by configuration. This issue has been fixed in version 8.0. Users unable to upgrade should install the PHP OpenSSL extension and make sure session encryption is enabled in LAM main configuration.2022-06-27not yet calculatedCVE-2022-31085
CONFIRM
MISC
ldap -- account_manager
 
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LDAP search configuration. This issue has been fixed in version 8.0.2022-06-27not yet calculatedCVE-2022-31088
MISC
CONFIRM
ldap -- account_manager
 
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php (and .php5/.php4/.phpt/etc) files. An attacker capable of writing files under www-data privileges can write a web-shell into this directory, and gain a Code Execution on the host. This issue has been fixed in version 8.0. Users unable to upgrade should disallow executing PHP scripts in (/var/lib/ldap-account-manager/)tmp directory.2022-06-27not yet calculatedCVE-2022-31087
MISC
CONFIRM
lettersanitizer -- lettersantizer
 
lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule `@keyframes`. This package is depended on by [react-letter](https://github.com/mat-sz/react-letter), therefore everyone using react-letter is also at risk. The problem has been patched in version 1.0.2.2022-06-27not yet calculatedCVE-2022-31103
MISC
CONFIRM
MISC
libtiff -- libtiffDivide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.2022-06-30not yet calculatedCVE-2022-2056
MISC
CONFIRM
MISC
libtiff -- libtiff
 
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.2022-06-30not yet calculatedCVE-2022-2057
MISC
CONFIRM
MISC
libtiff -- libtiff
 
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.2022-06-30not yet calculatedCVE-2022-2058
CONFIRM
MISC
MISC
lightcms -- lightcms
 
A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file.2022-06-27not yet calculatedCVE-2022-33009
MISC
MISC
MISC
linux -- linux_kernelrpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.2022-06-26not yet calculatedCVE-2022-34495
MISC
MISC
linux -- linux_kernelrpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.2022-06-26not yet calculatedCVE-2022-34494
MISC
MISC
linux -- linux_kernel
 
A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.2022-06-30not yet calculatedCVE-2022-2078
MISC
linux -- linux_kernel
 
A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU.2022-06-30not yet calculatedCVE-2022-1852
MISC
lirantal -- git-cloneAll versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git.2022-07-01not yet calculatedCVE-2022-25900
CONFIRM
CONFIRM
lithium_technologies -- lithium_forum
 
A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the argument upload_url leads to server-side request forgery. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.2022-06-28not yet calculatedCVE-2017-20106
N/A
N/A
lua -- lua
 
An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.2022-07-01not yet calculatedCVE-2022-33099
MISC
MISC
MISC
MISC
MISC
manageiq -- awesome_spawn
 
Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command.2022-06-30not yet calculatedCVE-2014-0156
MISC
MISC
mariadb -- mariadbMariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.2022-07-01not yet calculatedCVE-2022-32086
MISC
mariadb -- mariadbMariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.2022-07-01not yet calculatedCVE-2022-32082
MISC
mariadb -- mariadbMariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.2022-07-01not yet calculatedCVE-2022-32088
MISC
mariadb -- mariadbMariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.2022-07-01not yet calculatedCVE-2022-32089
MISC
mariadb -- mariadbMariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.2022-07-01not yet calculatedCVE-2022-32083
MISC
mariadb -- mariadbMariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.2022-07-01not yet calculatedCVE-2022-32085
MISC
mariadb -- mariadbMariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.2022-07-01not yet calculatedCVE-2022-32081
MISC
mariadb -- mariadbMariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.2022-07-01not yet calculatedCVE-2022-32087
MISC
mariadb -- mariadb
 
MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.2022-07-01not yet calculatedCVE-2022-32091
MISC
mariadb -- mariadb
 
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.2022-07-01not yet calculatedCVE-2022-32084
MISC
marval_global -- marval_msmMarval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys.2022-06-28not yet calculatedCVE-2022-31883
MISC
MISC
MISC
marval_global -- marval_msmMarval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form.2022-06-28not yet calculatedCVE-2022-31886
MISC
MISC
MISC
MISC
marval_global -- marval_msmMarval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys.2022-06-28not yet calculatedCVE-2022-31884
MISC
MISC
MISC
marval_global -- marval_msm
 
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password.2022-06-28not yet calculatedCVE-2022-31887
MISC
MISC
MISC
marval_global -- marval_msm
 
Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts.2022-06-28not yet calculatedCVE-2022-31885
MISC
MISC
MISC
mcms -- mcms
 
MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability.2022-07-01not yet calculatedCVE-2022-31943
MISC
md2roff -- md2roff
 
** DISPUTED ** md2roff 1.7 has a stack-based buffer overflow via a Markdown file containing a large number of consecutive characters to be processed. NOTE: the vendor's position is that the product is not intended for untrusted input.2022-07-02not yet calculatedCVE-2022-34913
MISC
mediawiki -- mediawiki
 
An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack vectors within the Wikibase and WikibaseLexeme extensions. This is related to Special:NewLexeme and Special:NewProperty.2022-06-28not yet calculatedCVE-2022-34750
MISC
MISC
MISC
mediawiki -- mediawiki
 
An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped.2022-07-02not yet calculatedCVE-2022-34912
MISC
mediawiki -- mediawiki
 
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text().2022-07-02not yet calculatedCVE-2022-34911
MISC
mermaid -- mermaid
 
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary `CSS` into the generated graph allowing them to change the styling of elements outside of the generated graph, and potentially exfiltrate sensitive information by using specially crafted `CSS` selectors. The following example shows how an attacker can exfiltrate the contents of an input field by bruteforcing the `value` attribute one character at a time. Whenever there is an actual match, an `http` request will be made by the browser in order to "load" a background image that will let an attacker know what's the value of the character. This issue may lead to `Information Disclosure` via CSS selectors and functions able to generate HTTP requests. This also allows an attacker to change the document in ways which may lead a user to perform unintended actions, such as clicking on a link, etc. This issue has been resolved in version 9.1.3. Users are advised to upgrade. Users unable to upgrade should ensure that user input is adequately escaped before embedding it in CSS blocks.2022-06-28not yet calculatedCVE-2022-31108
MISC
CONFIRM
metamask -- metamask_extension
 
MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue.2022-06-29not yet calculatedCVE-2022-32969
MISC
MISC
MISC
microsoft -- edgeMicrosoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638.2022-06-29not yet calculatedCVE-2022-33639
N/A
microsoft -- edgeMicrosoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33639.2022-06-29not yet calculatedCVE-2022-33638
N/A
microsoft -- edge
 
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33638, CVE-2022-33639.2022-06-29not yet calculatedCVE-2022-30192
N/A
microweber -- microweber
 
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.2022-07-01not yet calculatedCVE-2022-2280
MISC
CONFIRM
microweber -- microweber
 
Open Redirect in GitHub repository microweber/microweber prior to 1.2.19.2022-06-29not yet calculatedCVE-2022-2252
MISC
CONFIRM
minicms -- minicms
 
File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php.2022-06-28not yet calculatedCVE-2020-19896
MISC
minioranges_google_authenticator -- minioranges_google_authenticator_wordpress_pluginThe miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)2022-06-27not yet calculatedCVE-2022-1321
MISC
myadmin -- myadmin
 
MyAdmin v1.0 is affected by an incorrect access control vulnerability in viewing personal center in /api/user/userData?userCode=admin.2022-06-30not yet calculatedCVE-2021-37791
MISC
nagios -- nagios_xiIn Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address.2022-06-29not yet calculatedCVE-2022-29269
MISC
MISC
MISC
MISC
nagios -- nagios_xi
 
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.2022-06-29not yet calculatedCVE-2022-29272
MISC
MISC
MISC
MISC
nagios -- nagios_xi
 
In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable all monitoring checks.2022-06-29not yet calculatedCVE-2022-29271
MISC
MISC
MISC
MISC
nagios -- nagios_xi
 
In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address.2022-06-29not yet calculatedCVE-2022-29270
MISC
MISC
MISC
MISC
naver -- whale_browser_mobile_app
 
NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode.2022-06-27not yet calculatedCVE-2020-9754
CONFIRM
neors -- activex
 
Origin validation error vulnerability in NeoRS’s ActiveX module allows attackers to download and execute arbitrary files. Remote attackers can use this vulerability to encourage users to access crafted web pages, causing damage such as malicious code infections.2022-06-28not yet calculatedCVE-2022-23763
MISC
nextauth.js -- nextauth
 
NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally is converted to a `URL` object. The URL instantiation would fail due to a malformed URL being passed into the constructor, causing it to throw an unhandled error which led to the **API route handler timing out and logging in to fail**. This has been remedied in versions 3.29.5 and 4.5.0. If for some reason you cannot upgrade, the workaround requires you to rely on Advanced Initialization. Please see the documentation for more.2022-06-27not yet calculatedCVE-2022-31093
MISC
MISC
MISC
CONFIRM
nomachine -- nomachine
 
Incorrect permissions for the folder C:\ProgramData\NoMachine\var\uninstall of Nomachine v7.9.2 allows attackers to perform a DLL hijacking attack and execute arbitrary code.2022-06-29not yet calculatedCVE-2022-34043
MISC
nucleus_cms -- nucleus_cms
 
Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload an Htaccess file and write it to AddType application / x-httpd-php.jpg. In this way, an attacker can upload a picture with shell, treat it as PHP, execute commands, so as to take down website resources.2022-06-30not yet calculatedCVE-2021-37770
MISC
MISC
nvflare -- nvflareNVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.2022-07-01not yet calculatedCVE-2022-31604
MISC
nvflare -- nvflare
 
NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() instead of yaml.safe_load(). The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.2022-07-01not yet calculatedCVE-2022-31605
MISC
nvidia -- dgx_a100
 
NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.2022-07-02not yet calculatedCVE-2022-28200
MISC
online_railway_reservation_system -- online_railway_reservation_systemOnline Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/inquiries/view_details.php.2022-06-29not yet calculatedCVE-2022-33042
MISC
online_railway_reservation_system -- online_railway_reservation_systemOnline Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_message.2022-06-29not yet calculatedCVE-2022-33058
MISC
online_railway_reservation_system -- online_railway_reservation_systemOnline Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_train.2022-06-29not yet calculatedCVE-2022-33059
MISC
online_railway_reservation_system -- online_railway_reservation_systemOnline Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_service.2022-06-29not yet calculatedCVE-2022-33061
MISC
online_railway_reservation_system -- online_railway_reservation_systemOnline Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule.2022-06-29not yet calculatedCVE-2022-33060
MISC
online_railway_reservation_system -- online_railway_reservation_systemOnline Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation.2022-06-29not yet calculatedCVE-2022-33057
MISC
openhwgroup -- cva6CVA6 commit 909d85a accesses invalid memory when reading the value of MHPMCOUNTER30.2022-06-29not yet calculatedCVE-2022-33021
MISC
openhwgroup -- cva6CVA6 commit 909d85a gives incorrect permission to use special multiplication units when the format of instructions is wrong.2022-06-29not yet calculatedCVE-2022-33023
MISC
opensearch-project -- opensearch-ruby
 
opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. An attacker must be in control of an opensearch server and convince the victim to connect to it in order to exploit this vulnerability. The problem has been patched in opensearch-ruby gem version 2.0.1. Users are advised to upgrade. There are no known workarounds for this issue.2022-06-30not yet calculatedCVE-2022-31115
CONFIRM
MISC
MISC
openshift -- openshift
 
In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity.2022-06-30not yet calculatedCVE-2013-4561
MISC
MISC
openshift -- openshift
 
It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission.2022-06-30not yet calculatedCVE-2014-0068
MISC
openssl --openssl
 
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.2022-07-01not yet calculatedCVE-2022-2274
CONFIRM
CONFIRM
orwell-dev-cpp -- orwell-dev-cppA binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file.2022-06-29not yet calculatedCVE-2022-33037
MISC
ospfranco -- link-preview-js
 
The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection.2022-07-01not yet calculatedCVE-2022-25876
CONFIRM
CONFIRM
CONFIRM
oxen_i/o -- session_androidSession 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation.2022-06-30not yet calculatedCVE-2022-1955
MISC
MISC
MISC
packagekit -- packagekitA flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.2022-06-28not yet calculatedCVE-2022-0987
MISC
parse_community -- parse_serverParse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability impact may be low; if you are running Parse Server as single instance without redundancy, the availability impact may be high. This issue has been addressed in versions 4.10.12 and 5.2.3. Users are advised to upgrade. There are no known workarounds for this issue.2022-06-27not yet calculatedCVE-2022-31089
CONFIRM
MISC
parse_server -- parse_server
 
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client response. Users are advised to upgrade. Users unable t upgrade should use `Parse.Cloud.afterLiveQueryEvent` to manually remove protected fields.2022-06-30not yet calculatedCVE-2022-31112
MISC
MISC
CONFIRM
MISC
MISC
MISC
pdfalto -- pdfaltoPDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc.2022-07-01not yet calculatedCVE-2022-32324
MISC
perl -- perl
 
HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served on top of Nginx or Apache, not on the `HTTP::Daemon`. This library is commonly used for local development and tests. Users are advised to update to resolve this issue. Users unable to upgrade may add additional request handling logic as a mitigation. After calling `my $rqst = $conn->get_request()` one could inspect the returned `HTTP::Request` object. Querying the 'Content-Length' (`my $cl = $rqst->header('Content-Length')`) will show any abnormalities that should be dealt with by a `400` response. Expected strings of 'Content-Length' SHOULD consist of either a single non-negative integer, or, a comma separated repetition of that number. (that is `42` or `42, 42, 42`). Anything else MUST be rejected.2022-06-27not yet calculatedCVE-2022-31081
MISC
MISC
MISC
MISC
CONFIRM
MISC
MISC
pimcore -- pimcore
 
Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting is not done properly in both cases, so there's the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the listing classes. This issue has been resolved in version 10.4.4. Users are advised to upgrade or to apple the patch manually. There are no known workarounds for this issue.2022-06-27not yet calculatedCVE-2022-31092
MISC
MISC
CONFIRM
pingid -- windows_loginPingID Windows Login prior to 2.8 is vulnerable to a denial of service condition on local machines when combined with using offline security keys as part of authentication.2022-06-30not yet calculatedCVE-2022-23717
MISC
MISC
pingid -- windows_login
 
PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances.2022-06-30not yet calculatedCVE-2022-23725
MISC
MISC
pingid -- windows_login
 
PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. An IT administrator could mistakenly deploy administrator privileged PingID API credentials, such as those typically used by PingFederate, into PingID Windows Login user endpoints. Using sensitive full permissions properties file outside of a privileged trust boundary leads to an increased risk of exposure or discovery, and an attacker could leverage these credentials to perform administrative actions against PingID APIs or endpoints.2022-06-30not yet calculatedCVE-2022-23720
MISC
MISC
pingid -- windows_login
 
PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromise Ping Identity web servers, could deliver malicious code that would be executed as SYSTEM by the PingID Windows Login application.2022-06-30not yet calculatedCVE-2022-23718
MISC
MISC
pingid -- windows_login
 
PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A successful attack can lead to code executed as SYSTEM by the PingID Windows Login application, or even a denial of service for offline security key authentication.2022-06-30not yet calculatedCVE-2022-23719
MISC
MISC
pingidentity -- pingid_mac_login
 
A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass.2022-06-30not yet calculatedCVE-2021-41995
MISC
MISC
piwigo --piwigo
 
piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor.2022-06-28not yet calculatedCVE-2021-40553
MISC
prestashop -- blockwishlist
 
prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue.2022-06-27not yet calculatedCVE-2022-31101
CONFIRM
MISC
projectsend -- r754
 
A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely.2022-06-27not yet calculatedCVE-2017-20101
MISC
MISC
MISC
raytion -- custom_security_manager
 
Raytion 7.2.0 allows reflected Cross-site Scripting (XSS).2022-06-25not yet calculatedCVE-2022-29931
MISC
regexfn -- regexfnA Regular Expression Denial of Service (ReDOS) vulnerability was discovered in regexfn v1.0.5 when validating crafted invalid emails.2022-06-27not yet calculatedCVE-2021-40900
MISC
repo-git-downloader -- repo-git-downloaderA Regular Expression Denial of Service (ReDOS) vulnerability was discovered in repo-git-downloader v0.1.1 when downloading crafted invalid git repositories.2022-06-27not yet calculatedCVE-2021-40899
MISC
rg-eg -- rg-eg
 
RG-EG series gateway EG350 EG_RGOS 11.1(6) was discovered to contain a SQL injection vulnerability via the function get_alarmAction at /alarm_pi/alarmService.php.2022-06-25not yet calculatedCVE-2022-33128
MISC
robustel -- r1510
 
A data removal vulnerability exists in the web_server /action/remove/ API functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability.2022-06-30not yet calculatedCVE-2022-28127
MISC
robustel -- robustel_r1510Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_sdk_file/` API is affected by command injection vulnerability.2022-06-30not yet calculatedCVE-2022-33314
MISC
robustel -- robustel_r1510Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_https_cert_file/` API is affected by command injection vulnerability.2022-06-30not yet calculatedCVE-2022-33313
MISC
robustel -- robustel_r1510Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_cert_file/` API is affected by command injection vulnerability.2022-06-30not yet calculatedCVE-2022-33312
MISC
robustel -- robustel_r1510Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/config_rollback/` API is affected by a command injection vulnerability.2022-06-30not yet calculatedCVE-2022-33326
MISC
robustel -- robustel_r1510Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/remove/` API is affected by a command injection vulnerability.2022-06-30not yet calculatedCVE-2022-33328
MISC
robustel -- robustel_r1510
 
A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.2022-06-30not yet calculatedCVE-2022-32585
MISC
robustel -- robustel_r1510
 
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/clear_tools_log/` API is affected by command injection vulnerability.2022-06-30not yet calculatedCVE-2022-33325
MISC
robustel -- robustel_r1510
 
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/set_sys_time/` API is affected by a command injection vulnerability.2022-06-30not yet calculatedCVE-2022-33329
MISC
robustel -- robustel_r1510
 
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/remove_sniffer_raw_log/` API is affected by a command injection vulnerability.2022-06-30not yet calculatedCVE-2022-33327
MISC
rsshub -- rsshub
 
RSSHub is an open source, extensible RSS feed generator. In commits prior to 5c4177441417 passing some special values to the `filter` and `filterout` parameters can cause an abnormally high CPU. This results in an impact on the performance of the servers and RSSHub services which may lead to a denial of service. This issue has been fixed in commit 5c4177441417 and all users are advised to upgrade. There are no known workarounds for this issue.2022-06-29not yet calculatedCVE-2022-31110
CONFIRM
MISC
MISC
ruby-mysql -- ruby-mysql
 
A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later.2022-06-28not yet calculatedCVE-2021-3779
MISC
ruckus -- wireless_zonedirector
 
Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirector 9.8.3.0.2022-06-27not yet calculatedCVE-2020-21161
MISC
MISC
MISC
rulex -- rulexrulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately. This is a security concern for you, if your service parses untrusted rulex expressions (expressions provided by an untrusted user), and your service becomes unavailable when the process running rulex aborts due to a stack overflow. The crash is fixed in version **0.4.3**. Affected users are advised to update to this version. There are no known workarounds for this issue.2022-06-27not yet calculatedCVE-2022-31099
CONFIRM
MISC
rulex -- rulex
 
rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, rulex may crash, possibly enabling a Denial of Service attack. This happens when the expression contains a multi-byte UTF-8 code point in a string literal or after a backslash, because rulex tries to slice into the code point and panics as a result. This is a security concern for you, if your service parses untrusted rulex expressions (expressions provided by an untrusted user), and your service becomes unavailable when the thread running rulex panics. The crashes are fixed in version **0.4.3**. Affected users are advised to update to this version. The only known workaround for this issue is to assume that regular expression parsing will panic and to add logic to catch panics.2022-06-27not yet calculatedCVE-2022-31100
MISC
CONFIRM
sasstools -- scss-tokenizer
 
All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.2022-07-01not yet calculatedCVE-2022-25758
CONFIRM
CONFIRM
CONFIRM
scaffold-helper -- scaffold-helperA Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scaffold-helper v1.2.0 when copying crafted invalid files.2022-06-27not yet calculatedCVE-2021-40898
MISC
scatchtools -- scratchtools
 
ScratchTools is a web extension designed to make interacting with the Scratch programming language community (Scratching) easier. In affected versions anybody who uses the Recently Viewed Projects feature is vulnerable to having their account taken over if they view a project that tries to. The issue is that if a user visits a project that includes Javascript in the title, then when the Recently Viewed Projects feature displays it, it could run the Javascript. This issue has been addressed in the 2.5.2 release. Users having issues scratching should open an issue in the project issue tracker https://github.com/STForScratch/ScratchTools/2022-06-27not yet calculatedCVE-2022-31094
CONFIRM
MISC
MISC
shadeyouvpn -- client
 
A vulnerability, which was classified as problematic, was found in ShadeYouVPN.com Client 2.0.1.11. Affected is an unknown function. The manipulation leads to improper privilege management. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.1.12 is able to address this issue. It is recommended to upgrade the affected component.2022-06-28not yet calculatedCVE-2017-20107
N/A
N/A
shopware -- shopware
 
Shopware is an open source e-commerce software made in Germany. Versions of Shopware 5 prior to version 5.7.12 are subject to an authenticated Stored XSS in Administration. Users are advised to upgrade. There are no known workarounds for this issue.2022-06-27not yet calculatedCVE-2022-31057
MISC
CONFIRM
MISC
MISC
silverstripe -- framework
 
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.2022-06-28not yet calculatedCVE-2021-41559
MISC
MISC
MISC
silverstripe -- silverstripe/frameowrk
 
In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR).2022-06-29not yet calculatedCVE-2022-28803
MISC
MISC
silverstripe -- silverstripe/framework
 
Silverstripe silverstripe/framework through 4.10 allows Session Fixation.2022-06-28not yet calculatedCVE-2022-24444
MISC
MISC
MISC
MISC
MISC
silverstripe -- silverstripe/framework
 
Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code.2022-06-28not yet calculatedCVE-2022-25238
MISC
MISC
MISC
MISC
silverstripe -- silverstripe/assets
 
Silverstripe silverstripe/assets through 1.10 allows XSS.2022-06-28not yet calculatedCVE-2022-29858
MISC
MISC
MISC
MISC
simplessus -- simplessus
 
A vulnerability was found in Simplessus 3.7.7. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument path with the input ..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.8.3 is able to address this issue. It is recommended to upgrade the affected component.2022-06-28not yet calculatedCVE-2017-20105
N/A
N/A
simplessus -- simplessus
 
A vulnerability was found in Simplessus 3.7.7. It has been declared as critical. This vulnerability affects unknown code of the component Cookie Handler. The manipulation of the argument UWA_SID leads to sql injection (Time). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.8.3 is able to address this issue. It is recommended to upgrade the affected component.2022-06-28not yet calculatedCVE-2017-20104
N/A
N/A
sniro-validator  -- sniro-validatorA Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails.2022-06-27not yet calculatedCVE-2021-40901
MISC
sourcecodester -- library_management_systemA vulnerability was found in SourceCodester Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the component /card/index.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.2022-06-27not yet calculatedCVE-2022-2212
MISC
MISC
sourcecodester -- library_management_system
 
A vulnerability was found in SourceCodester Library Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /librarian/bookdetails.php. The manipulation of the argument id with the input ' AND (SELECT 9198 FROM (SELECT(SLEEP(5)))iqZA)-- PbtB leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.2022-06-27not yet calculatedCVE-2022-2214
MISC
MISC
sourcecodester -- library_management_system
 
A vulnerability was found in SourceCodester Library Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_admin_details.php?id=admin. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.2022-06-27not yet calculatedCVE-2022-2213
MISC
MISC
sourcecodester -- zoo_management_system
 
SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=.2022-06-29not yet calculatedCVE-2022-31897
MISC
MISC
split-html-to-chars -- split-html-to-charsA Regular Expression Denial of Service (ReDOS) vulnerability was discovered in split-html-to-chars v1.0.5 when splitting crafted invalid htmls.2022-06-27not yet calculatedCVE-2021-40897
MISC
synapse -- synapse
 
Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the request causing the problem, but in other cases the Synapse process may crash altogether. It is possible to exploit this maliciously, either by malicious users on the homeserver, or by remote users sending URLs that a local user's client may automatically request a URL preview for. Remote users are not able to exploit this directly, because the URL preview endpoint is authenticated. Deployments with `url_preview_enabled: false` set in configuration are not affected. Deployments with `url_preview_enabled: true` set in configuration **are** affected. Deployments with no configuration value set for `url_preview_enabled` are not affected, because the default is `false`. Administrators of homeservers with URL previews enabled are advised to upgrade to v1.61.1 or higher. Users unable to upgrade should set `url_preview_enabled` to false.2022-06-28not yet calculatedCVE-2022-31052
CONFIRM
MISC
MISC
teleopti -- wfm
 
A vulnerability classified as problematic was found in Teleopti WFM up to 7.1.0. Affected by this vulnerability is an unknown functionality of the file /TeleoptiWFM/Administration/GetOneTenant of the component Administration. The manipulation leads to information disclosure (Credentials). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.2022-06-29not yet calculatedCVE-2017-20109
MISC
MISC
teleopti -- wfm
 
A vulnerability, which was classified as problematic, has been found in Teleopti WFM up to 7.1.0. Affected by this issue is some unknown functionality of the component Administration. The manipulation as part of JSON leads to information disclosure (Credentials). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.2022-06-29not yet calculatedCVE-2017-20110
MISC
MISC
teleopti -- wfm
 
A vulnerability, which was classified as critical, was found in Teleopti WFM 7.1.0. This affects an unknown part of the component Administration. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.2022-06-29not yet calculatedCVE-2017-20111
MISC
MISC
tenda -- ac23
 
Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the security_5g parameter in the function formWifiBasicSet.2022-07-01not yet calculatedCVE-2022-32384
MISC
MISC
MISC
tenda -- ax1806Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule.2022-07-01not yet calculatedCVE-2022-32032
MISC
tenda -- ax1806Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand.2022-07-01not yet calculatedCVE-2022-32030
MISC
tenda -- ax1806Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the function formSetVirtualSer.2022-07-01not yet calculatedCVE-2022-32033
MISC
tenda -- ax1806Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetRouteStatic.2022-07-01not yet calculatedCVE-2022-32031
MISC
tenda -- tenda_m3Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm.2022-07-01not yet calculatedCVE-2022-32040
MISC
tenda -- tenda_m3Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg.2022-07-01not yet calculatedCVE-2022-32037
MISC
tenda -- tenda_m3Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist.2022-07-01not yet calculatedCVE-2022-32034
MISC
tenda -- tenda_m3Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters in the function formSetStoreWeb.2022-07-01not yet calculatedCVE-2022-32036
MISC
tenda -- tenda_m3Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng.2022-07-01not yet calculatedCVE-2022-32035
MISC
tenda -- tenda_m3Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient.2022-07-01not yet calculatedCVE-2022-32039
MISC
tenda -- tenda_m3Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo.2022-07-01not yet calculatedCVE-2022-32043
MISC
tenda -- tenda_m3Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData.2022-07-01not yet calculatedCVE-2022-32041
MISC
teradici -- management_console
 
A vulnerability was found in Teradici Management Console 2.2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Database Management. The manipulation leads to improper privilege management. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.2022-06-30not yet calculatedCVE-2017-20121
N/A
N/A
textpattern -- textpattern
 
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.2022-06-29not yet calculatedCVE-2021-40642
MISC
MISC
that-value -- that-valueA Regular Expression Denial of Service (ReDOS) vulnerability was discovered in that-value v0.1.3 when validating crafted invalid emails.2022-06-27not yet calculatedCVE-2021-40896
MISC
thinkphp -- thinkphp
 
ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php. This vulnerability allows attackers to execute arbitrary code via a crafted payload.2022-06-29not yet calculatedCVE-2022-33107
MISC
thinkst -- canarytokens
 
Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens. This permits an attacker who recognised an HTTP-based Canarytoken (a URL) to execute Javascript in the Canarytoken's history page (domain: canarytokens.org) when the history page is later visited by the Canarytoken's creator. This vulnerability could be used to disable or delete the affected Canarytoken, or view its activation history. It might also be used as a stepping stone towards revealing more information about the Canarytoken's creator to the attacker. For example, an attacker could recover the email address tied to the Canarytoken, or place Javascript on the history page that redirect the creator towards an attacker-controlled Canarytoken to show the creator's network location. An attacker could only act on the discovered Canarytoken. This issue did not expose other Canarytokens or other Canarytoken creators. The issue has been patched on Canarytokens.org and in the latest release. No signs of successful exploitation of this vulnerability have been found. Users are advised to upgrade. There are no known workarounds for this issue.2022-07-01not yet calculatedCVE-2022-31113
CONFIRM
MISC
todo-regrex -- todo-regrexA Regular Expression Denial of Service (ReDOS) vulnerability was discovered in todo-regex v0.1.1 when matching crafted invalid TODO statements.2022-06-27not yet calculatedCVE-2021-40895
MISC
totolink -- totolink_t6TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004137a4.2022-07-01not yet calculatedCVE-2022-32052
MISC
totolink -- totolink_t6TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00412ef4.2022-07-01not yet calculatedCVE-2022-32047
MISC
totolink -- totolink_t6TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00413be4.2022-07-01not yet calculatedCVE-2022-32045
MISC
totolink -- totolink_t6TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password parameter in the function FUN_00413f80.2022-07-01not yet calculatedCVE-2022-32044
MISC
totolink -- totolink_t6TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN_0041cc88.2022-07-01not yet calculatedCVE-2022-32048
MISC
totolink -- totolink_t6TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN_00418540.2022-07-01not yet calculatedCVE-2022-32049
MISC
totolink -- totolink_t6TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041af40.2022-07-01not yet calculatedCVE-2022-32050
MISC
totolink -- totolink_t6TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN_004133c4.2022-07-01not yet calculatedCVE-2022-32051
MISC
totolink -- totolink_t6TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_0041880c.2022-07-01not yet calculatedCVE-2022-32046
MISC
totolink -- totolink_t6TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041621c.2022-07-01not yet calculatedCVE-2022-32053
MISC
trendnet -- wi-fi_routersTRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discovered to contain a stack overflow via the function genacgi_main.2022-06-27not yet calculatedCVE-2022-33007
MISC
trueconf -- server
 
A vulnerability was found in TrueConf Server 4.3.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/group. The manipulation leads to basic cross site scripting (DOM). The attack can be launched remotely. The exploit has been disclosed to the public and may be used.2022-06-29not yet calculatedCVE-2017-20117
MISC
MISC
trueconf -- server
 
A vulnerability was found in TrueConf Server 4.3.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/conferences/list/. The manipulation of the argument domxss leads to basic cross site scripting (DOM). The attack may be launched remotely. The exploit has been disclosed to the public and may be used.2022-06-29not yet calculatedCVE-2017-20118
MISC
MISC
trueconf -- server
 
A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.2022-06-29not yet calculatedCVE-2017-20120
MISC
MISC
trueconf -- server
 
A vulnerability has been found in TrueConf Server 4.3.7 and classified as problematic. This vulnerability affects unknown code of the file /admin/conferences/get-all-status/. The manipulation of the argument keys[] leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.2022-06-29not yet calculatedCVE-2017-20114
MISC
MISC
trueconf -- server
 
A vulnerability, which was classified as problematic, was found in TrueConf Server 4.3.7. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.2022-06-29not yet calculatedCVE-2017-20113
MISC
MISC
trueconf -- server
 
A vulnerability was found in TrueConf Server 4.3.7 and classified as problematic. This issue affects some unknown processing of the file /admin/conferences/list/. The manipulation of the argument sort leads to basic cross site scripting (Reflected). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.2022-06-29not yet calculatedCVE-2017-20115
MISC
MISC
trueconf -- server
 
A vulnerability classified as problematic has been found in TrueConf Server 4.3.7. This affects an unknown part of the file /admin/general/change-lang. The manipulation of the argument redirect_url leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.2022-06-29not yet calculatedCVE-2017-20119
MISC
MISC
trurconf -- server
 
A vulnerability was found in TrueConf Server 4.3.7. It has been classified as problematic. Affected is an unknown function of the file /admin/group/list/. The manipulation of the argument checked_group_id leads to basic cross site scripting (Reflected). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.2022-06-29not yet calculatedCVE-2017-20116
MISC
MISC
tuleap -- tuleap
 
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the tracker reports. An attacker with the capability to create a new tracker can execute arbitrary SQL queries. Users are advised to upgrade. There is no known workaround for this issue.2022-06-29not yet calculatedCVE-2022-31058
MISC
CONFIRM
MISC
MISC
tuleap -- tuleap
 
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.111 the title of a document is not properly escaped in the search result of MyDocmanSearch widget and in the administration page of the locked documents. A malicious user with the capability to create a document could force victim to execute uncontrolled code. Users are advised to upgrade. There are no known workarounds for this issue.2022-06-29not yet calculatedCVE-2022-31063
CONFIRM
MISC
MISC
MISC
tuleap -- tuleap
 
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can get access to information in those template projects because the permissions model is not properly enforced. Users are advised to upgrade. There are no known workarounds for this issue.2022-06-29not yet calculatedCVE-2022-31032
MISC
CONFIRM
MISC
MISC
MISC
MISC
vim -- vim
 
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.2022-06-30not yet calculatedCVE-2022-2257
MISC
CONFIRM
vim -- vim
 
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.2022-06-27not yet calculatedCVE-2022-2208
MISC
CONFIRM
FEDORA
FEDORA
vim -- vim
 
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.2022-06-26not yet calculatedCVE-2022-2206
CONFIRM
MISC
FEDORA
FEDORA
vim -- vim
 
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.2022-06-27not yet calculatedCVE-2022-2210
CONFIRM
MISC
FEDORA
FEDORA
vim -- vim
 
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.2022-06-28not yet calculatedCVE-2022-2231
CONFIRM
MISC
FEDORA
FEDORA
vim -- vim
 
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.2022-07-01not yet calculatedCVE-2022-2264
MISC
CONFIRM
vim -- vim
 
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.2022-06-27not yet calculatedCVE-2022-2207
CONFIRM
MISC
FEDORA
FEDORA
vim -- vim
 
A cross-site scripting (XSS) vulnerability in the batch add function of Urtracker Premium v4.0.1.1477 allows attackers to execute arbitrary web scripts or HTML via a crafted excel file.2022-06-30not yet calculatedCVE-2022-33043
MISC
vim -- vim
 
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.2022-07-02not yet calculatedCVE-2022-2285
MISC
CONFIRM
vim -- vim
 
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.2022-07-02not yet calculatedCVE-2022-2286
CONFIRM
MISC
vim -- vim
 
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.2022-07-02not yet calculatedCVE-2022-2287
MISC
CONFIRM
vim -- vim
 
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.2022-07-02not yet calculatedCVE-2022-2284
CONFIRM
MISC
viscosity -- viscosity
 
A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component.2022-06-30not yet calculatedCVE-2017-20123
N/A
N/A
N/A
N/A
wasmtime -- wasmtime
 
Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of the SIMD proposal for WebAssembly on x86_64 contained two distinct bugs in the instruction lowerings implemented in Cranelift. The aarch64 implementation of the simd proposal is not affected. The bugs were presented in the `i8x16.swizzle` and `select` WebAssembly instructions. The `select` instruction is only affected when the inputs are of `v128` type. The correspondingly affected Cranelift instructions were `swizzle` and `select`. The `swizzle` instruction lowering in Cranelift erroneously overwrote the mask input register which could corrupt a constant value, for example. This means that future uses of the same constant may see a different value than the constant itself. The `select` instruction lowering in Cranelift wasn't correctly implemented for vector types that are 128-bits wide. When the condition was 0 the wrong instruction was used to move the correct input to the output of the instruction meaning that only the low 32 bits were moved and the upper 96 bits of the result were left as whatever the register previously contained (instead of the input being moved from). The `select` instruction worked correctly if the condition was nonzero, however. This bug in Wasmtime's implementation of these instructions on x86_64 represents an incorrect implementation of the specified semantics of these instructions according to the WebAssembly specification. The impact of this is benign for hosts running WebAssembly but represents possible vulnerabilities within the execution of a guest program. For example a WebAssembly program could take unintended branches or materialize incorrect values internally which runs the risk of exposing the program itself to other related vulnerabilities which can occur from miscompilations. We have released Wasmtime 0.38.1 and cranelift-codegen (and other associated cranelift crates) 0.85.1 which contain the corrected implementations of these two instructions in Cranelift. If upgrading is not an option for you at this time, you can avoid the vulnerability by disabling the Wasm simd proposal. Additionally the bug is only present on x86_64 hosts. Other aarch64 hosts are not affected. Note that s390x hosts don't yet implement the simd proposal and are not affected.2022-06-28not yet calculatedCVE-2022-31104
MISC
MISC
CONFIRM
MISC
MISC
MISC
weaveworks -- weave_gitops
 
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of registered Kubernetes clusters, including the service account tokens in plain text from Weave GitOps's pod logs on the management cluster. An unauthorized remote attacker can also view these sensitive configurations from external log storage if enabled by the management cluster. This vulnerability is due to the client factory dumping cluster configurations and their service account tokens when the cluster manager tries to connect to an API server of a registered cluster, and a connection error occurs. An attacker could exploit this vulnerability by either accessing logs of a pod of Weave GitOps, or from external log storage and obtaining all cluster configurations of registered clusters. A successful exploit could allow the attacker to use those cluster configurations to manage the registered Kubernetes clusters. This vulnerability has been fixed by commit 567356f471353fb5c676c77f5abc2a04631d50ca. Users should upgrade to Weave GitOps core version v0.8.1-rc.6 or newer. There is no known workaround for this vulnerability.2022-06-27not yet calculatedCVE-2022-31098
CONFIRM
MISC
web2py -- web2py
 
Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.2022-06-27not yet calculatedCVE-2022-33146
MISC
MISC
MISC
MISC
wireapp -- wire
 
Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering `@mentions` in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim allowing the attacker to fully control the user account. Wire-desktop clients that are connected to a vulnerable wire-webapp version are also vulnerable to this attack. The issue has been fixed in wire-webapp 2022-05-04-production.0 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-05-04-production.0-v0.29.7-0-a6f2ded or wire-server 2022-05-04 (chart/4.11.0) or later. No known workarounds exist.2022-06-25not yet calculatedCVE-2022-29168
CONFIRM
wordpress -- add_post_url
 
The Add Post URL WordPress plugin through 2.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping2022-06-27not yet calculatedCVE-2022-1913
MISC
wordpress -- analytics_stats_counter_statistics_plugin
 
A vulnerability was found in Analytics Stats Counter Statistics Plugin 1.2.2.5 and classified as critical. This issue affects some unknown processing. The manipulation leads to code injection. The attack may be initiated remotely.2022-06-27not yet calculatedCVE-2017-20099
MISC
MISC
wordpress -- armember_plugin
 
The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username2022-06-27not yet calculatedCVE-2022-1903
MISC
wordpress -- cimry_header_image_rotator_pluginThe Cimy Header Image Rotator WordPress plugin through 6.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack2022-06-27not yet calculatedCVE-2022-1885
MISC
wordpress -- clean_contact_pluginThe Clean-Contact WordPress plugin through 1.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS due to the lack of sanitisation and escaping as well2022-06-27not yet calculatedCVE-2022-1914
MISC
wordpress -- easy_svg_support_pluginThe Easy SVG Support WordPress plugin before 3.3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads2022-06-27not yet calculatedCVE-2022-1964
MISC
wordpress -- html2wp_pluginThe HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file2022-06-27not yet calculatedCVE-2022-1572
MISC
wordpress -- html2wp_plugin
 
The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on the remote server2022-06-27not yet calculatedCVE-2022-1574
MISC
wordpress -- html2wp_plugin
 
The HTML2WP WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them2022-06-27not yet calculatedCVE-2022-1573
MISC
wordpress -- import_export_all_pluginThe Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks2022-06-27not yet calculatedCVE-2022-1977
MISC
wordpress -- limit_login_attempts_wordpress_pluginThe Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)2022-06-27not yet calculatedCVE-2022-1029
MISC
wordpress -- login_with_otp_over_sms_email_whatsapp_and_google_authenticator_plugin
 
The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed2022-06-27not yet calculatedCVE-2022-1994
MISC
wordpress -- mailpress
 
The MailPress WordPress plugin through 7.2.1 does not have CSRF checks in various places, which could allow attackers to make a logged in admin change the settings, purge log files and more via CSRF attacks2022-06-27not yet calculatedCVE-2022-1843
MISC
wordpress -- malware_scannerThe Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)2022-06-27not yet calculatedCVE-2022-1995
MISC
wordpress -- my_private_site_pluginThe My Private Site WordPress plugin before 3.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack2022-06-27not yet calculatedCVE-2022-1627
MISC
wordpress -- mycss_plugin
 
The MyCSS WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack2022-06-27not yet calculatedCVE-2022-1960
MISC
wordpress -- nested_pages_pluginThe Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltered_html is disallowed2022-06-27not yet calculatedCVE-2022-1990
MISC
wordpress -- new_user_approve_pluginThe New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for bypassing the provided restrictions) and to change plugin settings by tricking admin users into visiting specially crafted websites.2022-06-27not yet calculatedCVE-2022-1625
MISC
wordpress -- nextcellent_gallery_plugin
 
The NextCellent Gallery WordPress plugin through 1.9.35 does not sanitise and escape some of its image settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)2022-06-27not yet calculatedCVE-2022-1971
MISC
wordpress -- no_external_links_wordpress_pluginThe Mihdan: No External Links WordPress plugin through 4.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2022-06-27not yet calculatedCVE-2022-1095
MISC
wordpress -- openbook_book_data_pluginThe OpenBook Book Data WordPress plugin through 3.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well2022-06-27not yet calculatedCVE-2022-1842
MISC
wordpress -- popups_welcome_bar_optins_and_lead_generation_pluginThe Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.1.8 does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks2022-06-27not yet calculatedCVE-2022-1776
MISC
wordpress -- pricing_tables_plugin
 
The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Reflected Cross-Site Scripting2022-06-27not yet calculatedCVE-2022-1904
MISC
wordpress -- rotating_posts_pluginThe Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack2022-06-27not yet calculatedCVE-2022-1847
MISC
wordpress -- site_offine_or_coming_soon_pluginThe Site Offline or Coming Soon WordPress plugin through 1.6.6 does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads in them via a CSRF attack2022-06-27not yet calculatedCVE-2022-1593
MISC
wordpress -- social_share_buttons_by_supsystic_plugin
 
The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it's ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks.2022-06-27not yet calculatedCVE-2022-1653
MISC
wordpress -- tiny_contact_form_plugin
 
The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack2022-06-27not yet calculatedCVE-2022-1846
MISC
wordpress -- ultimate_woocommerce_csv_importer_plugin
 
The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting2022-06-27not yet calculatedCVE-2022-1470
MISC
wordpress -- woocommerce_pluginThe Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected cross-Site Scripting2022-06-27not yet calculatedCVE-2022-1916
MISC
wordpress -- woocommerce_plugin
 
The Product Configurator for WooCommerce WordPress plugin before 1.2.32 suffers from an arbitrary file deletion vulnerability via an AJAX action, accessible to unauthenticated users, which accepts user input that is being used in a path and passed to unlink() without validation first2022-06-27not yet calculatedCVE-2022-1953
MISC
wordpress -- wp_post_styling_pluginThe WP Post Styling WordPress plugin before 1.3.1 does not have CSRF checks in various actions, which could allow attackers to make a logged in admin delete plugin's data, update the settings, add new entries and more via CSRF attacks2022-06-27not yet calculatedCVE-2022-1845
MISC
wordpress -- wp_security_pro
 
The WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before 4.2.1 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)2022-06-27not yet calculatedCVE-2022-1028
MISC
wordpress -- wpsentryThe WP Sentry WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well2022-06-27not yet calculatedCVE-2022-1844
MISC
wordpress -- admin_custom_login_plugin
 
A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely.2022-06-27not yet calculatedCVE-2017-20098
MISC
MISC
wordpress -- brizy_plugin
 
The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks2022-06-27not yet calculatedCVE-2022-2040
MISC
MISC
wordpress -- brizy_plugin
 
The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element content, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks2022-06-27not yet calculatedCVE-2022-2041
MISC
MISC
wordpress -- flower_delivery_by_florist_ one_wordpress_plugin
 
The Flower Delivery by Florist One WordPress plugin through 3.5.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setups)2022-06-27not yet calculatedCVE-2022-1113
MISC
wordpress -- google_authenticator_word_presse
 
The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks2022-06-27not yet calculatedCVE-2022-0875
MISC
wordpress -- kama_click_counter_plugin
 
A vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part of the file wp-admin/admin.php. The manipulation of the argument order_by/order with the input ASC%2c(select*from(select(sleep(2)))a) leads to sql injection (Blind). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.4.9 is able to address this issue. It is recommended to upgrade the affected component.2022-06-27not yet calculatedCVE-2017-20103
MISC
MISC
wordpress -- wp_as_saml_idp_wordpress_pluginThe Login using WordPress Users ( WP as SAML IDP ) WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)2022-06-27not yet calculatedCVE-2022-1010
MISC
wordpress -- xcloner_plugin_wordpress_plugin
 
The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key.2022-06-27not yet calculatedCVE-2022-0444
MISC
wordpress -- secure_swfupload
 
There is an object injection vulnerability in swfupload plugin for wordpress.2022-06-30not yet calculatedCVE-2013-4144
MISC
MISC
wuzhicms -- wuzhicms
 
A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter.2022-06-28not yet calculatedCVE-2020-19897
MISC
xiaongmai -- multiple_versions
 
Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20170327, V4.02.R11.Nat.Onvif.20161205, V4.02.R11.Nat.20170301, V4.02.R12.Nat.OnvifS.20170727 is affected by a backdoor in the macGuarder and dvrHelper binaries of DVR/NVR/IP camera firmware due to static root account credentials in the system.2022-06-30not yet calculatedCVE-2021-41506
MISC
MISC
MISC
MISC
xlpd -- N/A
 
XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.2022-06-29not yet calculatedCVE-2022-33035
MISC
MISC
xpdf -- xpdf
 
XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files.2022-06-28not yet calculatedCVE-2022-33108
MISC
MISC
MISC
yokogawa -- stradom
 
Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware.2022-06-28not yet calculatedCVE-2022-29519
MISC
MISC
MISC
MISC
yokogawa -- stardom.fcn
 
Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware.2022-06-28not yet calculatedCVE-2022-30997
MISC
MISC
MISC
MISC
zeypher_project -- zepyherInvalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp2022-06-28not yet calculatedCVE-2021-3433
MISC
zeypher_project -- zepyher
 
Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr2022-06-28not yet calculatedCVE-2021-3430
MISC
zeypher_project -- zepyher
 
Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv92022-06-28not yet calculatedCVE-2021-3431
MISC
zeypher_project -- zepyher
 
Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj42022-06-28not yet calculatedCVE-2021-3432
MISC
zeypher_project -- zepyher
 
Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm2022-06-28not yet calculatedCVE-2021-3434
MISC
zeypher_project -- zepyher
 
Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh2022-06-28not yet calculatedCVE-2021-3435
MISC
zoho -- manageengine_servicedesk_plus_mspZoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml).2022-07-02not yet calculatedCVE-2022-32551
MISC
zulip -- zulip
 
Zulip is an open-source team collaboration tool. Versions 2.1.0 through and including 5.2 are vulnerable to a logic error. A stream configured as private with protected history, where new subscribers should not be allowed to see messages sent before they were subscribed, when edited causes the server to incorrectly send an API event that includes the edited message to all of the stream’s current subscribers. This API event is ignored by official clients, but can be observed by using a modified client or the browser’s developer tools. This bug will be fixed in Zulip Server 5.3. There are no known workarounds.2022-06-25not yet calculatedCVE-2022-31017
CONFIRM

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.