Vulnerability Summary for the Week of January 10, 2022

Released
Jan 17, 2022
Document ID
SB22-017

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
agoric -- realms-shimAll versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.2022-01-107.5CVE-2021-23543
MISC
MISC
agoric -- realms-shimAll versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.2022-01-107.5CVE-2021-23594
MISC
MISC
checkpoint -- endpoint_securityUsers have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges.2022-01-107.2CVE-2021-30360
MISC
MISC
chshcms -- cscmscscms v4.1 allows for SQL injection via the "page_del" function.2022-01-117.5CVE-2020-28103
MISC
chshcms -- cscmscscms v4.1 allows for SQL injection via the "js_del" function.2022-01-117.5CVE-2020-28102
MISC
cisco -- unified_contact_center_expressA vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator. This vulnerability is due to the lack of server-side validation of user permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to a vulnerable system. A successful exploit could allow the attacker to create Administrator accounts. With these accounts, the attacker could access and modify telephony and user resources across all the Unified platforms that are associated to the vulnerable Cisco Unified CCMP. To successfully exploit this vulnerability, an attacker would need valid Advanced User credentials.2022-01-148.5CVE-2022-20658
CISCO
eggjs -- extend2The package extend2 before 1.0.1 are vulnerable to Prototype Pollution via the extend function due to unsafe recursive merge.2022-01-107.5CVE-2021-23568
MISC
MISC
MISC
MISC
fanuc -- r-30ia_firmwareThe FANUC R-30iA and R-30iB series controllers are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. INIT START/restore from backup required.2022-01-1010CVE-2021-32998
MISC
fanuc -- r-30ia_firmwareThe FANUC R-30iA and R-30iB series controllers are vulnerable to integer coercion errors, which cause the device to crash. A restart is required.2022-01-107.8CVE-2021-32996
MISC
google -- androidIn ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-2038475422022-01-147.2CVE-2021-39620
MISC
google -- androidIn GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-1926636482022-01-147.2CVE-2021-39622
MISC
google -- androidIn jit_memory_region.cc, there is a possible bypass of memory restrictions due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-2002849932022-01-147.2CVE-2021-0959
MISC
google -- androidIn multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-1968559992022-01-147.2CVE-2021-39618
MISC
google -- androidIn setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to invoke an arbitrary broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-12Android ID: A-1956682842022-01-147.2CVE-2021-1035
MISC
google -- androidIn doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-1941053482022-01-1410CVE-2021-39623
MISC
huawei -- emuiThere is an Integer overflow vulnerability with ACPU in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access.2022-01-107.5CVE-2021-39993
MISC
huawei -- harmonyosThere is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExService a in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart.2022-01-107.8CVE-2021-39998
MISC
MISC
huawei -- harmonyosThe bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitation of this vulnerability may result in malicious code execution.2022-01-107.5CVE-2021-40010
MISC
huawei -- harmonyosThere is a Heap-based buffer overflow vulnerability with the NFC module in smartphones. Successful exploitation of this vulnerability may cause memory overflow.2022-01-107.5CVE-2021-39996
MISC
MISC
laundry_booking_management_system_project -- laundry_booking_management_systemLaundry Booking Management System 1.0 (Latest) and previous versions are affected by a remote code execution (RCE) vulnerability in profile.php through the "image" parameter that can execute a webshell payload.2022-01-107.5CVE-2021-45003
MISC
libexpat_project -- libexpatdefineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.2022-01-107.5CVE-2022-22824
MISC
libexpat_project -- libexpatbuild_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.2022-01-107.5CVE-2022-22823
MISC
libexpat_project -- libexpataddBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.2022-01-107.5CVE-2022-22822
MISC
microsoft -- 365_appsMicrosoft Excel Remote Code Execution Vulnerability.2022-01-119.3CVE-2022-21841
MISC
microsoft -- exchange_serverMicrosoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21855, CVE-2022-21969.2022-01-118.3CVE-2022-21846
MISC
microsoft -- exchange_serverMicrosoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21846, CVE-2022-21969.2022-01-117.7CVE-2022-21855
MISC
microsoft -- sharepoint_foundationMicrosoft SharePoint Server Remote Code Execution Vulnerability.2022-01-119CVE-2022-21837
MISC
microsoft -- windows_10Active Directory Domain Services Elevation of Privilege Vulnerability.2022-01-119CVE-2022-21857
MISC
microsoft -- windows_10Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21850.2022-01-119.3CVE-2022-21851
MISC
microsoft -- windows_10Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21851.2022-01-119.3CVE-2022-21850
MISC
microsoft -- windows_10Windows IKE Extension Remote Code Execution Vulnerability.2022-01-119.3CVE-2022-21849
MISC
microsoft -- windows_10Windows IKE Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-21843, CVE-2022-21883, CVE-2022-21889, CVE-2022-21890.2022-01-117.1CVE-2022-21848
MISC
microsoft -- windows_10Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability.2022-01-117.2CVE-2022-21834
MISC
microsoft -- windows_10Microsoft Cryptographic Services Elevation of Privilege Vulnerability.2022-01-117.2CVE-2022-21835
MISC
microsoft -- windows_10Windows Certificate Spoofing Vulnerability.2022-01-117.2CVE-2022-21836
MISC
microsoft -- windows_10Windows Cleanup Manager Elevation of Privilege Vulnerability.2022-01-117.2CVE-2022-21838
MISC
MISC
microsoft -- windows_10Windows DWM Core Library Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21896, CVE-2022-21902.2022-01-117.2CVE-2022-21852
MISC
microsoft -- windows_10Windows Bind Filter Driver Elevation of Privilege Vulnerability.2022-01-117.2CVE-2022-21858
MISC
microsoft -- windows_10Task Flow Data Engine Elevation of Privilege Vulnerability.2022-01-117.2CVE-2022-21861
MISC
microsoft -- windows_10Virtual Machine IDE Drive Elevation of Privilege Vulnerability.2022-01-117.2CVE-2022-21833
MISC
online_thesis_archiving_system_project -- online_thesis_archiving_systemSourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL Injection. An attacker can bypass admin authentication and gain access to admin panel using SQL Injection2022-01-107.5CVE-2021-45334
MISC
MISC
solarwinds -- serv-uServ-U web login screen was allowing characters that were not sanitized by the authentication mechanism. SolarWinds has updated the authentication mechanism to remedy this issue and prevent unauthorized parameters to be used in the Serv-U login screen With the Log4j issue in the wild, input fields across the internet have been tested for vulnerability. Although Serv-U was not affected by the log4j issue, It was discovered that better input validation could be implemented.2022-01-107.5CVE-2021-35247
MISC
trendmicro -- apex_oneA origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2022-01-107.2CVE-2021-45441
MISC
MISC
trendmicro -- apex_oneA unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2022-01-107.2CVE-2021-45440
MISC
MISC
trendmicro -- apex_oneA link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2022-01-107.2CVE-2021-45231
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
accu-time -- maximus_firmwareAccu-Time Systems MAXIMUS 1.0 telnet service suffers from a remote buffer overflow which causes the telnet service to crash2022-01-105CVE-2021-45856
MISC
adobe -- experience_managerAEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a reflected Cross-Site Scripting (XSS) vulnerability via the itemResourceType parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser2022-01-134.3CVE-2021-44178
MISC
adobe -- experience_managerAEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2022-01-134.3CVE-2021-43765
MISC
adobe -- experience_managerAEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2022-01-134.3CVE-2021-44177
MISC
adobe -- experience_managerAEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2022-01-134.3CVE-2021-44176
MISC
adobe -- incopyAdobe InCopy version 16.4 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-136.8CVE-2021-45055
MISC
adobe -- incopyAdobe InCopy version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-136.8CVE-2021-45056
MISC
adobe -- incopyAdobe InCopy version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-136.8CVE-2021-45053
MISC
adobe -- incopyAdobe InCopy version 16.4 (and earlier) is affected by a use-after-free vulnerability in the processing of a JPEG2000 file that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-134.3CVE-2021-45054
MISC
adobe -- indesignAdobe InDesign version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious JPEG file.2022-01-136.8CVE-2021-45058
MISC
adobe -- indesignAdobe InDesign version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious JPEG2000 file.2022-01-136.8CVE-2021-45057
MISC
adobe -- indesignAdobe InDesign version 16.4 (and earlier) is affected by a use-after-free vulnerability in the processing of a JPEG2000 file that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-134.3CVE-2021-45059
MISC
apache -- guacamoleApache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user's active use of that same connection.2022-01-114CVE-2021-41767
CONFIRM
MLIST
apache -- guacamoleApache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user.2022-01-116CVE-2021-43999
CONFIRM
MLIST
atlassian -- data_centerAffected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature. The affected versions are before version 4.21.0.2022-01-104CVE-2021-43951
MISC
atlassian -- data_centerAffected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature. The affected versions are before version 4.21.0.2022-01-104CVE-2021-43949
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14883.2022-01-134.3CVE-2021-34910
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14865.2022-01-136.8CVE-2021-34898
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14862.2022-01-136.8CVE-2021-34895
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14863.2022-01-136.8CVE-2021-34896
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15052.2022-01-134.3CVE-2021-34944
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15051.2022-01-134.3CVE-2021-34943
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14894.2022-01-134.3CVE-2021-34916
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14828.2022-01-136.8CVE-2021-34876
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14695.2022-01-136.8CVE-2021-34871
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14737.2022-01-136.8CVE-2021-34872
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14696.2022-01-136.8CVE-2021-34873
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14736.2022-01-136.8CVE-2021-34874
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14827.2022-01-136.8CVE-2021-34875
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14864.2022-01-136.8CVE-2021-34897
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14830.2022-01-136.8CVE-2021-34878
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14900.2022-01-136.8CVE-2021-34922
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14885.2022-01-136.8CVE-2021-34912
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14892.2022-01-136.8CVE-2021-34914
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14899.2022-01-136.8CVE-2021-34921
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14882.2022-01-136.8CVE-2021-34909
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14867.2022-01-136.8CVE-2021-34900
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. Crafted data in a BMP file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14876.2022-01-136.8CVE-2021-34903
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14877.2022-01-136.8CVE-2021-34904
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14878.2022-01-136.8CVE-2021-34905
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14879.2022-01-136.8CVE-2021-34906
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14880.2022-01-136.8CVE-2021-34907
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14881.2022-01-136.8CVE-2021-34908
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14884.2022-01-136.8CVE-2021-34911
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14898.2022-01-136.8CVE-2021-34920
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14838.2022-01-136.8CVE-2021-34885
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14831.2022-01-136.8CVE-2021-34913
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14866.2022-01-136.8CVE-2021-34899
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. Crafted data in a J2K file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14893.2022-01-136.8CVE-2021-34915
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14895.2022-01-136.8CVE-2021-34917
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. Crafted data in a JP2 file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14896.2022-01-136.8CVE-2021-34918
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14897.2022-01-136.8CVE-2021-34919
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14833.2022-01-136.8CVE-2021-34880
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14832.2022-01-136.8CVE-2021-34879
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14844.2022-01-136.8CVE-2021-34891
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15039.2022-01-136.8CVE-2021-34940
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15040.2022-01-136.8CVE-2021-34941
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14842.2022-01-134.3CVE-2021-34889
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14996.2022-01-136.8CVE-2021-34939
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14905.2022-01-136.8CVE-2021-34927
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14906.2022-01-136.8CVE-2021-34928
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14907.2022-01-136.8CVE-2021-34929
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14845.2022-01-136.8CVE-2021-34892
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14910.2022-01-136.8CVE-2021-34932
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15054.2022-01-136.8CVE-2021-34945
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14911.2022-01-136.8CVE-2021-34933
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14909.2022-01-136.8CVE-2021-34931
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14913.2022-01-136.8CVE-2021-34935
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14914.2022-01-136.8CVE-2021-34936
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14915.2022-01-136.8CVE-2021-34937
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14995.2022-01-136.8CVE-2021-34938
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14912.2022-01-136.8CVE-2021-34934
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15041.2022-01-136.8CVE-2021-34942
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14908.2022-01-136.8CVE-2021-34930
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15055.2022-01-136.8CVE-2021-34946
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14835.2022-01-134.3CVE-2021-34882
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14846.2022-01-136.8CVE-2021-34893
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14847.2022-01-136.8CVE-2021-34894
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14829.2022-01-136.8CVE-2021-34877
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14901.2022-01-136.8CVE-2021-34923
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14903.2022-01-136.8CVE-2021-34925
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14904.2022-01-136.8CVE-2021-34926
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14834.2022-01-134.3CVE-2021-34881
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14836.2022-01-134.3CVE-2021-34883
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14875.2022-01-134.3CVE-2021-34902
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14837.2022-01-134.3CVE-2021-34884
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14839.2022-01-134.3CVE-2021-34886
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14840.2022-01-134.3CVE-2021-34887
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14841.2022-01-134.3CVE-2021-34888
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14902.2022-01-136.8CVE-2021-34924
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14843.2022-01-134.3CVE-2021-34890
MISC
MISC
bentley -- bentley_viewThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14874.2022-01-134.3CVE-2021-34901
MISC
MISC
daybydaycrm -- daybydayIn DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.2022-01-135.5CVE-2022-22113
MISC
MISC
dst-admin_project -- dst-adminAn issue was discovered in dst-admin v1.3.0. The product has an unauthorized arbitrary file download vulnerability that can expose sensitive information.2022-01-105CVE-2021-44586
MISC
fastlinemedia -- beaver_builderIn Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API.2022-01-105CVE-2021-42748
MISC
MISC
fastlinemedia -- beaver_themerIn Beaver Themer, attackers can bypass conditional logic controls (for hiding content) when viewing the post archives. Exploitation requires that a Themer layout is applied to the archives, and that the post excerpt field is not set.2022-01-105CVE-2021-42749
MISC
MISC
framasoft -- peertubepeertube is vulnerable to Improper Access Control2022-01-105CVE-2022-0133
CONFIRM
MISC
framasoft -- peertubepeertube is vulnerable to Server-Side Request Forgery (SSRF)2022-01-105CVE-2022-0132
MISC
CONFIRM
google -- androidAn improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.2022-01-104.6CVE-2022-22265
MISC
google -- androidIn showCarrierAppInstallationNotification of EuiccNotificationManager.java, there is a possible way to gain an access to MediaProvider content due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-1946953472022-01-146.9CVE-2021-39625
MISC
google -- androidAn implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information.2022-01-104.3CVE-2022-22270
MISC
google -- google-protobufAn issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.2022-01-104.3CVE-2021-22569
MISC
MISC
MLIST
MLIST
gpac -- gpacA Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fileio_check function, which could cause a Denial of Service.2022-01-104.3CVE-2021-46049
MISC
gpac -- gpacA buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4 file in the svc_parse_slice function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.2022-01-136.8CVE-2021-40568
MISC
MISC
gpac -- gpacThe binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the mpgviddmx_process function in reframe_mpgvid.c, which allows attackers to cause a denial of service. This vulnerability is possibly due to an incomplete fix for CVE-2021-40566.2022-01-134.3CVE-2021-40575
MISC
MISC
gpac -- gpacA Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media_IsSelfContained function, which could cause a Denial of Service. .2022-01-104.3CVE-2021-46051
MISC
gpac -- gpacA Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_size function, which could cause a Denial of Service (context-dependent).2022-01-104.3CVE-2021-46046
MISC
gpac -- gpacA Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hinter_finalize function.2022-01-104.3CVE-2021-46047
MISC
gpac -- gpacThe binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1.c, which allows attackers to cause a denial of service.2022-01-134.3CVE-2021-40572
MISC
MISC
gpac -- gpacThe binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the gf_isom_get_payt_count function in hint_track.c, which allows attackers to cause a denial of service.2022-01-134.3CVE-2021-40576
MISC
MISC
gpac -- gpacGPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial of service (context-dependent).2022-01-104.3CVE-2021-46045
MISC
gpac -- gpacThe binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_list_del function in list.c, which allows attackers to cause a denial of service.2022-01-134.3CVE-2021-40573
MISC
MISC
gpac -- gpacThe binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.2022-01-136.8CVE-2021-40574
MISC
MISC
gpac -- gpacThe binary MP4Box in Gpac through 1.0.1 has a double-free vulnerability in the iloc_entry_del funciton in box_code_meta.c, which allows attackers to cause a denial of service.2022-01-134.3CVE-2021-40569
MISC
MISC
gpac -- gpacA Segmentation fault casued by heap use after free vulnerability exists in Gpac through 1.0.1 via the mpgviddmx_process function in reframe_mpgvid.c when using mp4box, which causes a denial of service.2022-01-124.3CVE-2021-40566
MISC
MISC
gpac -- gpacA Segmentation fault caused by a null pointer dereference vulnerability exists in Gpac through 1.0.1 via the gf_avc_parse_nalu function in av_parsers.c when using mp4box, which causes a denial of service.2022-01-124.3CVE-2021-40565
MISC
MISC
gpac -- gpacA Segmentation fault caused by null pointer dereference vulnerability eists in Gpac through 1.0.2 via the avc_parse_slice function in av_parsers.c when using mp4box, which causes a denial of service.2022-01-124.3CVE-2021-40564
MISC
MISC
gpac -- gpacA Segmentation fault exists casued by null pointer dereference exists in Gpac through 1.0.1 via the naludmx_create_avc_decoder_config function in reframe_nalu.c when using mp4box, which causes a denial of service.2022-01-124.3CVE-2021-40563
MISC
MISC
gpac -- gpacA Segmentation fault caused by a floating point exception exists in Gpac through 1.0.1 using mp4box via the naludmx_enqueue_or_dispatch function in reframe_nalu.c, which causes a denial of service.2022-01-124.3CVE-2021-40562
MISC
MISC
gpac -- gpacA null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmx_parse_nal_avc function in reframe_nalu, which allows a denail of service.2022-01-124.3CVE-2021-40559
MISC
gpac -- gpacThe binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.2022-01-136.8CVE-2021-40571
MISC
MISC
gpac -- gpacThe binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.2022-01-136.8CVE-2021-40570
MISC
MISC
gpac -- gpacA heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in the gf_isom_dovi_config_get function in MP4Box, which causes a denial of service or execute arbitrary code via a crafted file.2022-01-126.8CVE-2021-36417
MISC
gpac -- gpacSegmentation fault vulnerability exists in Gpac through 1.0.1 via the gf_odf_size_descriptor function in desc_private.c when using mp4box, which causes a denial of service.2022-01-134.3CVE-2021-40567
MISC
MISC
htmldoc_project -- htmldocA stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file.2022-01-106.8CVE-2021-43579
MISC
MISC
MISC
MISC
huawei -- emuiThere is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity.2022-01-105CVE-2021-40031
MISC
huawei -- emuiThere is an Out-of-bounds array read vulnerability in the security storage module in smartphones. Successful exploitation of this vulnerability may affect service confidentiality.2022-01-105CVE-2021-40020
MISC
huawei -- emuiThere is an Uncontrolled resource consumption vulnerability in the display module in smartphones. Successful exploitation of this vulnerability may affect service integrity.2022-01-106.4CVE-2021-40011
MISC
huawei -- harmonyosThe bone voice ID TA has a vulnerability in information management,Successful exploitation of this vulnerability may affect data confidentiality.2022-01-105CVE-2021-40032
MISC
huawei -- harmonyosThe Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end.2022-01-105.8CVE-2021-40000
MISC
huawei -- harmonyosThe eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data integrity.2022-01-105CVE-2021-40028
MISC
huawei -- harmonyosThe bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of this vulnerability may affect data confidentiality.2022-01-105CVE-2021-40027
MISC
huawei -- harmonyosThere is a Heap-based buffer overflow vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.2022-01-105CVE-2021-40026
MISC
MISC
huawei -- harmonyosThe eID module has a vulnerability that causes the memory to be used without being initialized,Successful exploitation of this vulnerability may affect data confidentiality.2022-01-105CVE-2021-40025
MISC
huawei -- harmonyosThe weaver module has a vulnerability in parameter type verification,Successful exploitation of this vulnerability may affect data confidentiality.2022-01-105CVE-2021-40022
MISC
huawei -- harmonyosThere is an Out-of-bounds write vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.2022-01-105CVE-2021-40009
MISC
MISC
huawei -- harmonyosThe eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data confidentiality.2022-01-105CVE-2021-40021
MISC
huawei -- harmonyosThere is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.2022-01-105CVE-2021-40038
MISC
MISC
huawei -- harmonyosThere is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability.2022-01-105CVE-2021-40029
MISC
MISC
huawei -- harmonyosThere is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity.2022-01-105CVE-2021-40039
MISC
MISC
huawei -- harmonyosThere is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability.2022-01-105CVE-2021-40035
MISC
MISC
huawei -- harmonyosHwPCAssistant has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.2022-01-105CVE-2021-40003
MISC
huawei -- harmonyosThe distributed data service component has a vulnerability in data access control. Successful exploitation of this vulnerability may affect data confidentiality.2022-01-105CVE-2021-40005
MISC
huawei -- harmonyosThe CaasKit module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the MeeTime application to be unavailable.2022-01-105CVE-2021-40001
MISC
huawei -- harmonyosThere is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart.2022-01-104.9CVE-2021-40037
MISC
MISC
huawei -- harmonyosThe bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.2022-01-105CVE-2021-40014
MISC
huawei -- harmonyosThe cellular module has a vulnerability in permission management. Successful exploitation of this vulnerability may affect data confidentiality.2022-01-105CVE-2021-40004
MISC
huawei -- harmonyosThe eID module has a null pointer reference vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.2022-01-105CVE-2021-40018
MISC
huawei -- harmonyosThe Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end.2022-01-105.8CVE-2021-40002
MISC
ibm -- security_verify_accessIBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040.2022-01-105CVE-2021-38957
CONFIRM
XF
ibm -- security_verify_accessIBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210067.2022-01-105CVE-2021-38921
CONFIRM
XF
ibm -- security_verify_accessIBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 2120382022-01-105CVE-2021-38956
XF
CONFIRM
ibm -- security_verify_accessIBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 209515.2022-01-104CVE-2021-38894
CONFIRM
XF
ibm -- viosIBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952.2022-01-104.6CVE-2021-38990
XF
CONFIRM
CONFIRM
kentico -- kentico_cmsKentico Xperience 13.0.44 allows XSS via an XML document to the Media Libraries subsystem.2022-01-104.3CVE-2021-46163
MISC
kubernetes -- kuberneteskubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.2022-01-075.8CVE-2021-25743
CONFIRM
libexpat_project -- libexpatlookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.2022-01-106.8CVE-2022-22825
MISC
libexpat_project -- libexpatnextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.2022-01-106.8CVE-2022-22826
MISC
libexpat_project -- libexpatstoreAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.2022-01-106.8CVE-2022-22827
MISC
libmeshb_project -- libmeshbA buffer overflow in the GmfOpenMesh() function of libMeshb v7.61 allows attackers to cause a Denial of Service (DoS) via a crafted MESH file.2022-01-124.3CVE-2021-46225
MISC
MISC
mediawiki -- mediawikiAn issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A denial of service (resource consumption) can be accomplished by searching for a very long key in a Language Name Search.2022-01-105CVE-2021-46149
MISC
MISC
mediawiki -- mediawikiAn issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. MassEditRegex allows CSRF.2022-01-106.8CVE-2021-46147
MISC
MISC
mediawiki -- mediawikiAn issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Some unprivileged users can view confidential information (e.g., IP addresses and User-Agent headers for election traffic) on a testwiki SecurePoll instance.2022-01-104CVE-2021-46148
MISC
MISC
MISC
metagauss -- registrationmagicThe RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue2022-01-106.5CVE-2021-24862
MISC
microsoft -- excelMicrosoft Office Remote Code Execution Vulnerability.2022-01-116.8CVE-2022-21840
MISC
microsoft -- sharepoint_enterprise_serverMicrosoft Word Remote Code Execution Vulnerability.2022-01-116.8CVE-2022-21842
MISC
microsoft -- windows_10Windows IKE Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-21848, CVE-2022-21883, CVE-2022-21889, CVE-2022-21890.2022-01-114.3CVE-2022-21843
MISC
microsoft -- windows_10Windows Push Notifications Apps Elevation Of Privilege Vulnerability.2022-01-116.9CVE-2022-21867
MISC
microsoft -- windows_10Windows Accounts Control Elevation of Privilege Vulnerability.2022-01-116.9CVE-2022-21859
MISC
microsoft -- windows_10Windows Hyper-V Denial of Service Vulnerability.2022-01-114.9CVE-2022-21847
MISC
microsoft -- windows_10Windows Devices Human Interface Elevation of Privilege Vulnerability.2022-01-116.9CVE-2022-21868
MISC
microsoft -- windows_10Windows StateRepository API Server file Elevation of Privilege Vulnerability.2022-01-116.9CVE-2022-21863
MISC
microsoft -- windows_10Windows Application Model Core API Elevation of Privilege Vulnerability.2022-01-116.9CVE-2022-21862
MISC
mitre -- calderaAn issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG" parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be leveraged for XXE attacks (e.g., File Exfiltration, Server Side Request Forgery, Out of Band Exfiltration, etc.).2022-01-126.5CVE-2021-42560
MISC
MISC
philips -- engageThe affected product is vulnerable to an improper access control, which may allow an authenticated user to gain unauthorized access to sensitive data.2022-01-104CVE-2021-23173
MISC
pluginus -- woocommerce_currency_switcherThe WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape the custom_prices parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue2022-01-104.3CVE-2021-25043
CONFIRM
MISC
qnap -- qtsA cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QuTS hero h4.5.4.1771 build 20210825 and later QTS 4.5.4.1787 build 20210910 and later QuTScloud c4.5.7.1864 and later2022-01-074.3CVE-2021-38674
MISC
qualcomm -- apq8009w_firmwarePossible denial of service due to incorrectly decoding hex data for the SIB2 OTA message and assigning a garbage value to choice when processing the SRS configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables2022-01-135CVE-2021-30300
CONFIRM
qualcomm -- ar8031_firmwareImproper validation of memory region in Hypervisor can lead to incorrect region mapping in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking2022-01-134.6CVE-2021-30285
CONFIRM
qualcomm -- ar8035_firmwarePossible assertion due to improper validation of symbols configured for PDCCH monitoring in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile2022-01-135CVE-2021-30287
CONFIRM
qualcomm -- ar8035_firmwarePossible denial of service due to improper validation of DNS response when DNS client requests with PTR, NAPTR or SRV query type in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT2022-01-135CVE-2021-30307
CONFIRM
qualcomm -- ar8035_firmwarePossible denial of service due to out of memory while processing RRC and NAS OTA message in Snapdragon Auto, Snapdragon Industrial IOT, Snapdragon Mobile2022-01-135CVE-2021-30301
CONFIRM
rubyonrails -- railsA open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.2022-01-105.8CVE-2021-44528
MISC
siemens -- comosA vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS uses a flawed implementation of CSRF prevention. An attacker could exploit this vulnerability to perform Cross-Site-Request-Forgery attacks.2022-01-116.8CVE-2021-37198
MISC
siemens -- comosA vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability could allow an attacker to store files in any folder accessible by the COMOS Web webservice.2022-01-114CVE-2021-37196
MISC
siemens -- comosA vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS is vulnerable to SQL injections. This could allow an attacker to execute arbitrary SQL statements.2022-01-116.5CVE-2021-37197
MISC
siemens -- comosA vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to inject malicious code that is executed when loading the attachment.2022-01-114.3CVE-2021-37195
MISC
sismics -- teedyIn Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting (XSS). The “search term" search functionality is not sufficiently sanitized while displaying the results of the search, which can be leveraged to inject arbitrary scripts. These scripts are executed in a victim’s browser when they enter the crafted URL. In the worst case, the victim who inadvertently triggers the attack is a highly privileged administrator. The injected scripts can extract the Session ID, which can lead to full Account Takeover of the administrator, by an unauthenticated attacker.2022-01-104.3CVE-2022-22114
MISC
MISC
snipeitapp -- snipe-itsnipe-it is vulnerable to Improper Access Control2022-01-124.9CVE-2022-0179
CONFIRM
MISC
soketi_project -- soketisoketi is an open-source WebSockets server. There is an unhandled case when reading POST requests which results in the server crashing if it could not read the body of a request. In the event that a POST request is sent to any endpoint of the server with an empty body, even unauthenticated with the Pusher Protocol, it will crash the server. All users that run the server are affected by this vulnerability and it's highly recommended to upgrade to the latest patch. There are no workarounds for this issue.2022-01-105CVE-2022-21667
MISC
CONFIRM
MISC
sphinxsearch -- sphinxSphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx.2022-01-105CVE-2020-29050
MISC
MISC
MLIST
trendmicro -- apex_oneA link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2022-01-106.6CVE-2021-44024
MISC
MISC
trendmicro -- apex_oneA link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2022-01-106.6CVE-2021-45442
MISC
MISC
ultimaker -- ultimaker_s3_firmwareIn Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver can be used for clickjacking. This includes the settings page.2022-01-106.8CVE-2021-34087
MISC
MISC
MISC
ultimaker -- ultimaker_s3_firmwareIn Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver hosts APIs vulnerable to CSRF. They do not verify incoming requests.2022-01-106.8CVE-2021-34086
MISC
MISC
MISC
MISC
vim -- vimvim is vulnerable to Heap-based Buffer Overflow2022-01-104.3CVE-2022-0158
CONFIRM
MISC
FEDORA
MLIST
vim -- vimvim is vulnerable to Use After Free2022-01-104.3CVE-2022-0156
MISC
CONFIRM
FEDORA
MLIST
vmware -- spring_frameworkIn Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.2022-01-104CVE-2021-22060
MISC
webassembly -- binaryenA Stack Overflow vulnerability exists in Binaryen 103 via the printf_common function.2022-01-104.3CVE-2021-46050
MISC
webassembly -- binaryenA Denial of Service vulnerability exists in Binaryen 103. The program terminates with signal SIGKILL.2022-01-104.3CVE-2021-46053
MISC
webassembly -- binaryenA Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::readFunctions.2022-01-104.3CVE-2021-46048
MISC
webassembly -- binaryenA Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate.2022-01-104.3CVE-2021-46052
MISC
webassembly -- binaryenA Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*).2022-01-104.3CVE-2021-46054
MISC
webassembly -- binaryenA Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*).2022-01-104.3CVE-2021-46055
MISC
wow-company -- button_generatorThe Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.2022-01-105.1CVE-2021-25052
CONFIRM
MISC
wow-company -- modal_windowThe Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.2022-01-105.1CVE-2021-25051
MISC
CONFIRM
wow-company -- wp_coderThe WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.2022-01-105.1CVE-2021-25053
CONFIRM
MISC
wow-company -- wpcalcThe WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability.2022-01-106.5CVE-2021-25054
MISC
zohocorp -- manageengine_desktop_centralZoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module.2022-01-106.5CVE-2021-46164
MISC
zohocorp -- manageengine_desktop_centralZoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path might not be properly defined.2022-01-104.6CVE-2021-46165
MISC
zohocorp -- manageengine_desktop_centralZoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page.2022-01-104CVE-2021-46166
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- experience_managerAEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2022-01-133.5CVE-2021-43764
MISC
fit2cloud -- haloIn Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article title. An authenticated attacker can inject arbitrary javascript code that will execute on a victim’s server.2022-01-133.5CVE-2022-22123
MISC
MISC
MISC
fit2cloud -- haloIn Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the profile image. An authenticated attacker can upload a carefully crafted SVG file that will trigger arbitrary javascript to run on a victim’s browser.2022-01-133.5CVE-2022-22124
MISC
MISC
MISC
google -- androidUnprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity.2022-01-102.1CVE-2022-22263
MISC
google -- androidImproper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without permission.2022-01-103.6CVE-2022-22264
MISC
google -- androidIn StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-1895750312022-01-142.1CVE-2021-39628
MISC
google -- androidIncorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode.2022-01-103.6CVE-2022-22268
MISC
google -- android(Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission.2022-01-102.1CVE-2022-22266
MISC
google -- androidImplicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information.2022-01-102.1CVE-2022-22267
MISC
google -- androidKeeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address.2022-01-102.1CVE-2022-22269
MISC
google -- androidA missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory.2022-01-102.1CVE-2022-22271
MISC
google -- androidImproper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission2022-01-102.1CVE-2022-22272
MISC
huawei -- harmonyosThe fingerprint module has a security risk of brute force cracking. Successful exploitation of this vulnerability may affect data confidentiality.2022-01-102.1CVE-2021-40006
MISC
huawei -- ws318n-21_firmwareThere is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n product when processing network settings. Due to insufficient validation of user input, a local authenticated attacker could exploit this vulnerability by injecting special characters. Successful exploit could cause certain information disclosure. Affected product versions include: WS318n-21 10.0.2.2, 10.0.2.5 and 10.0.2.6.2022-01-101.9CVE-2021-40041
MISC
ibm -- security_verify_accessIBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209563.2022-01-103.5CVE-2021-38895
XF
CONFIRM
ivanti -- workspace_controlA insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector.2022-01-102.1CVE-2022-21823
MISC
mediawiki -- mediawikiAn issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Special:CheckUserLog allows CheckUser XSS because of date mishandling, as demonstrated by an XSS payload in MediaWiki:October.2022-01-103.5CVE-2021-46150
MISC
MISC
mediawiki -- mediawikiAn issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file.2022-01-103.5CVE-2021-46146
MISC
MISC
microsoft -- windows_10Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability.2022-01-112.1CVE-2022-21839
MISC
phoronix-media -- phoronix_test_suitephoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2022-01-103.5CVE-2022-0157
CONFIRM
MISC
rangerstudio -- directusIn Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged attacker can upload a crafted HTML file as a profile avatar, and when an admin or another user opens it, the XSS payload gets triggered.2022-01-103.5CVE-2022-22117
MISC
MISC
rangerstudio -- directusIn Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim’s browser when they open the image URL.2022-01-103.5CVE-2022-22116
MISC
MISC
sismics -- teedyIn Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Site Scripting (XSS) in the name of a created Tag. Since the Tag name is not being sanitized properly in the edit tag page, a low privileged attacker can store malicious scripts in the name of the Tag. In the worst case, the victim who inadvertently triggers the attack is a highly privileged administrator. The injected scripts can extract the Session ID, which can lead to full Account Takeover of the administrator, and privileges escalation.2022-01-103.5CVE-2022-22115
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
10web_social_photo_feed -- 10web_social_photo_feed
 
The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affected by a reflected Cross-Site Scripting (XSS) vulnerability in the wdi_apply_changes admin page, allowing an attacker to perform such attack against any logged in users2022-01-10not yet calculatedCVE-2021-25047
MISC
adobe -- acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-14not yet calculatedCVE-2021-44704
MISC
adobe -- acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-14not yet calculatedCVE-2021-44712
MISC
adobe -- acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in application denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-14not yet calculatedCVE-2021-44713
MISC
adobe -- acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Violation of Secure Design Principles that could lead to a Security feature bypass. Acrobat Reader DC displays a warning message when a user clicks on a PDF file, which could be used by an attacker to mislead the user. In affected versions, this warning message does not include custom protocols when used by the sender. User interaction is required to abuse this vulnerability as they would need to click 'allow' on the warning message of a malicious file.2022-01-14not yet calculatedCVE-2021-44714
MISC
adobe -- acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a heap overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-14not yet calculatedCVE-2021-44709
MISC
adobe -- acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-14not yet calculatedCVE-2021-44715
MISC
adobe -- acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-14not yet calculatedCVE-2021-44707
MISC
adobe -- acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a heap overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-14not yet calculatedCVE-2021-44708
MISC
adobe -- acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-14not yet calculatedCVE-2021-44710
MISC
adobe -- acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-14not yet calculatedCVE-2021-44706
MISC
adobe -- acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-14not yet calculatedCVE-2021-45063
MISC
adobe -- acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a stack buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-14not yet calculatedCVE-2021-44703
MISC
adobe -- acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-14not yet calculatedCVE-2021-44740
MISC
adobe -- acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-14not yet calculatedCVE-2021-44701
MISC
adobe -- acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-14not yet calculatedCVE-2021-44742
MISC
adobe -- acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-14not yet calculatedCVE-2021-45060
MISC
adobe -- acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-14not yet calculatedCVE-2021-45061
MISC
adobe -- acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-14not yet calculatedCVE-2021-45062
MISC
adobe -- acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-14not yet calculatedCVE-2021-44741
MISC
adobe -- acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-14not yet calculatedCVE-2021-45064
MISC
adobe -- acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-14not yet calculatedCVE-2021-45067
MISC
adobe -- acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-14not yet calculatedCVE-2021-45068
MISC
adobe -- acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-14not yet calculatedCVE-2021-44705
MISC
adobe -- acrobat_reader_dc
 
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-14not yet calculatedCVE-2021-44711
MISC
adobe -- acrobat_reader_dc_activex_control
 
Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page.2022-01-14not yet calculatedCVE-2021-44739
MISC
adobe -- acrobat_reader_dc_activex_control
 
Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page.2022-01-14not yet calculatedCVE-2021-44702
MISC
adobe -- adobe_experience_manager
 
AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a dispatcher bypass vulnerability that could be abused to evade security controls. Sensitive areas of the web application may be exposed through exploitation of the vulnerability.2022-01-13not yet calculatedCVE-2021-43762
MISC
adobe -- adobe_experience_manager
 
AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.2022-01-13not yet calculatedCVE-2021-43761
MISC
adobe -- bridge
 
Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-14not yet calculatedCVE-2021-44743
MISC
adobe -- bridge
 
Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an use-after-free vulnerability in the processing of Format event actions that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-14not yet calculatedCVE-2021-45051
MISC
adobe -- bridge
 
Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file.2022-01-14not yet calculatedCVE-2021-45052
MISC
adobe -- experience_manager
 
AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE.2022-01-13not yet calculatedCVE-2021-40722
MISC
adobe -- illustrator
 
Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-14not yet calculatedCVE-2021-43752
MISC
adobe -- illustrator
 
Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-01-14not yet calculatedCVE-2021-44700
MISC
apache -- dubbo
 
A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protocol, during Hessian catch unexpected exceptions, Hessian will log out some imformation for users, which may cause remote command execution. This issue affects Apache Dubbo Apache Dubbo 2.6.x versions prior to 2.6.12; Apache Dubbo 2.7.x versions prior to 2.7.15; Apache Dubbo 3.0.x versions prior to 3.0.5.2022-01-10not yet calculatedCVE-2021-43297
MISC
arista -- eos
 
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.2022-01-14not yet calculatedCVE-2021-28500
MISC
arista -- eos
 
An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent.2022-01-14not yet calculatedCVE-2021-28507
MISC
arista -- eos
 
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device.2022-01-14not yet calculatedCVE-2021-28506
MISC
arista -- eos
 
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.2022-01-14not yet calculatedCVE-2021-28501
MISC
arm -- mali_gpu_kernel_driver
 
Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 through r34p0, and Valhall r19p0 through r34p0) allows a non-privileged user to achieve write access to read-only memory, and possibly obtain root privileges, corrupt memory, and modify the memory of other processes.2022-01-14not yet calculatedCVE-2021-44828
MISC
asus -- rt-ax56u
 
ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files.2022-01-14not yet calculatedCVE-2022-22054
MISC
authzed -- spicedb
 
SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch of an `exclusion` or within an `intersection` operation will see `Lookup`/`LookupResources` return a resource as "accessible" if it is *not* accessible by virtue of the inclusion of the wildcard in the intersection or the right side of the exclusion. In `v1.3.0`, the wildcard is ignored entirely in lookup's dispatch, resulting in the `banned` wildcard being ignored in the exclusion. Version 1.4.0 contains a patch for this issue. As a workaround, don't make use of wildcards on the right side of intersections or within exclusions.2022-01-11not yet calculatedCVE-2022-21646
MISC
MISC
CONFIRM
MISC
bentley -- contextcapture
 
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley ContextCapture 10.18.0.232. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14785.2022-01-13not yet calculatedCVE-2021-34985
MISC
MISC
bentley -- contextcapture
 
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley ContextCapture 10.18.0.232. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14784.2022-01-13not yet calculatedCVE-2021-34984
MISC
MISC
bytecode_viewer -- bytecode_viewer
 
Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Versions of the package prior to 2.11.0 are vulnerable to Arbitrary File Write via Archive Extraction (AKA "Zip Slip"). The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The Zip Slip vulnerability can affect numerous archive formats, including zip, jar, tar, war, cpio, apk, rar and 7z. The attacker can then overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine. The impact of a Zip Slip vulnerability would allow an attacker to create or overwrite existing files on the filesystem. In the context of a web application, a web shell could be placed within the application directory to achieve code execution. All users should upgrade to BCV v2.11.0 when possible to receive a patch. There are no recommended workarounds aside from upgrading.2022-01-12not yet calculatedCVE-2022-21675
MISC
CONFIRM
MISC
MISC
checkmk -- checkmk
 
A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title.2022-01-15not yet calculatedCVE-2020-28919
MISC
MISC
MISC
MISC
china_mobile -- an_lianbao_wf-1_router
 
China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface /api/ZRUsb/pop_usb_device component.2022-01-14not yet calculatedCVE-2021-33962
MISC
MISC
MISC
MISC
china_mobile -- an_lianbao_wf-1_router
 
China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands.2022-01-15not yet calculatedCVE-2021-33963
MISC
MISC
MISC
MISC
chronoforms -- chronoforms
 
ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary files.2022-01-12not yet calculatedCVE-2021-28376
MISC
chronoforums -- chronoforums
 
ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files.2022-01-12not yet calculatedCVE-2021-28377
MISC
cisco -- ip_phone_models
 
A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks.2022-01-14not yet calculatedCVE-2022-20660
CISCO
FULLDISC
cisco -- multiple_products
 
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.2022-01-11not yet calculatedCVE-2021-1573
CISCO
cisco -- multiple_products
 
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.2022-01-11not yet calculatedCVE-2021-34704
CISCO
cisco -- security_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-01-14not yet calculatedCVE-2022-20643
CISCO
cisco -- security_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-01-14not yet calculatedCVE-2022-20636
CISCO
cisco -- security_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-01-14not yet calculatedCVE-2022-20635
CISCO
cisco -- security_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-01-14not yet calculatedCVE-2022-20646
CISCO
cisco -- security_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-01-14not yet calculatedCVE-2022-20645
CISCO
cisco -- security_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-01-14not yet calculatedCVE-2022-20647
CISCO
cisco -- security_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-01-14not yet calculatedCVE-2022-20642
CISCO
cisco -- security_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-01-14not yet calculatedCVE-2022-20644
CISCO
cisco -- security_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-01-14not yet calculatedCVE-2022-20640
CISCO
cisco -- security_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-01-14not yet calculatedCVE-2022-20639
CISCO
cisco -- security_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-01-14not yet calculatedCVE-2022-20637
CISCO
cisco -- security_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-01-14not yet calculatedCVE-2022-20641
CISCO
cisco -- security_manager
 
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-01-14not yet calculatedCVE-2022-20638
CISCO
clam_antivirus_software -- vlam_antivirus_software
 
A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.2022-01-14not yet calculatedCVE-2022-20698
CISCO
colors.js -- colors.js
 
The package colors after 1.4.0 are vulnerable to Denial of Service (DoS) that was introduced through an infinite loop in the americanFlag module. Unfortunately this appears to have been a purposeful attempt by a maintainer of colors to make the package unusable, other maintainers' controls over this package appear to have been revoked in an attempt to prevent them from fixing the issue. Vulnerable Code js for (let i = 666; i < Infinity; i++;) { Alternative Remediation Suggested * Pin dependancy to 1.4.02022-01-14not yet calculatedCVE-2021-23567
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
commvault -- commcell
 
This vulnerability allows remote attackers to bypass authentication on affected installations of Commvault CommCell 11.22.22. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CVSearchService service. The issue results from the lack of proper validation prior to authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-13706.2022-01-13not yet calculatedCVE-2021-34993
MISC
commvault -- commcell
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DataProvider class. The issue results from the lack of proper validation of a user-supplied string before executing it as JavaScript code. An attacker can leverage this vulnerability to escape the JavaScript sandbox and execute Java code in the context of NETWORK SERVICE. Was ZDI-CAN-13755.2022-01-13not yet calculatedCVE-2021-34994
MISC
commvault -- commcell
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DownloadCenterUploadHandler class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-13756.2022-01-13not yet calculatedCVE-2021-34995
MISC
commvault -- commcell
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Demo_ExecuteProcessOnGroup workflow. By creating a workflow, an attacker can specify an arbitrary command to be executed. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-13889.2022-01-13not yet calculatedCVE-2021-34996
MISC
commvault -- commcell
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AppStudioUploadHandler class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-13894.2022-01-13not yet calculatedCVE-2021-34997
MISC
coreftp -- server
 
CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request.2022-01-10not yet calculatedCVE-2022-22836
MISC
MISC
corenlp -- corenlp
 
corenlp is vulnerable to Improper Restriction of XML External Entity Reference2022-01-13not yet calculatedCVE-2022-0198
MISC
CONFIRM
cortex_xdr -- cortex_xdr
 
A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9.2022-01-12not yet calculatedCVE-2022-0015
MISC
cortex_xdr -- cortex_xdr
 
A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.2022-01-12not yet calculatedCVE-2022-0013
MISC
cortex_xdr -- cortex_xdr
 
An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.2022-01-12not yet calculatedCVE-2022-0014
MISC
cortex_xdr -- cortex_xdr
 
An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.2022-01-12not yet calculatedCVE-2022-0012
MISC
crater -- crater
 
crater is vulnerable to Unrestricted Upload of File with Dangerous Type2022-01-12not yet calculatedCVE-2021-4080
CONFIRM
MISC
crestron -- multiple_devices
 
An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields.2022-01-15not yet calculatedCVE-2022-23178
MISC
crow -- crow
 
This affects the package Crow before 0.3+4. It is possible to traverse directories to fetch arbitrary files from the server.2022-01-13not yet calculatedCVE-2021-23514
CONFIRM
CONFIRM
CONFIRM
crow -- crow
 
This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting (XSS) vulnerability, assuming an attacker can influence the value entered into the template. If the template is used to render user-generated content, this vulnerability may escalate to a persistent XSS vulnerability.2022-01-13not yet calculatedCVE-2021-23824
MISC
MISC
MISC
cyberark -- endpoint_privilege_manager
 
CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory.2022-01-15not yet calculatedCVE-2021-44049
CONFIRM
MISC
MISC
MISC
dahua -- multiple_products
 
Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.2022-01-13not yet calculatedCVE-2021-33046
MISC
CONFIRM
CONFIRM
daybyday -- crm
 
In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an application-wide Client-Side Template Injection (CSTI). A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser.2022-01-13not yet calculatedCVE-2022-22112
MISC
MISC
discourse -- discourse
 
Discourse is an open source discussion platform. Versions prior to 2.7.13 in `stable`, 2.8.0.beta11 in `beta`, and 2.8.0.beta11 in `tests-passed` allow some users to log in to a community before they should be able to do so. A user invited via email to a forum with `must_approve_users` enabled is going to be automatically logged in, bypassing the check that does not allow unapproved users to sign in. They will be able to do everything an approved user can do. If they logout, they cannot log back in. This issue is patched in the `stable` version 2.7.13, `beta` version 2.8.0.beta11, and `tests-passed` version 2.8.0.beta11. One may disable invites as a workaround. Administrators can increase `min_trust_level_to_allow_invite` to reduce the attack surface to more trusted users.2022-01-13not yet calculatedCVE-2022-21684
MISC
CONFIRM
MISC
discourse -- discourse
 
Discourse is an open source discussion platform. Prior to version 2.8.0.beta11 in the `tests-passed` branch, version 2.8.0.beta11 in the `beta` branch, and version 2.7.13 in the `stable` branch, the bios of users who made their profiles private were still visible in the `<meta>` tags on their users' pages. The problem is patched in `tests-passed` version 2.8.0.beta11, `beta` version 2.8.0.beta11, and `stable` version 2.7.13 of Discourse.2022-01-13not yet calculatedCVE-2022-21678
MISC
CONFIRM
MISC
discourse -- discourse
 
Discourse is an open source discussion platform. Discourse groups can be configured with varying visibility levels for the group as well as the group members. By default, a newly created group has its visibility set to public and the group's members visibility set to public as well. However, a group's visibility and the group's members visibility can be configured such that it is restricted to logged on users, members of the group or staff users. A vulnerability has been discovered in versions prior to 2.7.13 and 2.8.0.beta11 where the group advanced search option does not respect the group's visibility and members visibility level. As such, a group with restricted visibility or members visibility can be revealed through search with the right search option. This issue is patched in `stable` version 2.7.13, `beta` version 2.8.0.beta11, and `tests-passed` version 2.8.0.beta11 versions of Discourse. There are no workarounds aside from upgrading.2022-01-14not yet calculatedCVE-2022-21677
MISC
CONFIRM
django -- django_cms
 
Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user.2022-01-12not yet calculatedCVE-2021-44649
MISC
MISC
dnslib -- dnslib
 
The dnslib package through 0.9.16 for Python does not verify that the ID value in a DNS reply matches an ID value in a query.2022-01-10not yet calculatedCVE-2022-22846
MISC
docker -- docker_desktop
 
Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the user’s local files.2022-01-12not yet calculatedCVE-2021-45449
MISC
dolibarr -- dolibarr
 
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command2022-01-14not yet calculatedCVE-2022-0224
MISC
CONFIRM
dolibarr -- dolibarr
 
dolibarr is vulnerable to Business Logic Errors2022-01-10not yet calculatedCVE-2022-0174
MISC
CONFIRM
download_monitor -- download_monitor
 
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6).2022-01-14not yet calculatedCVE-2021-36920
CONFIRM
CONFIRM
edgerover -- desktop
 
File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources.2022-01-13not yet calculatedCVE-2022-22988
MISC
element-it -- http_commander
 
A cross-site scripting (XSS) vulnerability in the "Zip content" feature in Element-IT HTTP Commander 3.1.9 allows remote authenticated users to inject arbitrary web script or HTML via filenames.2022-01-13not yet calculatedCVE-2021-40813
MISC
MISC
elementor-pro -- elementor-pro
 
The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tp_get_dl_post_info_ajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts2022-01-10not yet calculatedCVE-2021-24948
MISC
MISC
elementor-pro -- elementor-pro
 
The "WP Search Filters" widget of The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection2022-01-10not yet calculatedCVE-2021-24949
MISC
MISC
eyoucms -- eyoucms
 
eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename.2022-01-14not yet calculatedCVE-2021-46255
MISC
fig2dev -- fig2dev
 
A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c.2022-01-12not yet calculatedCVE-2021-37530
MISC
fig2dev -- fig2dev
 
A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent).2022-01-12not yet calculatedCVE-2021-37529
MISC
flatpak -- flatpak
 
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there's a null byte in the metadata file of an app. Therefore apps can grant themselves permissions without the consent of the user. Flatpak shows permissions to the user during install by reading them from the "xa.metadata" key in the commit metadata. This cannot contain a null terminator, because it is an untrusted GVariant. Flatpak compares these permissions to the *actual* metadata, from the "metadata" file to ensure it wasn't lied to. However, the actual metadata contents are loaded in several places where they are read as simple C-style strings. That means that, if the metadata file includes a null terminator, only the content of the file from *before* the terminator gets compared to xa.metadata. Thus, any permissions that appear in the metadata file after a null terminator are applied at runtime but not shown to the user. So maliciously crafted apps can give themselves hidden permissions. Users who have Flatpaks installed from untrusted sources are at risk in case the Flatpak has a maliciously crafted metadata file, either initially or in an update. This issue is patched in versions 1.12.3 and 1.10.6. As a workaround, users can manually check the permissions of installed apps by checking the metadata file or the xa.metadata key on the commit metadata.2022-01-12not yet calculatedCVE-2021-43860
MISC
MISC
MISC
MISC
CONFIRM
MISC
MISC
MISC
FEDORA
flatpak -- flatpak
 
Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory will have the full access that is specified in the manifest, so running `flatpak build` against it will gain those permissions. Normally this will not be done, so this is not problem. However, if `--mirror-screenshots-url` is specified, then flatpak-builder will launch `flatpak build --nofilesystem=host appstream-utils mirror-screenshots` after finalization, which can lead to issues even with the `--nofilesystem=host` protection. In normal use, the only issue is that these empty directories can be created wherever the user has write permissions. However, a malicious application could replace the `appstream-util` binary and potentially do something more hostile. This has been resolved in Flatpak 1.12.3 and 1.10.6 by changing the behaviour of `--nofilesystem=home` and `--nofilesystem=host`.2022-01-13not yet calculatedCVE-2022-21682
CONFIRM
MISC
MISC
FEDORA
follow-redirects -- follow-redirects
 
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor2022-01-10not yet calculatedCVE-2022-0155
CONFIRM
MISC
formpipe -- lasernet
 
Formpipe Lasernet before 9.13.3 allows file inclusion in Client Web Services (either by an authenticated attacker, or in a configuration that does not require authentication).2022-01-10not yet calculatedCVE-2022-22847
CONFIRM
gcc -- gcc
 
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.2022-01-14not yet calculatedCVE-2021-46195
MISC
gnome -- gnome
 
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.2022-01-12not yet calculatedCVE-2021-44648
MISC
MISC
gnu -- recutils
 
An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.2022-01-14not yet calculatedCVE-2021-46021
MISC
gnu -- recutils
 
An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.2022-01-14not yet calculatedCVE-2021-46022
MISC
gnu -- recutils
 
An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.2022-01-14not yet calculatedCVE-2021-46019
MISC
gnu_c_library -- gnu_c_library
 
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.2022-01-14not yet calculatedCVE-2022-23218
MISC
gnu_c_library -- gnu_c_library
 
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.2022-01-14not yet calculatedCVE-2022-23219
MISC
google -- android
 
In inotify_cb of events.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-2021597092022-01-14not yet calculatedCVE-2021-39632
MISC
google -- android
 
In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency calling due to an unhandled exception. In rare instances, this could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-2082676592022-01-14not yet calculatedCVE-2021-39659
MISC
google -- android
 
In mgm_alloc_page of memory_group_manager.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-201677538References: N/A2022-01-14not yet calculatedCVE-2021-39682
MISC
google -- android
 
In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202003354References: N/A2022-01-14not yet calculatedCVE-2021-39683
MISC
google -- android
 
In target_init of gs101/abl/target/slider/target.c, there is a possible allocation of RWX memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-203250788References: N/A2022-01-14not yet calculatedCVE-2021-39684
MISC
google -- android
 
In <TBD> of <TBD>, there is a possible bypass of Factory Reset Protection due to <TBD>. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-171742549References: N/A2022-01-14not yet calculatedCVE-2021-39678
MISC
google -- android
 
In init of vendor_graphicbuffer_meta.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188745089References: N/A2022-01-14not yet calculatedCVE-2021-39679
MISC
google -- android
 
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-1946954972022-01-14not yet calculatedCVE-2021-39626
MISC
google -- android
 
In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150694665References: Upstream kernel2022-01-14not yet calculatedCVE-2021-39633
MISC
google -- android
 
In delete_protocol of main.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200251074References: N/A2022-01-14not yet calculatedCVE-2021-39681
MISC
google -- android
 
In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-2027682922022-01-14not yet calculatedCVE-2021-39630
MISC
google -- android
 
In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-1973533442022-01-14not yet calculatedCVE-2021-39629
MISC
google -- android
 
In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-1851265492022-01-14not yet calculatedCVE-2021-39627
MISC
google -- android
 
In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-1851263192022-01-14not yet calculatedCVE-2021-39621
MISC
google -- android
 
Hacker one bug ID: 1343975Product: AndroidVersions: Android SoCAndroid ID: A-2042567222022-01-14not yet calculatedCVE-2021-1049
MISC
google -- android
 
The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any permission checks, so any app can register to listen for it. This lets apps keep track of what devices are paired without requesting BLUETOOTH permissions.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-1629519062022-01-14not yet calculatedCVE-2021-1037
MISC
google -- android
 
In LocationSettingsActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-1828122552022-01-14not yet calculatedCVE-2021-1036
MISC
google -- android
 
In fs/eventpoll.c, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204450605References: Upstream kernel2022-01-14not yet calculatedCVE-2021-39634
MISC
google -- android
 
In sec_SHA256_Transform of sha256_core.c, there is a possible way to read heap data due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-197965864References: N/A2022-01-14not yet calculatedCVE-2021-39680
MISC
gpac -- gpac
 
GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_list_last(). This vulnerability allows attackers to cause a Denial of Service (DoS).2022-01-14not yet calculatedCVE-2021-45760
MISC
gpac -- gpac
 
GPAC 1.1.0 was discovered to contain an invalid memory address dereference via the function lsr_read_id(). This vulnerability can lead to a Denial of Service (DoS).2022-01-14not yet calculatedCVE-2021-45767
MISC
gpac -- gpac
 
A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via media.c, which allows attackers to cause a denial of service or execute arbitrary code via a crafted file.2022-01-10not yet calculatedCVE-2021-36414
MISC
gpac -- gpac
 
A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via the gp_rtp_builder_do_mpeg12_video function, which allows attackers to possibly have unspecified other impact via a crafted file in the MP4Box command,2022-01-10not yet calculatedCVE-2021-36412
MISC
gpac -- gpac
 
GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_sg_vrml_mf_reset(). This vulnerability allows attackers to cause a Denial of Service (DoS).2022-01-14not yet calculatedCVE-2021-45762
MISC
gpac -- gpac
 
GPAC v1.1.0 was discovered to contain an invalid call in the function gf_node_changed(). This vulnerability can lead to a Denial of Service (DoS).2022-01-14not yet calculatedCVE-2021-45763
MISC
gpac -- gpac
 
GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function shift_chunk_offsets.isra().2022-01-14not yet calculatedCVE-2021-45764
MISC
h2database -- h2databse
 
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.2022-01-10not yet calculatedCVE-2021-42392
MISC
MISC
halo -- halo
 
In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server.2022-01-13not yet calculatedCVE-2022-22125
MISC
MISC
MISC
hermes -- hermes
 
By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. This could result in segmentation fault as a consequence of type confusion error, with a low chance of RCE. This issue affects Hermes versions prior to v0.10.0.2022-01-15not yet calculatedCVE-2021-24044
CONFIRM
hp -- designjet_products
 
Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing and downloading of print job previews.2022-01-14not yet calculatedCVE-2021-3965
MISC
ibm -- aix_and_vios
 
IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. IBM X-Force ID: 212953.2022-01-11not yet calculatedCVE-2021-38991
XF
CONFIRM
ibm -- extended_dynamic_remote_sql_server
 
The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a specially crafted request and cause a denial of service. IBM X-Force ID: 214537.2022-01-13not yet calculatedCVE-2021-39056
XF
CONFIRM
ibm -- multiple_products
 
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authenticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID: 200657.2022-01-11not yet calculatedCVE-2021-29701
CONFIRM
XF
ibm -- planning analytics_and_planning_analytics_workspace
 
IBM Planning Analytics 2.0 and IBM Planning Analytics Workspace 2.0 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote threat actor who can access (without previous authentication) a valid PA endpoint to read and write files to the IBM Planning Analytics system. Depending on file system permissions up to path traversal and possibly remote code execution. IBM X-Force ID: 209511.2022-01-12not yet calculatedCVE-2021-38892
XF
CONFIRM
ibm -- sterling_gentran:server_for_windows
 
IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 213962.2022-01-14not yet calculatedCVE-2021-39032
XF
CONFIRM
imperva -- web_application_firewall
 
Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.2022-01-14not yet calculatedCVE-2021-45468
MISC
jenkins -- jenkinsJenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.2022-01-12not yet calculatedCVE-2022-23110
CONFIRM
MLIST
jenkins -- jenkins
 
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository.2022-01-12not yet calculatedCVE-2022-20617
CONFIRM
MLIST
jenkins -- jenkins
 
Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.2022-01-12not yet calculatedCVE-2022-20621
CONFIRM
MLIST
jenkins -- jenkins
 
Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.2022-01-12not yet calculatedCVE-2022-20620
CONFIRM
MLIST
jenkins -- jenkins
 
A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.2022-01-12not yet calculatedCVE-2022-20619
CONFIRM
MLIST
jenkins -- jenkins
 
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.2022-01-12not yet calculatedCVE-2022-20612
CONFIRM
MLIST
jenkins -- jenkins
 
Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations.2022-01-12not yet calculatedCVE-2022-23105
CONFIRM
MLIST
jenkins -- jenkins
 
Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.2022-01-12not yet calculatedCVE-2022-23106
CONFIRM
MLIST
jenkins -- jenkins
 
Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system.2022-01-12not yet calculatedCVE-2022-23107
CONFIRM
MLIST
jenkins -- jenkins
 
Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.2022-01-12not yet calculatedCVE-2022-23108
CONFIRM
MLIST
jenkins -- jenkins
 
A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.2022-01-12not yet calculatedCVE-2022-23111
CONFIRM
MLIST
jenkins -- jenkins
 
A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials.2022-01-12not yet calculatedCVE-2022-23112
CONFIRM
MLIST
jenkins -- jenkins
 
A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.2022-01-12not yet calculatedCVE-2022-20618
CONFIRM
MLIST
jenkins -- jenkins
 
Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files.2022-01-12not yet calculatedCVE-2022-23113
CONFIRM
MLIST
jenkins -- jenkins
 
Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed.2022-01-12not yet calculatedCVE-2022-23109
CONFIRM
MLIST
jenkins -- jenkins
 
A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.2022-01-12not yet calculatedCVE-2022-20613
CONFIRM
MLIST
jenkins -- jenkins
 
Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file.2022-01-12not yet calculatedCVE-2022-20616
CONFIRM
MLIST
jenkins -- jenkins
 
Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller.2022-01-12not yet calculatedCVE-2022-23118
CONFIRM
MLIST
jenkins -- jenkins
 
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller.2022-01-12not yet calculatedCVE-2022-23117
CONFIRM
MLIST
jenkins -- jenkins
 
Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.2022-01-12not yet calculatedCVE-2022-23114
CONFIRM
MLIST
jenkins -- jenkins
 
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.2022-01-12not yet calculatedCVE-2022-23116
CONFIRM
MLIST
jenkins -- jenkins
 
Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.2022-01-12not yet calculatedCVE-2022-20615
CONFIRM
MLIST
jenkins -- jenkins
 
A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.2022-01-12not yet calculatedCVE-2022-20614
CONFIRM
MLIST
jenkins -- jenkins
 
Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task.2022-01-12not yet calculatedCVE-2022-23115
CONFIRM
MLIST
jerryscript -- jerryscript
 
An issue was discovered in JerryScript commit a6ab5e9. There is an Use-After-Free in lexer_compare_identifier_to_string in js-lexer.c file.2022-01-14not yet calculatedCVE-2021-46170
MISC
jpress -- jpress
 
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code.2022-01-13not yet calculatedCVE-2021-45806
MISC
MISC
MISC
jpress -- jpress
 
jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall.2022-01-13not yet calculatedCVE-2021-45807
MISC
MISC
MISC
keystonejs -- keystone
 
keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2022-01-12not yet calculatedCVE-2022-0087
CONFIRM
MISC
le-yan -- dental_management_system
 
The Le-yan dental management system contains a hard-coded credentials vulnerability in the web page source code, which allows an unauthenticated remote attacker to acquire administrator’s privilege and control the system or disrupt service.2022-01-14not yet calculatedCVE-2022-22056
MISC
le-yan -- dental_management_system
 
The Le-yan dental management system contains an SQL-injection vulnerability. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to acquire administrator’s privilege and perform arbitrary operations on the system or disrupt service.2022-01-14not yet calculatedCVE-2022-22055
MISC
lens -- lens
 
In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system.2022-01-10not yet calculatedCVE-2021-23154
MISC
lens -- lens
 
Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the Lens user.2022-01-10not yet calculatedCVE-2021-44458
MISC
libreswan -- libreswan
 
Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.2022-01-15not yet calculatedCVE-2022-23094
MISC
MISC
DEBIAN
libtiff -- libtiff
 
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.2022-01-10not yet calculatedCVE-2022-22844
MISC
MISC
linux -- kernel
 
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.2022-01-14not yet calculatedCVE-2022-23222
MISC
MLIST
linux -- linux_kernel
 
nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace.2022-01-11not yet calculatedCVE-2021-46283
MISC
MISC
MISC
livehelperchat -- livehelperchat
 
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)2022-01-14not yet calculatedCVE-2022-0226
CONFIRM
MISC
livehelperchat -- livehelperchat
 
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)2022-01-14not yet calculatedCVE-2022-0231
MISC
CONFIRM
lorensberg -- connect
 
** DISPUTED ** Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability. Exploitation requires administrator privileges and is performed through the Wizard editor of the application. The attack requires an administrator to go into the Wizard editor and enter an XSS payload within the Page title, Page Instructions, Text before, Text after, or Text on side box. Once this has been done, the administrator must click save and finally wait until any user of the application performs a booking for rental items in the booking area of the application, where the XSS triggers. NOTE: another perspective is that the administrator may require JavaScript to customize any aspect of the page rendering. There is no effective way for the product to defend users in the face of a malicious administrator.2022-01-12not yet calculatedCVE-2021-43960
MISC
MISC
lua -- lua
 
Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.2022-01-11not yet calculatedCVE-2021-44647
MISC
MISC
make-ca -- make-ca
 
make-ca is a utility to deliver and manage a complete PKI configuration for workstations and servers. Starting with version 0.9 and prior to version 1.10, make-ca misinterprets Mozilla certdata.txt and treats explicitly untrusted certificates like trusted ones, causing those explicitly untrusted certificates trusted by the system. The explicitly untrusted certificates were used by some CAs already hacked. Hostile attackers may perform a MIM attack exploiting them. Everyone using the affected versions of make-ca should upgrade to make-ca-1.10, and run `make-ca -f -g` as the `root` user to regenerate the trusted store immediately. As a workaround, users may delete the untrusted certificates from /etc/pki/tls and /etc/ssl/certs manually (or by a script), but this is not recommended because the manual changes will be overwritten next time running make-ca to update the trusted anchor.2022-01-10not yet calculatedCVE-2022-21672
CONFIRM
MISC
MISC
MISC
markdown-it -- markdown-it
 
markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading.2022-01-10not yet calculatedCVE-2022-21670
MISC
CONFIRM
markedjs -- marked
 
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.2022-01-14not yet calculatedCVE-2022-21680
CONFIRM
MISC
MISC
markedjs -- marked
 
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.2022-01-14not yet calculatedCVE-2022-21681
CONFIRM
MISC
martdevelopers_inc -- iresturant
 
MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed.2022-01-12not yet calculatedCVE-2021-43436
MISC
MISC
mattermost -- focalboard
 
In Mattermost Focalboard, versions prior to v0.7.5, v0.8.4, v0.9.5, v0.10.1 and v0.11.0-rc1; as used respectively in Mattermost, versions prior to v5.37.6, v5.39.3, v6.0.4, v6.1.1 and v6.2.0, are vulnerable to Insufficient Session Expiration. When a user initiates a logout, their session is not invalidated properly. In addition, user sessions are stored in the browser’s local storage, which by default does not have an expiration time. This makes it possible for an attacker to steal and reuse the cookies using techniques such as XSS attacks, to completely take over a victim account.2022-01-13not yet calculatedCVE-2022-22122
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
mcafee -- techcheck
 
Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system user. This was achieved through placing the malicious DLL in the same directory that the process was run from.2022-01-11not yet calculatedCVE-2022-0129
CONFIRM
micro_focus -- arcsight_enterprise_security_manager
 
Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS).2022-01-14not yet calculatedCVE-2021-38126
MISC
micro_focus -- arcsight_enterprise_security_manager
 
Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS).2022-01-14not yet calculatedCVE-2021-38127
MISC
microsoft -- .net_framework
 
.NET Framework Denial of Service Vulnerability.2022-01-11not yet calculatedCVE-2022-21911
MISC
microsoft -- dynamics_365_customer_engagement
 
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability.2022-01-11not yet calculatedCVE-2022-21932
MISC
microsoft -- dynamics_365_sales
 
Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability.2022-01-11not yet calculatedCVE-2022-21891
MISC
microsoft -- edge
 
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21930, CVE-2022-21931.2022-01-11not yet calculatedCVE-2022-21929
MISC
microsoft -- edge
 
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21970.2022-01-11not yet calculatedCVE-2022-21954
MISC
microsoft -- edge
 
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21929, CVE-2022-21931.2022-01-11not yet calculatedCVE-2022-21930
MISC
microsoft -- edge
 
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21929, CVE-2022-21930.2022-01-11not yet calculatedCVE-2022-21931
MISC
microsoft -- edge
 
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21954.2022-01-11not yet calculatedCVE-2022-21970
MISC
microsoft -- exchange_server
 
Microsoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21846, CVE-2022-21855.2022-01-11not yet calculatedCVE-2022-21969
MISC
microsoft -- hevc_video_extensions
 
HEVC Video Extensions Remote Code Execution Vulnerability.2022-01-11not yet calculatedCVE-2022-21917
MISC
microsoft -- windowsWindows IKE Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-21843, CVE-2022-21848, CVE-2022-21889, CVE-2022-21890.2022-01-11not yet calculatedCVE-2022-21883
MISC
microsoft -- windows
 
Windows GDI Elevation of Privilege Vulnerability.2022-01-11not yet calculatedCVE-2022-21903
MISC
microsoft -- windows
 
DirectX Graphics Kernel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21912.2022-01-11not yet calculatedCVE-2022-21898
MISC
microsoft -- windows
 
Windows GDI+ Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21880.2022-01-11not yet calculatedCVE-2022-21915
MISC
microsoft -- windows
 
Windows Extensible Firmware Interface Security Feature Bypass Vulnerability.2022-01-11not yet calculatedCVE-2022-21899
MISC
MISC
microsoft -- windows
 
Windows Hyper-V Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-21905.2022-01-11not yet calculatedCVE-2022-21900
MISC
microsoft -- windows
 
Windows DWM Core Library Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21852, CVE-2022-21896.2022-01-11not yet calculatedCVE-2022-21902
MISC
microsoft -- windows
 
Windows Modern Execution Server Remote Code Execution Vulnerability.2022-01-11not yet calculatedCVE-2022-21888
MISC
microsoft -- windows
 
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21885.2022-01-11not yet calculatedCVE-2022-21914
MISC
microsoft -- windows
 
Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass.2022-01-11not yet calculatedCVE-2022-21913
MISC
microsoft -- windows
 
DirectX Graphics Kernel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21898.2022-01-11not yet calculatedCVE-2022-21912
MISC
microsoft -- windows
 
Windows Geolocation Service Remote Code Execution Vulnerability.2022-01-11not yet calculatedCVE-2022-21878
MISC
microsoft -- windows
 
Microsoft Cluster Port Driver Elevation of Privilege Vulnerability.2022-01-11not yet calculatedCVE-2022-21910
MISC
microsoft -- windows
 
Windows Installer Elevation of Privilege Vulnerability.2022-01-11not yet calculatedCVE-2022-21908
MISC
microsoft -- windows
 
HTTP Protocol Stack Remote Code Execution Vulnerability.2022-01-11not yet calculatedCVE-2022-21907
MISC
MISC
MISC
microsoft -- windows
 
Windows GDI Information Disclosure Vulnerability.2022-01-11not yet calculatedCVE-2022-21904
MISC
microsoft -- windows
 
Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21916.2022-01-11not yet calculatedCVE-2022-21897
MISC
microsoft -- windows
 
Windows Kerberos Elevation of Privilege Vulnerability.2022-01-11not yet calculatedCVE-2022-21920
MISC
microsoft -- windows
 
Storage Spaces Controller Information Disclosure Vulnerability.2022-01-11not yet calculatedCVE-2022-21877
MISC
MISC
microsoft -- windows
 
Windows IKE Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-21843, CVE-2022-21848, CVE-2022-21883, CVE-2022-21889.2022-01-11not yet calculatedCVE-2022-21890
MISC
microsoft -- windows
 
Remote Procedure Call Runtime Remote Code Execution Vulnerability.2022-01-11not yet calculatedCVE-2022-21922
MISC
microsoft -- windows
 
Windows User Profile Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21919.2022-01-11not yet calculatedCVE-2022-21895
MISC
MISC
microsoft -- windows
 
Windows Defender Credential Guard Security Feature Bypass Vulnerability.2022-01-11not yet calculatedCVE-2022-21921
MISC
microsoft -- windows
 
Secure Boot Security Feature Bypass Vulnerability.2022-01-11not yet calculatedCVE-2022-21894
MISC
microsoft -- windows
 
Windows DWM Core Library Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21852, CVE-2022-21902.2022-01-11not yet calculatedCVE-2022-21896
MISC
microsoft -- windows
 
Remote Desktop Protocol Remote Code Execution Vulnerability.2022-01-11not yet calculatedCVE-2022-21893
MISC
microsoft -- windows
 
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21928, CVE-2022-21958, CVE-2022-21959, CVE-2022-21960, CVE-2022-21961, CVE-2022-21962, CVE-2022-21963.2022-01-11not yet calculatedCVE-2022-21892
MISC
microsoft -- windows
 
Windows IKE Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-21843, CVE-2022-21848, CVE-2022-21883, CVE-2022-21890.2022-01-11not yet calculatedCVE-2022-21889
MISC
microsoft -- windows
 
Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability.2022-01-11not yet calculatedCVE-2022-21925
MISC
microsoft -- windows
 
Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21897.2022-01-11not yet calculatedCVE-2022-21916
MISC
microsoft -- windows
 
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21958, CVE-2022-21959, CVE-2022-21960, CVE-2022-21961, CVE-2022-21962, CVE-2022-21963.2022-01-11not yet calculatedCVE-2022-21928
MISC
microsoft -- windows
 
DirectX Graphics Kernel File Denial of Service Vulnerability.2022-01-11not yet calculatedCVE-2022-21918
MISC
microsoft -- windows
 
Windows Event Tracing Elevation of Privilege Vulnerability.2022-01-11not yet calculatedCVE-2022-21872
MISC
microsoft -- windows
 
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21928, CVE-2022-21958, CVE-2022-21959, CVE-2022-21960, CVE-2022-21961, CVE-2022-21963.2022-01-11not yet calculatedCVE-2022-21962
MISC
microsoft -- windows
 
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21928, CVE-2022-21958, CVE-2022-21959, CVE-2022-21960, CVE-2022-21962, CVE-2022-21963.2022-01-11not yet calculatedCVE-2022-21961
MISC
microsoft -- windows
 
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21928, CVE-2022-21958, CVE-2022-21959, CVE-2022-21960, CVE-2022-21961, CVE-2022-21962.2022-01-11not yet calculatedCVE-2022-21963
MISC
microsoft -- windows
 
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21928, CVE-2022-21958, CVE-2022-21959, CVE-2022-21961, CVE-2022-21962, CVE-2022-21963.2022-01-11not yet calculatedCVE-2022-21960
MISC
microsoft -- windows
 
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21928, CVE-2022-21958, CVE-2022-21960, CVE-2022-21961, CVE-2022-21962, CVE-2022-21963.2022-01-11not yet calculatedCVE-2022-21959
MISC
microsoft -- windows
 
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21928, CVE-2022-21959, CVE-2022-21960, CVE-2022-21961, CVE-2022-21962, CVE-2022-21963.2022-01-11not yet calculatedCVE-2022-21958
MISC
microsoft -- windows
 
Windows Hyper-V Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-21900.2022-01-11not yet calculatedCVE-2022-21905
MISC
microsoft -- windows
 
Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability.2022-01-11not yet calculatedCVE-2022-21964
MISC
microsoft -- windows
 
Clipboard User Service Elevation of Privilege Vulnerability.2022-01-11not yet calculatedCVE-2022-21869
MISC
microsoft -- windows
 
Win32k Information Disclosure Vulnerability.2022-01-11not yet calculatedCVE-2022-21876
MISC
MISC
microsoft -- windows
 
Windows Storage Elevation of Privilege Vulnerability.2022-01-11not yet calculatedCVE-2022-21875
MISC
microsoft -- windows
 
Windows Security Center API Remote Code Execution Vulnerability.2022-01-11not yet calculatedCVE-2022-21874
MISC
microsoft -- windows
 
Tile Data Repository Elevation of Privilege Vulnerability.2022-01-11not yet calculatedCVE-2022-21873
MISC
microsoft -- windows
 
Windows User Profile Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21895.2022-01-11not yet calculatedCVE-2022-21919
MISC
microsoft -- windows
 
Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability.2022-01-11not yet calculatedCVE-2022-21871
MISC
microsoft -- windows
 
Windows GDI+ Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21915.2022-01-11not yet calculatedCVE-2022-21880
MISC
microsoft -- windows
 
Windows Defender Application Control Security Feature Bypass Vulnerability.2022-01-11not yet calculatedCVE-2022-21906
MISC
microsoft -- windows
 
Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21882.2022-01-11not yet calculatedCVE-2022-21887
MISC
microsoft -- windows
 
Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21887.2022-01-11not yet calculatedCVE-2022-21882
MISC
microsoft -- windows
 
Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability.2022-01-11not yet calculatedCVE-2022-21870
MISC
microsoft -- windows
 
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21879.2022-01-11not yet calculatedCVE-2022-21881
MISC
microsoft -- windows
 
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability.2022-01-11not yet calculatedCVE-2022-21884
MISC
microsoft -- windows
 
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21881.2022-01-11not yet calculatedCVE-2022-21879
MISC
microsoft -- windows
 
Windows AppContracts API Server Elevation of Privilege Vulnerability.2022-01-11not yet calculatedCVE-2022-21860
MISC
microsoft -- windows
 
Windows UI Immersive Server API Elevation of Privilege Vulnerability.2022-01-11not yet calculatedCVE-2022-21864
MISC
microsoft -- windows
 
Connected Devices Platform Service Elevation of Privilege Vulnerability.2022-01-11not yet calculatedCVE-2022-21865
MISC
microsoft -- windows
 
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21914.2022-01-11not yet calculatedCVE-2022-21885
MISC
microsoft -- windows
 
Windows System Launcher Elevation of Privilege Vulnerability.2022-01-11not yet calculatedCVE-2022-21866
MISC
microsoft -- windows
 
Windows Hyper-V Elevation of Privilege Vulnerability.2022-01-11not yet calculatedCVE-2022-21901
MISC
microsoft -- workstation
 
Workstation Service Remote Protocol Security Feature Bypass Vulnerability.2022-01-11not yet calculatedCVE-2022-21924
MISC
mirantis -- container_runtime
 
When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service.2022-01-10not yet calculatedCVE-2021-23218
MISC
mitre -- caldera
 
An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting in non-admin users having access to read and modify configuration or other components that should only be accessible by admin users.2022-01-12not yet calculatedCVE-2021-42562
MISC
MISC
mitre -- caldera
 
An issue was discovered in CALDERA 2.8.1. It contains multiple reflected, stored, and self XSS vulnerabilities that may be exploited by authenticated and unauthenticated attackers.2022-01-12not yet calculatedCVE-2021-42558
MISC
MISC
mitre -- caldera
 
An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows attackers to use shell metacharacters (e.g., backticks "``" or dollar parenthesis "$()" ) in order to escape the current command and execute arbitrary shell commands.2022-01-12not yet calculatedCVE-2021-42561
MISC
MISC
mitre -- caldera
 
An issue was discovered in CALDERA 2.8.1. It contains multiple startup "requirements" that execute commands when starting the server. Because these commands can be changed via the REST API, an authenticated user can insert arbitrary commands that will execute when the server is restarted.2022-01-12not yet calculatedCVE-2021-42559
MISC
MISC
mitsubishi_electric -- melsec_f_series_firmware
 
Improper initialization vulnerability in MELSEC-F series FX3U-ENET Firmware version 1.16 and prior, FX3U-ENET-L Firmware version 1.16 and prior and FX3U-ENET-P502 Firmware version 1.16 and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in communication function of the product by sending specially crafted packets. Control by MELSEC-F series PLC is not affected by this vulnerability, but system reset is required for recovery.2022-01-14not yet calculatedCVE-2021-20613
MISC
MISC
MISC
mitsubishi_electric -- melsec_f_series_firmware
 
Lack of administrator control over security vulnerability in MELSEC-F series FX3U-ENET Firmware version 1.14 and prior, FX3U-ENET-L Firmware version 1.14 and prior and FX3U-ENET-P502 Firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in communication function of the product or other unspecified effects by sending specially crafted packets to an unnecessary opening of TCP port. Control by MELSEC-F series PLC is not affected by this vulnerability, but system reset is required for recovery.2022-01-14not yet calculatedCVE-2021-20612
MISC
MISC
MISC
modex -- modex
 
Modex v2.11 was discovered to contain an Use-After-Free vulnerability via the component tcache.2022-01-14not yet calculatedCVE-2021-46169
MISC
modex -- modex
 
Modex v2.11 was discovered to contain a NULL pointer dereference in set_create_id() at xtract.c.2022-01-14not yet calculatedCVE-2021-46171
MISC
mp4box-gpac -- mp4box-gpac
 
A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_id function, which causes a denial of service.2022-01-10not yet calculatedCVE-2020-25427
MISC
MISC
mruby -- mruby
 
An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can lead to a segmentation fault or application crash.2022-01-14not yet calculatedCVE-2021-46020
MISC
my_cloud -- os_5
 
A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts.2022-01-13not yet calculatedCVE-2022-22990
MISC
my_cloud -- os_5
 
A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP.2022-01-13not yet calculatedCVE-2022-22991
MISC
my_cloud -- os_5
 
My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service. Addressed the vulnerability by adding defenses against stack overflow issues.2022-01-13not yet calculatedCVE-2022-22989
MISC
mzautomation -- lib60870
 
A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec60870/cs104/cs104_slave.c of lib60870 commit 0d5e76e can lead to a segmentation fault or application crash.2022-01-14not yet calculatedCVE-2021-45773
MISC
mzautomation -- libiec61870
 
A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segmentation fault or application crash.2022-01-14not yet calculatedCVE-2021-45769
MISC
nanoid -- nanoid
 
The package nanoid before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.2022-01-14not yet calculatedCVE-2021-23566
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
netbiblio -- webopac
 
Cross-site Scripting (XSS) vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site Scripting attack. This issue affects: AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320; versions later than 4.0.0.328. This issue does not affect: AlCoda NetBiblio WebOPAC version 4.0.0.335 and later versions.2022-01-14not yet calculatedCVE-2021-42551
CONFIRM
netgear -- r6260_routers
 
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13512.2022-01-13not yet calculatedCVE-2021-34979
MISC
MISC
netgear -- r6260_routers
 
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. A crafted SOAP request can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13511.2022-01-13not yet calculatedCVE-2021-34978
MISC
MISC
netgear -- r6260_routers
 
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. When parsing the SOAP_LOGIN_TOKEN environment variable, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14107.2022-01-13not yet calculatedCVE-2021-34980
MISC
MISC
netgear -- r7000_routers
 
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7000 1.0.11.116_10.2.100 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP requests. The issue results from the lack of proper authentication verification before performing a password reset. An attacker can leverage this vulnerability to reset the admin password. Was ZDI-CAN-13483.2022-01-13not yet calculatedCVE-2021-34977
MISC
MISC
nocobd -- nocobd
 
In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the registered users' email addresses.2022-01-10not yet calculatedCVE-2022-22120
MISC
MISC
nocobd -- nocobd
 
In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed.2022-01-10not yet calculatedCVE-2022-22121
MISC
MISC
nuuo -- nvrmini2
 
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root.2022-01-14not yet calculatedCVE-2022-23227
MISC
MISC
MISC
MISC
nvidia -- nemo
 
NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available.2022-01-10not yet calculatedCVE-2022-22821
MISC
october_cms -- october_cms
 
October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents PHP execution in the CMS templates.The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround.2022-01-14not yet calculatedCVE-2021-32650
CONFIRM
MISC
october_cms -- october_cms
 
October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with "create, modify and delete website pages" privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround.2022-01-14not yet calculatedCVE-2021-32649
CONFIRM
MISC
omron -- cx-one
 
Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based buffer overflow while processing specific project files, which may allow an attacker to execute arbitrary code.2022-01-14not yet calculatedCVE-2022-21137
MISC
open_design_alliance -- drawings_sdk
 
Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process.2022-01-15not yet calculatedCVE-2022-23095
MISC
opensuse -- opensuse
 
A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1.2022-01-14not yet calculatedCVE-2021-36781
CONFIRM
orchardcore -- orchardcore
 
orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2022-01-12not yet calculatedCVE-2022-0159
CONFIRM
MISC
owncloud -- owncloud
 
The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that have been uploaded to a public share) are supposed to be deleted upon detection.2022-01-15not yet calculatedCVE-2021-33828
MISC
MISC
owncloud -- owncloud
 
The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings.2022-01-15not yet calculatedCVE-2021-33827
MISC
MISC
owncloud -- owncloud_client
 
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution.2022-01-15not yet calculatedCVE-2021-44537
MISC
panda_security -- free_antivirus
 
This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Free Antivirus 20.2.0.0. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the use of named pipes. The issue results from allowing an untrusted process to impersonate the client of a pipe. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-14208.2022-01-13not yet calculatedCVE-2021-34998
MISC
MISC
paritytech -- frontier
 
Frontier is Substrate's Ethereum compatibility layer. Prior to commit number `8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664`, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds (and production WebAssembly binaries), the impact is limited as it can only cause a normal EVM out-of-gas. Users who do not use MODEXP precompile in their runtime are not impacted. A patch is available in pull request #549.2022-01-14not yet calculatedCVE-2022-21685
CONFIRM
MISC
MISC
partkeeper -- partkeeper
 
PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files.2022-01-10not yet calculatedCVE-2022-22701
MISC
MISC
partkeepr -- partkeepr
 
PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration.2022-01-10not yet calculatedCVE-2022-22702
MISC
MISC
peertube -- peertube
 
peertube is vulnerable to Improper Access Control2022-01-11not yet calculatedCVE-2022-0170
CONFIRM
MISC
pexip_infinity -- pexip_infinity
 
Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 1 of 2).2022-01-15not yet calculatedCVE-2021-33498
MISC
pexip_infinity -- pexip_infinity
 
Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 2 of 2).2022-01-15not yet calculatedCVE-2021-33499
MISC
pexip_infinity -- pexip_infinity
 
Pexip Infinity before 26.2 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.2022-01-15not yet calculatedCVE-2021-42555
CONFIRM
pexip_infinity -- pexip_infinity
 
Pexip Infinity before 26 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.2022-01-15not yet calculatedCVE-2021-35969
MISC
pexip_infinity -- pexip_infinity
 
Pexip Infinity before 26 allows remote denial of service because of missing RTMP input validation.2022-01-15not yet calculatedCVE-2021-32545
MISC
phoronix-test-suite -- phoronix-test-suite
 
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)2022-01-13not yet calculatedCVE-2022-0196
CONFIRM
MISC
phoronix-test-suite -- phoronix-test-suite
 
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)2022-01-13not yet calculatedCVE-2022-0197
CONFIRM
MISC
php_everywhere -- php_everywhere
 
Cross-Site Request Forgery (CSRF) vulnerability discovered in PHP Everywhere (WordPress plugin) versions (<= 2.0.2).2022-01-13not yet calculatedCVE-2021-23227
CONFIRM
CONFIRM
pillow -- pillow
 
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method.2022-01-10not yet calculatedCVE-2022-22817
MISC
pillow -- pillow
 
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.2022-01-10not yet calculatedCVE-2022-22816
MISC
MISC
pillow -- pillow
 
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.2022-01-10not yet calculatedCVE-2022-22815
MISC
MISC
publishpress_capabilities -- publishpress_capabilities
 
The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any new registered user with an administrator role.2022-01-10not yet calculatedCVE-2021-25032
CONFIRM
MISC
puddingbot -- puddingbot
 
PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new version is already running on the server. As of time of publication, the maintainers are planning to update code to reflect this change at a later date.2022-01-11not yet calculatedCVE-2022-21669
CONFIRM
pypa -- pipenv
 
pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims who use pipenv to install the requirements file to download dependencies from a package index server controlled by the attacker. By embedding malicious code in packages served from their malicious index server, the attacker can trigger arbitrary remote code execution (RCE) on the victims' systems. If an attacker is able to hide a malicious `--index-url` option in a requirements file that a victim installs with pipenv, the attacker can embed arbitrary malicious code in packages served from their malicious index server that will be executed on the victim's host during installation (remote code execution/RCE). When pip installs from a source distribution, any code in the setup.py is executed by the install process. This issue is patched in version 2022.1.8. The GitHub Security Advisory contains more information about this vulnerability.2022-01-10not yet calculatedCVE-2022-21668
MISC
CONFIRM
MISC
qnap -- multiple_nas_devices
 
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later2022-01-14not yet calculatedCVE-2021-38691
CONFIRM
qnap -- multiple_nas_devices
 
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later2022-01-14not yet calculatedCVE-2021-38692
CONFIRM
qnap -- multiple_nas_devices
 
An open redirect vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later2022-01-14not yet calculatedCVE-2021-38678
CONFIRM
qnap -- multiple_nas_devices
 
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later2022-01-14not yet calculatedCVE-2021-38690
CONFIRM
qnap -- multiple_nas_devices
 
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later2022-01-14not yet calculatedCVE-2021-38689
CONFIRM
qnap -- multiple_nas_devices
 
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 and later QTS 5.0.0: QVR Guard 2.1.3.0 and later2022-01-14not yet calculatedCVE-2021-38682
CONFIRM
qnap -- qcalagent
 
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later2022-01-14not yet calculatedCVE-2021-38677
CONFIRM
qualcomm -- multiple_productsUse after free condition can occur in wired connectivity due to a race condition while creating and deleting folders in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking2022-01-13not yet calculatedCVE-2021-30313
CONFIRM
qualcomm -- multiple_products
 
Possible buffer overflow while printing the HARQ memory partition detail due to improper validation of buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile2022-01-13not yet calculatedCVE-2021-30308
CONFIRM
qualcomm -- multiple_products
 
Improper validation of function pointer type with actual function signature can lead to assertion in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables2022-01-13not yet calculatedCVE-2021-30353
CONFIRM
qualcomm -- multiple_products
 
Lack of validation for third party application accessing the service can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables2022-01-13not yet calculatedCVE-2021-30314
CONFIRM
qualcomm -- multiple_products
 
Possible integer overflow due to improper validation of command length parameters while processing WMI command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music2022-01-13not yet calculatedCVE-2021-30319
CONFIRM
qualcomm -- multiple_products
 
Possible null pointer dereference due to improper validation of APE clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables2022-01-13not yet calculatedCVE-2021-30330
CONFIRM
qualcomm -- multiple_products
 
Possible heap overflow due to lack of index validation before allocating and writing to heap buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile2022-01-13not yet calculatedCVE-2021-30311
CONFIRM
qxip_sipcature -- homer
 
QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736-d56064a5b415 JWT secret key across different customers' installations.2022-01-10not yet calculatedCVE-2022-22845
MISC
MISC
MISC
MISC
radare2 -- radare2
 
radare2 is vulnerable to Out-of-bounds Read2022-01-11not yet calculatedCVE-2022-0173
CONFIRM
MISC
ray-ban -- stories
 
A logic flaw in Ray-Ban® Stories device software allowed some parameters like video capture duration limit to be modified through the Facebook View application. This issue affected versions of device software before 2107460.6810.0.2022-01-14not yet calculatedCVE-2021-24046
CONFIRM
repirse -- license_manager
 
Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET. No authentication is required.2022-01-13not yet calculatedCVE-2021-45422
MISC
MISC
MISC
replit -- crosis
 
@replit/crosis is a JavaScript client that speaks Replit's container protocol. A vulnerability that involves exposure of sensitive information exists in versions prior to 7.3.1. When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are multiple failed attempts to contact Replit through a WebSocket, the library will attempt to communicate using a fallback poll-based proxy. The URL of the proxy has changed, so any communication done to the previous URL could potentially reach a server that is outside of Replit's control and the token used to connect to the Repl could be obtained by an attacker, leading to full compromise of that Repl (not of the account). This was patched in version 7.3.1 by updating the address of the fallback WebSocket polling proxy to the new one. As a workaround, a user may specify the new address for the polling host (`gp-v2.replit.com`) in the `ConnectArgs`. More information about this workaround is available in the GitHub Security Advisory.2022-01-11not yet calculatedCVE-2022-21671
CONFIRM
MISC
ropium -- ropium
 
ROPium v3.1 was discovered to contain an invalid memory address dereference via the find() function.2022-01-14not yet calculatedCVE-2021-45761
MISC
samba -- samba
 
All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed.2022-01-11not yet calculatedCVE-2021-43566
MISC
MISC
MISC
samsung -- android_applications
 
A vulnerability using PendingIntent in Reminder prior to version 12.2.05.0 in Android R(11.0) and 12.3.02.1000 in Android S(12.0) allows attackers to execute privileged action by hijacking and modifying the intent.2022-01-10not yet calculatedCVE-2022-22285
MISC
samsung -- android_applications
 
A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0) allows attackers to execute privileged action by hijacking and modifying the intent.2022-01-10not yet calculatedCVE-2022-22286
MISC
samsung -- email
 
Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isolated data in sandbox.2022-01-10not yet calculatedCVE-2022-22287
MISC
samsung -- galaxy
 
Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist.2022-01-10not yet calculatedCVE-2022-22288
MISC
samsung -- health
 
Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging out from Samsung Health App.2022-01-10not yet calculatedCVE-2022-22283
MISC
samsung -- internet
 
Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page.2022-01-14not yet calculatedCVE-2022-22290
MISC
samsung -- internet
 
Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication2022-01-10not yet calculatedCVE-2022-22284
MISC
samsung -- s_assistant
 
Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotely get senstive information.2022-01-10not yet calculatedCVE-2022-22289
MISC
sap -- business+_one
 
SAP Business One - version 10.0, extended log stores information that can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.2022-01-14not yet calculatedCVE-2021-44234
MISC
MISC
sap -- enterprise_threat_detection
 
SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability. The UIs in ETD are using SAP UI5 standard controls, the UI5 framework provides automated output encoding for its standard controls. This output encoding prevents stored malicious user input from being executed when it is reflected in the UI.2022-01-14not yet calculatedCVE-2022-22529
MISC
MISC
sap -- f0743_create_single_payment
 
The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being modified or completely compromise the availability of the application.2022-01-14not yet calculatedCVE-2022-22530
MISC
MISC
sap -- f0743_create_single_payment
 
The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified.2022-01-14not yet calculatedCVE-2022-22531
MISC
MISC
sap -- netweaver
 
In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information alteration or denial of service is possible.2022-01-14not yet calculatedCVE-2021-42067
MISC
MISC
sensormatics_electronics -- videoedge
 
Running a vulnerability scanner against VideoEdge NVRs can cause some functionality to stop.2022-01-14not yet calculatedCVE-2021-36199
CERT
CONFIRM
shelljs -- shelljs
 
shelljs is vulnerable to Improper Privilege Management2022-01-11not yet calculatedCVE-2022-0144
CONFIRM
MISC
siemens -- cp-8000_master_module
 
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links.2022-01-11not yet calculatedCVE-2021-45034
MISC
siemens -- cp-8000_master_module
 
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device.2022-01-11not yet calculatedCVE-2021-45033
MISC
siemens -- sicam_pq_analyzer
 
A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system ("backdoors") or cause a denial of service.2022-01-11not yet calculatedCVE-2021-45460
MISC
siemens -- siprotec_5_multiple_devices
 
A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions < V8.83). An improper input validation vulnerability in the web server could allow an unauthenticated user to access device information.2022-01-11not yet calculatedCVE-2021-41769
MISC
smarty-php -- smarty
 
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch.2022-01-10not yet calculatedCVE-2021-21408
MISC
MISC
CONFIRM
MISC
smarty-php -- smarty
 
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch.2022-01-10not yet calculatedCVE-2021-29454
MISC
CONFIRM
MISC
MISC
MISC
MISC
snipe-it -- snipe-it
 
snipe-it is vulnerable to Improper Access Control2022-01-13not yet calculatedCVE-2022-0178
CONFIRM
MISC
socket.io -- engine.io
 
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package starting from version `4.0.0`, including those who uses depending packages like `socket.io`. Versions prior to `4.0.0` are not impacted. A fix has been released for each major branch, namely `4.1.2` for the `4.x.x` branch, `5.2.1` for the `5.x.x` branch, and `6.1.1` for the `6.x.x` branch. There is no known workaround except upgrading to a safe version.2022-01-12not yet calculatedCVE-2022-21676
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
sonicos -- firmware
 
A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions.2022-01-10not yet calculatedCVE-2021-20048
CONFIRM
sonicos -- firmware
 
A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions.2022-01-10not yet calculatedCVE-2021-20046
CONFIRM
sourcecodetester -- printable_staff_id_card_creator_system
 
In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database via SQLi, an attacker can log in and leverage an arbitrary file upload vulnerability to obtain remote code execution.2022-01-12not yet calculatedCVE-2021-45411
MISC
MISC
sourceforge -- salonerp
 
In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password.2022-01-14not yet calculatedCVE-2021-45406
MISC
MISC
MISC
spin -- spin
 
Spin v6.5.1 was discovered to contain an out-of-bounds write in lex() at spinlex.c.2022-01-14not yet calculatedCVE-2021-46168
MISC
strukturag -- libde265
 
A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.2022-01-10not yet calculatedCVE-2021-36410
MISC
strukturag -- libde265
 
An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.2022-01-10not yet calculatedCVE-2021-36411
MISC
strukturag -- libde265
 
An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.2022-01-10not yet calculatedCVE-2021-35452
MISC
strukturag -- libde265
 
There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.2022-01-10not yet calculatedCVE-2021-36409
MISC
strukturag -- libde265
 
An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.2022-01-10not yet calculatedCVE-2021-36408
MISC
suitecrm -- suitecrm
 
SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive.2022-01-12not yet calculatedCVE-2021-41597
MISC
MISC
MISC
MISC
MISC
sysaid -- itil
 
A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter.2022-01-11not yet calculatedCVE-2021-43971
MISC
MISC
MISC
sysaid -- itil
 
An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root (with an arbitrary filename) via the tempFile and fileName parameters in the HTTP POST body.2022-01-11not yet calculatedCVE-2021-43972
MISC
MISC
MISC
sysaid -- itil
 
An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST body. A successful request returns the absolute, server-side filesystem path of the uploaded file.2022-01-11not yet calculatedCVE-2021-43973
MISC
MISC
MISC
sysaid -- itil
 
An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register end users anonymously, but does not respect the server-side setting that determines if anonymous users are allowed to register new accounts. Configuring the server-side setting to disable anonymous user registration only hides the client-side registration form. An attacker can still post registration data to create new accounts without prior authentication.2022-01-11not yet calculatedCVE-2021-43974
MISC
MISC
MISC
teamviewer -- teamviewer
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TVS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13606.2022-01-13not yet calculatedCVE-2021-34858
MISC
MISC
tenable.sc -- tenable.sc
 
Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances. An attacker would first have to stage a specific file type in the web server root of the Tenable.sc host prior to remote exploitation.2022-01-14not yet calculatedCVE-2022-0130
MISC
tibco_software_inc -- multiple products
 
The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user's permissions on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below.2022-01-12not yet calculatedCVE-2021-35500
CONFIRM
CONFIRM
tibco_software_inc -- multiple_products
 
The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFTL - Enterprise Edition: versions 6.7.2 and below.2022-01-11not yet calculatedCVE-2021-43055
CONFIRM
CONFIRM
tibco_software_inc -- multiple_products
 
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.7.2 and below, TIBCO FTL - Developer Edition: versions 6.7.2 and below, and TIBCO FTL - Enterprise Edition: versions 6.7.2 and below.2022-01-11not yet calculatedCVE-2021-43052
CONFIRM
CONFIRM
tibco_software_inc -- multiple_products
 
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a difficult to exploit vulnerability that allows an unauthenticated attacker with network access to obtain the cluster secret of another application connected to the realm server. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.7.2 and below, TIBCO FTL - Developer Edition: versions 6.7.2 and below, and TIBCO FTL - Enterprise Edition: versions 6.7.2 and below.2022-01-11not yet calculatedCVE-2021-43053
CONFIRM
CONFIRM
tibco_software_inc -- multiple_products
 
The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to generate API tokens that can access any other channel with arbitrary permissions. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFTL - Enterprise Edition: versions 6.7.2 and below.2022-01-11not yet calculatedCVE-2021-43054
CONFIRM
CONFIRM
trusted_firmware -- trusted_firmware
 
Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. NSPE can access a secure key (held by the Crypto service) based solely on knowledge of its key ID. For example, there is no authorization check associated with the relationship between a caller and a key owner.2022-01-13not yet calculatedCVE-2021-40327
MISC
MISC
CONFIRM
ubiquiti -- unifi_network
 
An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53 and earlier (Log4J CVE-2021-44228) allows a malicious actor to control the application.2022-01-14not yet calculatedCVE-2021-44530
MISC
unisys -- clearpath_mcp_tcp-icp_networking_services
 
Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 has an Infinite Loop.2022-01-12not yet calculatedCVE-2021-45445
MISC
MISC
useful_simple_open-source_cms -- useful_simple_open-source_cms
 
Useful Simple Open-Source CMS (USOC) is a content management system (CMS) for programmers. Versions prior to Pb2.4Bfx3 allowed Sql injection in usersearch.php only for users with administrative privileges. Users should replace the file `admin/pages/useredit.php` with a newer version. USOC version Pb2.4Bfx3 contains a fixed version of `admin/pages/useredit.php`.2022-01-10not yet calculatedCVE-2022-21666
MISC
MISC
CONFIRM
vim -- vim
 
vim is vulnerable to Heap-based Buffer Overflow2022-01-14not yet calculatedCVE-2022-0213
CONFIRM
MISC
MLIST
wecon -- levistudiou
 
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.2022-01-14not yet calculatedCVE-2021-23138
MISC
wecon -- levistudiou
 
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.2022-01-14not yet calculatedCVE-2021-23157
MISC
weseek -- growi
 
growi is vulnerable to Authorization Bypass Through User-Controlled Key2022-01-12not yet calculatedCVE-2021-3852
CONFIRM
MISC
z-wave -- multiple_devices
 
Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate or encrypt FIND_NODE_IN_RANGE frames, allowing a remote, unauthenticated attacker to inject a FIND_NODE_IN_RANGE frame with an invalid random payload, denying service by blocking the processing of upcoming events.2022-01-10not yet calculatedCVE-2020-10137
MISC
CERT-VN
MISC
MISC
CERT-VN
z-wave -- multiple_devices
 
Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages.2022-01-10not yet calculatedCVE-2020-9061
MISC
CERT-VN
MISC
MISC
CERT-VN
z-wave -- multiple_devices
 
Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level.2022-01-10not yet calculatedCVE-2020-9059
MISC
CERT-VN
MISC
MISC
CERT-VN
z-wave -- multiple_devices
 
Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages.2022-01-10not yet calculatedCVE-2020-9060
MISC
CERT-VN
MISC
MISC
CERT-VN
z-wave -- multiple_devices
 
Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable.2022-01-10not yet calculatedCVE-2020-9057
MISC
CERT-VN
MISC
MISC
CERT-VN
z-wave -- multiple_devices
 
Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection.2022-01-10not yet calculatedCVE-2020-9058
MISC
CERT-VN
MISC
MISC
CERT-VN
zabbix -- zabbix
 
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).2022-01-13not yet calculatedCVE-2022-23131
MISC
zabbix -- zabbix
 
During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level2022-01-13not yet calculatedCVE-2022-23132
MISC
zabbix -- zabbix
 
An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation, the XSS payload will fire and the actor can steal session cookies and perform session hijacking to impersonate users or take over their accounts.2022-01-13not yet calculatedCVE-2022-23133
MISC
zabbix -- zabbix
 
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.2022-01-13not yet calculatedCVE-2022-23134
MISC
zoho -- manageengine_0365_manager_plus
 
Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component.2022-01-12not yet calculatedCVE-2021-44652
MISC
zoho -- manageengine_applications_manager
 
A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request.2022-01-10not yet calculatedCVE-2020-28679
MISC
zoho -- manageengine_cloudsecurityplus
 
Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175.2022-01-12not yet calculatedCVE-2021-44651
MISC
zoho -- mangeengine_m365_manager_plus
 
Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components.2022-01-12not yet calculatedCVE-2021-44650
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.