Vulnerability Summary for the Week of May 2, 2022

Released
May 09, 2022
Document ID
SB22-129

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
N/A -- N/A
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-057.5CVE-2022-1388
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
livehelperchat -- live_helper_chatCross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Attacker can execute malicious JS on Application :)2022-04-294.3CVE-2022-1530
MISC
CONFIRM
mediawiki -- mediawikiThe Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages.2022-04-294.3CVE-2022-29907
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
tecson_and_gok -- multiple_products
 
In multiple Tecson Tankspion and GOKs SmartBox 4 products the affected application doesn't properly restrict access to an endpoint that is responsible for saving settings, to a unauthenticated user with limited access rights. Based on the lack of adequately implemented access-control rules, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to change the application settings without authenticating at all, which violates originally laid ACL rules.2022-05-06not yet calculatedCVE-2019-12254
CONFIRM
piwigo -- piwigo
 
SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to delete.2022-05-06not yet calculatedCVE-2020-19212
MISC
piwigo -- piwigo
 
SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories.2022-05-06not yet calculatedCVE-2020-19213
MISC
piwigo -- piwigo
 
SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=user_perm.2022-05-06not yet calculatedCVE-2020-19215
MISC
piwigo -- piwigo
 
SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=group_perm.2022-05-06not yet calculatedCVE-2020-19216
MISC
piwigo -- piwigo
 
SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category parameter to admin.php?page=batch_manager.2022-05-06not yet calculatedCVE-2020-19217
MISC
totolink -- n200re_andn100re_routers
 
A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element.2022-05-02not yet calculatedCVE-2020-23617
MISC
MISC
xtend -- voice_logger
 
A reflected cross site scripting (XSS) vulnerability in Xtend Voice Logger 1.0 allows attackers to execute arbitrary web scripts or HTML, via the path of the error page.2022-05-02not yet calculatedCVE-2020-23618
MISC
MISC
orlansoft -- erp
 
The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object.2022-05-02not yet calculatedCVE-2020-23620
MISC
MISC
MISC
squire-technologies -- ms_management_system
 
The Java Remote Management Interface of all versions of SVI MS Management System was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object.2022-05-02not yet calculatedCVE-2020-23621
MISC
MISC
MISC
sonicwall -- global_vpn_client
 
SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system.2022-05-04not yet calculatedCVE-2021-20051
CONFIRM
fuchsia -- multiple_products
 
The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond.2022-05-03not yet calculatedCVE-2021-22556
MISC
MISC
google -- idtoken
 
The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above2022-05-03not yet calculatedCVE-2021-22573
MISC
multiple_vendors -- multiple_products
 
NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc, _lwmem_alloc and _partition functions. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.2022-05-03not yet calculatedCVE-2021-22680
CONFIRM
topthink -- framework
 
The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class.2022-05-06not yet calculatedCVE-2021-23592
CONFIRM
CONFIRM
CONFIRM
twelvemonkeys -- twelvemonkeys
 
The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity (XXE) Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file (e.g. when an online profile picture is processed) with a malicious XMP segment. If the XMP metadata of the uploaded image is parsed, then the XXE vulnerability is triggered.2022-05-06not yet calculatedCVE-2021-23792
CONFIRM
CONFIRM
wordpress -- tipsacarrier_wordpress_plugin
 
The Tipsacarrier WordPress plugin through 1.4.4.2 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL2022-05-02not yet calculatedCVE-2021-25002
MISC
wordpress -- advanced_page_visit_counter_wordpress_plugin
 
The Advanced Page Visit Counter WordPress plugin through 5.0.8 does not sanitise and escape some input before outputting it in an admin dashboard page, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admins viewing it2022-05-02not yet calculatedCVE-2021-25086
MISC
wordpress -- all_in_one_wp_security_&_firewall_wordpress_plugin
 
The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redirect as well as Cross-Site Scripting issue. Exploitation of this issue requires the Login Page URL value to be known, which should be hard to guess, reducing the risk2022-05-02not yet calculatedCVE-2021-25102
MISC
sophos -- firewall
 
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA.2022-05-05not yet calculatedCVE-2021-25267
CONFIRM
sophos -- firewall
 
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA.2022-05-05not yet calculatedCVE-2021-25268
CONFIRM
kubernetes -- ingress-nginx
 
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.2022-05-06not yet calculatedCVE-2021-25745
MISC
MISC
kubernetes -- ingress-nginx
 
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.2022-05-06not yet calculatedCVE-2021-25746
MISC
MISC
splunk -- enterprise
 
A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service.2022-05-06not yet calculatedCVE-2021-26253
MISC
micriumos -- multiple_products
 
Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as very small blocks of memory being allocated instead of very large ones.2022-05-03not yet calculatedCVE-2021-27411
CONFIRM
CONFIRM
ecoscentric -- ecospro_rtos
 
eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow.2022-05-03not yet calculatedCVE-2021-27417
CONFIRM
CONFIRM
uclibc-ng -- uclibc-ng
 
uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.2022-05-03not yet calculatedCVE-2021-27419
CONFIRM
CONFIRM
nxp -- mcuxpresso
 
NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow in SDK_Malloc function, which could allow to access memory locations outside the bounds of a specified array, leading to unexpected behavior such segmentation fault when assigning a particular block of memory from the heap via malloc.2022-05-03not yet calculatedCVE-2021-27421
CONFIRM
CONFIRM
cesanta_software -- mongoose-os
 
Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.2022-05-03not yet calculatedCVE-2021-27425
CONFIRM
CONFIRM
riot -- os
 
RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.2022-05-03not yet calculatedCVE-2021-27427
CONFIRM
CONFIRM
arm -- cmsis_rtos2
 
ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution.2022-05-03not yet calculatedCVE-2021-27431
CONFIRM
arm -- mbed-ualloc
 
ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.2022-05-03not yet calculatedCVE-2021-27433
CONFIRM
CONFIRM
arm -- mbed-ualloc
 
ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.2022-05-03not yet calculatedCVE-2021-27435
CONFIRM
CONFIRM
tencentos-tiny -- tencentos-tinyTencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function 'tos_mmheap_alloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.2022-05-03not yet calculatedCVE-2021-27439
CONFIRM
hcl_software -- commerce
 
HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible.2022-05-06not yet calculatedCVE-2021-27751
CONFIRM
hcl_software -- bigfix_inventory
 
There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account.2022-05-06not yet calculatedCVE-2021-27758
CONFIRM
hcl_software -- bigfix_inventory 
 
This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application.2022-05-06not yet calculatedCVE-2021-27759
CONFIRM
hcl_software -- notes
 
An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code.2022-05-06not yet calculatedCVE-2021-27760
CONFIRM
hcl_software -- weak_tls
 
Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks2022-05-06not yet calculatedCVE-2021-27761
CONFIRM
hcl_software -- bigfix_platform
 
Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses2022-05-06not yet calculatedCVE-2021-27762
CONFIRM
hcl_software -- hcl_software
 
Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI)2022-05-06not yet calculatedCVE-2021-27764
CONFIRM
hcl_software -- installshield
 
The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.2022-05-06not yet calculatedCVE-2021-27765
CONFIRM
hcl_software -- bigfix_client_installer
 
The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.2022-05-06not yet calculatedCVE-2021-27766
CONFIRM
hcl_software -- bigfix_console_installer
 
The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.2022-05-06not yet calculatedCVE-2021-27767
CONFIRM
ibm -- maximo_asset_management
 
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 205680.2022-05-03not yet calculatedCVE-2021-29854
CONFIRM
XF
ibm -- user_management_system_component
 
IBM ICP4A - User Management System Component (IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007) could allow a user with physical access to the system to perform unauthorized actions or obtain sensitive information due to insufficient validation and recvocation another user logouting out. IBM X-Force ID: 206081.2022-05-02not yet calculatedCVE-2021-29859
CONFIRM
XF
splunk -- enterprise_indexer
 
A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders.2022-05-06not yet calculatedCVE-2021-31559
MISC
cyclos -- cyclos_4_pro
 
A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter.2022-05-02not yet calculatedCVE-2021-31673
MISC
MISC
cyclos -- cyclos_4_pro
 
Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant.2022-05-02not yet calculatedCVE-2021-31674
MISC
MISC
secomea -- multiple_products
 
Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7.2022-05-04not yet calculatedCVE-2021-32010
MISC
splunk -- enterprise
 
The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors.2022-05-06not yet calculatedCVE-2021-33845
MISC
MISC
red_hat -- sox
 
A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information.2022-05-02not yet calculatedCVE-2021-3643
MISC
suse -- rancher
 
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3.2022-05-02not yet calculatedCVE-2021-36778
CONFIRM
suse -- rancher
 
A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4.2022-05-02not yet calculatedCVE-2021-36784
CONFIRM
wordpress -- mythemeshop_wp_subscribe_plugin
 
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop WP Subscribe plugin <= 1.2.12 on WordPress.2022-05-02not yet calculatedCVE-2021-36844
CONFIRM
CONFIRM
wordpress -- andrea_pernici_news_sitemap_for_google_plugin
 
Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role.2022-05-06not yet calculatedCVE-2021-36912
CONFIRM
CONFIRM
qemu -- qemu
 
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0.2022-05-02not yet calculatedCVE-2021-3750
MISC
MISC
MISC
gurum_networks -- gurumdds
 
All versions of GurumDDS improperly calculate the size to be used when allocating the buffer, which may result in a buffer overflow.2022-05-05not yet calculatedCVE-2021-38423
CONFIRM
eprosima -- fast_dds
 
eProsima Fast DDS versions prior to 2.4.0 (#2269) are susceptible to exploitation when an attacker sends a specially crafted packet to flood a target device with unwanted traffic, which may result in a denial-of-service condition and information exposure.2022-05-05not yet calculatedCVE-2021-38425
CONFIRM
CONFIRM
rti -- connext_dds_professional_and_connext_dds_secure
 
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2.x to 6.1.0 are vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code.2022-05-05not yet calculatedCVE-2021-38427
CONFIRM
CONFIRM
oci -- opendds
 
OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition and information exposure.2022-05-05not yet calculatedCVE-2021-38429
CONFIRM
CONFIRM
rti -- connext_dds_professional_and_connext_dds_secure
 
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code.2022-05-05not yet calculatedCVE-2021-38433
CONFIRM
CONFIRM
rti -- connext_dds_professional_and_connext_dds_secure
 
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 not correctly calculate the size when allocating the buffer, which may result in a buffer overflow.2022-05-05not yet calculatedCVE-2021-38435
CONFIRM
CONFIRM
gurumd -- gurumdds
 
All versions of GurumDDS are vulnerable to heap-based buffer overflow, which may cause a denial-of-service condition or remotely execute arbitrary code.2022-05-05not yet calculatedCVE-2021-38439
CONFIRM
eclipse -- cyclonedds
 
Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.2022-05-05not yet calculatedCVE-2021-38441
CONFIRM
CONFIRM
eclipse -- cyclonedds
 
Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser.2022-05-05not yet calculatedCVE-2021-38443
CONFIRM
CONFIRM
oci -- opendds
 
OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter consistent with the actual length of the associated data, which may allow an attacker to remotely execute arbitrary code.2022-05-05not yet calculatedCVE-2021-38445
CONFIRM
CONFIRM
oci -- opendds
 
OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition.2022-05-05not yet calculatedCVE-2021-38447
CONFIRM
CONFIRM
rti -- connext_versions
 
RTI Connext DDS Professional, Connext DDS Secure versions 4.2x to 6.1.0, and Connext DDS Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure.2022-05-05not yet calculatedCVE-2021-38487
CONFIRM
CONFIRM
qnap -- multiple_productsA path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance. If exploited, this vulnerability allows attackers to read the contents of unexpected files and expose sensitive data. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, QTS, QVR Pro Appliance: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later2022-05-05not yet calculatedCVE-2021-38693
MISC
ibm -- guardium_data_encryption
 
IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 213855.2022-05-05not yet calculatedCVE-2021-39020
XF
CONFIRM
ibm -- guardium_data_encryption
 
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213860.2022-05-06not yet calculatedCVE-2021-39023
CONFIRM
XF
ibm -- guardium_data_encryption
 
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. IBM X-Force ID: 213865.2022-05-06not yet calculatedCVE-2021-39027
XF
CONFIRM
partkeeper -- partkeepr
 
Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter.2022-05-03not yet calculatedCVE-2021-39390
MISC
MISC
MISC
geoserver -- geoserver
 
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.2022-05-02not yet calculatedCVE-2021-40822
MISC
CONFIRM
MISC
MISC
fortiguard -- fortilsolator_versions
 
An improper access control vulnerability [CWE-284] in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL.2022-05-04not yet calculatedCVE-2021-41020
CONFIRM
fortiguard -- fortios
 
An improper access control vulnerability [CWE-284] in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands.2022-05-04not yet calculatedCVE-2021-41032
CONFIRM
mozilla -- geckodriver
 
Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname.2022-05-02not yet calculatedCVE-2021-4138
MISC
MISC
artica -- artica_proxy
 
A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with GET param logs and POST param rp.2022-05-05not yet calculatedCVE-2021-41739
MISC
m-files -- m-files
 
Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable2022-05-02not yet calculatedCVE-2021-41810
MISC
jerryscript -- jerryscript_project
 
JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak.2022-05-03not yet calculatedCVE-2021-41959
MISC
MISC
pingidentity -- pingid
 
A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass.2022-04-30not yet calculatedCVE-2021-41992
MISC
MISC
pingidentity -- pingid
 
A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.2022-04-30not yet calculatedCVE-2021-41993
MISC
MISC
pingidentity -- pingid
 
A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.2022-04-30not yet calculatedCVE-2021-41994
MISC
MISC
suse -- rancher
 
A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4.2022-05-02not yet calculatedCVE-2021-4200
CONFIRM
pingidentity -- pingid_desktop
 
PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP.2022-04-30not yet calculatedCVE-2021-42001
MISC
MISC
mitrastar -- gpt-2541ngnac-n1
 
MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command "deviceinfo show file &&/bin/bash" because of incorrect sanitization of parameter "path".2022-05-03not yet calculatedCVE-2021-42165
MISC
MISC
MISC
masacms -- masacms
 
MasaCMS 7.2.1 is affected by a path traversal vulnerability in /index.cfm/_api/asset/image/.2022-05-05not yet calculatedCVE-2021-42183
MISC
MISC
wdja -- wdja
 
wdja v2.1 is affected by a SQL injection vulnerability in the foreground search function.2022-05-04not yet calculatedCVE-2021-42185
MISC
MISC
konga -- konga
 
Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.2022-05-04not yet calculatedCVE-2021-42192
MISC
MISC
MISC
ompl -- ompl
 
OMPL v1.5.2 contains a memory leak in VFRRT.cpp2022-05-03not yet calculatedCVE-2021-42218
MISC
osticket -- osticket
 
SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality.2022-05-04not yet calculatedCVE-2021-42235
MISC
jfinal -- jfinal_cms
 
A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor.2022-05-05not yet calculatedCVE-2021-42242
MISC
adobe -- xmp_toolkit
 
XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-05-02not yet calculatedCVE-2021-42528
MISC
adobe -- xmp_toolkit_sdk
 
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.2022-05-02not yet calculatedCVE-2021-42529
MISC
adobe -- xmp_toolkit_sdk
 
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.2022-05-02not yet calculatedCVE-2021-42530
MISC
adobe -- xmp_toolkit_sdk
 
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.2022-05-02not yet calculatedCVE-2021-42531
MISC
adobe -- xmp_toolkit_sdk
 
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.2022-05-02not yet calculatedCVE-2021-42532
MISC
splunk -- enterprise
 
A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows.2022-05-06not yet calculatedCVE-2021-42743
MISC
ruijie_networks -- ruijie_rg-ew
 
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the setSessionTime function in /cgi-bin/luci/api/common..2022-05-04not yet calculatedCVE-2021-43159
MISC
MISC
ruijie_networks -- ruijie_rg-ewA Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the switchFastDhcp function in /cgi-bin/luci/api/diagnose.2022-05-04not yet calculatedCVE-2021-43160
MISC
MISC
ruijie_networks -- ruijie_rg-ew
 
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the doSwitchApi function in /cgi-bin/luci/api/switch.2022-05-04not yet calculatedCVE-2021-43161
MISC
MISC
ruijie_networks -- ruijie_rg-ew
 
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the runPackDiagnose function in /cgi-bin/luci/api/diagnose.2022-05-04not yet calculatedCVE-2021-43162
MISC
MISC
ruijie_networks -- ruijie_rg-ew
 
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the checkNet function in /cgi-bin/luci/api/auth.2022-05-04not yet calculatedCVE-2021-43163
MISC
MISC
ruijie_networks -- ruijie_rg-ew
 
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the updateVersion function in /cgi-bin/luci/api/wireless.2022-05-04not yet calculatedCVE-2021-43164
MISC
MISC
fortinet -- fortios
 
A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages.2022-05-04not yet calculatedCVE-2021-43206
CONFIRM
twinoaks -- coredx_dds
 
TwinOaks Computing CoreDX DDS versions prior to 5.9.1 are susceptible to exploitation when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure.2022-05-05not yet calculatedCVE-2021-43547
CONFIRM
CONFIRM
qnap -- nas
 
A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later2022-05-05not yet calculatedCVE-2021-44051
MISC
qnap -- multiple_products
 
An improper link resolution before file access ('Link Following') vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, and QTS: QuTScloud c5.0.1.1998 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 4.3.4.1976 build 20220303 and later QTS 4.3.3.1945 build 20220303 and later QTS 4.2.6 build 20220304 and later QTS 4.3.6.1965 build 20220302 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later2022-05-05not yet calculatedCVE-2021-44052
MISC

qnap -- multiple_products

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QTS 4.5.4.1991 build 20220329 and later QTS 5.0.0.1986 build 20220324 and later QuTS hero h5.0.0.1986 build 20220324 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTScloud c5.0.1.1949 and later2022-05-05not yet calculatedCVE-2021-44053
MISC
qnap -- multiple_products
 
An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later2022-05-05not yet calculatedCVE-2021-44054
MISC
qnap -- multiple_products
 
An missing authorization vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows remote attackers to access data or perform actions that they should not be allowed to perform. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 ( 2022/02/16 ) and later2022-05-05not yet calculatedCVE-2021-44055
MISC
qnap -- multiple_products
 
An improper authentication vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 and later Video Station 5.3.13 and later Video Station 5.1.8 and later2022-05-05not yet calculatedCVE-2021-44056
MISC
qnap -- multiple_productsAn improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.20 ( 2022/02/15 ) and later Photo Station 5.7.16 ( 2022/02/11 ) and later Photo Station 5.4.13 ( 2022/02/11 ) and later2022-05-05not yet calculatedCVE-2021-44057
MISC
bookeen -- notea_firmware
 
Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory traversal vulnerability that allows an attacker to obtain sensitive information.2022-05-05not yet calculatedCVE-2021-45783
MISC
MISC
strapi -- strapi
 
Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to getting API documentation for further API attacks.2022-05-03not yet calculatedCVE-2021-46440
MISC
MISC
MISC
MISC
ntfsk -- ntfsck
 
ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.2022-05-02not yet calculatedCVE-2021-46790
MISC
wordpress -- ad_invalid_click_protector_plugin
 
The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans2022-05-02not yet calculatedCVE-2022-0191
CONFIRM
MISC
wordpress -- event_list_wordpress_plugin
 
The Event List WordPress plugin before 0.8.8 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks against other admin even when the unfiltered_html is disallowed2022-05-02not yet calculatedCVE-2022-0418
MISC
wordpress -- content_egg_wordpress_plugin
 
The Content Egg WordPress plugin before 5.3.0 does not sanitise and escape the page parameter before outputting back in an attribute in the Autoblogging admin dashboard, leading to a Reflected Cross-Site Scripting2022-05-02not yet calculatedCVE-2022-0428
MISC
wordpress -- adrotate_plugin
 
The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed2022-05-02not yet calculatedCVE-2022-0649
MISC
wordpress -- adrotate_plugin
 
The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed2022-05-02not yet calculatedCVE-2022-0662
MISC
wordpress -- sitesupercharger_plugin
 
The SiteSuperCharger WordPress plugin before 5.2.0 does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions (available to both unauthenticated and authenticated users), leading to Unauthenticated SQL Injections2022-05-02not yet calculatedCVE-2022-0771
MISC
wordpress -- documentor_plugin
 
The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users.2022-05-02not yet calculatedCVE-2022-0773
MISC
wordpress -- multiple_shipping_address_woocommerce_plugin
 
The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections2022-05-02not yet calculatedCVE-2022-0783
MISC
fuschia -- fuchsia
 
A bug exists where an attacker can read the kernel log through exposed Zircon kernel addresses without the required capability ZX_RSRC_KIND_ROOT. It is recommended to upgrade the Fuchsia kernel to 4.1.1 or greater.2022-05-03not yet calculatedCVE-2022-0882
MISC
logitech -- logitech_options
 
An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.2022-05-03not yet calculatedCVE-2022-0916
MISC
wordpress -- sitemap
 
The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog.2022-05-02not yet calculatedCVE-2022-0952
MISC
wordpress -- visual_form_builder_plugin
 
The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed2022-05-02not yet calculatedCVE-2022-1046
MISC
linux -- linux_kernel
 
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.2022-04-29not yet calculatedCVE-2022-1048
MISC
MISC
DEBIAN
keylime -- keylimeKeylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an AK of a software TPM. A successful attack breaks the entire chain of trust because a not validated AK is used by the verifier. This issue is worse if the validation happens first and then the agent gets added to the verifier because the timing is easier and the verifier does not validate the regcount entry being equal to 1,2022-05-06not yet calculatedCVE-2022-1053
MISC
MISC
MISC
linux -- linux_kernel
 
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early.2022-04-29not yet calculatedCVE-2022-1195
MISC
MISC
MISC
MISC
MISC
DEBIAN
axios -- axiosExposure of Sensitive Information to an Unauthorized Actor in GitHub repository axios/axios prior to 0.26.2022-05-03not yet calculatedCVE-2022-1214
CONFIRM
MISC
wordpress -- hubspot_plugin
 
The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks2022-05-02not yet calculatedCVE-2022-1239
MISC
wordpress -- lifterlms_paypal_plugin
 
The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue2022-05-02not yet calculatedCVE-2022-1250
MISC
MISC
wordpress -- import_and_export_users_and customers_plugin
 
The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues2022-05-02not yet calculatedCVE-2022-1255
MISC
wordpress -- fast_flow_plugin
 
The Fast Flow WordPress plugin before 1.2.11 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting2022-05-02not yet calculatedCVE-2022-1269
MISC
wordpress -- import_wp_plugin
 
The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE2022-05-02not yet calculatedCVE-2022-1273
MISC
wordpress -- photo_gallery_wordpress_plugin
 
The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible.2022-05-02not yet calculatedCVE-2022-1281
CONFIRM
MISC
wordpress -- photo_gallery_wordpress_plugin
 
The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $_GET['image_url'] variable, which is reflected back to the users when executing the editimage_bwg AJAX action.2022-05-02not yet calculatedCVE-2022-1282
MISC
CONFIRM
openssl -- openssl
 
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).2022-05-03not yet calculatedCVE-2022-1292
CONFIRM
CONFIRM
CONFIRM
CONFIRM
trumpf -- trutopsMultiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service.2022-05-02not yet calculatedCVE-2022-1300
CONFIRM
dmars -- dmars
 
In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references of XML external entities while processing specific project files, which may allow unauthorized information disclosure.2022-05-03not yet calculatedCVE-2022-1331
MISC
openssl -- openssl
 
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL "ocsp" application. When verifying an ocsp response with the "-no_cert_checks" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).2022-05-03not yet calculatedCVE-2022-1343
CONFIRM
CONFIRM
linux -- pfkey_register
 
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.2022-04-29not yet calculatedCVE-2022-1353
MISC
MISC
DEBIAN
delta_electronics -- diaenergie
 
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerChart.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.2022-05-02not yet calculatedCVE-2022-1366
CONFIRM
delta_electronics -- diaenergieDelta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in Handler_TCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.2022-05-02not yet calculatedCVE-2022-1367
CONFIRM
delta_electronics -- diaenergieDelta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.2022-05-02not yet calculatedCVE-2022-1369
CONFIRM
delta_electronics -- diaenergie
 
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadREGbyID. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.2022-05-02not yet calculatedCVE-2022-1370
CONFIRM
delta_electronics -- diaenergieDelta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegf. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.2022-05-02not yet calculatedCVE-2022-1371
CONFIRM
delta_electronics -- diaenergieDelta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.2022-05-02not yet calculatedCVE-2022-1372
CONFIRM
delta_electronics -- diaenergieDelta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_unHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.2022-05-02not yet calculatedCVE-2022-1374
CONFIRM
delta_electronics -- diaenergieDelta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_slogHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.2022-05-02not yet calculatedCVE-2022-1375
CONFIRM
delta_electronics -- diaenergieDelta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_privgrpHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.2022-05-02not yet calculatedCVE-2022-1376
CONFIRM
delta_electronics -- diaenergieDelta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_rltHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.2022-05-02not yet calculatedCVE-2022-1377
CONFIRM
delta_electronics -- diaenergieDelta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.2022-05-02not yet calculatedCVE-2022-1378
CONFIRM
f5 -- big-ip
 
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP (fixed in 17.0.0), a cross-site request forgery (CSRF) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This vulnerability allows an attacker to run a limited set of commands: ping, traceroute, and WOM diagnostics. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-1389
MISC
yetiforcecompany -- yetiforcecrm
 
Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to account takeover.2022-05-05not yet calculatedCVE-2022-1411
CONFIRM
MISC
openssl -- openssl
 
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection will fail at that point. Many application protocols require data to be sent from the client to the server first. Therefore, in such a case, only an OpenSSL 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. If both endpoints are OpenSSL 3.0 then the attacker could modify data being sent in both directions. In this case both clients and servers could be affected, regardless of the application protocol. Note that in the absence of an attacker this bug means that an OpenSSL 3.0 endpoint communicating with a non-OpenSSL 3.0 endpoint will fail to complete the handshake when using this ciphersuite. The confidentiality of data is not impacted by this issue, i.e. an attacker cannot decrypt data that has been encrypted using this ciphersuite - they can only modify it. In order for this attack to work both endpoints must legitimately negotiate the RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in OpenSSL 3.0, and is not available within the default provider or the default ciphersuite list. This ciphersuite will never be used if TLSv1.3 has been negotiated. In order for an OpenSSL 3.0 endpoint to use this ciphersuite the following must have occurred: 1) OpenSSL must have been compiled with the (non-default) compile time option enable-weak-ssl-ciphers 2) OpenSSL must have had the legacy provider explicitly loaded (either through application code or via configuration) 3) The ciphersuite must have been explicitly added to the ciphersuite list 4) The libssl security level must have been set to 0 (default is 1) 5) A version of SSL/TLS below TLSv1.3 must have been negotiated 6) Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any others that both endpoints have in common Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).2022-05-03not yet calculatedCVE-2022-1434
CONFIRM
CONFIRM
gogs -- gogs
 
Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account .2022-05-05not yet calculatedCVE-2022-1464
MISC
CONFIRM
f5 -- big-ip
 
On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x on F5 BIG-IP, an authenticated iControl REST user with at least guest role privileges can cause processing delays to iControl REST requests via undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-1468
MISC
openssl -- openssl
 
The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).2022-05-03not yet calculatedCVE-2022-1473
CONFIRM
CONFIRM
ffmpeg -- ffmpeg
 
An integer overflow vulnerability was found in FFmpeg 5.0.1 and in previous versions in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.2022-05-02not yet calculatedCVE-2022-1475
MISC
MISC
octopus -- octopus_server
 
Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions.2022-05-04not yet calculatedCVE-2022-1502
MISC
matio -- matioA memory leak was discovered in matio 1.5.21 and earlier in Mat_VarReadNextInfo5() in mat5.c via a crafted file. This issue can potentially result in DoS.2022-05-02not yet calculatedCVE-2022-1515
MISC
MISC
linux -- linux_kernelA NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system.2022-05-05not yet calculatedCVE-2022-1516
MISC
oracle -- oracle
 
Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained confidential data.2022-05-01not yet calculatedCVE-2022-1544
CONFIRM
MISC
mattemost -- playbooks_pluginMattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins.2022-05-03not yet calculatedCVE-2022-1548
MISC
clinical-genomics -- scouts
 
Path Traversal due to `send_file` call in GitHub repository clinical-genomics/scout prior to 4.52.2022-05-03not yet calculatedCVE-2022-1554
MISC
CONFIRM
microweber -- microweber
 
DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie...2022-05-04not yet calculatedCVE-2022-1555
CONFIRM
MISC
neorazorx --facturascripts
 
Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'cookie, perform HTTP request, get content of `same origin` page, etc ...2022-05-04not yet calculatedCVE-2022-1571
CONFIRM
MISC
jgraph -- drawioArbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app.2022-05-05not yet calculatedCVE-2022-1575
MISC
CONFIRM
microweber -- microweber
 
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim2022-05-04not yet calculatedCVE-2022-1584
MISC
CONFIRM
contao -- contaoCross-site Scripting (XSS) in GitHub repository contao/contao prior to 4.13.3. Attacker can execute Malicious JS in Application :)2022-05-05not yet calculatedCVE-2022-1588
MISC
CONFIRM
bludit -- bludit
 
A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit has been disclosed to the public and may be used.2022-05-05not yet calculatedCVE-2022-1590
MISC
MISC
clinical_genomics -- scout
 
Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...2022-05-05not yet calculatedCVE-2022-1592
CONFIRM
MISC
vim -- vim
 
Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution2022-05-07not yet calculatedCVE-2022-1616
MISC
CONFIRM
mediatek -- telephony
 
In telephony, there is a possible way to disable receiving emergency broadcasts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498874; Issue ID: ALPS06498874.2022-05-03not yet calculatedCVE-2022-20084
MISC
mediatek -- netdiag
 
In netdiag, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308877; Issue ID: ALPS06308877.2022-05-03not yet calculatedCVE-2022-20085
MISC
mediatek -- ccu
 
In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06477970; Issue ID: ALPS06477970.2022-05-03not yet calculatedCVE-2022-20087
MISC
mediatek -- aee_driver
 
In aee driver, there is a possible reference count mistake due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209201; Issue ID: ALPS06209201.2022-05-03not yet calculatedCVE-2022-20088
MISC
mediatek -- aee_driver
 
In aee driver, there is a possible memory corruption due to active debug code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06240397; Issue ID: ALPS06240397.2022-05-03not yet calculatedCVE-2022-20089
MISC
mediatek -- aee_driver
 
In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209197; Issue ID: ALPS06209197.2022-05-03not yet calculatedCVE-2022-20090
MISC
mediatek -- aee_driver
 
In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209201; Issue ID: ALPS06226345.2022-05-03not yet calculatedCVE-2022-20091
MISC
mediatek -- alac
 
In alac decoder, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06366061; Issue ID: ALPS06366061.2022-05-03not yet calculatedCVE-2022-20092
MISC
mediatek -- telephony
 
In telephony, there is a possible way to disable receiving SMS messages due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498868; Issue ID: ALPS06498868.2022-05-03not yet calculatedCVE-2022-20093
MISC
mediatek -- imgsensor
 
In imgsensor, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479763; Issue ID: ALPS06479734.2022-05-03not yet calculatedCVE-2022-20094
MISC
mediatek -- imgsensor
 
In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479763; Issue ID: ALPS06479763.2022-05-03not yet calculatedCVE-2022-20095
MISC
mediatek -- camera
 
In camera, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06419003; Issue ID: ALPS06419003.2022-05-03not yet calculatedCVE-2022-20096
MISC
mediatek -- aee_daemon
 
In aee daemon, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06383944.2022-05-03not yet calculatedCVE-2022-20097
MISC
mediatek -- aee_daemon
 
In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06419017.2022-05-03not yet calculatedCVE-2022-20098
MISC
mediatek -- aee_daemon
 
In aee daemon, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06296442; Issue ID: ALPS06296442.2022-05-03not yet calculatedCVE-2022-20099
MISC
mediatek -- aee_daemon
 
In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06270804.2022-05-03not yet calculatedCVE-2022-20100
MISC
mediatek -- aee_daemon
 
In aee daemon, there is a possible information disclosure due to a path traversal. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06270870.2022-05-03not yet calculatedCVE-2022-20101
MISC
mediatek -- aee_daemon
 
In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06296442; Issue ID: ALPS06296405.2022-05-03not yet calculatedCVE-2022-20102
MISC
mediatek -- aee_daemon
 
In aee daemon, there is a possible information disclosure due to symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06282684.2022-05-03not yet calculatedCVE-2022-20103
MISC
mediatek -- aee_daemon
 
In aee daemon, there is a possible information disclosure due to improper access control. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06284104.2022-05-03not yet calculatedCVE-2022-20104
MISC
mediatek -- mm_service
 
In MM service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330460; Issue ID: DTV03330460.2022-05-03not yet calculatedCVE-2022-20105
MISC
mediatek -- mm_service
 
In MM service, there is a possible out of bounds write due to a heap-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330460; Issue ID: DTV03330460.2022-05-03not yet calculatedCVE-2022-20106
MISC
mediatek -- subtitle_service
 
In subtitle service, there is a possible application crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330673; Issue ID: DTV03330673.2022-05-03not yet calculatedCVE-2022-20107
MISC
mediatek -- voice_service
 
In voice service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330702; Issue ID: DTV03330702.2022-05-03not yet calculatedCVE-2022-20108
MISC
mediatek -- ion
 
In ion, there is a possible use after free due to improper update of reference count. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06399915; Issue ID: ALPS06399915.2022-05-03not yet calculatedCVE-2022-20109
MISC
mediatek -- ion
 
In ion, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06399915; Issue ID: ALPS06399901.2022-05-03not yet calculatedCVE-2022-20110
MISC
mediatek -- ion
 
In ion, there is a possible use after free due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06366069; Issue ID: ALPS06366069.2022-05-03not yet calculatedCVE-2022-20111
MISC
cisco -- firepower_management_center
 
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-05-03not yet calculatedCVE-2022-20627
CISCO
cisco -- firepower_management_center
 
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-05-03not yet calculatedCVE-2022-20628
CISCO
cisco -- firepower_management_center
 
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-05-03not yet calculatedCVE-2022-20629
CISCO
cisco -- adaptive_security_and_firepower_threat_defense
 
A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper validation of errors that are logged as a result of client connections that are made using remote access VPN. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to cause the affected device to restart, resulting in a DoS condition.2022-05-03not yet calculatedCVE-2022-20715
CISCO
cisco -- firepower_threat_defense
 
A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject XML into the command parser. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted input in commands. A successful exploit could allow the attacker to inject XML into the command parser, which could result in unexpected processing of the command and unexpected command output.2022-05-03not yet calculatedCVE-2022-20729
CISCO
cisco -- firepower_threat_defense

 

A vulnerability in the Security Intelligence feed feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the Security Intelligence DNS feed. This vulnerability is due to incorrect feed update processing. An attacker could exploit this vulnerability by sending traffic through an affected device that should be blocked by the affected device. A successful exploit could allow the attacker to bypass device controls and successfully send traffic to devices that are expected to be protected by the affected device.2022-05-03not yet calculatedCVE-2022-20730
CISCO
cisco -- sd-wan_vmanager
 
A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.2022-05-04not yet calculatedCVE-2022-20734
CISCO
cisco -- adaptive_security_appliance
 
A vulnerability in the handler for HTTP authentication for resources accessed through the Clientless SSL VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device or to obtain portions of process memory from an affected device. This vulnerability is due to insufficient bounds checking when parsing specific HTTP authentication messages. An attacker could exploit this vulnerability by sending malicious traffic to an affected device acting as a VPN Gateway. To send this malicious traffic, an attacker would need to control a web server that can be accessed through the Clientless SSL VPN portal. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition, or to retrieve bytes from the device process memory that may contain sensitive information.2022-05-03not yet calculatedCVE-2022-20737
CISCO
cisco -- firepower_management_center
 
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by convincing a user to click a link designed to pass malicious input to the interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks and gain access to sensitive browser-based information.2022-05-03not yet calculatedCVE-2022-20740
CISCO
cisco -- adaptive_security_applianceA vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to read or modify data within an IPsec IKEv2 VPN tunnel. This vulnerability is due to an improper implementation of Galois/Counter Mode (GCM) ciphers. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting a sufficient number of encrypted messages across an affected IPsec IKEv2 VPN tunnel and then using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to decrypt, read, modify, and re-encrypt data that is transmitted across an affected IPsec IKEv2 VPN tunnel.2022-05-03not yet calculatedCVE-2022-20742
CISCO
cisco -- firepower_management_center
 
A vulnerability in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to bypass security protections and upload malicious files to the affected system. This vulnerability is due to improper validation of files uploaded to the web management interface of Cisco FMC Software. An attacker could exploit this vulnerability by uploading a maliciously crafted file to a device running affected software. A successful exploit could allow the attacker to store malicious files on the device, which they could access later to conduct additional attacks, including executing arbitrary code on the affected device with root privileges.2022-05-03not yet calculatedCVE-2022-20743
CISCO
cisco -- firepower_management_center
 
A vulnerability in the input protection mechanisms of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view data without proper authorization. This vulnerability exists because of a protection mechanism that relies on the existence or values of a specific input. An attacker could exploit this vulnerability by modifying this input to bypass the protection mechanism and sending a crafted request to an affected device. A successful exploit could allow the attacker to view data beyond the scope of their authorization.2022-05-03not yet calculatedCVE-2022-20744
CISCO
cisco -- adaptive_security_and_firepower_threat_defenseA vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.2022-05-03not yet calculatedCVE-2022-20745
CISCO
cisco -- firepower_threat_defense_software
 
A vulnerability in the TCP proxy functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper handling of TCP flows. An attacker could exploit this vulnerability by sending a crafted stream of TCP traffic through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.2022-05-03not yet calculatedCVE-2022-20746
CISCO
cisco -- firepower_threat_defense_software

 

A vulnerability in the local malware analysis process of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to insufficient error handling in the local malware analysis process of an affected device. An attacker could exploit this vulnerability by sending a crafted file through the device. A successful exploit could allow the attacker to cause the local malware analysis process to crash, which could result in a DoS condition. Notes: Manual intervention may be required to recover from this situation. Malware cloud lookup and dynamic analysis will not be impacted.2022-05-03not yet calculatedCVE-2022-20748
CISCO
cisco -- firepower_threat_defense_software

 

A vulnerability in the Snort detection engine integration for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause unlimited memory consumption, which could lead to a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient memory management for certain Snort events. An attacker could exploit this vulnerability by sending a series of crafted IP packets that would generate specific Snort events on an affected device. A sustained attack could cause an out of memory condition on the affected device. A successful exploit could allow the attacker to interrupt all traffic flowing through the affected device. In some circumstances, the attacker may be able to cause the device to reload, resulting in a DoS condition.2022-05-03not yet calculatedCVE-2022-20751
CISCO
cisco -- small_business_rv340_and_rv345_routers
 
A vulnerability in web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to an affected device. A successful exploit could allow the attacker to execute remote code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.2022-05-04not yet calculatedCVE-2022-20753
CISCO
cisco -- firepower_threat_defense_software

 

A vulnerability in the connection handling function in Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper traffic handling when platform limits are reached. An attacker could exploit this vulnerability by sending a high rate of UDP traffic through an affected device. A successful exploit could allow the attacker to cause all new, incoming connections to be dropped, resulting in a DoS condition.2022-05-03not yet calculatedCVE-2022-20757
CISCO
cisco -- adaptive_security_and_firepower_threat_defense
 
A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, but unprivileged, remote attacker to elevate privileges to level 15. This vulnerability is due to improper separation of authentication and authorization scopes. An attacker could exploit this vulnerability by sending crafted HTTPS messages to the web services interface of an affected device. A successful exploit could allow the attacker to gain privilege level 15 access to the web management interface of the device. This includes privilege level 15 access to the device using management tools like the Cisco Adaptive Security Device Manager (ASDM) or the Cisco Security Manager (CSM). Note: With Cisco FTD Software, the impact is lower than the CVSS score suggests because the affected web management interface allows for read access only.2022-05-03not yet calculatedCVE-2022-20759
CISCO
cisco -- adaptive_security_and_firepower_threat_defense
 
A vulnerability in the DNS inspection handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to a lack of proper processing of incoming requests. An attacker could exploit this vulnerability by sending crafted DNS requests at a high rate to an affected device. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a DoS condition.2022-05-03not yet calculatedCVE-2022-20760
CISCO
cisco -- multiple_products
 
Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory.2022-05-04not yet calculatedCVE-2022-20764
CISCO
cisco -- firepwer_threat_defense
 
A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of the DNS reputation enforcement rule. An attacker could exploit this vulnerability by sending crafted UDP packets through an affected device to force a buildup of UDP connections. A successful exploit could allow the attacker to cause traffic that is going through the affected device to be dropped, resulting in a DoS condition. Note: This vulnerability only affects Cisco FTD devices that are running Snort 3.2022-05-03not yet calculatedCVE-2022-20767
CISCO
cisco -- clamav
 
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.2022-05-04not yet calculatedCVE-2022-20770
CISCO
cisco -- clamav
 
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.2022-05-04not yet calculatedCVE-2022-20771
CISCO
cisco -- enterprise_nfv_infrastructure
 
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory.2022-05-04not yet calculatedCVE-2022-20777
CISCO
cisco -- enterprise_nfv_infrastructure
 
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory.2022-05-04not yet calculatedCVE-2022-20779
CISCO
cisco -- enterprise_nfv_infrastructure
 
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory.2022-05-04not yet calculatedCVE-2022-20780
CISCO
cisco -- clamav
 
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.2022-05-04not yet calculatedCVE-2022-20785
CISCO
cisco -- multiple_products
 
Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory.2022-05-04not yet calculatedCVE-2022-20794
CISCO
cisco -- clamav
 
On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog.2022-05-04not yet calculatedCVE-2022-20796
CISCO
cisco -- small_business_rv340_and_rv345_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.2022-05-04not yet calculatedCVE-2022-20799
CISCO
cisco -- small_business_rv340_and_rv345_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.2022-05-04not yet calculatedCVE-2022-20801
CISCO
snyk -- synkThis affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V8 will crash.2022-05-01not yet calculatedCVE-2022-21144
MISC
MISC
MISC
snyk -- synk
 
The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user's account through the stolen cookie.2022-05-01not yet calculatedCVE-2022-21149
MISC
MISC
snyk -- synk
 
All versions of package masuit.tools.core are vulnerable to Arbitrary Code Execution via the ReceiveVarData<T> function in the SocketClient.cs component. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter.2022-05-01not yet calculatedCVE-2022-21167
MISC
MISC
snyk -- synk
 
The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPath(obj, keyPath, value) function which does not properly check the keys being set (like __proto__ or constructor). This can allow an attacker to add/modify properties of the Object.prototype leading to prototype pollution vulnerability. **Note:** This vulnerability can occur in multiple ways, for example when modifying a collection with untrusted user input.2022-05-01not yet calculatedCVE-2022-21189
MISC
MISC
MISC
MISC
snyk -- synk
 
The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine.2022-05-01not yet calculatedCVE-2022-21227
MISC
MISC
MISC
snyk -- synk
 
This affects all versions of package org.nanohttpd:nanohttpd. Whenever an HTTP Session is parsing the body of an HTTP request, the body of the request is written to a RandomAccessFile when the it is larger than 1024 bytes. This file is created with insecure permissions that allow its contents to be viewed by all users on the host machine. **Workaround:** Manually specifying the -Djava.io.tmpdir= argument when launching Java to set the temporary directory to a directory exclusively controlled by the current user can fix this issue.2022-05-01not yet calculatedCVE-2022-21230
MISC
MISC
MISC
MISC
mediatek -- ion
 
In ion, there is a possible use after free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06371108; Issue ID: ALPS06371108.2022-05-03not yet calculatedCVE-2022-21743
MISC
johnsoncontrols -- metasys
 
Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS server 11 versions prior to 11.0.2.2022-05-06not yet calculatedCVE-2022-21934
CERT
CONFIRM
suse -- open_build_service
 
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privileges on OBS. This issue affects: SUSE Open Build Service Open Build Service versions prior to 2.10.13.2022-05-03not yet calculatedCVE-2022-21949
CONFIRM
accusoft -- imagegear
 
A memory corruption vulnerability exists in the ioca_mys_rgb_allocate functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to an arbitrary free. An attacker can provide a malicious file to trigger this vulnerability.2022-05-03not yet calculatedCVE-2022-22137
MISC
synk -- synk
 
The package convict before 6.2.2 are vulnerable to Prototype Pollution via the convict function due to missing validation of parentKey. **Note:** This vulnerability derives from an incomplete fix of another [vulnerability](https://security.snyk.io/vuln/SNYK-JS-CONVICT-1062508)2022-05-01not yet calculatedCVE-2022-22143
MISC
MISC
MISC
ibm -- spectrum_scale
 
IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 221012.2022-05-03not yet calculatedCVE-2022-22368
XF
CONFIRM
ibm -- robotic_process_automation
 
A vulnerability exists where an IBM Robotic Process Automation 21.0.1 regular user is able to obtain view-only access to some admin pages in the Control Center IBM X-Force ID: 223029.2022-05-05not yet calculatedCVE-2022-22415
CONFIRM
XF
ibm -- robotic_process_automation
 
IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 224156.2022-05-05not yet calculatedCVE-2022-22433
XF
CONFIRM
ibm -- robotic_process_automation
 
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with physical access to create an API request modified to create additional objects. IBM X-Force ID: 224159.2022-05-05not yet calculatedCVE-2022-22434
XF
CONFIRM
shopizer -- shopizer
 
A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user (attacker) can inject malicious JavaScript in the filename under the “Manage files” tab2022-05-01not yet calculatedCVE-2022-23060
MISC
MISC
shopizer -- shopizer

 

In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR) vulnerability.2022-05-01not yet calculatedCVE-2022-23061
MISC
MISC
shopizer -- shopizer

 

In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.2022-05-03not yet calculatedCVE-2022-23063
MISC
MISC
snipe -- snipe-it
 
In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over.2022-05-02not yet calculatedCVE-2022-23064
MISC
MISC
vendure -- vendure
 
In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS vulnerability, where an attacker having catalog permission can upload a SVG file that contains malicious JavaScript into the “Assets” tab. The uploaded file will affect administrators as well as regular users.2022-05-02not yet calculatedCVE-2022-23065
MISC
MISC
adobe -- photoshop
 
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-05-06not yet calculatedCVE-2022-23205
MISC
accusoft -- imagegear
 
A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. A specially-crafted PSD file can overflow a stack buffer, which could either lead to denial of service or, depending on the application, to an information leak. An attacker can provide a malicious file to trigger this vulnerability.2022-05-03not yet calculatedCVE-2022-23400
MISC
fortinet -- fortisoar
 
An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests.2022-05-04not yet calculatedCVE-2022-23443
CONFIRM
pingidentity -- pingfederate
 
When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password.2022-05-02not yet calculatedCVE-2022-23722
MISC
MISC
pingidentity -- pingfederate_pingone_fa_integration_kit
 
An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow.2022-05-02not yet calculatedCVE-2022-23723
MISC
MISC
pingidentity -- pingid_integration_for_windows_login
 
Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials.2022-05-04not yet calculatedCVE-2022-23724
CONFIRM
MISC
joomla -- guru_exension
 
Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The impact is: obtain sensitive information (remote). The component is: Access to private information and components, possibility to view other users' information. Information disclosure Access to private information and components, possibility to view other users' information.2022-05-06not yet calculatedCVE-2022-23802
MISC
rainworx_softwares -- autionworx
 
Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition.2022-05-02not yet calculatedCVE-2022-23904
MISC
MISC
snyk -- snyk
 
All versions of package jailed are vulnerable to Sandbox Bypass via an exported alert() method which can access the main application. Exported methods are stored in the application.remote object.2022-05-01not yet calculatedCVE-2022-23923
MISC
MISC
adobe -- photoshop
 
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an improper input validation vulnerability when parsing a PCX file that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PCX file.2022-05-06not yet calculatedCVE-2022-24098
MISC
adobe -- photoshop
 
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-05-06not yet calculatedCVE-2022-24099
MISC
adobe -- photoshop
 
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious U3D file.2022-05-06not yet calculatedCVE-2022-24105
MISC
snyk -- snyk
 
The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn(). However, the outpath parameter passed to it may be a command-line argument to the git clone command and result in arbitrary command injection.2022-05-01not yet calculatedCVE-2022-24437
MISC
MISC
MISC
fluxcd -- flux2
 
Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployments this can also lead to privilege escalation if the controller's service account has elevated permissions. Workarounds include disabling functionality via Validating Admission webhooks by restricting users from setting the `spec.kubeConfig` field in Flux `Kustomization` and `HelmRelease` objects. Additional mitigations include applying restrictive AppArmor and SELinux profiles on the controller’s pod to limit what binaries can be executed. This vulnerability is fixed in kustomize-controller v0.23.0 and helm-controller v0.19.0, both included in flux2 v0.29.02022-05-06not yet calculatedCVE-2022-24817
CONFIRM
netty -- netty
 
Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.2022-05-06not yet calculatedCVE-2022-24823
MISC
MISC
CONFIRM
fluxcd -- flux
 
Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious `kustomization.yaml` allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments. Workarounds include automated tooling in the user's CI/CD pipeline to validate `kustomization.yaml` files conform with specific policies. This vulnerability is fixed in kustomize-controller v0.24.0 and included in flux2 v0.29.0.2022-05-06not yet calculatedCVE-2022-24877
CONFIRM
fluxcd -- flux
 
Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious `kustomization.yaml` allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user's CI/CD pipeline to validate `kustomization.yaml` files conform with specific policies. This vulnerability is fixed in kustomize-controller v0.24.0 and included in flux2 v0.29.0. Users are recommended to upgrade.2022-05-06not yet calculatedCVE-2022-24878
CONFIRM
ecdsautils -- ecdsautils
 
ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does not mitigate the issue: `ecdsa_verify_list_legacy()` will accept an arbitrary number of such forged signatures. Both the `ecdsautil verify` CLI command and the libecdsautil library are affected. The issue has been fixed in ecdsautils 0.4.1. All older versions of ecdsautils (including versions before the split into a library and a CLI utility) are vulnerable.2022-05-06not yet calculatedCVE-2022-24884
MISC
CONFIRM
MISC
MLIST
velocity -- velocity
 
APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations on the filesystem. Writing an attacking script in Velocity requires the Script rights in XWiki so not all users can use it, and it also requires finding an XWiki API which returns a File. The problem has been patched in versions 12.6.7, 12.10.3, and 13.0. There is no easy workaround for fixing this vulnerability other than upgrading and being careful when giving Script rights.2022-05-02not yet calculatedCVE-2022-24897
MISC
CONFIRM
MISC
MISC
contao -- contao
 
Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings.2022-05-06not yet calculatedCVE-2022-24899
CONFIRM
MISC
MISC
apple -- apple_game_center
 
Improper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows attackers to bypass authentication, making the server vulnerable to DoS attacks. The vulnerability has been fixed by improving the URL validation and adding additional checks of the resource the URL points to before downloading it.2022-05-04not yet calculatedCVE-2022-24901
CONFIRM
tkvideoplayer -- tkvideoplayer
 
TkVideoplayer is a simple library to play video files in tkinter. Uncontrolled memory consumption in versions of TKVideoplayer prior to 2.0.0 can theoretically lead to performance degradation. There are no known workarounds. This issue has been patched and users are advised to upgrade to version 2.0.0 or later.2022-05-06not yet calculatedCVE-2022-24902
CONFIRM
MISC
rsyslog -- rsyslog
 
Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability.2022-05-06not yet calculatedCVE-2022-24903
CONFIRM
MISC
menlo_security -- email_isolation_on_premiseLinks may not be rewritten according to policy in some specially formatted emails.2022-05-02not yet calculatedCVE-2022-24974
MISC
jsgui_lang_essentials -- multiple_products
 
All versions of package jsgui-lang-essentials are vulnerable to Prototype Pollution due to allowing all Object attributes to be altered, including their magical attributes such as proto, constructor and prototype.2022-05-01not yet calculatedCVE-2022-25301
MISC
MISC
bignum -- multiple_products
 
All versions of package bignum are vulnerable to Denial of Service (DoS) due to a type-check exception in V8, when verifying the type of the second argument to the .powm function, V8 will crash regardless of Node try/catch blocks.2022-05-06not yet calculatedCVE-2022-25324
CONFIRM
CONFIRM
webjars -- multiple_products
 
All versions of package materialize-css are vulnerable to Cross-site Scripting (XSS) due to improper escape of user input (such as &lt;not-a-tag /&gt;) that is being parsed as HTML/JavaScript, and inserted into the Document Object Model (DOM). This vulnerability can be exploited when the user-input is provided to the autocomplete component.2022-05-01not yet calculatedCVE-2022-25349
MISC
MISC
MISC
webjars -- multiple_products
 
All versions of package dset are vulnerable to Prototype Pollution via 'dset/merge' mode, as the dset function checks for prototype pollution by validating if the top-level path contains __proto__, constructor or protorype. By crafting a malicious object, it is possible to bypass this check and achieve prototype pollution.2022-05-01not yet calculatedCVE-2022-25645
MISC
MISC
MISC
mvnrepository.com -- multiple_productsThe package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.2022-05-01not yet calculatedCVE-2022-25647
MISC
MISC
MISC
mvnrepository.com -- multiple_products
 
All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets.2022-05-01not yet calculatedCVE-2022-25767
MISC
MISC
secomea -- secomea_gatemanager
 
Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session.2022-05-04not yet calculatedCVE-2022-25778
MISC
secomea -- secomea_gatemanager
 
Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. This issue affects: Secomea GateManager versions prior to 9.7.2022-05-04not yet calculatedCVE-2022-25779
MISC
secomea -- secomea_gatemanager
 
Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope.2022-05-04not yet calculatedCVE-2022-25780
MISC
secomea -- secomea_gatemanager
 
Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session.2022-05-04not yet calculatedCVE-2022-25781
MISC
secomea -- secomea_gatemanager
 
Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7.2022-05-04not yet calculatedCVE-2022-25782
MISC
secomea -- secomea_gatemanager
 
Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7.2022-05-04not yet calculatedCVE-2022-25783
MISC
secomea -- secomea_sitemanager
 
Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. This issue affects: Secomea SiteManager all versions prior to 9.7.2022-05-04not yet calculatedCVE-2022-25784
MISC
secomea -- secomea_sitemanager
 
Stack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary code execution. This issue affects: Secomea SiteManager all versions prior to 9.7.2022-05-04not yet calculatedCVE-2022-25785
MISC
secomea -- secomea_gatemanager
 
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. This issue affects: GateManager all versions prior to 9.7.2022-05-04not yet calculatedCVE-2022-25786
MISC
secomea -- secomea_gatemanager
 
Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7.2022-05-04not yet calculatedCVE-2022-25787
MISC
com_alibaba_ -- one_java_agent_plugin
 
All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine.2022-05-01not yet calculatedCVE-2022-25842
MISC
MISC
MISC
MISC
org.webjars -- angular_package
 
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher.2022-05-01not yet calculatedCVE-2022-25844
MISC
MISC
MISC
MISC
MISC
hoppscotch -- proxyscotch
 
The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server.2022-05-01not yet calculatedCVE-2022-25850
MISC
MISC
f5 -- big-ip
 
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-25946
MISC
anker_eufy_homebase -- anker_eufy_homebase 2 2.1.8.5h
 
An authentication bypass vulnerability exists in the libxm_av.so getpeermac() functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted DHCP packet can lead to authentication bypass. An attacker can DHCP poison to trigger this vulnerability.2022-05-05not yet calculatedCVE-2022-25989
MISC
f5 -- f5os-a_software
 
On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-25990
MISC
pistacheio_pistache -- multiple_products
 
This affects the package pistacheio/pistache before 0.0.3.20220425. It is possible to traverse directories to fetch arbitrary files from the server.2022-05-01not yet calculatedCVE-2022-26068
MISC
MISC
splunk -- enterprise
 
When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0.2022-05-06not yet calculatedCVE-2022-26070
MISC
f5 -- big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a flaw in the way reply ICMP packets are limited in the Traffic Management Microkernel (TMM) allows an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-26071
MISC
anker_eufy_homebase -- anker_eufy_homebase
 
A denial of service vulnerability exists in the libxm_av.so DemuxCmdInBuffer functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to a device reboot. An attacker can send packets to trigger this vulnerability.2022-05-05not yet calculatedCVE-2022-26073
MISC
f5 -- big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an Active mode-enabled FTP profile is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing active FTP data channel connections. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-26130
MISC
netiq -- netiq_access_managerReflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.22022-05-02not yet calculatedCVE-2022-26325
CONFIRM
netiq -- netiq_access_managerPotential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.22022-05-02not yet calculatedCVE-2022-26326
CONFIRM
f5 -- big-ipOn F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, an authenticated, high-privileged attacker with no bash access may be able to access Certificate and Key files using Secure Copy (SCP) protocol from a remote system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-26340
MISC
f5 -- big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, and 14.1.x versions prior to 14.1.4.6, when a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-26370
MISC
f5 -- big-ip
 
On F5 BIG-IP 15.1.x versions prior to 15.1.0.2, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when a DNS listener is configured on a virtual server with DNS queueing (default), undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2022-05-05not yet calculatedCVE-2022-26372
MISC
f5 -- big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-26415
MISC
f5 -- big-ip
 
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when the BIG-IP CGNAT Large Scale NAT (LSN) pool is configured on a virtual server and packet filtering is enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-26517
MISC
f5 -- big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, directory traversal vulnerabilities exist in undisclosed iControl REST endpoints and TMOS Shell (tmsh) commands in F5 BIG-IP Guided Configuration, which may allow an authenticated attacker with at least resource administrator role privileges to read arbitrary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-26835
MISC
splunk -- enterpriseThe lack of sanitization in a relative url path in a search parameter allows for arbitrary injection of external content in Splunk Enterprise versions before 8.1.2.2022-05-06not yet calculatedCVE-2022-26889
MISC
MISC
f5 -- big-ip
 
On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1.2.1, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when ASM or Advanced WAF, as well as APM, are configured on a virtual server, the ASM policy is configured with Session Awareness, and the "Use APM Username and Session ID" option is enabled, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-26890
MISC
f5 -- big-ip
 
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when APM is configured on a virtual server and the associated access profile is configured with APM AAA NTLM Auth, undisclosed requests can cause an increase in internal resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-27181
MISC
f5 -- big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, when BIG-IP packet filters are enabled and a virtual server is configured with the type set to Reject, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-27182
MISC
splunk -- enterpriseThe Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platform instances. Note that the Cloud Monitoring Console is not impacted.2022-05-06not yet calculatedCVE-2022-27183
MISC
MISC
f5 -- big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when an Internet Content Adaptation Protocol (ICAP) profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel (TMM) memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-27189
MISC
f5 -- big-ip
 
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-27230
MISC
gitea_io -- gitea_io
 
An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service (DoS) via deleting the configuration file.2022-05-03not yet calculatedCVE-2022-27313
MISC
e_commerce_website -- e_commerce_website
 
A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field.2022-05-03not yet calculatedCVE-2022-27330
MISC
poppler -- poppler
 
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.2022-05-05not yet calculatedCVE-2022-27337
MISC
foxit -- pdf_reader
 
Foxit PDF Reader v11.2.1.53537 was discovered to contain a NULL pointer dereference via the component FoxitPDFReader.exe. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PHP file.2022-05-05not yet calculatedCVE-2022-27359
MISC
MISC
springblade -- springblade
 
SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment.2022-05-05not yet calculatedCVE-2022-27360
MISC
MISC
MISC
totolink -- totolink_n600r
 
TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter in the "Main" function.2022-05-05not yet calculatedCVE-2022-27411
MISC
hospital_management_system -- hospital_management_systemHospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php.2022-05-03not yet calculatedCVE-2022-27413
MISC
hospital_management_system -- hospital_management_systemHospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.2022-05-04not yet calculatedCVE-2022-27420
MISC
wuzhicms -- wuzhicms
 
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php.2022-05-04not yet calculatedCVE-2022-27431
MISC
nopCommerce -- nopCommerceIn nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link.2022-05-04not yet calculatedCVE-2022-27461
MISC
MISC
mcms -- mcmsMCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do.2022-05-02not yet calculatedCVE-2022-27466
MISC
sdl -- sdl_ttf
 
SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.2022-05-04not yet calculatedCVE-2022-27470
MISC
MISC
nginx -- multiple_products
 
On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plane endpoints are exposed to the cluster overlay network. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-27495
MISC
qnap -- qnapWe have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later2022-05-05not yet calculatedCVE-2022-27588
MISC
f5 -- big-ip
 
On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, BIG-IP APM does not properly validate configurations, allowing an authenticated attacker with high privileges to manipulate the APM policy leading to privilege escalation/remote code execution. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-27634
MISC
f5 -- big-ip
 
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-27636
MISC
f5 -- big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, an authenticated attacker can modify or delete Dashboards created by other BIG-IP users in the Traffic Management User Interface (TMUI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-27659
MISC
f5 -- traffix_sdc
 
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-27662
MISC
adobe -- after_effects
 
Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in After Effects.2022-05-06not yet calculatedCVE-2022-27783
MISC
adobe -- after_effects
 
Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in After Effects.2022-05-06not yet calculatedCVE-2022-27784
MISC
f5 -- big-ip
 
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing command injection vulnerabilities in undisclosed URIs in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-27806
MISC
f5 -- access_for_android
 
On F5 Access for Android 3.x versions prior to 3.0.8, a Task Hijacking vulnerability exists in the F5 Access for Android application, which may allow an attacker to steal sensitive user information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-27875
MISC
f5 -- big-ip
 
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-27878
MISC
f5 -- traffix_sdc
 
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-27880
MISC
eve_ng -- multiple_products
 
An OS Command Injection vulnerability in the configuration parser of Eve-NG Professional through 4.0.1-65 and Eve-NG Community through 2.0.3-112 allows a remote authenticated attacker to execute commands as root by editing virtualization command parameters of imported UNL files.2022-05-04not yet calculatedCVE-2022-27903
MISC
MISC
joomla -- jdownloads_3.9.8.2_stable
 
In Joomla component 'jDownloads 3.9.8.2 Stable' the remote user can change some parameters in the address bar and see the names of other users' files2022-05-06not yet calculatedCVE-2022-27909
MISC
bluecms -- bluecmsBluecms 1.6 has a SQL injection vulnerability at cooike.2022-05-03not yet calculatedCVE-2022-27962
MISC
rg_nbr_e_enterprise_ gateway -- rg_nbr2100g_eRG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a remote code execution (RCE) vulnerability via the fileName parameter at /guest_auth/cfg/upLoadCfg.php.2022-05-02not yet calculatedCVE-2022-27982
MISC
rg_nbr_e_enterprise_ gateway -- rg_nbr2100g_eRG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain an arbitrary file read vulnerability via the url parameter in check.php.2022-05-02not yet calculatedCVE-2022-27983
MISC
3cx -- phone_system_management_consoleAn issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server, leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. Versions prior to version 18, Hotfix 1 Build 18.0.3.461 March 2022, are prone to an additional unauthenticated file system access to C:\Windows\System32.2022-05-06not yet calculatedCVE-2022-28005
MISC
MISC
MISC
vandyke -- vandyke_softwareImproper sanitization of trigger action scripts in VanDyke Software VShell for Windows v4.6.2 allows attackers to execute arbitrary code via a crafted value.2022-05-02not yet calculatedCVE-2022-28054
MISC
fusionpbx -- fusionpbxFusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function.2022-05-04not yet calculatedCVE-2022-28055
MISC
shopxo -- shopxoShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php.2022-05-02not yet calculatedCVE-2022-28056
MISC
libarchive -- libarchivelvLibarchive v3.6.0 was discovered to contain a read memory access vulnerability via the function lzma_decode.2022-05-04not yet calculatedCVE-2022-28066
MISC
sandboxie_plus -- sandboxie_classicAn incorrect access control issue in Sandboxie Classic v5.55.13 allows attackers to cause a Denial of Service (DoS) in the Sandbox via a crafted executable.2022-05-04not yet calculatedCVE-2022-28067
MISC
seacms -- seacms
 
Seacms v11.6 was discovered to contain a remote command execution (RCE) vulnerability via the Mail Server Settings.2022-05-04not yet calculatedCVE-2022-28076
MISC
college_management_system -- college_management_systemCollege Management System v1.0 was discovered to contain a SQL injection vulnerability via the course_code parameter.2022-05-05not yet calculatedCVE-2022-28079
MISC
MISC
event_mobi -- royal_event_management_system
 
Royal Event Management System v1.0 was discovered to contain a SQL injection vulnerability via the todate parameter.2022-05-05not yet calculatedCVE-2022-28080
MISC
MISC
MISC
query_php -- arphp_v3.6.0
 
A reflected cross-site scripting (XSS) vulnerability in the component Query.php of arPHP v3.6.0 allows attackers to execute arbitrary web scripts.2022-05-04not yet calculatedCVE-2022-28081
MISC
tenda -- ax12Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the list parameter at /goform/SetNetControlList.2022-05-04not yet calculatedCVE-2022-28082
MISC
jspxcms -- jspxcmsJspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=.2022-05-04not yet calculatedCVE-2022-28090
MISC
skycaiji -- skycaijiSkycaiji v2.4 was discovered to contain a remote code execution (RCE) vulnerability via /SkycaijiApp/admin/controller/Develop.php.2022-05-04not yet calculatedCVE-2022-28096
MISC
poultry_farm_management_system -- poultry_farm_management_systemPoultry Farm Management System v1.0 was discovered to contain a SQL injection vulnerability via the Item parameter at /farm/store.php.2022-05-04not yet calculatedCVE-2022-28099
MISC
MISC
MISC
mybatis -- pagehelper
 
MyBatis PageHelper v1.x.x-v5.x.x was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter.2022-05-04not yet calculatedCVE-2022-28111
MISC
MISC
MISC
MISC
siteserver_cms -- siteserver_cms
 
SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in.2022-05-03not yet calculatedCVE-2022-28118
MISC
MISC
MISC
MISC
beijing_runnier_network_technology_co.,_ltd -- teaching management_platform_softwareBeijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server.2022-05-05not yet calculatedCVE-2022-28120
MISC
broadcom -- brocade_sannav
 
In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands.2022-05-06not yet calculatedCVE-2022-28163
MISC
broadcom -- brocade_sannav
 
Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords.2022-05-06not yet calculatedCVE-2022-28164
MISC
broadcom -- brocade_sannav
 
A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests.2022-05-06not yet calculatedCVE-2022-28165
MISC
adobe -- photoshopAdobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious SVG file.2022-05-06not yet calculatedCVE-2022-28270
MISC
adobe -- photoshop
 
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file.2022-05-06not yet calculatedCVE-2022-28271
MISC
adobe -- photoshop
 
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-05-06not yet calculatedCVE-2022-28272
MISC
adobe -- photoshopAdobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-05-06not yet calculatedCVE-2022-28273
MISC
adobe -- photoshop
 
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-05-06not yet calculatedCVE-2022-28274
MISC
adobe -- photoshop
 
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-05-06not yet calculatedCVE-2022-28275
MISC
adobe -- photoshop
 
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-05-06not yet calculatedCVE-2022-28276
MISC
adobe -- photoshop
 
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file.2022-05-06not yet calculatedCVE-2022-28277
MISC
adobe -- photoshop
 
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-05-06not yet calculatedCVE-2022-28278
MISC
adobe -- photoshop
 
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-05-06not yet calculatedCVE-2022-28279
MISC
mediawiki -- mediawiki
 
An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,2022-04-30not yet calculatedCVE-2022-28323
MISC
MISC
MISC
nopcommerce -- nopcommerce
 
nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup file in the Maintenance feature.2022-05-02not yet calculatedCVE-2022-28451
MISC
MISC
mingyuefusu -- multiple_products
 
mingyuefusu Library Management System all versions as of 03-27-2022 is vulnerable to SQL Injection.2022-05-05not yet calculatedCVE-2022-28461
MISC
novelplus -- novel_plusnovel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.2022-05-05not yet calculatedCVE-2022-28462
MISC
ffmeg -- ffjpeg
 
In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. This is due to the incomplete patch for issue 382022-05-05not yet calculatedCVE-2022-28471
MISC
rubygems -- multiple_products
 
CSV-Safe gem < 3.0.0 doesn't filter out special characters which could trigger CSV Injection.2022-05-01not yet calculatedCVE-2022-28481
MISC
MISC
MISC
tcpreplay -- tcpreplay
 
Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality.2022-05-04not yet calculatedCVE-2022-28487
MISC
MISC
libwav -- libwavThe function wav_format_write in libwav.c in libwav through 2017-04-20 has an Use of Uninitialized Variable vulnerability.2022-05-04not yet calculatedCVE-2022-28488
MISC
MISC
jflyfox -- jflyfoxJfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java.2022-05-03not yet calculatedCVE-2022-28505
MISC
dragon_path_technologies -- bharti_airtel_routersDragon Path Technologies Bharti Airtel Routers Hardware BDT-121 version 1.0 is vulnerable to Cross Site Scripting (XSS) via Dragon path router admin page.2022-05-06not yet calculatedCVE-2022-28507
MISC
MISC
mantisbt -- browser_search_plugin.php
 
An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.2022-05-04not yet calculatedCVE-2022-28508
MISC
MISC
MISC
sourcecodester -- fantastic_blog_cms
 
A SQL injection vulnerability exists in Sourcecodester Fantastic Blog CMS 1.0 . An attacker can inject query in "/fantasticblog/single.php" via the "id=5" parameters.2022-05-04not yet calculatedCVE-2022-28512
MISC
MISC
sourcecodester -- covid-19_directorySourcecodester Covid-19 Directory on Vaccination System 1.0 is vulnerable to SQL Injection via cmdcategory.2022-05-05not yet calculatedCVE-2022-28530
MISC
sourcecodester -- medical_hub_directory_site
 
Sourcecodester Medical Hub Directory Site 1.0 is vulnerable to SQL Injection via /mhds/clinic/view_details.php.2022-05-05not yet calculatedCVE-2022-28533
MISC
fudforum -- fudforum
 
FUDforum 3.1.1 is vulnerable to Stored XSS.2022-05-06not yet calculatedCVE-2022-28545
MISC
MISC
chshcms -- cscms
 
Cscms 4.1 is vulnerable to SQL Injection. Log into the background, open the song module, create a new song, delete it to the recycle bin, and SQL injection security problems will occur when emptying the recycle bin.2022-05-04not yet calculatedCVE-2022-28552
MISC
tenda -- ac15
 
Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow. Similarly, this vulnerability can be used together with CVE-2021-449712022-05-04not yet calculatedCVE-2022-28556
MISC
tenda -- ac15
 
There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution2022-05-04not yet calculatedCVE-2022-28557
MISC
tenda -- ac9
 
There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload2022-05-03not yet calculatedCVE-2022-28560
MISC
tenda -- ax12
 
There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload2022-05-03not yet calculatedCVE-2022-28561
MISC
sourcecodester -- doctors_appointmemt_system
 
Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored.2022-05-04not yet calculatedCVE-2022-28568
MISC
MISC
MISC
d-link -- 882_dir882a1_fw130b06D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli.2022-05-02not yet calculatedCVE-2022-28571
MISC
MISC
tenda -- ax1806
 
Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function2022-05-02not yet calculatedCVE-2022-28572
MISC
d-link -- dir-823_pro
 
D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the system_time_timezone parameter.2022-05-02not yet calculatedCVE-2022-28573
MISC
MISC
totolink -- a7100ruIt is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload2022-05-05not yet calculatedCVE-2022-28575
MISC
totolink -- a7100ru
 
It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.2022-05-05not yet calculatedCVE-2022-28577
MISC
totolink -- a7100ru
 
It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.2022-05-05not yet calculatedCVE-2022-28578
MISC
totolink -- a7100ru
 
It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.2022-05-05not yet calculatedCVE-2022-28579
MISC
totolink -- setwifiadvancedcfgIt is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.2022-05-05not yet calculatedCVE-2022-28580
MISC
totolink -- setwifiadvancedcfg
 
It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.2022-05-05not yet calculatedCVE-2022-28581
MISC
totolink -- setwifisignalcfg
 
It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.2022-05-05not yet calculatedCVE-2022-28582
MISC
totolink -- setwifiwpscfg
 
It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.2022-05-05not yet calculatedCVE-2022-28583
MISC
totolink -- setwifiwpsstart
 
It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.2022-05-05not yet calculatedCVE-2022-28584
MISC
empirecms -- empirecmsEmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php2022-05-03not yet calculatedCVE-2022-28585
MISC
springbootmovie -- springbootmovie
 
In SpringBootMovie <=1.2 when adding movie names, malicious code can be stored because there are no filtering parameters, resulting in stored XSS.2022-05-03not yet calculatedCVE-2022-28588
MISC
pixelimity -- pixelimityA stored cross-site scripting (XSS) vulnerability in Pixelimity 1.0 allows attackers to execute arbitrary web scripts or HTML via the Title field in admin/pages.php?action=add_new2022-05-03not yet calculatedCVE-2022-28589
MISC
pixelimity -- pixelimityA Remote Code Execution (RCE) vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=install_theme.2022-05-03not yet calculatedCVE-2022-28590
MISC
fuelcms -- fuelcmsA stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack.2022-05-03not yet calculatedCVE-2022-28599
MISC
wenzhou_huoyin_infor,mation_technology_co -- wenzhou_huoyin_infor,mation_technology_coAn arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server.2022-05-05not yet calculatedCVE-2022-28606
MISC
MISC
MISC
cisco -- hci_modbus_tcp_component
 
A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware that is caused by the validation error in the length information carried in MBAP header allows an ATTACKER to reboot the device by sending a special crafted message. This issue affects: Hitachi Energy RTU500 series CMU Firmware 12.0.*; 12.2.*; 12.4.*; 12.6.*; 12.7.*; 13.2.*.2022-05-02not yet calculatedCVE-2022-28613
CONFIRM
f5 -- big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when a Real Time Streaming Protocol (RTSP) profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel (TMM) resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-28691
MISC
f5 -- big-ip_afm
 
On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, an authenticated attacker with high privileges can upload a maliciously crafted file to the BIG-IP AFM Configuration utility, which allows an attacker to run arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-28695
MISC
f5 -- big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, when the stream profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-28701
MISC
f5 -- big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, on platforms with an ePVA and the pva.fwdaccel BigDB variable enabled, undisclosed requests to a virtual server with a FastL4 profile that has ePVA acceleration enabled can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-28705
MISC
f5 -- big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2 and 15.1.x versions prior to 15.1.5.1, when the DNS resolver configuration is used, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-28706
MISC
f5 -- big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility (also referred to as the BIG-IP TMUI) that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-28707
MISC
f5 -- big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, when a BIG-IP DNS resolver-enabled, HTTP-Explicit or SOCKS profile is configured on a virtual server, an undisclosed DNS response can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-28708
MISC
f5 -- big-ip_apm
 
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-28714
MISC
f5 -- multiple_products
 
On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x 11.6.x, a DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP AFM, CGNAT, and PEM Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-28716
MISC
samsung -- smrImproper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information.2022-05-03not yet calculatedCVE-2022-28780
MISC
samsung -- smrImproper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller.2022-05-03not yet calculatedCVE-2022-28781
MISC
samsung -- contents_to_windowsImproper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability.2022-05-03not yet calculatedCVE-2022-28782
MISC
samsung -- galaxy_themes
 
Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logic for removing package name.2022-05-03not yet calculatedCVE-2022-28783
MISC
samsung -- galaxy_themes
 
Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic.2022-05-03not yet calculatedCVE-2022-28784
MISC
samsung -- aviextractor_library
 
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.2022-05-03not yet calculatedCVE-2022-28785
MISC
samsung -- aviextractor_libraryImproper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.2022-05-03not yet calculatedCVE-2022-28786
MISC
samsung -- wmfextractor_library
 
Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.2022-05-03not yet calculatedCVE-2022-28787
MISC
samsung -- aviextractor_library
 
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.2022-05-03not yet calculatedCVE-2022-28788
MISC
samsung -- voice_note
 
Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities.2022-05-03not yet calculatedCVE-2022-28789
MISC
samsung -- link
 
Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic.2022-05-03not yet calculatedCVE-2022-28790
MISC
samsung -- installagent
 
Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files.2022-05-03not yet calculatedCVE-2022-28791
MISC
samsung -- gear_iconx_pc_managerDLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking.2022-05-03not yet calculatedCVE-2022-28792
MISC
samsung -- strongbox
 
Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time.2022-05-03not yet calculatedCVE-2022-28793
MISC
fujitsu -- insyde_firmware
 
An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with BIOS versions before v1.09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410), v2.13 (U7310), and v1.09 (E459/E449). The FjGabiFlashCoreAbstractionSmm driver registers a Software System Management Interrupt (SWSMI) handler that is not sufficiently validated to ensure that the CommBuffer (or any other communication buffer's nested contents) are not pointing to SMRAM contents. A potential attacker can therefore write fixed data to SMRAM, which could lead to data corruption inside this memory (e.g., change the SMI handler's code or modify SMRAM map structures to break input pointer validation for other SMI handlers). Thus, the attacker could elevate privileges from ring 0 to ring -2 and execute arbitrary code in SMM.2022-05-04not yet calculatedCVE-2022-28806
MISC
MISC
MISC
MISC
f5 -- big-ip
 
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions prior to 14.1.4.6, when installing Net HSM, the scripts (nethsm-safenet-install.sh and nethsm-thales-install.sh) expose the Net HSM partition password. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-28859
MISC
apache -- jena
 
A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities.2022-05-05not yet calculatedCVE-2022-28890
MISC

h3c -- magicr100

 

In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be accessed without authorization. It sends a large amount of data through ajaxmsg to carry out DOS attack.2022-05-04not yet calculatedCVE-2022-28940
MISC
tenda -- ax1806
 
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS).2022-05-06not yet calculatedCVE-2022-28969
MISC
tenda -- ax1806
 
Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow via the mac parameter in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS).2022-05-06not yet calculatedCVE-2022-28970
MISC
tenda -- ax1806
 
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS).2022-05-06not yet calculatedCVE-2022-28971
MISC
tenda -- ax1806
 
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS).2022-05-06not yet calculatedCVE-2022-28972
MISC
tenda -- ax1806
 
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS).2022-05-06not yet calculatedCVE-2022-28973
MISC
springbootmovie -- springbootmovie
 
In SpringBootMovie <=1.2, the uploaded file suffix parameter is not filtered, resulting in arbitrary file upload vulnerability2022-05-03not yet calculatedCVE-2022-29001
MISC
openldap -- openldap
 
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.2022-05-04not yet calculatedCVE-2022-29155
MISC
xwiki -- xwiki_platform
 
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The XWiki Crypto API will generate X509 certificates signed by default using SHA1 with RSA, which is not considered safe anymore for use in certificate signatures, due to the risk of collisions with SHA1. The problem has been patched in XWiki version 13.10.6, 14.3.1 and 14.4-rc-1. Since then, the Crypto API will generate X509 certificates signed by default using SHA256 with RSA. Administrators are advised to upgrade their XWiki installation to one of the patched versions. If the upgrade is not possible, it is possible to patch the module xwiki-platform-crypto in a local installation by applying the change exposed in 26728f3 and re-compiling the module.2022-05-06not yet calculatedCVE-2022-29161
MISC
CONFIRM
MISC
argoproj -- argo_workflows
 
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Server API. The attacker emails the deep-link to the artifact to their victim. The victim opens the link, the script starts running. As the script has access to the Argo Server API (as the victim), so may read information about the victim’s workflows, or create and delete workflows. Note the attacker must be an insider: they must have access to the same cluster as the victim and must already be able to run their own workflows. The attacker must have an understanding of the victim’s system. We have seen no evidence of this in the wild. We urge all users to upgrade to the fixed versions.2022-05-06not yet calculatedCVE-2022-29164
MISC
MISC
CONFIRM
matrix -- matrix-appservice-irc
 
matrix-appservice-irc is a Node.js IRC bridge for Matrix. The vulnerability in node-irc allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. The vulnerability has been patched in matrix-appservice-irc 0.33.2. Refrain from replying to messages from untrusted participants in IRC-bridged Matrix rooms. There are no known workarounds for this issue.2022-05-05not yet calculatedCVE-2022-29166
MISC
CONFIRM
mozilla -- hawk
 
Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse `Host` HTTP header (`Hawk.utils.parseHost()`), which was subject to regular expression DoS attack - meaning each added character in the attacker's input increases the computation time exponentially. `parseHost()` was patched in `9.0.1` to use built-in `URL` class to parse hostname instead. `Hawk.authenticate()` accepts `options` argument. If that contains `host` and `port`, those would be used instead of a call to `utils.parseHost()`.2022-05-05not yet calculatedCVE-2022-29167
MISC
CONFIRM
sourcegraph -- sourcegraph
 
Sourcegraph is a fast and featureful code search and navigation engine. Versions before 3.38.0 are vulnerable to Remote Code Execution in the gitserver service. The Gitolite code host integration with Phabricator allows Sourcegraph site admins to specify a `callsignCommand`, which is used to obtain the Phabricator metadata for a Gitolite repository. An administrator who is able to edit or add a Gitolite code host and has administrative access to Sourcegraph’s bundled Grafana instance can change this command arbitrarily and run it remotely. This grants direct access to the infrastructure underlying the Sourcegraph installation. The attack requires: site-admin privileges on the instance of Sourcegraph, Administrative privileges on the bundled Grafana monitoring instance, Knowledge of the gitserver IP address or DNS name (if running in Kubernetes). This can be found through Grafana. The issue is patched in version 3.38.0. You may disable Gitolite code hosts. We still highly encourage upgrading regardless of workarounds.2022-05-06not yet calculatedCVE-2022-29171
CONFIRM
auth0 -- auth0-lock
 
Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before `11.33.0`, when the “additional signup fields� feature [is configured](https://github.com/auth0/lock#additional-sign-up-fields), a malicious actor can inject invalidated HTML code into these additional fields, which is then stored in the service `user_metdata` payload (using the `name` property). Verification emails, when applicable, are generated using this metadata. It is therefor possible for an actor to craft a malicious link by injecting HTML, which is then rendered as the recipient's name within the delivered email template. You are impacted by this vulnerability if you are using `auth0-lock` version `11.32.2` or lower and are using the “additional signup fields� feature in your application. Upgrade to version `11.33.0`.2022-05-05not yet calculatedCVE-2022-29172
MISC
CONFIRM
the_update_framework -- go-tuf
 
go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to install software that is older than the software which the client previously knew to be available, and may include software with known vulnerabilities. In more detail, the client code of go-tuf has several issues in regards to preventing rollback attacks: 1. It does not take into account the content of any previously trusted metadata, if available, before proceeding with updating roles other than the root role (i.e., steps 5.4.3.1 and 5.5.5 of the detailed client workflow). This means that any form of version verification done on the newly-downloaded metadata is made using the default value of zero, which always passes. 2. For both timestamp and snapshot roles, go-tuf saves these metadata files as trusted before verifying if the version of the metafiles they refer to is correct (i.e., steps 5.5.4 and 5.6.4 of the detailed client workflow). A fix is available in version 0.3.0 or newer. No workarounds are known for this issue apart from upgrading.2022-05-05not yet calculatedCVE-2022-29173
MISC
CONFIRM
vyperlang -- vyper
 
Vyper is a pythonic smart contract language for the ethereum virtual machine. Since version 0.3.2, decimals use the full range of the underlying int168 type. multiplication of 168 bit integers can wrap in 256-bit arithmetic, but safemul does not check for that. This has been patched in v0.3.4. There are no known workarounds for this issue.2022-05-05not yet calculatedCVE-2022-29175
CONFIRM
MISC
rubygems -- rubygems
 
Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so. To be vulnerable, a gem needed: one or more dashes in its name creation within 30 days OR no updates for over 100 days At present, we believe this vulnerability has not been exploited. RubyGems.org sends an email to all gem owners when a gem version is published or yanked. We have not received any support emails from gem owners indicating that their gem has been yanked without authorization. An audit of gem changes for the last 18 months did not find any examples of this vulnerability being used in a malicious way. A deeper audit for any possible use of this exploit is ongoing, and we will update this advisory once it is complete. Using Bundler in --frozen or --deployment mode in CI and during deploys, as the Bundler team has always recommended, will guarantee that your application does not silently switch to versions created using this exploit. To audit your application history for possible past exploits, review your Gemfile.lock and look for gems whose platform changed when the version number did not change. For example, gemname-3.1.2 updating to gemname-3.1.2-java could indicate a possible abuse of this vulnerability. RubyGems.org has been patched and is no longer vulnerable to this issue as of the 5th of May 2022.2022-05-05not yet calculatedCVE-2022-29176
MISC
CONFIRM
charmbracelet -- charm
 
A vulnerability in which attackers could forge HTTP requests to manipulate the `charm` data directory to access or delete anything on the server. This has been patched and is available in release [v0.12.1](https://github.com/charmbracelet/charm/releases/tag/v0.12.1). We recommend that all users running self-hosted `charm` instances update immediately. This vulnerability was found in-house and we haven't been notified of any potential exploiters. ### Additional notes * Encrypted user data uploaded to the Charm server is safe as Charm servers cannot decrypt user data. This includes filenames, paths, and all key-value data. * Users running the official Charm [Docker images](https://github.com/charmbracelet/charm/blob/main/docker.md) are at minimal risk because the exploit is limited to the containerized filesystem.2022-05-07not yet calculatedCVE-2022-29180
MISC
CONFIRM
f5 -- big-ip
 
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, the BIG-IP Edge Client Component Installer Service does not use best practice while saving temporary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-29263
MISC
apache -- nifi
 
Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: - EvaluateXPath - EvaluateXQuery - ValidateXml Apache NiFi flow configurations that include these Processors are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services.2022-04-30not yet calculatedCVE-2022-29265
CONFIRM
MISC
gpac -- gpac
 
In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2.2022-05-05not yet calculatedCVE-2022-29339
MISC
MISC
gpac -- gpacGPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad.2022-05-05not yet calculatedCVE-2022-29340
MISC
MISC
zeitprax -- web@rchiv
 
An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers to execute arbitrary commands via a crafted PHP file.2022-05-04not yet calculatedCVE-2022-29347
MISC
MISC
MISC
wordpress -- countdown-and-clock_plugin
 
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-circle-countdown-before-countdown and &ycd-circle-countdown-after-countdown vulnerable parameters.2022-05-06not yet calculatedCVE-2022-29420
CONFIRM
CONFIRM
wordpress -- countdown-and-clock_plugin
 
Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter.2022-05-06not yet calculatedCVE-2022-29421
CONFIRM
CONFIRM
wordpress -- countdown-and-clock_plugin
 
Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-button-margin-right, &ycd-button-margin-bottom, &ycd-button-margin-left, &ycd-circle-countdown-before-countdown, &ycd-circle-countdown-after-countdown vulnerable parameters.2022-05-06not yet calculatedCVE-2022-29422
CONFIRM
CONFIRM
wordpress -- countdown-and-clock_plugin
 
Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress.2022-05-06not yet calculatedCVE-2022-29423
CONFIRM
CONFIRM
wordpress -- cloudway_breeze_plugin
 
Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin's settings including CDN setting which could be further used for XSS attack.2022-05-02not yet calculatedCVE-2022-29444
CONFIRM
CONFIRM
f5 -- big-ip
 
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an IPSec ALG profile is configured on a virtual server, undisclosed responses can cause Traffic Management Microkernel(TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-29473
MISC
f5 -- big-ip
 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at least guest role privileges to read wsdl files in the BIG-IP file system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-29474
MISC
f5 -- big-ip
 
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, when an IPv6 self IP address is configured and the ipv6.strictcompliance database key is enabled (disabled by default) on a BIG-IP system, undisclosed packets may cause decreased performance. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-29479
MISC
f5 -- big-ip
 
On F5 BIG-IP 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when multiple route domains are configured, undisclosed requests to big3d can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-29480
MISC
f5 -- multiple_products
 
On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a virtual server is configured with HTTP, TCP on one side (client/server), and DTLS on the other (server/client), undisclosed requests can cause the TMM process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2022-05-05not yet calculatedCVE-2022-29491
MISC
schedmd -- slurm
 
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure.2022-05-05not yet calculatedCVE-2022-29500
MISC
MISC
MISC
schedmd -- slurm
 
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution.2022-05-05not yet calculatedCVE-2022-29501
MISC
MISC
MISC
schedmd -- slurm
 
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges.2022-05-05not yet calculatedCVE-2022-29502
MISC
MISC
MISC
zoho -- manageengine_opmanager
 
Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports.2022-05-05not yet calculatedCVE-2022-29535
MISC
MISC
tenda -- tx9_pro
 
Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_route (called by doSystemCmd_route).2022-05-05not yet calculatedCVE-2022-29592
MISC
gnome -- gnome
 
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.2022-05-03not yet calculatedCVE-2022-29824
MISC
MISC
MISC
MISC
FEDORA
progress -- openedge
 
In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdge application were susceptible to privilege escalation. If exploited, a local attacker could elevate their privileges and compromise the affected system.2022-05-02not yet calculatedCVE-2022-29849
MISC
MISC
MISC
MISC
librehealth -- ehr
 
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection.2022-05-05not yet calculatedCVE-2022-29938
MISC
MISC
MISC
librehealth -- ehr
 
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities.2022-05-05not yet calculatedCVE-2022-29939
MISC
MISC
MISC
librehealth -- ehr
 
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities.2022-05-05not yet calculatedCVE-2022-29940
MISC
MISC
MISC
talend -- administration_center
 
Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal network. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version.2022-05-04not yet calculatedCVE-2022-29942
MISC
MISC
talend -- administration_center
 
Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity (XXE) processing to achieve read access as root on the remote filesystem. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version.2022-05-04not yet calculatedCVE-2022-29943
MISC
MISC
experian -- hunter
 
Experian Hunter 1.16 allows remote authenticated users to modify assumed-immutable elements via the (1) rule name parameter to the Rules page or the (2) subrule name or (3) categories name parameter to the Subrules page.2022-05-04not yet calculatedCVE-2022-29950
MISC
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private.2022-05-02not yet calculatedCVE-2022-29968
MISC
mediawiki -- mediawiki
 
The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rss element (if the feed is in $wgRSSUrlWhitelist and $wgRSSAllowLinkTag is true).2022-05-02not yet calculatedCVE-2022-29969
MISC
MISC
sinatra -- sinatra
 
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.2022-05-02not yet calculatedCVE-2022-29970
MISC
exfat -- exfat
 
relan exFAT 1.3.0 allows local users to obtain sensitive information (data from deleted files in the filesystem) in certain situations involving offsets beyond ValidDataLength.2022-05-02not yet calculatedCVE-2022-29973
MISC
jquery -- jquery.json-viewer_library
 
The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element.2022-05-04not yet calculatedCVE-2022-30241
MISC
MISC
python -- python-libnmap
 
In the python-libnmap package through 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments).2022-05-04not yet calculatedCVE-2022-30284
MISC
MISC
MISC
agoo -- agoo
 
** DISPUTED ** Agoo through 2.14.2 does not reject GraphQL fragment spreads that form cycles, leading to an application crash. NOTE: this has been disputed on the grounds that it is not the server's responsibility to "enforce all the various ways a developer could write code with logic errors."2022-05-04not yet calculatedCVE-2022-30288
MISC
MISC
MISC
squirrel -- squirrel
 
thread_call in sqbaselib.cpp in SQUIRREL 3.2 lacks a certain sq_reservestack call.2022-05-04not yet calculatedCVE-2022-30292
MISC
webkit -- webkitgtk
 
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.2022-05-06not yet calculatedCVE-2022-30293
MISC
MISC
webkit -- webkitgtk
 
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a use-after-free in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.2022-05-06not yet calculatedCVE-2022-30294
MISC
MISC
uclibc-ng -- uclibc-ng
 
uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2.2022-05-06not yet calculatedCVE-2022-30295
MISC
shapeshift -- keepkey_firmware
 
In the KeepKey firmware before 7.3.2, the bootloader can be exploited in unusual situations in which the attacker has physical access, convinces the victim to install malicious firmware, or has unspecified other capabilities. lib/board/supervise.c mishandles svhandler_flash_* address range checks. If exploited, any installed malware could persist even after wiping the device and resetting the firmware.2022-05-07not yet calculatedCVE-2022-30330
MISC
MISC
brave -- brave_browser
 
Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser."2022-05-07not yet calculatedCVE-2022-30334
MISC
MISC
MISC
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.