Vulnerability Summary for the Week of April 11, 2022

Released
Apr 18, 2022
Document ID
SB22-108

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
dell -- emc_unity_operating_environmentDell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system.2022-04-0810CVE-2021-36287
MISC
foscam -- fi9805e_firmwareFOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that opens Telnet port when special command is sent on port 9530.2022-04-0810CVE-2021-43517
MISC
dell -- emc_powerscale_onefsDell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access2022-04-0810CVE-2022-26854
MISC
kevinlab -- 4st_l-bemsAn Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor account with admin highest privileges and obtain system control.2022-04-119CVE-2021-37292
MISC
MISC
ritecms -- ritecmsRiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default.2022-04-089CVE-2021-46367
MISC
MISC
MISC
MISC
trendmicro -- antivirus_for_macA link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an attacker must at least have low-level privileges on the system to attempt to exploit this vulnerability.2022-04-098.5CVE-2022-27883
N/A
N/A
zyxel -- vmg3312-t20a_firmwareA command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.2022-04-117.7CVE-2022-26413
CONFIRM
kevinlab -- 4st_l-bemsAn SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php.2022-04-117.5CVE-2021-37291
MISC
MISC
laravel -- laravelA Remote Code Execution (RCE) vulnerability exists in h laravel 5.8.38 via an unserialize pop chain in (1) __destruct in \Routing\PendingResourceRegistration.php, (2) __cal in Queue\Capsule\Manager.php, and (3) __invoke in mockery\library\Mockery\ClosureWrapper.php.2022-04-087.5CVE-2021-43503
MISC
stopbadbots -- block_and_stop_bad_botsThe Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection2022-04-117.5CVE-2022-0949
MISC
mruby -- mrubyOut-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.2022-04-107.5CVE-2022-1276
MISC
CONFIRM
school_club_application_system_project -- school_club_application_systemA vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=save_user. The manipulation with a POST request leads to privilege escalation. The attack can be initiated remotely and does not require authentication. The exploit has been disclosed to the public and may be used.2022-04-097.5CVE-2022-1287
N/A
fullpage_project -- fullpagePrototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2.2022-04-117.5CVE-2022-1295
CONFIRM
MISC
dell -- emc_powerscale_onefsDell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise.2022-04-087.5CVE-2022-26852
MISC
moguit -- mogu_blog_cmsmogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation.2022-04-087.5CVE-2022-27047
MISC
std42 -- elfinderIn Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload.2022-04-117.5CVE-2022-27115
MISC
zbzcms -- zbzcmszbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php.2022-04-107.5CVE-2022-27126
MISC
zbzcms -- zbzcmsAn incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts.2022-04-107.5CVE-2022-27128
MISC
zbzcms -- zbzcmsAn arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.2022-04-107.5CVE-2022-27129
MISC
zbzcms -- zbzcmsAn arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.2022-04-107.5CVE-2022-27131
MISC
zoo_management_system_project -- zoo_management_systemZoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.2022-04-087.5CVE-2022-27351
MISC
MISC
MISC
ecommerce-website_project -- ecommerce-websiteEcommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.2022-04-087.5CVE-2022-27357
MISC
MISC
MISC
newbee-mall_project -- newbee-mallNewbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit.2022-04-107.5CVE-2022-27477
MISC
movie_seat_reservation_project -- movie_seat_reservationMovie Seat Reservation v1 was discovered to contain a SQL injection vulnerability at /index.php?page=reserve via the id parameter.2022-04-087.5CVE-2022-28001
MISC
MISC
zyxel -- zyxel_ap_configuratorA local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator.2022-04-117.2CVE-2022-0556
CONFIRM
google -- androidIn mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05836418; Issue ID: ALPS05836418.2022-04-117.2CVE-2022-20062
MISC
google -- androidIn ccci, there is a possible leak of kernel pointer due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108617; Issue ID: ALPS06108617.2022-04-117.2CVE-2022-20064
MISC
fujitsu -- plugfree_networkIn Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level.2022-04-117.2CVE-2022-27089
MISC
linux -- linux_kernelThe SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.2022-04-117.2CVE-2022-28893
MISC
MLIST
MLIST
MLIST

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
google -- androidIn mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS05836642; Issue ID: ALPS05836642.2022-04-116.9CVE-2022-20052
MISC
google -- androidIn atf (spm), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06171715; Issue ID: ALPS06171715.2022-04-116.9CVE-2022-20063
MISC
linux -- linux_kerneljbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.2022-04-086.9CVE-2022-28796
MISC
MISC
ibm -- sterling_b2b_integratorIBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186283.2022-04-086.8CVE-2020-4668
XF
CONFIRM
webmin -- webminA cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.2022-04-116.8CVE-2021-32156
MISC
webmin -- webminA Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.2022-04-116.8CVE-2021-32157
MISC
webmin -- webminA Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature.2022-04-116.8CVE-2021-32159
MISC
webmin -- webminA Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature.2022-04-116.8CVE-2021-32162
MISC
libsixel_project -- libsixellibsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867.2022-04-086.8CVE-2021-40656
MISC
libsixel_project -- libsixellibsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither.c:379.2022-04-086.8CVE-2021-41715
MISC
kimai -- kimaiCSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting to a CSV file.2022-04-086.8CVE-2021-43515
MISC
zzcms -- zzcmsAn issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php.2022-04-086.8CVE-2021-46436
MISC
qdpm -- qdpmqdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI.2022-04-086.8CVE-2022-26180
MISC
MISC
libsixel_project -- libsixellibsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c:876.2022-04-086.8CVE-2022-27044
MISC
libsixel_project -- libsixellibsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388.2022-04-086.8CVE-2022-27046
MISC
bolt -- bolt_cmsBolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution.2022-04-116.5CVE-2021-40219
MISC
MISC
MISC
MISC
elbtide -- advanced_booking_calendarThe Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks2022-04-116.5CVE-2022-1006
MISC
CONFIRM
ocdi -- one_click_demo_importThe One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed2022-04-116.5CVE-2022-1008
MISC
CONFIRM
secondlinethemes -- podcast_importer_secondlineThe Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file2022-04-116.5CVE-2022-1023
CONFIRM
MISC
ibm -- planning_analyticsIBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 219736.2022-04-086.5CVE-2022-22339
XF
CONFIRM
dell -- emc_powerscale_onefsDell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure.2022-04-086.5CVE-2022-24428
MISC
aerocms_project -- aerocmsAeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.2022-04-086.5CVE-2022-27061
MISC
MISC
MISC
musical_world_project -- musical_worldMusical World v1 was discovered to contain an arbitrary file upload vulnerability via uploaded_songs.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.2022-04-086.5CVE-2022-27064
MISC
MISC
MISC
ecommerce-website_project -- ecommerce-websiteEcommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.2022-04-086.5CVE-2022-27346
MISC
MISC
MISC
socialcodia -- social_codia_smsSocial Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.2022-04-086.5CVE-2022-27349
MISC
MISC
MISC
simple_house_rental_system_project -- simple_house_rental_systemSimple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.2022-04-086.5CVE-2022-27352
MISC
MISC
MISC
zoo_management_system_project -- zoo_management_systemZoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /public_html/animals via the class_id parameter.2022-04-086.5CVE-2022-27992
MISC
MISC
car_rental_system_project -- car_rental_systemCar Rental System v1.0 was discovered to contain a SQL injection vulnerability at /Car_Rental/booking.php via the id parameter.2022-04-086.5CVE-2022-28000
MISC
MISC
dell -- emc_unity_operating_environmentDell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which may lead unauthenticated users to read/write restricted files2022-04-086.4CVE-2021-36288
MISC
huawei -- emuiThe multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability.2022-04-116.4CVE-2021-46742
MISC
MISC
radare -- radare2Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.2022-04-116.4CVE-2022-1296
CONFIRM
MISC
radare -- radare2Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.2022-04-116.4CVE-2022-1297
MISC
CONFIRM
dell -- emc_powerscale_onefsDell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss.2022-04-086.4CVE-2022-26851
MISC
zbzcms -- zbzcmszbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php.2022-04-106.4CVE-2022-27127
MISC
zbzcms -- zbzcmszbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php.2022-04-106.4CVE-2022-27133
MISC
lua -- luasinglevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.2022-04-086.4CVE-2022-28805
MISC
MISC
MISC
MISC
xwiki -- xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But a bug allow anyone with edit rights to actually create those. This issue has been patched in XWiki 13.10-rc-1, 12.10.11 and 13.4.6. There's no easy workaround for this issue, administrators should upgrade their wiki.2022-04-085.5CVE-2022-24821
MISC
CONFIRM
febs-security_project -- febs-securityInsecure permissions configured in the userid parameter at /user/getuserprofile of FEBS-Security v1.0 allows attackers to access and arbitrarily modify users' personal information.2022-04-105.5CVE-2022-27958
MISC
ofcms_project -- ofcmsInsecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information.2022-04-105.5CVE-2022-27960
MISC
claro -- kaon_cg3000_firmwareAn Access Control vulnerability exists in CLARO KAON CG3000 1.00.67 in the router configuration, which could allow a malicious user to read or update the configuraiton without authentication.2022-04-085.2CVE-2021-43483
MISC
ibm -- system_storage_ds8000_management_console_firmwareIBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Force ID: 210330.2022-04-115CVE-2021-38929
CONFIRM
XF
ibm -- system_storage_ds8000_management_console_firmwareIBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Force ID: 210331.2022-04-115CVE-2021-38930
CONFIRM
XF
huawei -- emuiThe communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.2022-04-115CVE-2021-40065
MISC
MISC
atutor -- atutorAn Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h, form_password_hidden, and form_change HTTP POST parameters are set.2022-04-085CVE-2021-43498
MISC
MISC
zlog_project -- zlogA Buffer Overflow vulnerability exists in zlog 1.2.15 via zlog_conf_build_with_file in src/zlog/src/conf.c.2022-04-085CVE-2021-43521
MISC
MISC
huawei -- emuiThe device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality.2022-04-115CVE-2021-46740
MISC
MISC
wpdownloadmanager -- wordpress_download_managerThe Download Manager WordPress plugin before 3.2.39 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download.2022-04-115CVE-2022-0828
MISC
salonbookingsystem -- salon_booking_systemThe Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it.2022-04-115CVE-2022-0919
MISC
salonbookingsystem -- salon_booking_systemThe Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data2022-04-115CVE-2022-0920
MISC
nsthemes -- ns_watermark_for_woocommerceAn unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain.2022-04-115CVE-2022-0989
MISC
pimcore -- pimcoreSQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data2022-04-085CVE-2022-1219
MISC
CONFIRM
gnuboard -- gnuboard5Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off.2022-04-115CVE-2022-1252
CONFIRM
MISC
xwiki -- xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem.2022-04-085CVE-2022-24819
CONFIRM
MISC
os4ed -- opensisDue to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases.2022-04-115CVE-2022-27041
MISC
movie_seat_reservation_project -- movie_seat_reservationMovie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home.2022-04-085CVE-2022-28002
MISC
MISC
reprisesoftware -- reprise_license_managerReprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture, and file/directory details.2022-04-095CVE-2022-28365
MISC
MISC
MISC
zyxel -- vmg3312-t20a_firmwareA potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service.2022-04-114.9CVE-2022-26414
CONFIRM
dell -- emc_unity_operating_environmentDell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges.2022-04-084.6CVE-2021-36290
MISC
dell -- emc_unity_operating_environmentDell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain elevated privileges.2022-04-084.6CVE-2021-36293
MISC
ivanti -- dsm_remoteIvanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges.2022-04-114.6CVE-2022-27088
MISC
pickplugins -- post_gridThe Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Grid with a search form2022-04-114.3CVE-2021-24986
MISC
heateor -- super_socializerThe Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.30 does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue.2022-04-114.3CVE-2021-24987
MISC
webmin -- webminA Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature.2022-04-114.3CVE-2021-32158
MISC
webmin -- webminA Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature.2022-04-114.3CVE-2021-32160
MISC
webmin -- webminA Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature.2022-04-114.3CVE-2021-32161
MISC
baijiacms_project -- baijiacmsAn issue was discovered in baijiacms v4. There is a CSRF vulnerability that can modify the store information and login password.2022-04-114.3CVE-2021-34250
MISC
opservices -- opmonA Cross Site Scripting (XSS) vulnerability exists in OpServices OpMon through 9.11 via the search parameter in the request URL.2022-04-084.3CVE-2021-43009
MISC
MISC
thimpress -- learnpressThe LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting2022-04-114.3CVE-2022-0271
MISC
presscustomizr -- nimble_page_builderThe Nimble Page Builder WordPress plugin before 3.2.2 does not sanitise and escape the preview-level-guid parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting2022-04-114.3CVE-2022-0314
MISC
realfavicongenerator -- favicon_by_realfavicongeneratorThe Favicon by RealFaviconGenerator WordPress plugin before 1.3.23 does not properly sanitise and escape the json_result_url parameter before outputting it back in the Favicon admin dashboard, leading to a Reflected Cross-Site Scripting issue2022-04-114.3CVE-2022-0471
MISC
CONFIRM
wpvivid -- migration\,_backup\,_stagingThe Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the sub_page parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting2022-04-114.3CVE-2022-0531
MISC
atlasgondal -- export_all_urlsThe Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting2022-04-114.3CVE-2022-0892
MISC
atlasgondal -- export_all_urlsThe Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages (including private and draft) into an arbitrary CSV file, which the attacker can then download and retrieve the list of titles for example2022-04-114.3CVE-2022-0914
MISC
elbtide -- advanced_booking_calendarThe Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue2022-04-114.3CVE-2022-1007
MISC
CONFIRM
radare -- radare2NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash).2022-04-084.3CVE-2022-1283
CONFIRM
MISC
radare -- radare2heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.2022-04-084.3CVE-2022-1284
CONFIRM
MISC
school_club_application_system_project -- school_club_application_systemA vulnerability, which was classified as problematic, has been found in School Club Application System 1.0. This issue affects access to /scas/admin/. The manipulation of the parameter page with the input %22%3E%3Cimg%20src=x%20onerror=alert(1)%3E leads to a reflected cross site scripting. The attack may be initiated remotely and does not require any form of authentication. The exploit has been disclosed to the public and may be used.2022-04-094.3CVE-2022-1288
N/A
onlyoffice -- document_serverA cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor.2022-04-084.3CVE-2022-24229
MISC
MISC
MISC
icehrm -- icehrmA Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI.2022-04-084.3CVE-2022-26588
MISC
MISC
getbootstrap -- bootstrapBootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title parameter in /vendor/views/add_product.php.2022-04-084.3CVE-2022-26624
MISC
MISC
asana -- desktopAsana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page.2022-04-094.3CVE-2022-26877
MISC
CONFIRM
aerocms_project -- aerocmsAeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.2022-04-084.3CVE-2022-27063
MISC
MISC
MISC
zbzcms -- zbzcmszbzcms v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the neirong parameter at /php/ajax.php.2022-04-104.3CVE-2022-27125
MISC
gpac -- gpacGPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box.2022-04-084.3CVE-2022-27145
MISC
gpac -- gpacGPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag.2022-04-084.3CVE-2022-27146
MISC
gpac -- gpacGPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag.2022-04-084.3CVE-2022-27147
MISC
gpac -- gpacGPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow.2022-04-084.3CVE-2022-27148
MISC
reprisesoftware -- reprise_license_managerReprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process username parameter via GET. No authentication is required.2022-04-094.3CVE-2022-28363
MISC
MISC
MISC
kevinlab -- 4st_l-bemsA Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php.2022-04-114CVE-2021-37293
MISC
MISC
webence -- iq_block_countryThe settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files in the uploaded zip file are extracted one by one. During the extraction process, existence of a file is checked. If the file exists, it is deleted without any security control by only considering the name of the extracted file. This behavior leads to "Zip Slip" vulnerability.2022-04-114CVE-2022-0246
MISC
online_banking_system_project -- online_banking_systemOnline Banking System in PHP v1 was discovered to contain multiple SQL injection vulnerabilities at /staff_login.php via the Staff ID and Staff Password parameters.2022-04-084CVE-2022-27991
MISC
jetbrains -- ktorIn JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations2022-04-114CVE-2022-29035
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
wpsofts -- portfolio_gallery\,_product_catalog_-_grid_kit_portfolioThe Portfolio Gallery, Product Catalog WordPress plugin before 2.1.0 does not have authorisation and CSRF checks in various functions related to AJAX actions, allowing any authenticated users, such as subscriber, to call them. Due to the lack of sanitisation and escaping, it could also allows attackers to perform Cross-Site Scripting attacks on pages where a Portfolio is embed2022-04-113.5CVE-2021-25090
MISC
premio -- chatyAuthenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Premio Chaty (WordPress plugin) <= 2.8.32022-04-113.5CVE-2021-36846
CONFIRM
CONFIRM
sharethis -- social_media_featherAuthenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions <= 2.0.42022-04-113.5CVE-2021-36848
CONFIRM
CONFIRM
wpdarko -- responsive_tabsAuthenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Responsive Tabs (WordPress plugin) <= 4.0.52022-04-113.5CVE-2021-36893
CONFIRM
CONFIRM
w3eden -- pricing_tableAuthenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Pricing Table (WordPress plugin) versions <= 1.5.22022-04-113.5CVE-2021-36896
CONFIRM
CONFIRM
wp-appbox_project -- wp-appboxAuthenticated (admin user role) Stored Cross-Site Scripting (XSS) in WP-Appbox (WordPress plugin) <= 4.3.20.2022-04-113.5CVE-2021-36910
CONFIRM
CONFIRM
ibm -- curam_social_program_managementIBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215306.2022-04-113.5CVE-2021-39068
XF
CONFIRM
zzcms -- zzcmsAn issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php.2022-04-083.5CVE-2021-46437
MISC
pickplugins -- post_gridThe Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the post_types parameter before outputting it back in the response of the post_grid_update_taxonomies_terms_by_posttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting2022-04-113.5CVE-2022-0447
MISC
pootlepress -- easy_smooth_scroll_linksThe Easy Smooth Scroll Links WordPress plugin before 2.23.1 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed2022-04-113.5CVE-2022-0728
MISC
cybernetikz -- easy_social_iconsThe Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the image_file field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfiltered_html capability is disallowed.2022-04-113.5CVE-2022-0840
MISC
autolabproject -- autolabCross-site Scripting (XSS) - Stored in GitHub repository autolab/autolab prior to 2.8.0.2022-04-113.5CVE-2022-0936
MISC
CONFIRM
vertistudio -- image_optimization_\&_lazy_load_by_optimoleThe Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its "Lazyload background images for selectors" settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed.2022-04-113.5CVE-2022-0969
CONFIRM
MISC
trudesk_project -- trudeskStored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0.2022-04-113.5CVE-2022-1045
CONFIRM
MISC
tableexport.jquery.plugin_project -- tableexport.jquery.pluginXSS vulnerability with default `onCellHtmlData` function in GitHub repository hhurz/tableexport.jquery.plugin prior to 1.25.0. Transmitting cookies to third-party servers. Sending data from secure sessions to third-party servers2022-04-103.5CVE-2022-1291
CONFIRM
MISC
ivanti -- incapptic_connectAn authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions.2022-04-113.5CVE-2022-22571
MISC
MISC
aerocms_project -- aerocmsAeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field.2022-04-083.5CVE-2022-27062
MISC
MISC
MISC
jflyfox -- jfinal_cmsJfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it.2022-04-113.5CVE-2022-27111
MISC
thedaylightstudio -- fuel_cmsDaylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection.2022-04-113.5CVE-2022-27156
MISC
socialcodia -- social_codia_smsSocial Codia SMS v1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field.2022-04-083.5CVE-2022-27348
MISC
MISC
MISC
ofcms_project -- ofcmsA cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box.2022-04-103.5CVE-2022-27961
MISC
reprisesoftware -- reprise_license_managerReprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/rlmswitchr_process file parameter via GET. Authentication is required.2022-04-093.5CVE-2022-28364
MISC
MISC
MISC
roku -- roku_osRoku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification.2022-04-082.7CVE-2022-27152
MISC
dell -- emc_powerscale_onefsDell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes.2022-04-082.1CVE-2022-22563
MISC
MISC
dell -- emc_powerscale_onefsDell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of service.2022-04-082.1CVE-2022-26855
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
python -- python
 
In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments).2022-04-13not yet calculatedCVE-2015-20107
MISC
MISC
scheider_electric -- sut_service
 
A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to be authenticated for this vulnerability to be successfully exploited. Affected Product: Schneider Electric Software Update (SESU) SUT Service component (V2.1.1 to V2.3.0)2022-04-13not yet calculatedCVE-2019-6834
MISC
bbraun -- melsungen_ag_spacecom
 
A vulnerability in the configuration import mechanism of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with command line access to the underlying Linux system to escalate privileges to the root user.2022-04-14not yet calculatedCVE-2020-16238
CONFIRM
CONFIRM
bbraun -- melsungen_ag_spacecom
 
A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute arbitrary commands.2022-04-14not yet calculatedCVE-2020-25150
CONFIRM
CONFIRM
bbraun -- melsungen_ag_spacecom
 
A session fixation vulnerability in the B. Braun Melsungen AG SpaceCom administrative interface Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to hijack web sessions and escalate privileges.2022-04-14not yet calculatedCVE-2020-25152
CONFIRM
CONFIRM
bbraun -- melsungen_ag_spacecom
 
An open redirect vulnerability in the administrative interface of the B. Braun Melsungen AG SpaceCom device Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to redirect users to malicious websites.2022-04-14not yet calculatedCVE-2020-25154
CONFIRM
CONFIRM
bbraun -- melsungen_ag_spacecom
 
Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier enables attackers in possession of cryptographic material to access the device as root.2022-04-14not yet calculatedCVE-2020-25156
CONFIRM
CONFIRM
bbraun -- melsungen_ag_spacecom
 
A reflected cross-site scripting (XSS) vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to inject arbitrary web script or HTML into various locations.2022-04-14not yet calculatedCVE-2020-25158
CONFIRM
CONFIRM
bbraun -- melsungen_ag_spacecom
 
Improper access controls in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enables attackers to extract and tamper with the devices network configuration.2022-04-14not yet calculatedCVE-2020-25160
CONFIRM
CONFIRM
bbraun -- melsungen_ag_spacecom
 
A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges.2022-04-14not yet calculatedCVE-2020-25162
CONFIRM
CONFIRM
bbraun -- melsungen_ag_spacecom
 
A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrative interface.2022-04-14not yet calculatedCVE-2020-25164
CONFIRM
CONFIRM
bbraun -- melsungen_ag_spacecom
 
An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper with devices.2022-04-14not yet calculatedCVE-2020-25166
CONFIRM
CONFIRM
bbraun -- melsungen_ag_spacecom
 
Hard-coded credentials in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enable attackers with command line access to access the device’s Wi-Fi module.2022-04-14not yet calculatedCVE-2020-25168
CONFIRM
CONFIRM
fossies -- froxlor
 
Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags.2022-04-13not yet calculatedCVE-2020-29653
MISC
MISC
MISC
android -- android
 
In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1831471142022-04-12not yet calculatedCVE-2021-0694
MISC
android -- android
 
In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-155756045References: Upstream kernel2022-04-12not yet calculatedCVE-2021-0707
MISC
accusoft -- imagegear
 
A heap-based buffer overflow vulnerability exists in the DecoderStream::Append functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.2022-04-14not yet calculatedCVE-2021-21914
MISC
accusoft -- imagegear
 
A heap-based buffer overflow vulnerability exists in the Palette box parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.2022-04-14not yet calculatedCVE-2021-21938
MISC
accusoft -- imagegear
 
A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.2022-04-14not yet calculatedCVE-2021-21939
MISC
accusoft -- imagegear
 
An out-of-bounds write vulnerability exists in the TIFF YCbCr image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.2022-04-14not yet calculatedCVE-2021-21942
MISC
accusoft -- imagegear
 
A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.2022-04-14not yet calculatedCVE-2021-21943
MISC
accusoft -- imagegear
 
Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities. Placeholder2022-04-14not yet calculatedCVE-2021-21944
MISC
accusoft -- imagegear
 
Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities. Placeholder2022-04-14not yet calculatedCVE-2021-21945
MISC
accusoft -- imagegear
 
Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities. Placeholder2022-04-14not yet calculatedCVE-2021-21946
MISC
accusoft -- imagegear
 
Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities. Placeholder2022-04-14not yet calculatedCVE-2021-21947
MISC
anycubic -- chitubox_anycubic_plugin
 
A heap-based buffer overflow vulnerability exists in the readDatHeadVec functionality of AnyCubic Chitubox AnyCubic Plugin 1.0.0. A specially-crafted GF file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.2022-04-14not yet calculatedCVE-2021-21948
MISC
accusoft -- imagegear
 
An improper array index validation vulnerability exists in the JPEG-JFIF Scan header parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to an out-of-bounds write and potential code exectuion. An attacker can provide a malicious file to trigger this vulnerability.2022-04-14not yet calculatedCVE-2021-21949
MISC
cloudlinux_inc -- imunify360
 
A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.2022-04-14not yet calculatedCVE-2021-21956
MISC
sealevel_systems -- seaconnect_370w
 
An out-of-bounds write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.2022-04-14not yet calculatedCVE-2021-21967
MISC
vmware -- photon
 
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries.2022-04-11not yet calculatedCVE-2021-22055
MISC
schneider_electric -- struxureware_data_center_expert
 
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)2022-04-13not yet calculatedCVE-2021-22794
MISC
schneider_electric -- struxureware_data_center_expert
 
A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)2022-04-13not yet calculatedCVE-2021-22795
MISC
schneider_electric -- ecostruxure_control_expert
 
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions)2022-04-13not yet calculatedCVE-2021-22797
MISC
arista -- eos
 
On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol.2022-04-14not yet calculatedCVE-2021-28505
MISC
apache -- subversion_svn
 
Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.2022-04-12not yet calculatedCVE-2021-28544
MISC
DEBIAN
apache -- struts
 
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.2022-04-12not yet calculatedCVE-2021-31805
MISC
MLIST
mongodb -- mongodb
 
It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS attack. This vulnerability affects MongoDB versions prior to 5.0.4, 4.4.11, 4.2.16.2022-04-12not yet calculatedCVE-2021-32040
MISC
MISC
MISC
johnson_controls -- metasys
 
Under certain circumstances the session token is not cleared on logout.2022-04-15not yet calculatedCVE-2021-36205
CERT
CONFIRM
wordpress -- wp_maintenance_(wordpress_plugin)
 
Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Maintenance (WordPress plugin) <= 6.0.4 affects multiple inputs.2022-04-15not yet calculatedCVE-2021-36828
CONFIRM
CONFIRM
caldera -- calderalwp_license_manager_(wordpress_plugin)
 
Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) in CalderaWP License Manager (WordPress plugin) <= 1.2.11.2022-04-12not yet calculatedCVE-2021-36914
CONFIRM
CONFIRM
microfocus -- operations_bridge
 
Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. The vulnerability could be exploited to unauthenticated remote code execution.2022-04-11not yet calculatedCVE-2021-38125
MISC
android -- android
 
In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-2058363292022-04-12not yet calculatedCVE-2021-39794
MISC
android -- android
 
In multiple locations of MediaProvider.java , there is a possible way to get read/write access to other app's dedicated, app-specific directory within external storage due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-2016676142022-04-12not yet calculatedCVE-2021-39795
MISC
android -- android
 
In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-2055952912022-04-12not yet calculatedCVE-2021-39796
MISC
android -- android
 
In several functions of of LauncherApps.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-2096071042022-04-12not yet calculatedCVE-2021-39797
MISC
android -- android
 
In Bitmap_createFromParcel of Bitmap.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-2131696122022-04-12not yet calculatedCVE-2021-39798
MISC
android -- android
 
In AttributionSource of AttributionSource.java, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-2002885962022-04-12not yet calculatedCVE-2021-39799
MISC
android -- android
 
In ion_ioctl of ion-ioctl.c, there is a possible way to leak kernel head data due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208277166References: Upstream kernel2022-04-12not yet calculatedCVE-2021-39800
MISC
android -- android
 
In ion_ioctl of ion-ioctl.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-209791720References: Upstream kernel2022-04-12not yet calculatedCVE-2021-39801
MISC
android -- android
 
In change_pte_range of mprotect.c , there is a possible way to make a shared mmap writable due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213339151References: Upstream kernel2022-04-12not yet calculatedCVE-2021-39802
MISC
android -- android
 
In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-1937903502022-04-12not yet calculatedCVE-2021-39803
MISC
android -- android
 
In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a missing null check. This could lead to remote persistent denial of service in the file picker with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-2150025872022-04-12not yet calculatedCVE-2021-39804
MISC
android -- android
 
In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-2126945592022-04-12not yet calculatedCVE-2021-39805
MISC
android -- android
 
In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Guest account due to a missing permission check. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-2094464962022-04-12not yet calculatedCVE-2021-39807
MISC
android -- android
 
In createNotificationChannelGroup of PreferencesHelper.java, there is a possible way for a service to run in foreground without user notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-2099660862022-04-12not yet calculatedCVE-2021-39808
MISC
android -- android
 
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-2058371912022-04-12not yet calculatedCVE-2021-39809
MISC
android -- android
 
In TBD of TBD, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205522359References: N/A2022-04-12not yet calculatedCVE-2021-39812
MISC
android -- android
 
In ppmp_validate_wsm of drm_fw.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216792660References: N/A2022-04-12not yet calculatedCVE-2021-39814
MISC
simatic -- s7-400_h
 
A vulnerability has been identified in SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.10), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions < V10.1), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a Denial-of-Service condition. A restart is needed to restore normal operations.2022-04-12not yet calculatedCVE-2021-40368
CONFIRM
kaseya_unitrends -- client/agent
 
Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers to execute arbitrary code.2022-04-15not yet calculatedCVE-2021-40386
MISC
moxa -- mxview_seriesAn authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP request to trigger this vulnerability.2022-04-14not yet calculatedCVE-2021-40390
MISC
moxa -- mxview_series
 
An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to exploit this vulnerability.2022-04-14not yet calculatedCVE-2021-40392
MISC
accusoft -- imagegear
 
An out-of-bounds write vulnerability exists in the parse_raster_data functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.2022-04-14not yet calculatedCVE-2021-40398
MISC
gerbv -- gerbv
 
An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.2022-04-14not yet calculatedCVE-2021-40400
MISC
gerbv -- gerbv
 
An out-of-bounds read vulnerability exists in the RS-274X aperture macro multiple outline primitives functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.7.1 and 2.8.0. A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.2022-04-14not yet calculatedCVE-2021-40402
MISC
reolink -- rlc-410w
 
A denial of service vulnerability exists in the cgiserver.cgi Upgrade API functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.2022-04-14not yet calculatedCVE-2021-40405
MISC
swiftsensors -- gateway_sg3-1010
 
An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.2022-04-14not yet calculatedCVE-2021-40422
MISC
webroot --secure_anywhere
 
An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. The GetProcessCommandLine IOCTL request could cause an out-of-bounds read in the device driver WRCore_x64. An attacker can issue an ioctl to trigger this vulnerability.2022-04-14not yet calculatedCVE-2021-40424
MISC
webroot_secure_anywhere
 
An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. An IOCTL_B03 request with specific invalid data causes a similar issue in the device driver WRCore_x64. An attacker can issue an ioctl to trigger this vulnerability.2022-04-14not yet calculatedCVE-2021-40425
MISC
soundexchange -- libsox
 
A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.2022-04-14not yet calculatedCVE-2021-40426
MISC
redhat-- openshift
 
The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9.2022-04-11not yet calculatedCVE-2021-4047
MISC
arubanetworks -- instant_on_1930_switch_series
 
A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0.2022-04-12not yet calculatedCVE-2021-41004
MISC
arubanetworks -- instant_on_1930_switch_series
 
A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0.2022-04-12not yet calculatedCVE-2021-41005
MISC
wire -- wire_server
 
Wire-server is the system server for the wire back-end services. Releases prior to v2022-03-01 are subject to a denial of service attack via a crafted object causing a hash collision. This collision causes the server to spend at least quadratic time parsing it which can lead to a denial of service for a heavily used server. The issue has been fixed in wire-server 2022-03-01 and is already deployed on all Wire managed services. On premise instances of wire-server need to be updated to 2022-03-01, so that their backends are no longer affected. There are no known workarounds for this issue.2022-04-13not yet calculatedCVE-2021-41119
MISC
CONFIRM
siemens -- simatic_step_7
 
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server.2022-04-12not yet calculatedCVE-2021-42029
CONFIRM
redcap -- redcap
 
A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request Forgery attack to escalate privileges to administrator.2022-04-13not yet calculatedCVE-2021-42136
MISC
MISC
MISC
seowon -- seowon_130_slc_routerSeowon 130-SLC router all versions as of 2021-09-15 is vulnerable to Remote Code Execution via the queriesCnt parameter.2022-04-15not yet calculatedCVE-2021-42230
MISC
appguard -- appguard_enterprise
 
AppGuard Enterprise before 6.7.100.1 creates a Temporary File in a Directory with Insecure Permissions. Local users can gain SYSTEM privileges because a repair operation relies on the %TEMP% directory of an unprivileged user.2022-04-12not yet calculatedCVE-2021-42255
MISC
MISC
cms_made_simple -- cms_made_simple
 
Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php.2022-04-13not yet calculatedCVE-2021-43154
MISC
github -- one_time_password
 
As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password (OTP) for one (and only one) immediately trailing interval. CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)2022-04-11not yet calculatedCVE-2021-43177
MISC
mantisbt -- mantisbt
 
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel.2022-04-14not yet calculatedCVE-2021-43257
MISC
MISC
gocd -- thoughtworks_gocd
 
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code.2022-04-14not yet calculatedCVE-2021-43286
MISC
MISC
MISC
MISC
gocd -- thoughtworks_gocd
 
An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers.2022-04-14not yet calculatedCVE-2021-43287
MISC
MISC
MISC
gocd -- thoughtworks_gocd
 
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report.2022-04-14not yet calculatedCVE-2021-43288
MISC
MISC
MISC
gocd -- thoughtworks_gocd
 
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename.2022-04-14not yet calculatedCVE-2021-43289
MISC
MISC
MISC
MISC
gocd -- thoughtworks_gocd
 
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename but the directory is placed inside of a directory that they can't control.2022-04-14not yet calculatedCVE-2021-43290
MISC
MISC
MISC
MISC
annexxus -- i3_international_inc_annexxus_camera
 
A Logic Flaw vulnerability exists in i3 International Inc Annexxus Camera V5.2.0 build 150317 (Ax46), V5.0.9 build 151106 (Ax68), and V5.0.9 build 150615 (Ax78) due to a failure to allow the creation of more than one administrator account; however, this can be bypassed by parameter maniulation using PUT and DELETE and by calling the 'UserPermission' endpoint with the ID of created account and set it to 'admin' userType, successfully adding a second administrative account.2022-04-11not yet calculatedCVE-2021-43442
MISC
sourcecodetester -- sourcecodester_messaging_web_application
 
Sourcecodester Messaging Web Application 1.0 is vulnerable to stored XSS. If a sender inserts valid scripts into the chat, the script will be executed on the receiver chat.2022-04-14not yet calculatedCVE-2021-43633
MISC
MISC
cmsimple -- cms_made_simple_5.4CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution.2022-04-13not yet calculatedCVE-2021-43741
MISC
MISC
cmsimple -- cms_made_simple_5.4CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file upload feature.2022-04-13not yet calculatedCVE-2021-43742
MISC
MISC
reolink -- reolink_rlc_410WMultiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.2022-04-14not yet calculatedCVE-2021-44354
MISC
reolink -- reolink_rlc_410W
 
Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.2022-04-14not yet calculatedCVE-2021-44355
MISC
reolink -- reolink_rlc_410WMultiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.2022-04-14not yet calculatedCVE-2021-44356
MISC
reolink -- reolink_rlc_410WMultiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.2022-04-14not yet calculatedCVE-2021-44357
MISC
reolink -- reolink_rlc_410WMultiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.2022-04-14not yet calculatedCVE-2021-44366
MISC
reolink -- reolink_rlc_410WMultiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.2022-04-14not yet calculatedCVE-2021-44375
MISC
reolink -- reolink_rlc_410WMultiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.2022-04-14not yet calculatedCVE-2021-44394
MISC
yottadb -- yottadb
 
An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of parameter validation in calls to memcpy in check_and_set_timeout in sr_unix/ztimeoutroutines.c allows attackers to attempt to read from a NULL pointer.2022-04-15not yet calculatedCVE-2021-44481
MISC
yottadb -- yottadb
 
An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of input validation in calls to do_verify in sr_unix/do_verify.c allows attackers to attempt to jump to a NULL pointer by corrupting a function pointer.2022-04-15not yet calculatedCVE-2021-44482
MISC
yottadb -- yottadbAn issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of input validation in calls to eb_div in sr_port/eb_muldiv.c allows attackers to crash the application by performing a divide by zero.2022-04-15not yet calculatedCVE-2021-44483
MISC
yottadb -- yottadbAn issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in calls to emit_trip in sr_port/emit_code.c allows attackers to crash the application by dereferencing a NULL pointer.2022-04-15not yet calculatedCVE-2021-44484
MISC
yottadb -- yottadbAn issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in trip_gen in sr_port/emit_code.c allows attackers to crash the application by dereferencing a NULL pointer.2022-04-15not yet calculatedCVE-2021-44485
MISC
yottadb -- yottadbAn issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can manipulate the value of a function pointer used in op_write in sr_port/op_write.c in order to gain control of the flow of execution.2022-04-15not yet calculatedCVE-2021-44486
MISC
yottadb -- yottadbAn issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in calls to ious_open in sr_unix/ious_open.c allows attackers to crash the application by dereferencing a NULL pointer.2022-04-15not yet calculatedCVE-2021-44487
MISC
yottadb -- yottadbAn issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can control the size and input to calls to memcpy in op_fnfnumber in sr_port/op_fnfnumber.c in order to corrupt memory or crash the application.2022-04-15not yet calculatedCVE-2021-44488
MISC
yottadb -- yottadbAn issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application. This is a "- digs" subtraction.2022-04-15not yet calculatedCVE-2021-44489
MISC
yottadb -- yottadbAn issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a "- (digs < 1 ? 1 : digs)" subtraction.2022-04-15not yet calculatedCVE-2021-44490
MISC
yottadb -- yottadbAn issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a digs-- calculation.2022-04-15not yet calculatedCVE-2021-44491
MISC
yottadb -- yottadbAn issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, attackers can cause a type to be incorrectly initialized in the function f_incr in sr_port/f_incr.c and cause a crash due to a NULL pointer dereference.2022-04-15not yet calculatedCVE-2021-44492
MISC
MISC
MISC
yottadb -- yottadbAn issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative number, which is then used as the length of a memcpy call that occurs on the stack, causing a buffer overflow.2022-04-15not yet calculatedCVE-2021-44493
MISC
MISC
MISC
yottadb -- yottadbAn issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause calls to ZRead to crash due to a NULL pointer dereference.2022-04-15not yet calculatedCVE-2021-44494
MISC
MISC
MISC
yottadb -- yottadbAn issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint.2022-04-15not yet calculatedCVE-2021-44495
MISC
MISC
MISC
yottadb -- fis_gtmAn issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can control the size variable and buffer that is passed to a call to memcpy. An attacker can use this to overwrite key data structures and gain control of the flow of execution.2022-04-15not yet calculatedCVE-2021-44496
MISC
MISC
MISC
yottadb -- fis_gtmAn issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, can cause the bounds of a for loop to be miscalculated, which leads to a use after free condition a pointer is pushed into previously free memory by the loop.2022-04-15not yet calculatedCVE-2021-44497
MISC
MISC
MISC
yottadb -- fis_gtmAn issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause a type to be incorrectly initialized in the function f_incr in sr_port/f_incr.c and cause a crash due to a NULL pointer dereference.2022-04-15not yet calculatedCVE-2021-44498
MISC
MISC
MISC
yottadb -- fis_gtmAn issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative number, which is then used as the length of a memcpy call that occurs on the stack, causing a buffer overflow.2022-04-15not yet calculatedCVE-2021-44499
MISC
MISC
MISC
yottadb -- fis_gtmAn issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of input validation in calls to eb_div in sr_port/eb_muldiv.c allows attackers to crash the application by performing a divide by zero.2022-04-15not yet calculatedCVE-2021-44500
MISC
MISC
MISC
yottadb -- fis_gtmAn issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause calls to ZRead to crash due to a NULL pointer dereference.2022-04-15not yet calculatedCVE-2021-44501
MISC
MISC
MISC
yottadb -- fis_gtmAn issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can control the size of a memset that occurs in calls to util_format in sr_unix/util_output.c.2022-04-15not yet calculatedCVE-2021-44502
MISC
MISC
MISC
yottadb -- fis_gtmAn issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a call to va_arg on an empty variadic parameter list, most likely causing a memory segmentation fault.2022-04-15not yet calculatedCVE-2021-44503
MISC
MISC
MISC
yottadb -- fis_gtmAn issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a size variable, stored as an signed int, to equal an extremely large value, which is interpreted as a negative value during a check. This value is then used in a memcpy call on the stack, causing a memory segmentation fault.2022-04-15not yet calculatedCVE-2021-44504
MISC
MISC
MISC
yottadb -- fis_gtmAn issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint.2022-04-15not yet calculatedCVE-2021-44505
MISC
MISC
MISC
yottadb -- fis_gtmAn issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of input validation in calls to do_verify in sr_unix/do_verify.c allows attackers to attempt to jump to a NULL pointer by corrupting a function pointer.2022-04-15not yet calculatedCVE-2021-44506
MISC
MISC
MISC
yottadb -- fis_gtmAn issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of parameter validation in calls to memcpy in str_tok in sr_unix/ztimeoutroutines.c allows attackers to attempt to read from a NULL pointer.2022-04-15not yet calculatedCVE-2021-44507
MISC
MISC
MISC
yottadb -- fis_gtmAn issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of NULL checks in calls to ious_open in sr_unix/ious_open.c allows attackers to crash the application by dereferencing a NULL pointer.2022-04-15not yet calculatedCVE-2021-44508
MISC
MISC
MISC
yottadb -- fis_gtmAn issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application.2022-04-15not yet calculatedCVE-2021-44509
MISC
MISC
MISC
yottadb -- fis_gtmAn issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application.2022-04-15not yet calculatedCVE-2021-44510
MISC
MISC
MISC
citrix -- citrix_xenmobileserver
 
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges.2022-04-13not yet calculatedCVE-2021-44520
MISC
MISC
MISC
coins -- coins_contruction_cloudAn issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting (XSS) attack.2022-04-14not yet calculatedCVE-2021-45227
MISC
MISC
coins -- coins_contruction_cloudAn XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript code in the task description. This is later executed when it is reflected back to the user.2022-04-14not yet calculatedCVE-2021-45228
MISC
MISC
wizplat -- wizplat_PD065
 
An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to access sensitive data and cause a Denial of Service (DoS).2022-04-13not yet calculatedCVE-2021-46167
MISC
MISC
MISC
MISC
palo_alto_networks -- pan_os
 
An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically crafted traffic to the firewall that causes the service to restart unexpectedly. Repeated attempts to send this request result in denial-of-service to all PAN-OS services by restarting the device in maintenance mode. This issue does not impact Panorama appliances and Prisma Access customers. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.22; PAN-OS 9.0 versions earlier than PAN-OS 9.0.16; PAN-OS 9.1 versions earlier than PAN-OS 9.1.13; PAN-OS 10.0 versions earlier than PAN-OS 10.0.10; PAN-OS 10.1 versions earlier than PAN-OS 10.1.5. This issue does not impact PAN-OS 10.2.2022-04-13not yet calculatedCVE-2022-0023
MISC
wordpress -- visual_form_ builder_wordpress
 
The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint.2022-04-12not yet calculatedCVE-2022-0140
MISC
wordpress -- visual_form_ builder_wordpressThe Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks2022-04-12not yet calculatedCVE-2022-0141
MISC
wordpress -- visual_form_ builder_wordpressThe Visual Form Builder WordPress plugin before 3.0.6 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.2022-04-12not yet calculatedCVE-2022-0142
MISC
schneider_electric -- scadapack_ workbench
 
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. This could be exploited to pass data from local files to a remote system controlled by an attacker. Affected Product: SCADAPack Workbench (6.6.8a and prior)2022-04-13not yet calculatedCVE-2022-0221
MISC
github -- gruntPath Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.2022-04-12not yet calculatedCVE-2022-0436
CONFIRM
MISC
netty -- netty_codec_http_maven_package
 
A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects origin-aggregated-logging versions 3.11.2022-04-11not yet calculatedCVE-2022-0552
MISC
MISC
MISC
aveva -- aveva_system_platformAVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user.2022-04-11not yet calculatedCVE-2022-0835
CONFIRM
CONFIRM
homeplug_green_phy -- combined_charging_system
 
Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. To exchange important messages such as the State of Charge (SoC) with the Electric Vehicle Supply Equipment (EVSE) CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY (HPGP) power-line communication (PLC) technology. The attack interrupts necessary control communication between the vehicle and charger, causing charging sessions to abort. The attack can be conducted wirelessly from a distance using electromagnetic interference, allowing individual vehicles or entire fleets to be disrupted simultaneously. In addition, the attack can be mounted with off-the-shelf radio hardware and minimal technical knowledge. With a power budget of 1 W, the attack is successful from around 47 m distance. The exploited behavior is a required part of the HomePlug Green PHY, DIN 70121 & ISO 15118 standards and all known implementations exhibit it. In addition to electric cars, Brokenwire affects electric ships, airplanes and heavy duty vehicles utilising these standards.2022-04-12not yet calculatedCVE-2022-0878
CONFIRM
windows -- logitech_sync
 
There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Logitech Sync for Windows prior to 2.4.574. Successful exploitation of these vulnerabilities may escalate the permission to the system user.2022-04-12not yet calculatedCVE-2022-0915
MISC
myscada -- myproAn authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior.2022-04-11not yet calculatedCVE-2022-0999
CONFIRM
lifepoint_informatics -- patient_portal
 
Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting.2022-04-11not yet calculatedCVE-2022-1067
MISC
gitlab -- ce/ee
 
Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged2022-04-11not yet calculatedCVE-2022-1157
MISC
CONFIRM
rockwell_automation -- logix_controllers
 
An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.2022-04-11not yet calculatedCVE-2022-1161
MISC
gitlab -- ce/ee
 
Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 10.8 prior to 14.8.5, and 10.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances2022-04-11not yet calculatedCVE-2022-1193
CONFIRM
MISC
MISC
gitbug -- plantuml
 
XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin, etc. see https://plantuml.com/de/running).2022-04-15not yet calculatedCVE-2022-1231
MISC
CONFIRM
mcafee_agent -- windowsA local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user's %TEMP% directory with System privileges through manipulation of symbolic links.2022-04-14not yet calculatedCVE-2022-1256
CONFIRM
mcafee_agent -- linux_macos_windowsInsecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files.2022-04-14not yet calculatedCVE-2022-1257
CONFIRM
mcafee_agent -- epolicy_orchestratorA blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server.2022-04-14not yet calculatedCVE-2022-1258
CONFIRM
tenable -- d_link_routersA command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root.2022-04-11not yet calculatedCVE-2022-1262
MISC
java_client -- ebics
 
A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. This issue affects: ebics-java/ebics-java-client versions prior to 1.2.2022-04-14not yet calculatedCVE-2022-1279
CONFIRM
linux -- drivers_gpu_drm_drm_lease.cA use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.2022-04-13not yet calculatedCVE-2022-1280
MISC
MISC
github -- mruby_mrubyheap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.2022-04-10not yet calculatedCVE-2022-1286
CONFIRM
MISC
tildearrow -- furnaceA denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce.2022-04-10not yet calculatedCVE-2022-1289
MISC
MISC
MISC
github -- polonel_trudeskStored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.2022-04-10not yet calculatedCVE-2022-1290
MISC
CONFIRM
mz_automation -- liblec61850In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service.2022-04-12not yet calculatedCVE-2022-1302
CONFIRM
e2sprogs -- e2sprogsAn out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.2022-04-14not yet calculatedCVE-2022-1304
MISC
github -- zerotierone
 
ZeroTierOne for windows local privilege escalation because of incorrect directory privilege in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation2022-04-11not yet calculatedCVE-2022-1316
CONFIRM
MISC
mutt -- uudecoder
 
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line2022-04-14not yet calculatedCVE-2022-1328
MISC
MISC
CONFIRM
MLIST
github -- alvarotrigo/fullpage.jsstored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. stored xss .2022-04-12not yet calculatedCVE-2022-1330
MISC
CONFIRM
mattermost -- api
 
One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents.2022-04-13not yet calculatedCVE-2022-1332
MISC
mattermost _playbooks -- webhooks
 
Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service.2022-04-13not yet calculatedCVE-2022-1333
MISC
mattermost -- image_proxy_componentThe image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files.2022-04-13not yet calculatedCVE-2022-1337
MISC
github -- elementcontroller.phpSQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data2022-04-13not yet calculatedCVE-2022-1339
CONFIRM
MISC
github -- stored_xssStored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.2022-04-13not yet calculatedCVE-2022-1344
CONFIRM
MISC
github -- stored_xssStored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.2022-04-13not yet calculatedCVE-2022-1345
CONFIRM
MISC
github -- stored_xssMultiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.2022-04-13not yet calculatedCVE-2022-1346
CONFIRM
MISC
github -- stored_xssStored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation2022-04-13not yet calculatedCVE-2022-1347
MISC
CONFIRM
ghostpcl -- gsmchunk.cA vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patches to fix this issue.2022-04-14not yet calculatedCVE-2022-1350
MISC
MISC
MISC
github -- stored_xssStored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4.2022-04-14not yet calculatedCVE-2022-1351
CONFIRM
MISC
github -- lquixada/cross_fetchExposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5.2022-04-15not yet calculatedCVE-2022-1365
MISC
CONFIRM
github -- snipe/snipe_itStored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.2022-04-16not yet calculatedCVE-2022-1380
CONFIRM
MISC
mediatek -- smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsetsIn ccci, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108658; Issue ID: ALPS06108658.2022-04-11not yet calculatedCVE-2022-20065
MISC
mediatek -- smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsetsIn atf (hwfde), there is a possible leak of sensitive information due to incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171729; Issue ID: ALPS06171729.2022-04-11not yet calculatedCVE-2022-20066
MISC
mediatek -- smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsetsIn mdp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05836585; Issue ID: ALPS05836585.2022-04-11not yet calculatedCVE-2022-20067
MISC
mediatek -- smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsetsIn mobile_log_d, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308907; Issue ID: ALPS06308907.2022-04-11not yet calculatedCVE-2022-20068
MISC
mediatek -- smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsetsIn preloader (usb), there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160425; Issue ID: ALPS06160425.2022-04-11not yet calculatedCVE-2022-20069
MISC
mediatek -- smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsetsIn ssmr, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06362920; Issue ID: ALPS06362920.2022-04-11not yet calculatedCVE-2022-20070
MISC
mediatek -- smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsetsIn ccu, there is a possible escalation of privilege due to a missing certificate validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06183315; Issue ID: ALPS06183315.2022-04-11not yet calculatedCVE-2022-20071
MISC
mediatek -- smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsetsIn search engine service, there is a possible way to change the default search engine due to an incorrect comparison. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06219118; Issue ID: ALPS06219118.2022-04-11not yet calculatedCVE-2022-20072
MISC
mediatek -- smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsetsIn preloader (usb), there is a possible out of bounds write due to a integer underflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160841; Issue ID: ALPS06160841.2022-04-11not yet calculatedCVE-2022-20073
MISC
mediatek -- smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsetsIn preloader (partition), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06183301; Issue ID: ALPS06183301.2022-04-11not yet calculatedCVE-2022-20074
MISC
mediatek -- smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsetsIn ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05838808; Issue ID: ALPS05838808.2022-04-11not yet calculatedCVE-2022-20075
MISC
mediatek -- smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsetsIn ged, there is a possible memory corruption due to an incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05838808; Issue ID: ALPS05839556.2022-04-11not yet calculatedCVE-2022-20076
MISC
mediatek -- smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsetsIn vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05852812.2022-04-11not yet calculatedCVE-2022-20077
MISC
mediatek -- smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsetsIn vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05852819; Issue ID: ALPS05852819.2022-04-11not yet calculatedCVE-2022-20078
MISC
mediatek -- smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsetsIn vow, there is a possible read of uninitialized data due to a improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05857289.2022-04-11not yet calculatedCVE-2022-20079
MISC
mediatek -- smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsetsIn SUB2AF, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05881290; Issue ID: ALPS05881290.2022-04-11not yet calculatedCVE-2022-20080
MISC
mediatek -- smartphone_tablet_aIot_smart_display_smart_platform_ott_chipsetsIn A-GPS, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06461919; Issue ID: ALPS06461919.2022-04-11not yet calculatedCVE-2022-20081
MISC
cisco -- embedded_wireless_controller
 
A vulnerability in IP ingress packet processing of the Cisco Embedded Wireless Controller with Catalyst Access Points Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The device may experience a performance degradation in traffic processing or high CPU usage prior to the unexpected reload. This vulnerability is due to improper rate limiting of IP packets to the management interface. An attacker could exploit this vulnerability by sending a steady stream of IP traffic at a high rate to the management interface of the affected device. A successful exploit could allow the attacker to cause the device to reload.2022-04-15not yet calculatedCVE-2022-20622
CISCO
cisco -- catalyst_digital_building_series_and_catalyst_micro_switchesMultiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.2022-04-15not yet calculatedCVE-2022-20661
CISCO
cisco -- tool_command_language
 
A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This vulnerability is due to insufficient input validation of data that is passed into the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root. By default, Tcl shell access requires privilege level 15.2022-04-15not yet calculatedCVE-2022-20676
CISCO
cisco -- iox_application_hosting_environment
 
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.2022-04-15not yet calculatedCVE-2022-20677
CISCO
cisco -- appnav_xe
 
A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of certain TCP segments. An attacker could exploit this vulnerability by sending a stream of crafted TCP traffic at a high rate through an interface of an affected device. That interface would need to have AppNav interception enabled. A successful exploit could allow the attacker to cause the device to reload.2022-04-15not yet calculatedCVE-2022-20678
CISCO
cisco -- ipsec_decryption_routine
 
A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to buffer exhaustion that occurs while traffic on a configured IPsec tunnel is being processed. An attacker could exploit this vulnerability by sending traffic to an affected device that has a maximum transmission unit (MTU) of 1800 bytes or greater. A successful exploit could allow the attacker to cause the device to reload. To exploit this vulnerability, the attacker may need access to the trusted network where the affected device is in order to send specific packets to be processed by the device. All network devices between the attacker and the affected device must support an MTU of 1800 bytes or greater. This access requirement could limit the possibility of a successful exploit.2022-04-15not yet calculatedCVE-2022-20679
CISCO
cisco -- catalyst_9000_family_switches_and_catalyst_9000_family_wireless_controllers
 
A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisco Catalyst 9000 Family Wireless Controllers could allow an authenticated, local attacker to elevate privileges to level 15 on an affected device. This vulnerability is due to insufficient validation of user privileges after the user executes certain CLI commands. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands with level 15 privileges on the affected device.2022-04-15not yet calculatedCVE-2022-20681
CISCO
cisco -- control_and_provisioning_of_wireless_access_points
 
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to inadequate input validation of incoming CAPWAP packets encapsulating multicast DNS (mDNS) queries. An attacker could exploit this vulnerability by connecting to a wireless network and sending a crafted mDNS query, which would flow through and be processed by the wireless controller. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition.2022-04-15not yet calculatedCVE-2022-20682
CISCO
cisco -- application_visibility_and_control
 
A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient packet verification for traffic inspected by the AVC feature. An attacker could exploit this vulnerability by sending crafted packets from the wired network to a wireless client, resulting in the crafted packets being processed by the wireless controller. A successful exploit could allow the attacker to cause a crash and reload of the affected device, resulting in a DoS condition.2022-04-15not yet calculatedCVE-2022-20683
CISCO
cisco -- simple_network_management_protocol
 
A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition on the device. This vulnerability is due to a lack of input validation of the information used to generate an SNMP trap related to a wireless client connection event. An attacker could exploit this vulnerability by sending an 802.1x packet with crafted parameters during the wireless authentication setup phase of a connection. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.2022-04-15not yet calculatedCVE-2022-20684
CISCO
cisco -- netconfA vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to insufficient resource management. An attacker could exploit this vulnerability by initiating a large number of NETCONF over SSH connections. A successful exploit could allow the attacker to exhaust resources, causing the device to reload and resulting in a DoS condition on an affected device.2022-04-15not yet calculatedCVE-2022-20692
CISCO
cisco -- uiA vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.2022-04-15not yet calculatedCVE-2022-20693
CISCO
cisco -- resource_public_key_infrastructureA vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of a specific RPKI to Router (RTR) Protocol packet header. An attacker could exploit this vulnerability by compromising the RPKI validator server and sending a specifically crafted RTR packet to an affected device. Alternatively, the attacker could use man-in-the-middle techniques to impersonate the RPKI validator server and send a crafted RTR response packet over the established RTR TCP connection to the affected device. A successful exploit could allow the attacker to cause a DoS condition because the BGP process could constantly restart and BGP routing could become unstable.2022-04-15not yet calculatedCVE-2022-20694
CISCO
cisco -- wireless_lan_controllerA vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of the password validation algorithm. An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials. A successful exploit could allow the attacker to bypass authentication and log in to the device as an administrator. The attacker could obtain privileges that are the same level as an administrative user but it depends on the crafted credentials. Note: This vulnerability exists because of a non-default device configuration that must be present for it to be exploitable. For details about the vulnerable configuration, see the Vulnerable Products section of this advisory.2022-04-15not yet calculatedCVE-2022-20695
CISCO
cisco -- web_services_interfaceA vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this vulnerability by sending a large number of HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.2022-04-15not yet calculatedCVE-2022-20697
CISCO
cisco -- data_plane_microcode_of_lightspeed_plus_line_cardsA vulnerability in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the line card to reset. This vulnerability is due to the incorrect handling of malformed packets that are received on the Lightspeed-Plus line cards. An attacker could exploit this vulnerability by sending a crafted IPv4 or IPv6 packet through an affected device. A successful exploit could allow the attacker to cause the Lightspeed-Plus line card to reset, resulting in a denial of service (DoS) condition for any traffic that traverses that line card.2022-04-15not yet calculatedCVE-2022-20714
CISCO
cisco -- cli_of_cisco_sd_wan_software
 
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user.2022-04-15not yet calculatedCVE-2022-20716
CISCO
cisco -- netconf_process_of_ cisco_sd_wan_vedge_ routersA vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient memory management when an affected device receives large amounts of traffic. An attacker could exploit this vulnerability by sending malicious traffic to an affected device. A successful exploit could allow the attacker to cause the device to crash, resulting in a DoS condition.2022-04-15not yet calculatedCVE-2022-20717
CISCO
cisco -- iox_application_hosting_environmentMultiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.2022-04-15not yet calculatedCVE-2022-20718
CISCO
cisco -- iox_application_hosting_environmentMultiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.2022-04-15not yet calculatedCVE-2022-20719
CISCO
cisco -- iox_application_hosting_environmentMultiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.2022-04-15not yet calculatedCVE-2022-20720
CISCO
cisco -- iox_application_hosting_environmentMultiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.2022-04-15not yet calculatedCVE-2022-20721
CISCO
cisco -- iox_application_hosting_environmentMultiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.2022-04-15not yet calculatedCVE-2022-20722
CISCO
cisco -- iox_application_hosting_environmentMultiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.2022-04-15not yet calculatedCVE-2022-20723
CISCO
cisco -- iox_application_hosting_environmentMultiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.2022-04-15not yet calculatedCVE-2022-20724
CISCO
cisco -- iox_application_hosting_environmentMultiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.2022-04-15not yet calculatedCVE-2022-20725
CISCO
cisco -- iox_application_hosting_environmentMultiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.2022-04-15not yet calculatedCVE-2022-20726
CISCO
cisco -- iox_application_hosting_environmentMultiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.2022-04-15not yet calculatedCVE-2022-20727
CISCO
cisco -- catalyst_digital_building_series_switches_and_cisco_catalyst_micro_switches
 
Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.2022-04-15not yet calculatedCVE-2022-20731
CISCO
cisco -- sd_wan_vmanage_softwareA vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. These actions could include modifying the system configuration and deleting accounts.2022-04-15not yet calculatedCVE-2022-20735
CISCO
cisco -- sd_wan_vmanage_softwareA vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected system as a low-privileged user to exploit this vulnerability. This vulnerability exists because a file leveraged by a root user is executed when a low-privileged user runs specific commands on an affected system. An attacker could exploit this vulnerability by injecting arbitrary commands to a specific file as a lower-privileged user and then waiting until an admin user executes specific commands. The commands would then be executed on the device by the root user. A successful exploit could allow the attacker to escalate their privileges on the affected system from a low-privileged user to the root user.2022-04-15not yet calculatedCVE-2022-20739
CISCO
cisco -- history_api_of_cisco_sd_wan_vmanage_softwareA vulnerability in the History API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected system. This vulnerability is due to insufficient API authorization checking on the underlying operating system. An attacker could exploit this vulnerability by sending a crafted API request to Cisco vManage as a lower-privileged user and gaining access to sensitive information that they would not normally be authorized to access.2022-04-15not yet calculatedCVE-2022-20747
CISCO
cisco -- border_gateway_protocol_ethernet_vpn
 
A vulnerability in the implementation of the Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the incorrect processing of a BGP update message that contains specific EVPN attributes. An attacker could exploit this vulnerability by sending a BGP update message that contains specific EVPN attributes. To exploit this vulnerability, an attacker must control a BGP speaker that has an established trusted peer connection to an affected device that is configured with the address family L2VPN EVPN to receive and process the update message. This vulnerability cannot be exploited by any data that is initiated by clients on the Layer 2 network or by peers that are not configured to accept the L2VPN EVPN address family. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP updates only from explicitly defined peers. For this vulnerability to be exploited, the malicious BGP update message must either come from a configured, valid BGP peer or be injected by the attacker into the affected BGP network on an existing, valid TCP connection to a BGP peer.2022-04-15not yet calculatedCVE-2022-20758
CISCO
cisco -- 1000_series_connected_grid_router
 
A vulnerability in the integrated wireless access point (AP) packet processing of the Cisco 1000 Series Connected Grid Router (CGR1K) could allow an unauthenticated, adjacent attacker to cause a denial of service condition on an affected device. This vulnerability is due to insufficient input validation of received traffic. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the integrated AP to stop processing traffic, resulting in a DoS condition. It may be necessary to manually reload the CGR1K to restore AP operation.2022-04-15not yet calculatedCVE-2022-20761
CISCO
lansweeper -- webuseractions.aspx
 
A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability.2022-04-14not yet calculatedCVE-2022-21145
MISC
CONFIRM
leadtools -- fltsavecmp
 
An integer overflow vulnerability exists in the fltSaveCMP functionality of Leadtools 22. A specially-crafted BMP file can lead to an integer overflow, that in turn causes a buffer overflow. An attacker can provide a malicious BMP file to trigger this vulnerability.2022-04-14not yet calculatedCVE-2022-21154
MISC
CONFIRM
fernhill_scada_server_version -- fhsvrservice.exeA specially crafted packet sent to the Fernhill SCADA Server Version 3.77 and earlier may cause an exception, causing the server process (FHSvrService.exe) to exit.2022-04-12not yet calculatedCVE-2022-21155
MISC
mz_automation_gmbh_libiec61850 -- parsenormalmodeparametersA denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to trigger this vulnerability.2022-04-15not yet calculatedCVE-2022-21159
MISC
CONFIRM
MISC
fuji_electric -- alpha5The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure.2022-04-12not yet calculatedCVE-2022-21168
MISC
fuji_electric -- alpha5The affected product is vulnerable to an out-of-bounds read, which may result in disclosure of sensitive information.2022-04-12not yet calculatedCVE-2022-21202
MISC
lansweeper -- assetactions.aspx
 
An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.2022-04-14not yet calculatedCVE-2022-21210
MISC
CONFIRM
fuji_electric -- alpha5The affected product is vulnerable to a heap-based buffer overflow, which may lead to code execution.2022-04-12not yet calculatedCVE-2022-21214
MISC
fuji_electric -- alpha5The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.2022-04-12not yet calculatedCVE-2022-21228
MISC
lansweeper -- echoassets.aspxAn SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.2022-04-14not yet calculatedCVE-2022-21234
MISC
CONFIRM
nconf -- json
 
This affects the package nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set() function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted property, it is possible to modify the properties on the Object.prototype.2022-04-12not yet calculatedCVE-2022-21803
MISC
MISC
MISC
MISC
microsoft -- windowsWin32 Stream Enumeration Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24534.2022-04-15not yet calculatedCVE-2022-21983
N/A
microsoft -- windowsWindows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22009, CVE-2022-23257, CVE-2022-24537.2022-04-15not yet calculatedCVE-2022-22008
N/A
microsoft -- windowsWindows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-23257, CVE-2022-24537.2022-04-15not yet calculatedCVE-2022-22009
N/A
lansweeper -- lansweeper
 
A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.2022-04-14not yet calculatedCVE-2022-22149
MISC
CONFIRM
junos -- web_juniper_networksA reflected Cross-site Scripting (XSS) vulnerability in J-Web of Juniper Networks Junos OS allows a network-based authenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web. This may allow the attacker to gain control of the device or attack other authenticated user sessions. This issue affects: Juniper Networks Junos OS All versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2.2022-04-14not yet calculatedCVE-2022-22181
CONFIRM
junos -- web_juniper_networksA Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S10, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S6; 19.2 versions prior to 19.2R1-S8, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2; 21.2 versions prior to 21.2R1-S1, 21.2R2.2022-04-14not yet calculatedCVE-2022-22182
CONFIRM
junos -- web_juniper_networksAn Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected releases should otherwise be unreachable, to cause the CPU to consume all resources as more traffic is sent to the port to create a Denial of Service (DoS) condition. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-S2-EVO; 21.1 versions prior to 21.1R3-S1-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO; 21.4 versions prior to 21.4R2-EVO. This issue does not affect Junos OS.2022-04-14not yet calculatedCVE-2022-22183
CONFIRM
junos -- web_juniper_networksA vulnerability in Juniper Networks Junos OS on SRX Series, allows a network-based unauthenticated attacker to cause a Denial of Service (DoS) by sending a specific fragmented packet to the device, resulting in a flowd process crash, which is responsible for packet forwarding. Continued receipt and processing of this specific packet will create a sustained DoS condition. This issue only affects SRX Series when 'preserve-incoming-fragment-size' feature is enabled. This issue affects Juniper Networks Junos OS on SRX Series: 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect Juniper Networks Junos OS prior to 17.3R1.2022-04-14not yet calculatedCVE-2022-22185
CONFIRM
junos -- web_juniper_networksDue to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface (em0) but not destined to the device, may be improperly forwarded to an egress interface, instead of being discarded. Such traffic being sent by a client may appear genuine, but is non-standard in nature and should be considered as potentially malicious. This issue affects: Juniper Networks Junos OS on EX4650 Series: All versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R3-S5; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R1.2022-04-14not yet calculatedCVE-2022-22186
CONFIRM
windows_installer -- improper_privilege_management_vulnerability
 
An Improper Privilege Management vulnerability in the Windows Installer framework used in the Juniper Networks Juniper Identity Management Service (JIMS) allows an unprivileged user to trigger a repair operation. Running a repair operation, in turn, will trigger a number of file operations in the %TEMP% folder of the user triggering the repair. Some of these operations will be performed from a SYSTEM context (started via the Windows Installer service), including the execution of temporary files. An attacker may be able to provide malicious binaries to the Windows Installer, which will be executed with high privilege, leading to a local privilege escalation. This issue affects Juniper Networks Juniper Identity Management Service (JIMS) versions prior to 1.4.0.2022-04-14not yet calculatedCVE-2022-22187
CONFIRM
junos_os -- packet_forwarding_engine
 
An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packet forwarding engine (PFE) of Juniper Networks Junos OS allows a network-based unauthenticated attacker to flood the device with traffic leading to a Denial of Service (DoS). The device must be configured with storm control profiling limiting the number of unknown broadcast, multicast, or unicast traffic to be vulnerable to this issue. This issue affects: Juniper Networks Junos OS on QFX5100/QFX5110/QFX5120/QFX5200/QFX5210/EX4600/EX4650 Series; 20.2 version 20.2R1 and later versions prior to 20.2R2. This issue does not affect: Juniper Networks Junos OS versions prior to 20.2R1.2022-04-14not yet calculatedCVE-2022-22188
CONFIRM
junos_os -- juniper_networks_ contrail_service_ orchestration
 
An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects: Juniper Networks Contrail Service Orchestration 6.0.0 versions prior to 6.0.0 Patch v3 on On-premises installations. This issue does not affect Juniper Networks Contrail Service Orchestration On-premises versions prior to 6.0.0.2022-04-14not yet calculatedCVE-2022-22189
CONFIRM
junos_os -- juniper_networks_paragon_active_assurance_ control_center
 
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information. A feature was introduced in version 3.1 of the Paragon Active Assurance Control Center which allows users to selective share account data using a unique identifier. Knowing the proper format of the URL and the identifier of an existing object in an application it is possible to get access to that object without being logged in, even if the object is not shared, resulting in the opportunity for malicious exfiltration of user data. Note that the Paragon Active Assurance Control Center SaaS offering is not affected by this issue. This issue affects Juniper Networks Paragon Active Assurance version 3.1.0.2022-04-14not yet calculatedCVE-2022-22190
CONFIRM
junos_os -- juniper_networks_junosos
 
A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart. After the restart, transit traffic will be temporarily interrupted until the PFE is reprogrammed. In a virtual chassis (VC), the impacted Flexible PIC Concentrator (FPC) may split from the VC temporarily, and join back into the VC once the PFE restarts. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on the EX4300: All versions prior to 15.1R7-S12; 18.4 versions prior to 18.4R2-S10, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R1-S9, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2.2022-04-14not yet calculatedCVE-2022-22191
CONFIRM
junos_os -- routing_protocol_daemonAn Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). Continued execution of this command might cause a sustained Denial of Service condition. If BGP rib sharding is configured and a certain CLI command is executed the rpd process can crash. During the rpd crash and restart, the routing protocols might be impacted and traffic disruption might be seen due to the loss of routing information. This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-EVO; 21.1 versions prior to 21.1R3-EVO; 21.2 versions prior to 21.2R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 20.3R1. Juniper Networks Junos OS Evolved versions prior to 20.3R1-EVO.2022-04-14not yet calculatedCVE-2022-22193
CONFIRM
junos_os -- packetio_daemonAn Improper Check for Unusual or Exceptional Conditions vulnerability in the packetIO daemon of Juniper Networks Junos OS Evolved on PTX10003, PTX10004, and PTX10008 allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). Continued receipt of these crafted packets will cause a sustained Denial of Service condition. This issue affects Juniper Networks Junos OS Evolved all versions prior to 20.4R2-S3-EVO on PTX10003, PTX10004, and PTX10008. This issue does not affect: Juniper Networks Junos OS Evolved versions 21.1R1-EVO and above; Juniper Networks Junos OS.2022-04-14not yet calculatedCVE-2022-22194
CONFIRM
junos_os -- juniper_networksAn Improper Update of Reference Count vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to trigger a counter overflow, eventually causing a Denial of Service (DoS). This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S1-EVO; 21.1 versions prior to 21.1R3-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS.2022-04-14not yet calculatedCVE-2022-22195
CONFIRM
junos_os -- routing_protocol_daemonAn Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker with an established ISIS adjacency to cause a Denial of Service (DoS). The rpd CPU spikes to 100% after a malformed ISIS TLV has been received which will lead to processing issues of routing updates and in turn traffic impact. This issue affects: Juniper Networks Junos OS 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S3-EVO; 21.2 versions prior to 21.2R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1.2022-04-14not yet calculatedCVE-2022-22196
CONFIRM
junos_os -- routing_protocol_daemonAn Operation on a Resource after Expiration or Release vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker with an established BGP session to cause a Denial of Service (DoS). This issue occurs when proxy-generate route-target filtering is enabled, and certain proxy-route add and delete events are happening. This issue affects: Juniper Networks Junos OS All versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S2, 20.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R3-EVO; 20.3 versions prior to 20.3R2-EVO.2022-04-14not yet calculatedCVE-2022-22197
CONFIRM
junos_os -- sip_algAn Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. On all MX and SRX platforms, if the SIP ALG is enabled, an MS-MPC or MS-MIC, or SPC will crash if it receives a SIP message with a specific contact header format. This issue affects Juniper Networks Junos OS on MX Series and SRX Series: 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect versions prior to 20.4R1.2022-04-14not yet calculatedCVE-2022-22198
CONFIRM
huawei -- androidThe DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability.2022-04-11not yet calculatedCVE-2022-22253
MISC
MISC
huawei -- androidA permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality.2022-04-11not yet calculatedCVE-2022-22254
MISC
MISC
huawei -- android
 
The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability.2022-04-11not yet calculatedCVE-2022-22255
MISC
MISC
huawei -- androidThe DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.2022-04-11not yet calculatedCVE-2022-22256
MISC
MISC
huawei -- androidThe customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity.2022-04-11not yet calculatedCVE-2022-22257
MISC
MISC
huawei -- androidThe Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and result in elevation-of-privilege.2022-04-11not yet calculatedCVE-2022-22258
MISC
MISC
SMA -- SMA
 
** UNSUPPORTED WHEN ASSIGNED ** A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions.2022-04-13not yet calculatedCVE-2022-22279
CONFIRM
IBM -- aspera_high_speed_ transferIBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authenticated user to obtain information from non sensitive operating system files that they should not have access to. IBM X-Force ID: 222059.2022-04-14not yet calculatedCVE-2022-22391
XF
CONFIRM
sap -- business_intelligence_platformSAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections. The main impact is the disclosure of company data to people that shouldn't or don't need to have access.2022-04-12not yet calculatedCVE-2022-22541
MISC
MISC
dell -- powerscale_onefsDell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Validation. A unauthenticated remote attacker could potentially exploit this vulnerability, leading to a man-in-the-middle capture of administrative credentials.2022-04-12not yet calculatedCVE-2022-22549
MISC
dell -- powerscale_onefsDell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. An unprivileged local attacker could potentially exploit this vulnerability, leading to account take over.2022-04-12not yet calculatedCVE-2022-22550
MISC
dell -- powerscale_onefsDell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm. An unprivileged network attacker could exploit this vulnerability, leading to the potential for information disclosure.2022-04-12not yet calculatedCVE-2022-22559
MISC
dell -- powerscale_onefsDell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerScale cluster. The attacker can exploit this vulnerability to take the switch offline.2022-04-12not yet calculatedCVE-2022-22560
MISC
dell -- powerscale_onefsDell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive authentication attempts. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts.2022-04-12not yet calculatedCVE-2022-22561
MISC
dell -- powerscale_onefsDell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper handling of missing values exploit. An unauthenticated network attacker could potentially exploit this denial-of-service vulnerability.2022-04-12not yet calculatedCVE-2022-22562
MISC
dell -- powerscale_onefsDell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper authorization of index containing sensitive information. An authenticated and privileged user could potentially exploit this vulnerability, leading to disclosure or modification of sensitive data.2022-04-12not yet calculatedCVE-2022-22565
MISC
ivanti -- incapptic_connect
 
A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. The vulnerability affects Incapptic Connect version < 1.40.1.2022-04-11not yet calculatedCVE-2022-22572
MISC
MISC
vmware -- workspace_one_access_and_ identity_managerVMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.2022-04-11not yet calculatedCVE-2022-22954
MISC
vmware -- workspace_one_accessVMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.2022-04-13not yet calculatedCVE-2022-22955
MISC
vmware -- workspace_one_accessVMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.2022-04-13not yet calculatedCVE-2022-22956
MISC
vmware -- workspace_one_access_identity_manager_and_vrealize_automationVMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.2022-04-13not yet calculatedCVE-2022-22957
MISC
vmware -- workspace_one_access_identity_manager_and_vrealize_automationVMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.2022-04-13not yet calculatedCVE-2022-22958
MISC
vmware -- workspace_one_access_identity_manager_and_vrealize_automationVMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.2022-04-13not yet calculatedCVE-2022-22959
MISC
vmware -- workspace_one_access_identity_manager_and_vrealize_automationVMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.2022-04-13not yet calculatedCVE-2022-22960
MISC
vmware -- workspace_one_access_identity_manager_and_vrealize_automationVMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims.2022-04-13not yet calculatedCVE-2022-22961
MISC
vmware -- horizon_client_for_linux
 
VMware Horizon Client for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file.2022-04-11not yet calculatedCVE-2022-22962
MISC
vmware -- horizon_client_for_linuxVMware Horizon Client for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file.2022-04-11not yet calculatedCVE-2022-22964
MISC
vmware -- cloud_director
 
An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server.2022-04-14not yet calculatedCVE-2022-22966
MISC
vmware -- spring_framework
 
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.2022-04-14not yet calculatedCVE-2022-22968
MISC
dell -- powerscale_onefs
 
Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of memory after effective lifetime vulnerability. An authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_AUTH_PROVIDERS privileges could exploit this vulnerability, leading to a Denial-Of-Service. This can also impact a cluster in Compliance mode. Dell recommends to update at the earliest opportunity.2022-04-12not yet calculatedCVE-2022-23159
MISC
dell -- powerscale_onefs
 
Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user could potentially exploit this vulnerability, leading to gaining write permissions on read-only files.2022-04-12not yet calculatedCVE-2022-23160
MISC
dell -- powerscale_onefs
 
Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contains a denial-of-service vulnerability in SmartConnect. An unprivileged network attacker could potentially exploit this vulnerability, leading to denial-of-service. (of course this is temporary and will need to be adapted/reviewed as we determine the CWE with Srisimha Tummala 's help)2022-04-12not yet calculatedCVE-2022-23161
MISC
dell -- powerscale_onefs
 
Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability. A local malicious user could potentially exploit this vulnerability, leading to denial of service/data unavailability.2022-04-12not yet calculatedCVE-2022-23163
MISC
spring_by_vmware -- spring_frameworkWindows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-22009, CVE-2022-24537.2022-04-15not yet calculatedCVE-2022-23257
N/A
microsoft -- windowsMicrosoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability.2022-04-15not yet calculatedCVE-2022-23259
N/A
microsoft -- windowsWindows Hyper-V Denial of Service Vulnerability.2022-04-15not yet calculatedCVE-2022-23268
N/A
microsoft -- windowsMicrosoft Power BI Spoofing Vulnerability.2022-04-15not yet calculatedCVE-2022-23292
N/A
simatic -- energy_manager_basic_and_manager_pro
 
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local unprivileged attacker to achieve code execution with ADMINISTRATOR or even NT AUTHORITY/SYSTEM privileges.2022-04-12not yet calculatedCVE-2022-23448
CONFIRM
simatic -- energy_manager_basic_and_manager_proA vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path.2022-04-12not yet calculatedCVE-2022-23449
CONFIRM
simatic -- energy_manager_basic_and_manager_proA vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges.2022-04-12not yet calculatedCVE-2022-23450
CONFIRM
hpe_superdome_flex -- servers
 
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 Servers. The vulnerability could be locally exploited to allow an user with Administrator access to escalate their privilege. The vulnerability is resolved in the latest firmware update. HPE Superdome Flex Server Version 3.50.58 or later, HPE Superdome Flex 280 Server Version 1.20.204 or later.2022-04-12not yet calculatedCVE-2022-23702
MISC
hpe -- flash_arrays
 
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates initiated by the Nimble appliance. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 5.0.10.100, 5.2.1.500, 6.0.0.1002022-04-12not yet calculatedCVE-2022-23703
MISC
nyron -- nyron_1.0
 
Nyron 1.0 is affected by a SQL injection vulnerability through Nyron/Library/Catalog/winlibsrch.aspx. To exploit this vulnerability, an attacker must inject '"> on the thes1 parameter.2022-04-15not yet calculatedCVE-2022-23865
MISC
subversion -- mod_dav_svnSubversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected.2022-04-12not yet calculatedCVE-2022-24070
MISC
MISC
MISC
DEBIAN
ritecms -- admin_panelRiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to overwrite any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to write) resulting a remote code execution.2022-04-12not yet calculatedCVE-2022-24247
MISC
MISC
ritecms -- admin_panelRiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker might leverage the capability of arbitrary file deletion to circumvent certain web server security mechanisms such as deleting .htaccess file that would deactivate those security constraints.2022-04-12not yet calculatedCVE-2022-24248
MISC
MISC
madlib_object -- madlib_object_utils
 
The package madlib-object-utils before 0.1.8 are vulnerable to Prototype Pollution via the setValue method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives from an incomplete fix of [CVE-2020-7701](https://security.snyk.io/vuln/SNYK-JS-MADLIBOBJECTUTILS-598676)2022-04-15not yet calculatedCVE-2022-24279
CONFIRM
CONFIRM
automox_agent -- windows_and_linux_and version_36_on_osxAutomox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process.2022-04-13not yet calculatedCVE-2022-24308
MISC
MISC
fuji_electric -- alpha_5The affected product is vulnerable to an out-of-bounds read, which may result in code execution2022-04-12not yet calculatedCVE-2022-24383
MISC
dell -- powerscale_onefs
 
Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability. A local attacker with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE could potentially exploit this vulnerability, leading to elevation of privilege. This could potentially allow users to circumvent PowerScale Compliance Mode guarantees.2022-04-12not yet calculatedCVE-2022-24411
MISC
dell -- powerscale_onefs
 
Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper handling of value vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to denial-of-service.2022-04-12not yet calculatedCVE-2022-24412
MISC
dell -- powerscale_onefs
 
Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem could potentially exploit this vulnerability, leading to data loss.2022-04-12not yet calculatedCVE-2022-24413
MISC
microsoft -- shaprepoint
 
Microsoft SharePoint Server Spoofing Vulnerability.2022-04-15not yet calculatedCVE-2022-24472
N/A
microsoft -- excel
 
Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26901.2022-04-15not yet calculatedCVE-2022-24473
N/A
windows -- win32k
 
Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24542.2022-04-15not yet calculatedCVE-2022-24474
N/A
microsoft -- windows
 
Connected User Experiences and Telemetry Elevation of Privilege Vulnerability.2022-04-15not yet calculatedCVE-2022-24479
N/A
microsoft -- windowsWindows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24521.2022-04-15not yet calculatedCVE-2022-24481
N/A
microsoft -- windowsWindows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24540.2022-04-15not yet calculatedCVE-2022-24482
N/A
microsoft -- windowsWindows Kernel Information Disclosure Vulnerability.2022-04-15not yet calculatedCVE-2022-24483
N/A
microsoft -- windowsWindows Cluster Shared Volume (CSV) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-24538, CVE-2022-26784.2022-04-15not yet calculatedCVE-2022-24484
N/A
microsoft -- windowsWin32 File Enumeration Remote Code Execution Vulnerability.2022-04-15not yet calculatedCVE-2022-24485
N/A
microsoft -- windowsWindows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24544.2022-04-15not yet calculatedCVE-2022-24486
N/A
microsoft -- windowsWindows Local Security Authority (LSA) Remote Code Execution Vulnerability.2022-04-15not yet calculatedCVE-2022-24487
N/A
microsoft -- windowsWindows Desktop Bridge Elevation of Privilege Vulnerability.2022-04-15not yet calculatedCVE-2022-24488
N/A
microsoft -- windowsCluster Client Failover (CCF) Elevation of Privilege Vulnerability.2022-04-15not yet calculatedCVE-2022-24489
N/A
microsoft -- windowsWindows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-24539, CVE-2022-26783, CVE-2022-26785.2022-04-15not yet calculatedCVE-2022-24490
N/A
microsoft -- windowsWindows Network File System Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24497.2022-04-15not yet calculatedCVE-2022-24491
N/A
microsoft -- windowsRemote Procedure Call Runtime Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24528, CVE-2022-26809.2022-04-15not yet calculatedCVE-2022-24492
N/A
microsoft -- windowsMicrosoft Local Security Authority (LSA) Server Information Disclosure Vulnerability.2022-04-15not yet calculatedCVE-2022-24493
N/A
microsoft -- windowsWindows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability.2022-04-15not yet calculatedCVE-2022-24494
N/A
microsoft -- windowsWindows Direct Show - Remote Code Execution Vulnerability.2022-04-15not yet calculatedCVE-2022-24495
N/A
microsoft -- windowsLocal Security Authority (LSA) Elevation of Privilege Vulnerability.2022-04-15not yet calculatedCVE-2022-24496
N/A
microsoft -- windowsWindows Network File System Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24491.2022-04-15not yet calculatedCVE-2022-24497
N/A
microsoft -- windowsWindows iSCSI Target Service Information Disclosure Vulnerability.2022-04-15not yet calculatedCVE-2022-24498
N/A
microsoft -- windowsWindows Installer Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24530.2022-04-15not yet calculatedCVE-2022-24499
N/A
microsoft -- windowsWindows SMB Remote Code Execution Vulnerability.2022-04-15not yet calculatedCVE-2022-24500
N/A
microsoft -- windowsVisual Studio Elevation of Privilege Vulnerability.2022-04-15not yet calculatedCVE-2022-24513
N/A
microsoft -- windowsWindows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24481.2022-04-15not yet calculatedCVE-2022-24521
N/A
microsoft -- windowsWindows Endpoint Configuration Manager Elevation of Privilege Vulnerability.2022-04-15not yet calculatedCVE-2022-24527
N/A
microsoft -- windowsRemote Procedure Call Runtime Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24492, CVE-2022-26809.2022-04-15not yet calculatedCVE-2022-24528
N/A
microsoft -- windowsWindows Installer Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24499.2022-04-15not yet calculatedCVE-2022-24530
N/A
microsoft -- windowsHEVC Video Extensions Remote Code Execution Vulnerability.2022-04-15not yet calculatedCVE-2022-24532
N/A
microsoft -- windowsRemote Desktop Protocol Remote Code Execution Vulnerability.2022-04-15not yet calculatedCVE-2022-24533
N/A
microsoft -- windowsWin32 Stream Enumeration Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21983.2022-04-15not yet calculatedCVE-2022-24534
N/A
microsoft -- windowsWindows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829.2022-04-15not yet calculatedCVE-2022-24536
N/A
microsoft -- windowsWindows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-22009, CVE-2022-23257.2022-04-15not yet calculatedCVE-2022-24537
N/A
microsoft -- windowsWindows Cluster Shared Volume (CSV) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-24484, CVE-2022-26784.2022-04-15not yet calculatedCVE-2022-24538
N/A
microsoft -- windowsWindows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-24490, CVE-2022-26783, CVE-2022-26785.2022-04-15not yet calculatedCVE-2022-24539
N/A
microsoft -- windowsWindows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24482.2022-04-15not yet calculatedCVE-2022-24540
N/A
microsoft -- windowsWindows Server Service Remote Code Execution Vulnerability.2022-04-15not yet calculatedCVE-2022-24541
N/A
microsoft -- windowsWindows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24474.2022-04-15not yet calculatedCVE-2022-24542
N/A
microsoft -- windowsWindows Upgrade Assistant Remote Code Execution Vulnerability.2022-04-15not yet calculatedCVE-2022-24543
N/A
microsoft -- windowsWindows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24486.2022-04-15not yet calculatedCVE-2022-24544
N/A
microsoft -- windowsWindows Kerberos Remote Code Execution Vulnerability.2022-04-15not yet calculatedCVE-2022-24545
N/A
microsoft -- windowsWindows DWM Core Library Elevation of Privilege Vulnerability.2022-04-15not yet calculatedCVE-2022-24546
N/A
microsoft -- windowsWindows Digital Media Receiver Elevation of Privilege Vulnerability.2022-04-15not yet calculatedCVE-2022-24547
N/A
microsoft -- windowsMicrosoft Defender Denial of Service Vulnerability.2022-04-15not yet calculatedCVE-2022-24548
N/A
microsoft -- windowsWindows AppX Package Manager Elevation of Privilege Vulnerability.2022-04-15not yet calculatedCVE-2022-24549
N/A
microsoft -- windowsWindows Telephony Server Elevation of Privilege Vulnerability.2022-04-15not yet calculatedCVE-2022-24550
N/A
microsoft -- got_for_windwsGit for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.2022-04-12not yet calculatedCVE-2022-24765
CONFIRM
MISC
MISC
MLIST
gitbub -- git_for_windows
 
GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.2022-04-12not yet calculatedCVE-2022-24767
N/A
ethereum -- vyper
 
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns `bytes` generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun. Users are advised to upgrade. There are no known workarounds for this issue.2022-04-13not yet calculatedCVE-2022-24788
MISC
CONFIRM
discourse -- discourse
 
Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user that is able to see the category. To workaround the problem, a site administrator can remove groups with restricted visibility from any category's permissions setting.2022-04-11not yet calculatedCVE-2022-24804
CONFIRM
MISC
grafana -- grafana_enterprise
 
Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructed, the consequent requests with any API Key evaluate to the same permissions as the previous requests. This can lead to an escalation of privileges, when for example a first request is made with Admin permissions, and the second request with different API Key is made with Viewer permissions, the second request will get the cached permissions from the previous Admin, essentially accessing higher privilege than it should. The vulnerability is only impacting Grafana Enterprise when the fine-grained access control beta feature is enabled and there are more than one API Keys in one organization with different roles assigned. All installations after Grafana Enterprise v8.1.0-beta1 should be upgraded as soon as possible. As an alternative, disable fine-grained access control will mitigate the vulnerability.2022-04-12not yet calculatedCVE-2022-24812
CONFIRM
MISC
MISC
jhipster -- jhipster
 
JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. SQL Injection vulnerability in entities for applications generated with the option "reactive with Spring WebFlux" enabled and an SQL database using r2dbc. Applications created without "reactive with Spring WebFlux" and applications with NoSQL databases are not affected. Users who have generated a microservice Gateway using the affected version may be impacted as Gateways are reactive by default. Currently, SQL injection is possible in the findAllBy(Pageable pageable, Criteria criteria) method of an entity repository class generated in these applications as the where clause using Criteria for queries are not sanitized and user input is passed on as it is by the criteria. This issue has been patched in v7.8.1. Users unable to upgrade should be careful when combining criterias and conditions as the root of the issue lies in the `EntityManager.java` class when creating the where clause via `Conditions.just(criteria.toString())`. `just` accepts the literal string provided. Criteria's `toString` method returns a plain string and this combination is vulnerable to sql injection as the string is not sanitized and will contain whatever used passed as input using any plain SQL.2022-04-11not yet calculatedCVE-2022-24815
MISC
MISC
CONFIRM
jai_ext -- jai_api
 
JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API. Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects the downstream GeoServer project. Version 1.2.22 will contain a patch that disables the ability to inject malicious code into the resulting script. Users unable to upgrade may negate the ability to compile Jiffle scripts from the final application, by removing janino-x.y.z.jar from the classpath.2022-04-13not yet calculatedCVE-2022-24816
CONFIRM
MISC
geotools -- geotools
 
GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case, the vulnerability can be triggered if the JNDI names are user-provided, but requires admin-level login to be triggered. The lookups are now restricted in GeoTools 26.4, GeoTools 25.6, and GeoTools 24.6. Users unable to upgrade should ensure that any downstream application should not allow usage of remotely provided JNDI strings.2022-04-13not yet calculatedCVE-2022-24818
CONFIRM
MISC
xwiki_platform -- xwiki
 
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem.2022-04-08not yet calculatedCVE-2022-24820
CONFIRM
MISC
discourse -- discourse
 
Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no known workarounds for this issue.2022-04-14not yet calculatedCVE-2022-24824
MISC
CONFIRM
elide -- elide
 
Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. When leveraging the following together: Elide Aggregation Data Store for Analytic Queries, Parameterized Columns (A column that requires a client provided parameter), and a parameterized column of type TEXT. There is the potential for a hacker to provide a carefully crafted query that would bypass server side authorization filters through SQL injection. A recent patch to Elide 6.1.2 allowed the '-' character to be included in parameterized TEXT columns. This character can be interpreted as SQL comments ('--') and allow the attacker to remove the WHERE clause from the generated query and bypass authorization filters. A fix is provided in Elide 6.1.4. The vulnerability only exists for parameterized columns of type TEXT and only for analytic queries (CRUD is not impacted). Workarounds include leveraging a different type of parameterized column (TIME, MONEY, etc) or not leveraging parameterized columns.2022-04-11not yet calculatedCVE-2022-24827
CONFIRM
MISC
MISC
composer -- composer
 
Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist.org for example where the composer.json's `readme` field can be used as a vector for injecting parameters into hg/Mercurial via the `$file` argument, or git via the `$identifier` argument if you allow arbitrary data there (Packagist does not, but maybe other integrators do). Composer itself should not be affected by the vulnerability as it does not call `getFileContent` with arbitrary data into `$file`/`$identifier`. To the best of our knowledge this was not abused, and the vulnerability has been patched on packagist.org and Private Packagist within a day of the vulnerability report.2022-04-13not yet calculatedCVE-2022-24828
MISC
CONFIRM
garden -- gardenGarden is an automation platform for Kubernetes development and testing. In versions prior to 0.12.39 multiple endpoints did not require authentication. In some operating modes this allows for an attacker to gain access to the application erroneously. The configuration is leaked through the /api endpoint on the local server that is responsible for serving the Garden dashboard. At the moment, this server is accessible to 0.0.0.0 which makes it accessible to anyone on the same network (or anyone on the internet if they are on a public, static IP). This may lead to the ability to compromise credentials, secrets or environment variables. Users are advised to upgrade to version 0.12.39 as soon as possible. Users unable to upgrade should use a firewall blocking access to port 9777 from all untrusted network machines.2022-04-11not yet calculatedCVE-2022-24829
CONFIRM
MISC
gocd -- gocdGoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not directly allow arbitrary LDAP data exfiltration, it can allow an existing LDAP-authenticated GoCD user with malicious intent to construct and execute malicious queries, allowing them to deduce facts about other users or entries within the LDAP database (e.g alternate fields, usernames, hashed passwords etc) through brute force mechanisms. This only affects users who have a working LDAP authorization configuration enabled on their GoCD server, and only is exploitable by users authenticating using such an LDAP configuration. This issue has been fixed in GoCD 22.1.0, which is bundled with gocd-ldap-authentication-plugin v2.2.0-144.2022-04-11not yet calculatedCVE-2022-24832
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
MISC
privatebin -- provatenbinPrivateBin is minimalist, open source online pastebin clone where the server has zero knowledge of pasted data. In PrivateBin < v1.4.0 a cross-site scripting (XSS) vulnerability was found. The vulnerability is present in all versions from v0.21 of the project, which was at the time still called ZeroBin. The issue is caused by the fact that SVGs can contain JavaScript. This can allow an attacker to execute code, if the user opens a paste with a specifically crafted SVG attachment, and interacts with the preview image and the instance isn't protected by an appropriate content security policy. Users are advised to either upgrade to version 1.4.0 or to ensure the content security policy of their instance is set correctly.2022-04-11not yet calculatedCVE-2022-24833
MISC
CONFIRM
nokogiri -- nokogiriNokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.2022-04-11not yet calculatedCVE-2022-24836
CONFIRM
MISC
hedgedoc -- hedgedocHedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes and affects all upload backends, except Lutim and imgur. This issue is patched in version 1.9.3 by replacing the filename generation with UUIDv4. If you cannot upgrade to HedgeDoc 1.9.3, it is possible to block POST requests to `/uploadimage`, which will disable future uploads.2022-04-11not yet calculatedCVE-2022-24837
CONFIRM
MISC
MISC
nextcloud -- nextcloud_calendarNextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the `RCPT TO:<BOOKING USER'S EMAIL> ` SMTP command and begin injecting arbitrary SMTP commands. It is recommended that Calendar is upgraded to 3.2.2. There are no workaround available.2022-04-11not yet calculatedCVE-2022-24838
MISC
CONFIRM
MISC
org.cyberneko.html -- org.cyberneko.htmlorg.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library `org.cyberneko.html` is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.2022-04-11not yet calculatedCVE-2022-24839
MISC
CONFIRM
minio -- minioMinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. A security issue was found where an non-admin user is able to create service accounts for root or other admin users and then is able to assume their access policies via the generated credentials. This in turn allows the user to escalate privilege to that of the root user. This vulnerability has been resolved in pull request #14729 and is included in `RELEASE.2022-04-12T06-55-35Z`. Users unable to upgrade may workaround this issue by explicitly adding a `admin:CreateServiceAccount` deny policy, however, this, in turn, denies the user the ability to create their own service accounts as well.2022-04-12not yet calculatedCVE-2022-24842
CONFIRM
MISC
MISC
gin_vue_admin -- gin_vue_admin
 
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin 2.50 has arbitrary file read vulnerability due to a lack of parameter validation. This has been resolved in version 2.5.1. There are no known workarounds for this issue.2022-04-13not yet calculatedCVE-2022-24843
MISC
CONFIRM
MISC
gin_vue_admin -- gin_vue_admin
 
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sys_auto_code_pgsql.go, which means that PostgreSQL must be used as the database for this vulnerability to occur. Users must: Require JWT login? and be using PostgreSQL to be affected. This issue has been resolved in version 2.5.1. There are no known workarounds.2022-04-13not yet calculatedCVE-2022-24844
MISC
CONFIRM
ethereum -- vyper
 
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of `<iface>.returns_int128()` is not validated to fall within the bounds of `int128`. This issue can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0, `<iface>.returns_int128()` is validated in simple expressions, but not complex expressions. Users are advised to upgrade. There is no known workaround for this issue.2022-04-13not yet calculatedCVE-2022-24845
CONFIRM
MISC
geowebcache -- geowebcacheGeoWebCache is a tile caching server implemented in Java. The GeoWebCache disk quota mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. While in GeoWebCache the JNDI strings are provided via local configuration file, in GeoServer a user interface is provided to perform the same, that can be accessed remotely, and requires admin-level login to be used. These lookup are unrestricted in scope and can lead to code execution. The lookups are going to be restricted in GeoWebCache 1.21.0, 1.20.2, 1.19.3.2022-04-14not yet calculatedCVE-2022-24846
CONFIRM
geoserver -- geoserver
 
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota mechanism. In order to perform any of the above changes, the attack needs to have obtained admin rights and use either the GeoServer GUI, or its REST API. The lookups are going to be restricted in GeoServer 2.21.0, 2.20.4, 1.19.6. Users unable to upgrade should restrict access to the `geoserver/web` and `geoserver/rest` via a firewall and ensure that the GeoWebCache is not remotely accessible.2022-04-13not yet calculatedCVE-2022-24847
CONFIRM
discord -- discatsharp
 
DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two `RequireDisCatSharpDeveloperAttribute`s or the `BaseDiscordClient.LibraryDeveloperTeam` have potentially had their bot token sent to a web server not affiliated with Discord. This server is owned and operated by DisCatSharp's development team. The tokens were not logged, yet it is still advisable to reset the tokens of potentially affected bots. 9.9.1 has been released to patch the issue for the current stable release and the current 10.0.0 prereleases are also no longer affected. Users unable to upgrade should remove all uses of the two `RequireDisCatSharpDeveloperAttribute`s and all direct calls to `BaseDiscordClient.LibraryDeveloperTeam`.2022-04-14not yet calculatedCVE-2022-24849
CONFIRM
discourse -- discourse
 
Discourse is an open source platform for community discussion. A category's group permissions settings can be viewed by anyone that has access to the category. As a result, a normal user is able to see whether a group has read/write permissions in the category even though the information should only be available to the users that can manage a category. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no workarounds for this problem.2022-04-14not yet calculatedCVE-2022-24850
CONFIRM
ldap_account_manager -- ldap_account_manager
 
LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS payloads in the profiles, which gets triggered when any other user try to access the edit profile page. The pdf editor tool has an edit pdf profile functionality, the logoFile parameter in it is not properly sanitized and an user can enter relative paths like ../../../../../../../../../../../../../usr/share/icons/hicolor/48x48/apps/gvim.png via tools like burpsuite. Later when a pdf is exported using the edited profile the pdf icon has the image on that path(if image is present). Both issues require an attacker to be able to login to LAM admin interface. The issue is fixed in version 7.9.1.2022-04-15not yet calculatedCVE-2022-24851
MISC
MISC
CONFIRM
metabase -- metabase
 
Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted request could result in file access on windows, which allows enabling an `NTLM relay attack`, potentially allowing an attacker to receive the system password hash. If you use Windows and are on this version of Metabase, please upgrade immediately. The following patches (or greater versions) are available: 0.42.4 and 1.42.4, 0.41.7 and 1.41.7, 0.40.8 and 1.40.8.2022-04-14not yet calculatedCVE-2022-24853
MISC
CONFIRM
metabase -- metabase
 
Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called `ATTACH DATABASE`, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, then it can attach this database to a second database, and then it can query across all the tables. To be able to do that the attacker also needs to know the file path to the second database. Users are advised to upgrade as soon as possible. If you're unable to upgrade, you can modify your SQLIte connection strings to contain the url argument `?limit_attached=0`, which will disallow making connections to other SQLite databases. Only users making use of SQLite are affected.2022-04-14not yet calculatedCVE-2022-24854
CONFIRM
MISC
metabase -- metabase
 
Metabase is an open source business intelligence and analytics application. In affected versions Metabase ships with an internal development endpoint `/_internal` that can allow for cross site scripting (XSS) attacks, potentially leading to phishing attempts with malicious links that could lead to account takeover. Users are advised to either upgrade immediately, or block access in your firewall to `/_internal` endpoints for Metabase. The following patches (or greater versions) are available: 0.42.4 and 1.42.4, 0.41.7 and 1.41.7, 0.40.8 and 1.40.8.2022-04-14not yet calculatedCVE-2022-24855
CONFIRM
MISC
django_mfa -- django_mfadjango-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication can be bypassed. Users are affected if they have activated both django-mfa3 (< 0.5.0) and django.contrib.admin and have not taken any other measures to prevent users from accessing the admin login view. The issue has been fixed in django-mfa3 0.5.0. It is possible to work around the issue by overwriting the admin login route, e.g. by adding the following URL definition *before* the admin routes: url('admin/login/', lambda request: redirect(settings.LOGIN_URL)2022-04-15not yet calculatedCVE-2022-24857
MISC
MISC
CONFIRM
amazon -- amazon_aws
 
An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service (running as SYSTEM) processing the file. Dangerous arguments can be injected by a low-level user such as log, which allows an arbitrary destination to be specified for writing log files. This leads to an arbitrary file write as SYSTEM with partial control over the files content. This can be abused to cause an elevation of privilege or denial of service.2022-04-14not yet calculatedCVE-2022-25165
MISC
MISC
amazon -- amazon_aws
 
An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters (such as auth-user-pass). When this file is imported and the client attempts to validate the file path, it performs an open operation on the path and leaks the user's Net-NTLMv2 hash to an external server. This could be exploited by having a user open a crafted malicious ovpn configuration file.2022-04-14not yet calculatedCVE-2022-25166
MISC
MISC
wordpress -- eroom_plugroomCross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.7 allows an attacker to Sync with Zoom Meetings.2022-04-11not yet calculatedCVE-2022-25614
CONFIRM
CONFIRM
wordpress -- eroom_plugroomCross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.8 allows cache deletion.2022-04-11not yet calculatedCVE-2022-25615
CONFIRM
CONFIRM
seimens -- simatic
 
A vulnerability has been identified in SIMATIC CFU DIQ (All versions), SIMATIC CFU PA (All versions), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.10), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX (All versions), SIMIT Simulation Platform (All versions). The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments.2022-04-12not yet calculatedCVE-2022-25622
CONFIRM
seimens -- mendix
 
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.27), Mendix Applications using Mendix 8 (All versions < V8.18.14), Mendix Applications using Mendix 9 (All versions < V9.12.0), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.3). When querying the database, it is possible to sort the results using a protected field. With this an authenticated attacker could extract information about the contents of a protected field.2022-04-12not yet calculatedCVE-2022-25650
CONFIRM
seimens -- scalanceA vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the HTTP headers of incoming requests. This could allow an unauthenticated remote attacker to crash affected devices.2022-04-12not yet calculatedCVE-2022-25751
CONFIRM
seimens -- scalance
 
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.2022-04-12not yet calculatedCVE-2022-25752
CONFIRM
seimens -- scalance
 
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The handling of arguments such as IP addresses in the CLI of affected devices is prone to buffer overflows. This could allow an authenticated remote attacker to execute arbitrary code on the device.2022-04-12not yet calculatedCVE-2022-25753
CONFIRM
seimens -- scalance
 
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request.2022-04-12not yet calculatedCVE-2022-25754
CONFIRM
seimens -- scalance
 
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances.2022-04-12not yet calculatedCVE-2022-25755
CONFIRM
seimens -- scalance
 
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. This can be used by an attacker to trigger a malicious request on the affected device.2022-04-12not yet calculatedCVE-2022-25756
CONFIRM
autodesk -- autocadA maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.2022-04-11not yet calculatedCVE-2022-25789
MISC
autodesk -- autocadA maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution.2022-04-11not yet calculatedCVE-2022-25790
MISC
autodesk -- autocadA Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files.2022-04-11not yet calculatedCVE-2022-25791
MISC
autodesk -- autocadA maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability can be exploited to execute arbitrary code.2022-04-11not yet calculatedCVE-2022-25792
MISC
autodesk -- fbx_reviewAn Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code “ABC” files or information disclosure. ABC files are created by the Flash compiler and contain executable code. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.2022-04-11not yet calculatedCVE-2022-25794
MISC
pdftron -- pdftron
 
A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code2022-04-13not yet calculatedCVE-2022-25795
MISC
autodesk -- navisworksA Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.2022-04-11not yet calculatedCVE-2022-25796
MISC
autodesk -- trueviewA Memory Corruption Vulnerability in Autodesk TrueView 2022 and 2021 may lead to remote code execution through maliciously crafted DWG files.2022-04-13not yet calculatedCVE-2022-25797
MISC
samsung -- s_secure
 
Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions.2022-04-11not yet calculatedCVE-2022-25831
MISC
samsung -- s_secureImproper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without authentication.2022-04-11not yet calculatedCVE-2022-25832
MISC
samsung -- imsserviceImproper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission.2022-04-11not yet calculatedCVE-2022-25833
MISC
centrum -- automation_design
 
Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions provided by AD server. This may lead to leakage or tampering of data managed by AD server.2022-04-15not yet calculatedCVE-2022-26034
MISC
MISC
samsung -- samsungcontacts
 
Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission.2022-04-11not yet calculatedCVE-2022-26090
MISC
samsung -- samsungcontactsImproper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that physical attackers can bypass Knox Manage using a function key of hardware keyboard.2022-04-11not yet calculatedCVE-2022-26091
MISC
samsung -- quram_agifImproper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution.2022-04-11not yet calculatedCVE-2022-26092
MISC
samsung -- google_and_samsungNull pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.2022-04-11not yet calculatedCVE-2022-26093
MISC
samsung -- google_and_samsungNull pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.2022-04-11not yet calculatedCVE-2022-26094
MISC
samsung -- google_and_samsungNull pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.2022-04-11not yet calculatedCVE-2022-26095
MISC
samsung -- google_and_samsungNull pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.2022-04-11not yet calculatedCVE-2022-26096
MISC
samsung -- google_and_samsungNull pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.2022-04-11not yet calculatedCVE-2022-26097
MISC
samsung -- google_and_samsungHeap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.2022-04-11not yet calculatedCVE-2022-26098
MISC
samsung -- google_and_samsungNull pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds read by remote attackers.2022-04-11not yet calculatedCVE-2022-26099
MISC
sap -- netweaver_enterprise_portalSAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.2022-04-12not yet calculatedCVE-2022-26105
MISC
MISC
sap -- 3d_visual_enterprise_viewerWhen a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.2022-04-12not yet calculatedCVE-2022-26106
MISC
MISC
sap -- 3d_visual_enterprise_viewerWhen a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.2022-04-12not yet calculatedCVE-2022-26107
MISC
MISC
sap -- 3d_visual_enterprise_viewerWhen a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.2022-04-12not yet calculatedCVE-2022-26108
MISC
MISC
sap -- 3d_visual_enterprise_viewer
 
When a user opens a manipulated Portable Document Format (.pdf, PDFView.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.2022-04-12not yet calculatedCVE-2022-26109
MISC
MISC
mantisbt -- plugin
 
An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code (if CSP allows it) in manage_plugin_page.php and manage_plugin_uninstall.php when a crafted plugin is installed.2022-04-13not yet calculatedCVE-2022-26144
MISC
citrix -- xenmobile
 
Citrix XenMobile Server 10.12 through RP11, 10.13 through RP6, and 10.14 through RP4 allows Command Injection.2022-04-13not yet calculatedCVE-2022-26151
MISC
MISC
seimens -- scalance
 
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.2022-04-12not yet calculatedCVE-2022-26334
CONFIRM
seimens -- scalance
 
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices.2022-04-12not yet calculatedCVE-2022-26335
CONFIRM
seimens -- scalance
 
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate if a certain SNMP key exists. An attacker could use this to trigger a reboot of an affected device by requesting specific SNMP information from the device.2022-04-12not yet calculatedCVE-2022-26380
CONFIRM
asterisk -- asterisk
 
An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.2022-04-15not yet calculatedCVE-2022-26498
MISC
MISC
MISC
asterisk -- asterisk
 
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2.2022-04-15not yet calculatedCVE-2022-26499
MISC
MISC
MISC
schneider_electric -- ecostruxure
 
** UNSUPPORTED WHEN ASSIGNED ** A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828, CVE-2021-21829, or CVE-2021-21830. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.2022-04-14not yet calculatedCVE-2022-26507
MISC
MISC
pluck_cms -- pluck_cms
 
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages.2022-04-13not yet calculatedCVE-2022-26589
MISC
MISC
liferay -- portal
 
Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form field's help text to (1) Forms module's form builder, or (2) App Builder module's object form view's form builder.2022-04-15not yet calculatedCVE-2022-26594
MISC
MISC
easyio -- cpt_graphics
 
An issue in EasyIO CPT Graphics v0.8 allows attackers to discover valid users in the application.2022-04-13not yet calculatedCVE-2022-26643
MISC
MISC
MISC
asterisk -- asterisk
 
An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.2022-04-15not yet calculatedCVE-2022-26651
MISC
MISC
MISC
zoho -- manageengine_remote_access_plusZoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator).2022-04-16not yet calculatedCVE-2022-26653
CONFIRM
zoho -- manageengine_remote_access_plusZoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details.2022-04-16not yet calculatedCVE-2022-26777
CONFIRM
microsoft -- windowsWindows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-24490, CVE-2022-24539, CVE-2022-26785.2022-04-15not yet calculatedCVE-2022-26783
N/A
microsoft -- windowsWindows Cluster Shared Volume (CSV) Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-24484, CVE-2022-24538.2022-04-15not yet calculatedCVE-2022-26784
N/A
microsoft -- windowsWindows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-24490, CVE-2022-24539, CVE-2022-26783.2022-04-15not yet calculatedCVE-2022-26785
N/A
microsoft -- windowsWindows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.2022-04-15not yet calculatedCVE-2022-26786
N/A
microsoft -- windowsWindows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.2022-04-15not yet calculatedCVE-2022-26787
N/A
microsoft -- powershell
 
PowerShell Elevation of Privilege Vulnerability.2022-04-15not yet calculatedCVE-2022-26788
N/A
microsoft -- windowsWindows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.2022-04-15not yet calculatedCVE-2022-26789
N/A
microsoft -- windowsWindows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.2022-04-15not yet calculatedCVE-2022-26790
N/A
microsoft -- windowsWindows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.2022-04-15not yet calculatedCVE-2022-26791
N/A
microsoft -- windowsWindows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.2022-04-15not yet calculatedCVE-2022-26792
N/A
microsoft -- windowsWindows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.2022-04-15not yet calculatedCVE-2022-26793
N/A
microsoft -- windowsWindows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.2022-04-15not yet calculatedCVE-2022-26794
N/A
microsoft -- windowsWindows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.2022-04-15not yet calculatedCVE-2022-26795
N/A
microsoft -- windowsWindows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.2022-04-15not yet calculatedCVE-2022-26796
N/A
microsoft -- windowsWindows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.2022-04-15not yet calculatedCVE-2022-26797
N/A
microsoft -- windowsWindows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.2022-04-15not yet calculatedCVE-2022-26798
N/A
microsoft -- windowsWindows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26802, CVE-2022-26803.2022-04-15not yet calculatedCVE-2022-26801
N/A
microsoft -- windowsWindows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26803.2022-04-15not yet calculatedCVE-2022-26802
N/A
microsoft -- windowsWindows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802.2022-04-15not yet calculatedCVE-2022-26803
N/A
microsoft -- windowsWindows Work Folder Service Elevation of Privilege Vulnerability.2022-04-15not yet calculatedCVE-2022-26807
N/A
microsoft -- windowsWindows File Explorer Elevation of Privilege Vulnerability.2022-04-15not yet calculatedCVE-2022-26808
N/A
microsoft -- windowsRemote Procedure Call Runtime Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24492, CVE-2022-24528.2022-04-15not yet calculatedCVE-2022-26809
N/A
microsoft -- windowsWindows File Server Resource Management Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26827.2022-04-15not yet calculatedCVE-2022-26810
N/A
microsoft -- windowsWindows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829.2022-04-15not yet calculatedCVE-2022-26811
N/A
microsoft -- windowsWindows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829.2022-04-15not yet calculatedCVE-2022-26812
N/A
microsoft -- windowsWindows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829.2022-04-15not yet calculatedCVE-2022-26813
N/A
microsoft -- windowsWindows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829.2022-04-15not yet calculatedCVE-2022-26814
N/A
microsoft -- windowsWindows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829.2022-04-15not yet calculatedCVE-2022-26815
N/A
microsoft -- windowsWindows DNS Server Information Disclosure Vulnerability.2022-04-15not yet calculatedCVE-2022-26816
N/A
microsoft -- windowsWindows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829.2022-04-15not yet calculatedCVE-2022-26817
N/A
microsoft -- windowsWindows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829.2022-04-15not yet calculatedCVE-2022-26818
N/A
microsoft -- windowsWindows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829.2022-04-15not yet calculatedCVE-2022-26819
N/A
microsoft -- windowsWindows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829.2022-04-15not yet calculatedCVE-2022-26820
N/A
microsoft -- windowsWindows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829.2022-04-15not yet calculatedCVE-2022-26821
N/A
microsoft -- windowsWindows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829.2022-04-15not yet calculatedCVE-2022-26822
N/A
microsoft -- windowsWindows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829.2022-04-15not yet calculatedCVE-2022-26823
N/A
microsoft -- windowsWindows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829.2022-04-15not yet calculatedCVE-2022-26824
N/A
microsoft -- windowsWindows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26826, CVE-2022-26829.2022-04-15not yet calculatedCVE-2022-26825
N/A
microsoft -- windowsWindows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26829.2022-04-15not yet calculatedCVE-2022-26826
N/A
microsoft -- windowsWindows File Server Resource Management Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26810.2022-04-15not yet calculatedCVE-2022-26827
N/A
microsoft -- windowsWindows Bluetooth Driver Elevation of Privilege Vulnerability.2022-04-15not yet calculatedCVE-2022-26828
N/A
microsoft -- windowsWindows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826.2022-04-15not yet calculatedCVE-2022-26829
N/A
microsoft -- windowsDiskUsage.exe Remote Code Execution Vulnerability.2022-04-15not yet calculatedCVE-2022-26830
N/A
microsoft -- windowsWindows LDAP Denial of Service Vulnerability.2022-04-15not yet calculatedCVE-2022-26831
N/A
microsoft -- windows.NET Framework Denial of Service Vulnerability.2022-04-15not yet calculatedCVE-2022-26832
N/A
microsoft -- windowsAzure Site Recovery Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-26897.2022-04-15not yet calculatedCVE-2022-26896
N/A
microsoft -- windowsAzure Site Recovery Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-26896.2022-04-15not yet calculatedCVE-2022-26897
N/A
microsoft -- windowsAzure Site Recovery Remote Code Execution Vulnerability.2022-04-15not yet calculatedCVE-2022-26898
N/A
microsoft -- windowsMicrosoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24473.2022-04-15not yet calculatedCVE-2022-26901
N/A
microsoft -- windowsWindows Graphics Component Remote Code Execution Vulnerability.2022-04-15not yet calculatedCVE-2022-26903
N/A
microsoft -- windowsWindows User Profile Service Elevation of Privilege Vulnerability.2022-04-15not yet calculatedCVE-2022-26904
N/A
microsoft -- windowsAzure SDK for .NET Information Disclosure Vulnerability.2022-04-15not yet calculatedCVE-2022-26907
N/A
microsoft -- skypeSkype for Business and Lync Spoofing Vulnerability.2022-04-15not yet calculatedCVE-2022-26910
N/A
microsoft -- skypeSkype for Business Information Disclosure Vulnerability.2022-04-15not yet calculatedCVE-2022-26911
N/A
microsoft -- windowsWin32k Elevation of Privilege Vulnerability.2022-04-15not yet calculatedCVE-2022-26914
N/A
microsoft -- windowsWindows Secure Channel Denial of Service Vulnerability.2022-04-15not yet calculatedCVE-2022-26915
N/A
microsoft -- windowsWindows Fax Compose Form Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26917, CVE-2022-26918.2022-04-15not yet calculatedCVE-2022-26916
N/A
microsoft -- windowsWindows Fax Compose Form Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26916, CVE-2022-26918.2022-04-15not yet calculatedCVE-2022-26917
N/A
microsoft -- windowsWindows Fax Compose Form Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26916, CVE-2022-26917.2022-04-15not yet calculatedCVE-2022-26918
N/A
microsoft -- windowsWindows LDAP Remote Code Execution Vulnerability.2022-04-15not yet calculatedCVE-2022-26919
N/A
microsoft -- windowsWindows Graphics Component Information Disclosure Vulnerability.2022-04-15not yet calculatedCVE-2022-26920
N/A
microsoft -- windowsVisual Studio Code Elevation of Privilege Vulnerability.2022-04-15not yet calculatedCVE-2022-26921
N/A
microsoft -- windowsYARP Denial of Service Vulnerability.2022-04-15not yet calculatedCVE-2022-26924
N/A
microsoft -- windowsnginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save().2022-04-14not yet calculatedCVE-2022-27007
MISC
MISC
microsoft -- windowsnginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array.2022-04-14not yet calculatedCVE-2022-27008
MISC
MISC
microsoft -- windowsYearning versions 2.3.1 and 2.3.2 Interstellar GA and 2.3.4 - 2.3.6 Neptune is vulnerable to Directory Traversal.2022-04-15not yet calculatedCVE-2022-27043
MISC
moxa -- mgateA vulnerability has been discovered in Moxa MGate which allows an attacker to perform a man-in-the-middle (MITM) attack on the device. This affects MGate MB3170 Series Firmware Version 4.2 or lower. and MGate MB3270 Series Firmware Version 4.2 or lower. and MGate MB3280 Series Firmware Version 4.1 or lower. and MGate MB3480 Series Firmware Version 3.2 or lower.2022-04-15not yet calculatedCVE-2022-27048
MISC
github -- ghostAn arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file.2022-04-12not yet calculatedCVE-2022-27139
MISC
github -- express_fileuploadAn arbitrary file upload vulnerability in the file upload module of Express-Fileupload v1.3.1 allows attackers to execute arbitrary code via a crafted PHP file.2022-04-12not yet calculatedCVE-2022-27140
MISC
pearweb -- pearwebpearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php.2022-04-15not yet calculatedCVE-2022-27157
MISC
pearweb -- pearwebpearweb < 1.32 suffers from Deserialization of Untrusted Data.2022-04-15not yet calculatedCVE-2022-27158
MISC
csz -- cmsCsz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers2022-04-12not yet calculatedCVE-2022-27161
MISC
csz -- cmsCSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser2022-04-12not yet calculatedCVE-2022-27162
MISC
csz -- cmsCSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser2022-04-12not yet calculatedCVE-2022-27163
MISC
csz -- cmsCSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers2022-04-12not yet calculatedCVE-2022-27164
MISC
csz -- cmsCSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus2022-04-12not yet calculatedCVE-2022-27165
MISC

yokogawa -- centum

OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder.2022-04-15not yet calculatedCVE-2022-27188
MISC
MISC
seimens -- simaticA vulnerability has been identified in SIMATIC PCS neo (Administration Console) (All versions < V3.1 SP1), SINETPLAN (All versions), TIA Portal (V15, V15.1, V16 and V17). The affected system cannot properly process specially crafted packets sent to port 8888/tcp. A remote attacker could exploit this vulnerability to cause a Denial-of-Service condition. The affected devices must be restarted manually.2022-04-12not yet calculatedCVE-2022-27194
CONFIRM
seimens -- mendix
 
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions), Mendix Applications using Mendix 8 (All versions), Mendix Applications using Mendix 9 (All versions < V9.11). Applications built with an affected system publicly expose the internal project structure. This could allow an unauthenticated remote attacker to read confidential information.2022-04-12not yet calculatedCVE-2022-27241
CONFIRM
hubzilla -- hubzilla
 
A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter.2022-04-13not yet calculatedCVE-2022-27256
MISC
MISC
MISC
hubzilla -- hubzilla
 
A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter.2022-04-15not yet calculatedCVE-2022-27257
MISC
MISC
hubzilla -- hubzilla
 
Multiple Cross-Site Scripting (XSS) vulnerabilities in Hubzilla 7.0.3 and earlier allows remote attacker to include arbitrary web script or HTML via the rpath parameter.2022-04-15not yet calculatedCVE-2022-27258
MISC
MISC
buttercms -- buttercms
 
An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file.2022-04-12not yet calculatedCVE-2022-27260
MISC
MISC
MISC
express -- express_fileuploadAn arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server.2022-04-12not yet calculatedCVE-2022-27261
MISC
MISC
skipper -- skipper
 
An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file.2022-04-12not yet calculatedCVE-2022-27262
MISC
MISC
strapi -- strapi
 
An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file.2022-04-12not yet calculatedCVE-2022-27263
MISC
MISC
inhand_networks -- inrouter_900_industrial_ 4g_routerInHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component get_cgi_from_memory. This vulnerability is triggered via a crafted packet.2022-04-10not yet calculatedCVE-2022-27268
MISC
MISC
inhand_networks -- inrouter_900_industrial_ 4g_routerInHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component config_ovpn. This vulnerability is triggered via a crafted packet.2022-04-10not yet calculatedCVE-2022-27269
MISC
MISC
inhand_networks -- inrouter_900_industrial_ 4g_routerInHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component ipsec_secrets. This vulnerability is triggered via a crafted packet.2022-04-10not yet calculatedCVE-2022-27270
MISC
MISC
inhand_networks -- inrouter_900_industrial_ 4g_routerInHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component python-lib. This vulnerability is triggered via a crafted packet.2022-04-10not yet calculatedCVE-2022-27271
MISC
MISC
inhand_networks -- inrouter_900_industrial_ 4g_router
 
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_1791C. This vulnerability is triggered via a crafted packet.2022-04-10not yet calculatedCVE-2022-27272
MISC
MISC
inhand_networks -- inrouter_900_industrial_ 4g_routerInHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12168. This vulnerability is triggered via a crafted packet.2022-04-10not yet calculatedCVE-2022-27273
MISC
MISC
inhand_networks -- inrouter_900_industrial_ 4g_router
 
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12028. This vulnerability is triggered via a crafted packet.2022-04-10not yet calculatedCVE-2022-27274
MISC
MISC
inhand_networks -- inrouter_900_industrial_ 4g_routerInHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_122D0. This vulnerability is triggered via a crafted packet.2022-04-10not yet calculatedCVE-2022-27275
MISC
MISC
inhand_networks -- inrouter_900_industrial_ 4g_routerInHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_10F2C. This vulnerability is triggered via a crafted packet.2022-04-10not yet calculatedCVE-2022-27276
MISC
MISC
inhand_networks -- inrouter_900_industrial_ 4g_routerInHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file deletion vulnerability via the function sub_17C08.2022-04-10not yet calculatedCVE-2022-27277
MISC
MISC
inhand_networks -- inrouter_900_industrial_ 4g_routerInHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file read via the function sub_177E0.2022-04-10not yet calculatedCVE-2022-27279
MISC
MISC
inhand_networks -- inrouter_900_industrial_ 4g_routerInHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the web_exec parameter at /apply.cgi.2022-04-10not yet calculatedCVE-2022-27280
MISC
d-link -- dir_619_ ax_ v1.00D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanNonLogin. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter.2022-04-10not yet calculatedCVE-2022-27286
MISC
MISC
d-link -- dir_619_ ax_ v1.00D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPPoE. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter.2022-04-10not yet calculatedCVE-2022-27287
MISC
MISC
d-link -- dir_619_ ax_ v1.00D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPTP. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter.2022-04-10not yet calculatedCVE-2022-27288
MISC
MISC
d-link -- dir_619_ ax_ v1.00D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanL2TP. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter.2022-04-10not yet calculatedCVE-2022-27289
MISC
MISC
d-link -- dir_619_ ax_ v1.00D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanDhcpplus. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter.2022-04-10not yet calculatedCVE-2022-27290
MISC
MISC
d-link -- dir_619_ ax_ v1.00D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formdumpeasysetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the config.save_network_enabled parameter.2022-04-10not yet calculatedCVE-2022-27291
MISC
MISC
d-link -- dir_619_ ax_ v1.00D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formLanguageChange. This vulnerability allows attackers to cause a Denial of Service (DoS) via the nextPage parameter.2022-04-10not yet calculatedCVE-2022-27292
MISC
MISC
d-link -- dir_619_ ax_ v1.00D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter.2022-04-10not yet calculatedCVE-2022-27293
MISC
MISC
d-link -- dir_619_ ax_ v1.00D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanWizardSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter.2022-04-10not yet calculatedCVE-2022-27294
MISC
MISC
d-link -- dir_619_ ax_ v1.00D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formAdvanceSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter.2022-04-10not yet calculatedCVE-2022-27295
MISC
MISC
cscms -- music_portal_systemCscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Dance.php_del.2022-04-15not yet calculatedCVE-2022-27365
MISC
cscms -- music_portal_systemCscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the component dance_Dance.php_hy.2022-04-15not yet calculatedCVE-2022-27366
MISC
cscms -- music_portal_systemCscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Topic.php_del.2022-04-15not yet calculatedCVE-2022-27367
MISC
cscms -- music_portal_systemCscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan.2022-04-15not yet calculatedCVE-2022-27368
MISC
cscms -- music_portal_systemCscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component news_News.php_hy.2022-04-15not yet calculatedCVE-2022-27369
MISC
mariadb -- mariadb_serverMariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.2022-04-12not yet calculatedCVE-2022-27376
MISC
mariadb -- mariadb_serverMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.2022-04-12not yet calculatedCVE-2022-27377
MISC
mariadb -- mariadb_serverAn issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.2022-04-12not yet calculatedCVE-2022-27378
MISC
mariadb -- mariadb_serverAn issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.2022-04-12not yet calculatedCVE-2022-27379
MISC
mariadb -- mariadb_serverAn issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.2022-04-12not yet calculatedCVE-2022-27380
MISC
mariadb -- mariadb_serverAn issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.2022-04-12not yet calculatedCVE-2022-27381
MISC
mariadb -- mariadb_serverMariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.2022-04-12not yet calculatedCVE-2022-27382
MISC
mariadb -- mariadb_serverMariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.2022-04-12not yet calculatedCVE-2022-27383
MISC
mariadb -- mariadb_serverAn issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.2022-04-12not yet calculatedCVE-2022-27384
MISC
mariadb -- mariadb_serverAn issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.2022-04-12not yet calculatedCVE-2022-27385
MISC
mariadb -- mariadb_serverMariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.2022-04-12not yet calculatedCVE-2022-27386
MISC
mariadb -- mariadb_serverMariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.2022-04-12not yet calculatedCVE-2022-27387
MISC
tcpreplay -- tcpreplayTcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free.2022-04-12not yet calculatedCVE-2022-27416
MISC
tcpreplay -- tcpreplayTcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c.2022-04-12not yet calculatedCVE-2022-27418
MISC
chamilo -- chamilo_lms
 
rtl_433 21.12 was discovered to contain a stack overflow in the function acurite_00275rm_decode at /devices/acurite.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.2022-04-12not yet calculatedCVE-2022-27419
MISC
chamilo -- chamilo_lmsChamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin.2022-04-15not yet calculatedCVE-2022-27421
MISC
chamilo -- chamilo_lmsA reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL.2022-04-15not yet calculatedCVE-2022-27422
MISC
chamilo -- chamilo_lmsChamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php.2022-04-15not yet calculatedCVE-2022-27423
MISC
chamilo -- chamilo_lmsChamilo LMS v1.11.13 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /blog/blog.php.2022-04-15not yet calculatedCVE-2022-27425
MISC
chamilo -- chamilo_lmsA Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file.2022-04-15not yet calculatedCVE-2022-27426
MISC
chamilo -- chamilo_lmsA zero-code remote code injection vulnerability via configuration.php in Chamilo LMS v1.11.13 allows attackers to upload arbitrary code in the form of a new plugin.2022-04-15not yet calculatedCVE-2022-27427
MISC
mariadb -- mariadb_serverMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.2022-04-14not yet calculatedCVE-2022-27444
MISC
mariadb -- mariadb_serverMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.2022-04-14not yet calculatedCVE-2022-27445
MISC
mariadb -- mariadb_serverMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.2022-04-14not yet calculatedCVE-2022-27446
MISC
mariadb -- mariadb_serverMariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.2022-04-14not yet calculatedCVE-2022-27447
MISC
mariadb -- mariadb_serverThere is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.2022-04-14not yet calculatedCVE-2022-27448
MISC
mariadb -- mariadb_serverMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.2022-04-14not yet calculatedCVE-2022-27449
MISC
mariadb -- mariadb_serverMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.2022-04-14not yet calculatedCVE-2022-27451
MISC
mariadb -- mariadb_serverMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.2022-04-14not yet calculatedCVE-2022-27452
MISC
mariadb -- mariadb_serverMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.2022-04-14not yet calculatedCVE-2022-27455
MISC
mariadb -- mariadb_serverMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.2022-04-14not yet calculatedCVE-2022-27456
MISC
mariadb -- mariadb_serverMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.2022-04-14not yet calculatedCVE-2022-27457
MISC
mariadb -- mariadb_serverMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.2022-04-14not yet calculatedCVE-2022-27458
MISC
roothub -- roothubSQL injection vulnerability in Topics Counting feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely.2022-04-12not yet calculatedCVE-2022-27472
MISC
MISC
roothub -- roothub
 
SQL injection vulnerability in Topics Searching feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely.2022-04-12not yet calculatedCVE-2022-27473
MISC
MISC
github -- mount4m
 
SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field.2022-04-15not yet calculatedCVE-2022-27474
MISC
MISC
tramyardg -- hotel_mgmt_system
 
Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded.2022-04-13not yet calculatedCVE-2022-27475
MISC
MISC
newbee_ltd -- newbee_mall
 
A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName parameter.2022-04-10not yet calculatedCVE-2022-27476
MISC
apache -- apache_superset
 
Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue.2022-04-13not yet calculatedCVE-2022-27479
CONFIRM
CONFIRM
MLIST
seimens -- sicam
 
A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files.2022-04-12not yet calculatedCVE-2022-27480
CONFIRM
FULLDISC
MISC
seimens -- scalanceA vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle resources of ARP requests. This could allow an attacker to cause a race condition that leads to a crash of the entire device.2022-04-12not yet calculatedCVE-2022-27481
CONFIRM
citrix -- storefrontCross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU92022-04-13not yet calculatedCVE-2022-27503
MISC
citrix -- sd_wanReflected cross site scripting (XSS)2022-04-13not yet calculatedCVE-2022-27505
MISC
citrix -- sd_wan_cliHard-coded credentials allow administrators to access the shell via the SD-WAN CLI2022-04-13not yet calculatedCVE-2022-27506
MISC
autodesk -- trueviewA buffer over-read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.2022-04-13not yet calculatedCVE-2022-27523
MISC
autodesk -- trueviewAn out-of-bounds read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.2022-04-13not yet calculatedCVE-2022-27524
MISC
autodesk -- navisworks
 
A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.2022-04-11not yet calculatedCVE-2022-27528
MISC
samsung -- google_and_samsungNull pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers.2022-04-11not yet calculatedCVE-2022-27567
MISC
samsung -- google_and_samsungHeap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.2022-04-11not yet calculatedCVE-2022-27568
MISC
samsung -- google_and_samsungHeap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.2022-04-11not yet calculatedCVE-2022-27569
MISC
samsung -- google_and_samsungHeap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.2022-04-11not yet calculatedCVE-2022-27570
MISC
samsung -- google_and_samsungHeap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.2022-04-11not yet calculatedCVE-2022-27571
MISC
samsung -- google_and_samsungHeap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.2022-04-11not yet calculatedCVE-2022-27572
MISC
samsung -- mobile
 
Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers.2022-04-11not yet calculatedCVE-2022-27573
MISC
samsung -- mobile
 
Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker.2022-04-11not yet calculatedCVE-2022-27574
MISC
samsung -- one_ui_home
 
Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission.2022-04-11not yet calculatedCVE-2022-27575
MISC
samsung -- dex_home
 
Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission2022-04-11not yet calculatedCVE-2022-27576
MISC
sick_ag -- msc800The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version.2022-04-11not yet calculatedCVE-2022-27577
MISC
sick_ag -- oeeAn attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its content.2022-04-11not yet calculatedCVE-2022-27578
MISC
sap -- 3d_visual
 
When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.2022-04-12not yet calculatedCVE-2022-27654
MISC
MISC
sap -- universal_3d
 
When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.2022-04-12not yet calculatedCVE-2022-27655
MISC
MISC
sap -- focused_run
 
A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) - version 1.0.2022-04-12not yet calculatedCVE-2022-27657
MISC
MISC
sap -- businessobjects_business_intelligence
 
Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.2022-04-12not yet calculatedCVE-2022-27667
MISC
MISC
sap -- xml_data_archiving_service
 
An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. This may result in an escalation of privileges.2022-04-12not yet calculatedCVE-2022-27669
MISC
MISC
sap -- sql
 
SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use indirect identifiers.2022-04-12not yet calculatedCVE-2022-27670
MISC
MISC
sap -- csrf
 
A CSRF token visible in the URL may possibly lead to information disclosure vulnerability.2022-04-12not yet calculatedCVE-2022-27671
MISC
MISC
swhkd -- swhkdSWHKD 1.1.5 allows arbitrary file-existence tests via the -c option.2022-04-14not yet calculatedCVE-2022-27814
MISC
MISC
swhkd -- swhkdSWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality.2022-04-14not yet calculatedCVE-2022-27817
MISC
MISC
samsung -- mobileImproper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file.2022-04-11not yet calculatedCVE-2022-27821
MISC
samsung -- mobileInformation exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission.2022-04-11not yet calculatedCVE-2022-27822
MISC
samsung -- libsapeextractorImproper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file.2022-04-11not yet calculatedCVE-2022-27823
MISC
samsung -- libsapeextractorImproper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file2022-04-11not yet calculatedCVE-2022-27824
MISC
samsung -- libsapeextractorImproper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file.2022-04-11not yet calculatedCVE-2022-27825
MISC
samsung -- semsuspenddialoginfoImproper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.2022-04-11not yet calculatedCVE-2022-27826
MISC
samsung -- mediamonitordimensionImproper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.2022-04-11not yet calculatedCVE-2022-27827
MISC
samsung -- mediamonitoreventImproper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.2022-04-11not yet calculatedCVE-2022-27828
MISC
samsung -- verifycredentialresponseImproper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.2022-04-11not yet calculatedCVE-2022-27829
MISC
samsung -- semblurinfoImproper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.2022-04-11not yet calculatedCVE-2022-27830
MISC
samsung -- libsapeextractorImproper boundary check in sflvd_rdbuf_bits of libsflvextractor prior to SMR Apr-2022 Release 1 allows attackers to read out of bounds memory.2022-04-11not yet calculatedCVE-2022-27831
MISC
samsung -- media_extractorImproper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file.2022-04-11not yet calculatedCVE-2022-27832
MISC
samsung -- dsp_driverImproper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow.2022-04-11not yet calculatedCVE-2022-27833
MISC
samsung -- dsp_contect_unload_graph
 
Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions.2022-04-11not yet calculatedCVE-2022-27834
MISC
samsung -- uwbImproper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write.2022-04-11not yet calculatedCVE-2022-27835
MISC
samsung -- storagemanagerImproper access control and path traversal vulnerability in StroageManager and StroageManagerService prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission.2022-04-11not yet calculatedCVE-2022-27836
MISC
samsung -- pendingintentA vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0) allows attacker to access the file with system privilege.2022-04-11not yet calculatedCVE-2022-27837
MISC
samsung -- factorycameraImproper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege.2022-04-11not yet calculatedCVE-2022-27838
MISC
samsung -- secret_modeImproper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials.2022-04-11not yet calculatedCVE-2022-27839
MISC
samsung -- samsung_recoveryImproper access control vulnerability in SamsungRecovery prior to version 8.1.43.0 allows local attckers to delete arbitrary files as SamsungRecovery permission.2022-04-11not yet calculatedCVE-2022-27840
MISC
samsung -- samsung_passImproper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication2022-04-11not yet calculatedCVE-2022-27841
MISC
samsung -- smart_switchDLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code.2022-04-11not yet calculatedCVE-2022-27842
MISC
samsung -- kiesDLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 allows attacker to execute abitrary code.2022-04-11not yet calculatedCVE-2022-27843
MISC
wordpress -- wpvividArbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress plugin) versions <= 0.9.702022-04-11not yet calculatedCVE-2022-27844
CONFIRM
CONFIRM
wordpress -- plausiblehq_plausible_analytics
 
Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) in PlausibleHQ Plausible Analytics (WordPress plugin) <= 1.2.22022-04-11not yet calculatedCVE-2022-27845
CONFIRM
CONFIRM
wordpress -- yooslider_yoo_sliderCross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to create or modify slider.2022-04-13not yet calculatedCVE-2022-27846
CONFIRM
CONFIRM
wordpress -- yooslider_yoo_sliderCross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to import templates.2022-04-13not yet calculatedCVE-2022-27847
CONFIRM
CONFIRM
wordpress -- modern_events_calendar_liteAuthenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 6.5.12022-04-14not yet calculatedCVE-2022-27848
CONFIRM
CONFIRM
wordpress -- simple_ajax_chat
 
Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 202201152022-04-15not yet calculatedCVE-2022-27849
CONFIRM
CONFIRM
wordpress -- simple_ajax_chatCross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message.2022-04-15not yet calculatedCVE-2022-27850
CONFIRM
CONFIRM
wordpress -- use_any_fontCross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker to deactivate the API key.2022-04-15not yet calculatedCVE-2022-27851
CONFIRM
CONFIRM
wordpress -- kb_supportMultiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities in KB Support (WordPress plugin) <= 1.5.52022-04-15not yet calculatedCVE-2022-27852
CONFIRM
CONFIRM
wordpress -- payloadcmsAn arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file.2022-04-12not yet calculatedCVE-2022-27952
MISC
MISC
github -- AtomCMS 2.0AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pages.php2022-04-12not yet calculatedCVE-2022-28032
MISC
github -- AtomCMS 2.0Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_uploads.php2022-04-12not yet calculatedCVE-2022-28033
MISC
github -- AtomCMS 2.0AtomCMS 2.0 is vulnerabie to SQL Injection via Atom.CMS_admin_ajax_list-sort.php2022-04-12not yet calculatedCVE-2022-28034
MISC
github -- AtomCMS 2.0Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_blur-save.php2022-04-12not yet calculatedCVE-2022-28035
MISC
github -- AtomCMS 2.0AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_navigation.php2022-04-12not yet calculatedCVE-2022-28036
MISC
github -- stb
 
stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.2022-04-15not yet calculatedCVE-2022-28041
MISC
MISC
githib -- stb
 
stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.2022-04-15not yet calculatedCVE-2022-28042
MISC
MISC
github -- stbIrzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control.2022-04-15not yet calculatedCVE-2022-28044
MISC
MISC
github -- stbSTB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac.2022-04-15not yet calculatedCVE-2022-28048
MISC
MISC
njs -- nginxNGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c.2022-04-15not yet calculatedCVE-2022-28049
MISC
MISC
roothub -- roothubDirectory Traversal vulnerability in file cn/roothub/store/FileSystemStorageService in function store in Roothub 2.6.0 allows remote attackers with low privlege to arbitrarily upload files via /common/upload API, which could lead to remote arbitrary code execution.2022-04-13not yet calculatedCVE-2022-28052
MISC
MISC
selenium -- selenium_grid
 
Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a malicious remote web server. The WebDriver endpoint of Selenium Server (Grid) is vulnerable to DNS rebinding. This can be used to execute arbitrary code on the machine.2022-04-15not yet calculatedCVE-2022-28109
MISC
MISC
MLIST
fantec_gmbh -- mwids_ds_firmware
 
An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write files and reset the user passwords without having a valid session cookie.2022-04-15not yet calculatedCVE-2022-28113
MISC
MISC
MISC
MISC
sap -- businessobject_business_intelligence_platform
 
When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS.2022-04-12not yet calculatedCVE-2022-28213
MISC
MISC
sap -- netweaver_abap_server_andabap_platform
 
SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.2022-04-12not yet calculatedCVE-2022-28215
MISC
MISC
sap -- businessobject_business_intelligence_platform
 
SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network. On successful exploitation, an attacker can access certain reports causing a limited impact on confidentiality of the application data.2022-04-12not yet calculatedCVE-2022-28216
MISC
MISC
seimens -- scalance
 
A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle malformed Multicast LLC frames. This could allow an attacker to trigger a denial of service condition.2022-04-12not yet calculatedCVE-2022-28328
CONFIRM
seimens -- scalance
 
A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle malformed TCP packets received over the RemoteCapture feature. This could allow an attacker to lead to a denial of service condition which only affects the port used by the RemoteCapture feature.2022-04-12not yet calculatedCVE-2022-28329
CONFIRM
signal_app -- ios
 
The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded URLs beginning with a non-breaking space, when there is a hash character in the URL. This technique allows a remote unauthenticated attacker to send legitimate looking links, appearing to be any website URL, by abusing the non-http/non-https automatic rendering of URLs. An attacker can spoof, for example, example.com, and masquerade any URL with a malicious destination. An attacker requires a subdomain such as gepj, txt, fdp, or xcod, which would appear backwards as jpeg, txt, pdf, and docx respectively.2022-04-15not yet calculatedCVE-2022-28345
MISC
MISC
MISC
django -- django
 
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.2022-04-12not yet calculatedCVE-2022-28346
MISC
MISC
MISC
MISC
MLIST
django -- django
 
A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.2022-04-12not yet calculatedCVE-2022-28347
MISC
MISC
MISC
MISC
apostrophe -- apostrophe_cms
 
Apostrophe v3.16.1 was discovered to contain a remote code execution (RCE) vulnerability via the component uploadfs.2022-04-12not yet calculatedCVE-2022-28396
MISC
ghost -- cms
 
An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file.2022-04-12not yet calculatedCVE-2022-28397
MISC
MISC
MISC
MISC
MISC
samsung -- samsung_update
 
Uncontrolled search path element vulnerability in Samsung Update prior to version 3.0.77.0 allows attackers to execute arbitrary code as Samsung Update permission.2022-04-11not yet calculatedCVE-2022-28541
MISC
samsung -- galaxy_store
 
Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission.2022-04-11not yet calculatedCVE-2022-28542
MISC
samsung -- flow
 
Path traversal vulnerability in Samsung Flow prior to version 4.8.07.4 allows local attackers to read arbitrary files as Samsung Flow permission.2022-04-11not yet calculatedCVE-2022-28543
MISC
samsung -- galaxy
 
Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy store.2022-04-11not yet calculatedCVE-2022-28544
MISC
siemens -- simcenter_femap
 
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15114)2022-04-12not yet calculatedCVE-2022-28661
CONFIRM
siemens -- simcenter_femap
 
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted .NEU files. This could allow an attacker to leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15307)2022-04-12not yet calculatedCVE-2022-28662
CONFIRM
siemens -- simcenter_femap
 
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15592)2022-04-12not yet calculatedCVE-2022-28663
CONFIRM
talosintelligence -- ardupilot_apweb_master_branch
 
A memory corruption vulnerability exists in the cgi.c unescape functionality of ArduPilot APWeb master branch 50b6b7ac - master branch 46177cb9. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.2022-04-14not yet calculatedCVE-2022-28711
MISC
sap -- sapui5_library
 
Due to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.2022-04-12not yet calculatedCVE-2022-28770
MISC
MISC
sap -- web_dispatcher
 
By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.2022-04-12not yet calculatedCVE-2022-28772
MISC
MISC
sap -- web_dispatcher
 
Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically.2022-04-12not yet calculatedCVE-2022-28773
MISC
MISC
samsung -- flow
 
Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission.2022-04-11not yet calculatedCVE-2022-28775
MISC
samsung -- galaxy
 
Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions.2022-04-11not yet calculatedCVE-2022-28776
MISC
samsung -- members
 
Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission.2022-04-11not yet calculatedCVE-2022-28777
MISC
samsung -- security_supporter
 
Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission2022-04-11not yet calculatedCVE-2022-28778
MISC
samsung -- 
android_usb_driver 
Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary code.2022-04-11not yet calculatedCVE-2022-28779
MISC
avira -- password_manager_browser_extensions
 
A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then access this information via JavaScript. The issue was fixed with the browser extensions version 2.18.5 for Chrome, MS Edge, Opera, Firefox, and Safari.2022-04-12not yet calculatedCVE-2022-28795
MISC
f-secure -- safe_browser
 
An Address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted malicious webpage/URL, user may be tricked for a short period of time (until the page loads) to think content may be coming from a valid domain, while the content comes from the attacker controlled site.2022-04-15not yet calculatedCVE-2022-28868
MISC
MISC
f-secure -- safe_browser
 
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the browser did not show full URL, such as port number.2022-04-15not yet calculatedCVE-2022-28869
MISC
MISC
f-secure -- safe_browser
 
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails.2022-04-15not yet calculatedCVE-2022-28870
MISC
MISC
wasm3 -- wasm3
 
Wasm3 0.5.0 has a heap-based buffer overflow in NewCodePage in m3_code.c (called indirectly from Compile_BranchTable in m3_compile.c).2022-04-16not yet calculatedCVE-2022-28966
MISC
forestblog -- forestblog
 
ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar.2022-04-16not yet calculatedCVE-2022-29020
MISC
jenkins -- credentials_pluginJenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.2022-04-12not yet calculatedCVE-2022-29036
CONFIRM
jenkins -- cvs_plugin
 
Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.2022-04-12not yet calculatedCVE-2022-29037
CONFIRM
jenkins -- extended_choice_parameter_plugin
 
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.2022-04-12not yet calculatedCVE-2022-29038
CONFIRM
jenkins -- gerrit_trigger_plugin
 
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.2022-04-12not yet calculatedCVE-2022-29039
CONFIRM
jenkins -- git_parameter
 
Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.2022-04-12not yet calculatedCVE-2022-29040
CONFIRM
jenkins -- jira_plugin
 
Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.2022-04-12not yet calculatedCVE-2022-29041
CONFIRM
jenkins -- job_generator_plugin
 
Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs' Build With Parameters views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.2022-04-12not yet calculatedCVE-2022-29042
CONFIRM
jenkins -- mask_passwords_plugin
 
Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.2022-04-12not yet calculatedCVE-2022-29043
CONFIRM
jenkins -- node_and_label_parameter_plugin
 
Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description of Node and Label parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.2022-04-12not yet calculatedCVE-2022-29044
CONFIRM
jenkins -- jenkins
 
Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.2022-04-12not yet calculatedCVE-2022-29045
CONFIRM
jenkins -- subversion_plugin
 
Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.2022-04-12not yet calculatedCVE-2022-29046
CONFIRM
jenkins -- pipeline
 
Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved library in their pull request, even if the Pipeline is configured to not trust them.2022-04-12not yet calculatedCVE-2022-29047
CONFIRM
jenkins -- subversion_plugin
 
A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL.2022-04-12not yet calculatedCVE-2022-29048
CONFIRM
jenkins -- jenkins
 
Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL, allowing attackers with Job/Configure permission to create a promotion with an unsafe name.2022-04-12not yet calculatedCVE-2022-29049
CONFIRM
jenkins -- publish_over_ftp_plugin
 
A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over FTP Plugin 1.16 and earlier allows attackers to connect to an FTP server using attacker-specified credentials.2022-04-12not yet calculatedCVE-2022-29050
CONFIRM
jenkins -- publish_over_ftp_plugin
 
Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and earlier allow attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials.2022-04-12not yet calculatedCVE-2022-29051
CONFIRM
jenkins -- google_compute_engine_plugin
 
Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.2022-04-12not yet calculatedCVE-2022-29052
CONFIRM
microsoft -- windows
 
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process,2022-04-15not yet calculatedCVE-2022-29072
MISC
MISC
MISC
npm -- npm
 
The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value.2022-04-12not yet calculatedCVE-2022-29080
MISC
MISC
linux -- linux_kernel
 
drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release.2022-04-13not yet calculatedCVE-2022-29156
MISC
MISC
bitrix -- bitrix
 
Bitrix through 7.5.0 allows remote attackers to execute arbitrary code by using the restore.php Upload From Local Disk feature.2022-04-15not yet calculatedCVE-2022-29268
MISC
notable -- notable_insiders
 
Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an SMB relay attack, because the application resolves UNC paths).2022-04-15not yet calculatedCVE-2022-29281
MISC
MISC
kentico -- kentico_cms
 
Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights (default is Administrator) to export the user options of any user, even ones with higher privileges (like Global Administrators) than the current user. The exported XML contains every option of the exported user (even the hashed password).2022-04-16not yet calculatedCVE-2022-29287
MISC
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.