Original release date: July 11, 2022 | Last revised: July 12, 2022
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
gitlab — gitlab | A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where it was possible for an unauthorised user to execute arbitrary code on the server using the project import feature. | 2022-07-01 | 7.5 | CVE-2022-2185 CONFIRM MISC MISC |
hospital_management_system_project — hospital_management_system | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php. | 2022-07-01 | 7.5 | CVE-2022-32093 MISC |
hospital_management_system_project — hospital_management_system | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php. | 2022-07-01 | 7.5 | CVE-2022-32094 MISC |
hospital_management_system_project — hospital_management_system | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php. | 2022-07-01 | 7.5 | CVE-2022-32095 MISC |
tenda — ax1806_firmware | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule. | 2022-07-01 | 10 | CVE-2022-32032 MISC |
tenda — ax1806_firmware | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand. | 2022-07-01 | 7.8 | CVE-2022-32030 MISC |
tenda — ax1806_firmware | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetRouteStatic. | 2022-07-01 | 7.8 | CVE-2022-32031 MISC |
tenda — ax1806_firmware | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the function formSetVirtualSer. | 2022-07-01 | 7.8 | CVE-2022-32033 MISC |
tendacn — m3_firmware | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist. | 2022-07-01 | 7.8 | CVE-2022-32034 MISC |
tendacn — m3_firmware | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng. | 2022-07-01 | 7.8 | CVE-2022-32035 MISC |
tendacn — m3_firmware | Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters in the function formSetStoreWeb. | 2022-07-01 | 7.8 | CVE-2022-32036 MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
college_management_system_project — college_management_system | College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file. | 2022-07-01 | 6.8 | CVE-2022-32420 MISC |
gitlab — gitlab | Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP address restrictions were configured. | 2022-07-01 | 4 | CVE-2022-1983 MISC CONFIRM |
ibm — infosphere_information_server | An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system that may contain non-sensitive debugging information like stack traces. IBM X-Force ID: 221323. | 2022-07-01 | 5.5 | CVE-2022-22373 XF CONFIRM |
libmobi_project — libmobi | NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11. | 2022-07-01 | 4.3 | CVE-2022-2279 CONFIRM MISC |
vim — vim | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | 2022-07-01 | 6.8 | CVE-2022-2264 MISC CONFIRM |
vim — vim | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | 2022-07-02 | 6.8 | CVE-2022-2284 CONFIRM MISC |
vim — vim | Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. | 2022-07-02 | 6.8 | CVE-2022-2285 MISC CONFIRM |
vim — vim | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | 2022-07-02 | 6.8 | CVE-2022-2286 CONFIRM MISC |
vim — vim | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | 2022-07-02 | 5.8 | CVE-2022-2287 MISC CONFIRM |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
gitlab — gitlab | Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions | 2022-07-01 | 3.5 | CVE-2022-2227 MISC MISC CONFIRM |
ibm — urbancode_deploy | IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106. | 2022-07-01 | 2.1 | CVE-2022-22366 CONFIRM XF |
ibm — urbancode_deploy | IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008. | 2022-07-01 | 2.1 | CVE-2022-22367 CONFIRM XF |
microweber — microweber | Cross-site Scripting (XSS) – Stored in GitHub repository microweber/microweber prior to 1.2.19. | 2022-07-01 | 3.5 | CVE-2022-2280 MISC CONFIRM |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adminlte — adminlte |
AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like `<script>alert(“XSS”)</script>` in the field marked with “Domain to look for” and hitting <kbd>enter</kbd> (or clicking on any of the buttons) will execute the script. The user must be logged in to use this vulnerability. Usually only administrators have login access to pi-hole, minimizing the risks. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-07-07 | not yet calculated | CVE-2022-31029 CONFIRM MISC |
agilepoint — agilepoint_nx |
Editable SQL Queries behind Base64 encoding sending from the Client-Side to The Server-Side for a particular API used in legacy Work Center module. The attack is available for any authenticated user, in any kind of rule. under the function : /AgilePointServer/Extension/FetchUsingEncodedData in the parameter: EncodedData | 2022-07-06 | not yet calculated | CVE-2022-30619 MISC |
akashi — akashi |
Akashi is an open source server implementation of the Attorney Online video game based on the Ace Attorney universe. Affected versions of Akashi are subject to a denial of service attack. An attacker can use a specially crafted evidence packet to make an illegal modification, causing a server crash. This can be used to mount a denial-of-service exploit. Users are advised to upgrade. There is no known workaround for this issue. | 2022-07-07 | not yet calculated | CVE-2022-31135 CONFIRM MISC |
apache — commons_configuration |
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is “${prefix:name}”, where “prefix” is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: – “script” – execute expressions using the JVM script execution engine (javax.script) – “dns” – resolve dns records – “url” – load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default. | 2022-07-06 | not yet calculated | CVE-2022-33980 CONFIRM |
apache — druid | In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header. | 2022-07-07 | not yet calculated | CVE-2022-28889 MISC |
apache — druid |
In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks. | 2022-07-07 | not yet calculated | CVE-2021-44791 MISC |
apache — superset |
Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics. | 2022-07-06 | not yet calculated | CVE-2021-37839 MISC |
asus — rt-a88u |
ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device. | 2022-07-05 | not yet calculated | CVE-2021-43702 MISC MISC |
atlassian — jira | The Appfire Jira Misc Custom Fields (JMCF) app 2.4.6 for Atlassian Jira allows XSS via a crafted project name to the Add Auto Indexing Rule function. | 2022-07-07 | not yet calculated | CVE-2022-32567 MISC MISC |
atoms183_cms — atoms183_cms |
SQL Injection vulnerability in product_admin.php in atoms183 CMS 1.0, allows attackers to execute arbitrary commands via the Name, Fname, and ID parameters to search.php. | 2022-07-07 | not yet calculated | CVE-2021-35283 MISC |
beego — beego | The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk. | 2022-07-05 | not yet calculated | CVE-2022-31836 MISC |
bookwyrm — bookwyrm |
Bookwyrm is an open source social reading and reviewing program. Versions of Bookwyrm prior to 0.4.1 did not properly sanitize html being rendered to users. Unprivileged users are able to inject scripts into user profiles, book descriptions, and statuses. These vulnerabilities may be exploited as cross site scripting attacks on users viewing these fields. Users are advised to upgrade to version 0.4.1. There are no known workarounds for this issue. | 2022-07-07 | not yet calculated | CVE-2022-31136 CONFIRM MISC |
burp_suite — burp_suite | A URL disclosure issue was discovered in Burp Suite before 2022.6. If a user views a crafted response in the Repeater or Intruder, it may be incorrectly interpreted as a redirect. | 2022-07-08 | not yet calculated | CVE-2022-35406 MISC |
check_point — endpoint | Check Point Endpoint before version E86.50 failed to protect against specific registry change which allowed to disable endpoint protection by a local administrator. | 2022-07-07 | not yet calculated | CVE-2022-23744 MISC |
cisco — expressway_series_and_telepresence_video_communication_server |
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-07-06 | not yet calculated | CVE-2022-20813 CISCO |
cisco — expressway_series_and_telepresence_video_communication_server |
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory. | 2022-07-06 | not yet calculated | CVE-2022-20812 CISCO |
cisco — smart_software_manager_onprem |
A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect handling of multiple simultaneous device registrations on Cisco SSM On-Prem. An attacker could exploit this vulnerability by sending multiple device registration requests to Cisco SSM On-Prem. A successful exploit could allow the attacker to cause a DoS condition on an affected device. | 2022-07-06 | not yet calculated | CVE-2022-20808 CISCO |
cisco — telepresence_collaboration_endpoint_and_roomos |
A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the RoomOS Cloud, an attacker would need valid Administrator-level credentials. | 2022-07-06 | not yet calculated | CVE-2022-20768 CISCO |
cisco — unified_communications_manager_and_unity_connection |
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sensitive system password. | 2022-07-06 | not yet calculated | CVE-2022-20752 CISCO |
cisco — unified_communications_manager |
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the operating system. | 2022-07-06 | not yet calculated | CVE-2022-20862 CISCO |
cisco — unified_communications_manager_and_unified_communications_manager_im_and_presence_service | A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM and Presence Service (Unified CM IM and P) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the API to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability. | 2022-07-06 | not yet calculated | CVE-2022-20791 CISCO |
cisco — unified_communications_manager_and_unified_communications_manager_im_and_presence_service |
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. | 2022-07-06 | not yet calculated | CVE-2022-20815 CISCO |
cisco — unified_communications_manager_and_unified_communications_manager_im_and_presence_service |
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. | 2022-07-06 | not yet calculated | CVE-2022-20800 CISCO |
cisco — unified_communications_manager_and_unified_communications_manager_im_and_presence_service |
A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to. | 2022-07-06 | not yet calculated | CVE-2022-20859 CISCO |
codoforum — codoforum | Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel. | 2022-07-07 | not yet calculated | CVE-2022-31854 MISC MISC |
curl — curl | When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. | 2022-07-07 | not yet calculated | CVE-2022-32208 MISC |
curl — curl | When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. | 2022-07-07 | not yet calculated | CVE-2022-32207 MISC |
curl — curl | curl < 7.84.0 supports “chained” HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable “links” in this “decompression chain” was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a “malloc bomb”, makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. | 2022-07-07 | not yet calculated | CVE-2022-32206 MISC |
curl — curl | A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven’t expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a “sister server” to effectively cause a denial of service for a sibling site on the same second level domain using this method. | 2022-07-07 | not yet calculated | CVE-2022-32205 MISC |
cybozu — garoon | Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin. | 2022-07-04 | not yet calculated | CVE-2022-29471 MISC MISC |
cybozu — garoon | Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS). | 2022-07-04 | not yet calculated | CVE-2022-29892 MISC MISC |
cybozu — garoon | Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product. | 2022-07-04 | not yet calculated | CVE-2022-28713 MISC MISC |
cybozu — garoon | Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script. | 2022-07-04 | not yet calculated | CVE-2022-29513 MISC MISC |
cybozu — garoon | Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space. | 2022-07-04 | not yet calculated | CVE-2022-29484 MISC MISC |
cybozu — garoon | Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address. | 2022-07-04 | not yet calculated | CVE-2022-29467 MISC MISC |
cybozu — garoon | Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin. | 2022-07-04 | not yet calculated | CVE-2022-28718 MISC MISC |
cybozu — garoon | Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link. | 2022-07-04 | not yet calculated | CVE-2022-26054 MISC MISC |
cybozu — garoon | Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler. | 2022-07-04 | not yet calculated | CVE-2022-28692 MISC MISC |
cybozu — garoon | Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow. | 2022-07-04 | not yet calculated | CVE-2022-27661 MISC MISC |
cybozu — garoon | Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories. | 2022-07-04 | not yet calculated | CVE-2022-27807 MISC MISC |
cybozu — garoon | Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal. | 2022-07-04 | not yet calculated | CVE-2022-26051 MISC MISC |
cybozu — garoon | Cross-site scripting vulnerability in Organization’s Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user’s web browser. | 2022-07-04 | not yet calculated | CVE-2022-27627 MISC MISC |
cybozu — garoon | Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space. | 2022-07-04 | not yet calculated | CVE-2022-27803 MISC MISC |
cybozu — garoon | Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet. | 2022-07-04 | not yet calculated | CVE-2022-26368 MISC MISC |
dell — cloud_mobility_for_dell_emc_storage |
Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a critical issue; so Dell recommends customers to upgrade at the earliest opportunity. | 2022-07-07 | not yet calculated | CVE-2022-33936 CONFIRM |
dell — powerprotect_cyber_recovery | Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user can chain docker commands to escalate privileges to root leading to complete system takeover. | 2022-07-07 | not yet calculated | CVE-2022-32481 CONFIRM |
devolutions — devolutions_server | HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site. | 2022-07-06 | not yet calculated | CVE-2022-2316 MISC |
devolutions — devolutions_server | Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user. | 2022-07-07 | not yet calculated | CVE-2022-33996 MISC MISC |
dice — dice | An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file. | 2022-07-05 | not yet calculated | CVE-2022-32413 MISC |
digital_guardian_agent — digital_guardian_agent |
Digital Guardian Agent 7.7.4.0042 allows an administrator (who ordinarily does not have a supported way to uninstall the product) to disable some of the agent functionality and then exfiltrate files to an external USB device. | 2022-07-08 | not yet calculated | CVE-2022-35412 MISC MISC |
django — django |
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. | 2022-07-04 | not yet calculated | CVE-2022-34265 CONFIRM MISC MISC |
eclipse — eclipse_jetty |
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario. | 2022-07-07 | not yet calculated | CVE-2022-2047 CONFIRM |
eclipse — eclipse_jetty |
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. | 2022-07-07 | not yet calculated | CVE-2022-2048 CONFIRM |
eclipse — eclipse_lyo |
In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. This allows an attacker to cause an external DTD to be retrieved. | 2022-07-07 | not yet calculated | CVE-2021-41042 CONFIRM |
eclipse — eclipse_p2 |
In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the local machine via touchpoints during installation. Those touchpoints can, for example, alter the command-line used to start the application, injecting things like agent or other settings that usually require particular attention in term of security. Although p2 has built-in strategies to ensure artifacts are signed and then to help establish trust, there is no such strategy for the metadata part that does configure such touchpoints. As a result, it’s possible to install a unit that will run malicious code during installation without user receiving any warning about this installation step being risky when coming from untrusted source. | 2022-07-08 | not yet calculated | CVE-2021-41037 CONFIRM |
eclipse — jetty |
In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths. | 2022-07-07 | not yet calculated | CVE-2022-2191 CONFIRM |
eidogo — eidogo |
EidoGo is susceptible to Cross-Site Scripting (XSS) attacks via maliciously crafted SGF input. | 2022-07-06 | not yet calculated | CVE-2015-3172 MISC MISC |
elastic — endpoint_security_for_windows | A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | 2022-07-06 | not yet calculated | CVE-2022-23714 MISC MISC |
elastic — kibana | A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser. | 2022-07-06 | not yet calculated | CVE-2022-23713 MISC MISC |
eqs_group — eqs_integrity_line |
EQS Integrity Line through 2022-07-01 allows a stored XSS via a crafted whistleblower entry. | 2022-07-07 | not yet calculated | CVE-2022-34007 MISC MISC MISC MISC MISC |
gallagher — command_centre |
Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions. | 2022-07-06 | not yet calculated | CVE-2022-26348 MISC |
gallagher — controller_6000 |
Gallagher Controller 6000 is vulnerable to a Denial of Service attack via conflicting ARP packets with a duplicate IP address. This issue affects: Gallagher Gallagher Controller 6000 vCR8.60 versions prior to 220303a; vCR8.50 versions prior to 220303a; vCR8.40 versions prior to 220303a; vCR8.30 versions prior to 220303a. | 2022-07-06 | not yet calculated | CVE-2022-26078 MISC |
gfi_software — mail_archiver |
File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317. | 2022-07-07 | not yet calculated | CVE-2021-29281 MISC MISC MISC MISC MISC |
giftpd — giftpd |
An issue was discovered in glFTPd 2.11a that allows remote attackers to cause a denial of service via exceeding the connection limit. | 2022-07-07 | not yet calculated | CVE-2021-31645 MISC MISC |
gitlab — gitlab_ee |
An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains, that allow-list may be bypassed if a Maintainer uses the ‘Invite a group’ feature to invite a group that has members that don’t comply with domain allow-list. | 2022-07-01 | not yet calculated | CVE-2022-1981 MISC MISC CONFIRM |
gnu — grub2 |
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | 2022-07-06 | not yet calculated | CVE-2021-3697 MISC |
gnu — grub2 |
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. | 2022-07-06 | not yet calculated | CVE-2021-3695 MISC |
gnu — grub2 |
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it’s very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | 2022-07-06 | not yet calculated | CVE-2021-3696 MISC |
gnupg — gnupg |
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim’s keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. | 2022-07-01 | not yet calculated | CVE-2022-34903 MISC MISC MISC MLIST DEBIAN FEDORA |
google — android | In Autoboot, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06713894; Issue ID: ALPS06713894. | 2022-07-06 | not yet calculated | CVE-2022-21777 MISC |
google — android | In TEEI driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641388; Issue ID: ALPS06641388. | 2022-07-06 | not yet calculated | CVE-2022-21773 MISC |
google — android | In TEEI driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641447; Issue ID: ALPS06641447. | 2022-07-06 | not yet calculated | CVE-2022-21774 MISC |
google — android | In sched driver, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479032; Issue ID: ALPS06479032. | 2022-07-06 | not yet calculated | CVE-2022-21775 MISC |
google — android | In MDP, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06545450; Issue ID: ALPS06545450. | 2022-07-06 | not yet calculated | CVE-2022-21776 MISC |
google — android | In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704462. | 2022-07-06 | not yet calculated | CVE-2022-21784 MISC |
google — android | In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704393. | 2022-07-06 | not yet calculated | CVE-2022-21779 MISC |
google — android | In CCCI, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641673; Issue ID: ALPS06641687. | 2022-07-06 | not yet calculated | CVE-2022-21769 MISC |
google — android | In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06807363; Issue ID: ALPS06807363. | 2022-07-06 | not yet calculated | CVE-2022-21785 MISC |
google — android | In audio DSP, there is a possible memory corruption due to improper casting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558822; Issue ID: ALPS06558822. | 2022-07-06 | not yet calculated | CVE-2022-21786 MISC |
google — android | In audio DSP, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558844; Issue ID: ALPS06558844. | 2022-07-06 | not yet calculated | CVE-2022-21787 MISC |
google — android | In CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641673; Issue ID: ALPS06641673. | 2022-07-06 | not yet calculated | CVE-2022-21765 MISC |
google — android |
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704508. | 2022-07-06 | not yet calculated | CVE-2022-21782 MISC |
google — android |
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704526. | 2022-07-06 | not yet calculated | CVE-2022-21780 MISC |
google — android |
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704433. | 2022-07-06 | not yet calculated | CVE-2022-21781 MISC |
google — android |
In TEEI driver, there is a possible type confusion due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06493842; Issue ID: ALPS06493842. | 2022-07-06 | not yet calculated | CVE-2022-21772 MISC |
google — android |
In GED driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641585; Issue ID: ALPS06641585. | 2022-07-06 | not yet calculated | CVE-2022-21771 MISC |
google — android |
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784351; Issue ID: ALPS06784351. | 2022-07-06 | not yet calculated | CVE-2022-21768 MISC |
google — android |
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704482. | 2022-07-06 | not yet calculated | CVE-2022-21783 MISC |
google — android |
In CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641673; Issue ID: ALPS06641653. | 2022-07-06 | not yet calculated | CVE-2022-21766 MISC |
google — android |
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784430; Issue ID: ALPS06784430. | 2022-07-06 | not yet calculated | CVE-2022-21767 MISC |
google — android |
In telecom service, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07044717; Issue ID: ALPS07044708. | 2022-07-06 | not yet calculated | CVE-2022-21763 MISC |
google — android |
In sound driver, there is a possible information disclosure due to symlink following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558663; Issue ID: ALPS06558663. | 2022-07-06 | not yet calculated | CVE-2022-21770 MISC |
google — android |
In telecom service, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07044717; Issue ID: ALPS07044717. | 2022-07-06 | not yet calculated | CVE-2022-21764 MISC |
google — google_login_plugin |
The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification. | 2022-07-07 | not yet calculated | CVE-2015-5298 MISC MISC |
gpu — gpu |
In GPU, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07044730; Issue ID: ALPS07044730. | 2022-07-06 | not yet calculated | CVE-2022-20082 MISC |
hcl_technologies — hcl_launch | HCL Launch stores user credentials in plain clear text which can be read by a local user. | 2022-07-06 | not yet calculated | CVE-2022-27548 MISC |
hcl_technologies — hcl_launch | HCL Launch may store certain data for recurring activities in a plain text format. | 2022-07-06 | not yet calculated | CVE-2022-27549 MISC |
heroic_labs — nakama |
Old session tokens can be used to authenticate to the application and send authenticated requests. | 2022-07-05 | not yet calculated | CVE-2022-2306 MISC CONFIRM |
heroiclabs — nakama | Improper Restriction of Excessive Authentication Attempts in GitHub repository heroiclabs/nakama prior to 3.13.0. This results in login brute-force attacks. | 2022-07-05 | not yet calculated | CVE-2022-2321 CONFIRM MISC |
hewlett_packard_enterprise — flexnetwork_and_flexfabric |
A potential security vulnerability has been identified in certain HPE FlexNetwork and FlexFabric switch products. The vulnerability could be remotely exploited to allow cross site scripting (XSS). HPE has made the following software updates to resolve the vulnerability. HPE FlexNetwork 5130EL_7.10.R3507P02 and HPE FlexFabric 5945_7.10.R6635. | 2022-07-08 | not yet calculated | CVE-2022-28624 MISC |
hewlett_packard_enterprise — icewall_sso |
Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL and HPE IceWall SSO version 10.0 certd library Patch 9 for HP-UX. | 2022-07-08 | not yet calculated | CVE-2022-28623 MISC |
hex-rays — hex-rays-ida-pro |
A memory corruption in Hex Rays Ida Pro v6.6 allows attackers to cause a Denial of Service (DoS) via a crafted file. Related to Data from Faulting Address controls subsequent Write Address starting at msvcrt!memcpy+0x0000000000000056. | 2022-07-07 | not yet calculated | CVE-2022-32441 MISC |
hpjansson — chafa | Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3. | 2022-07-04 | not yet calculated | CVE-2022-2301 MISC CONFIRM |
humhub — humhub |
HumHub is an Open Source Enterprise Social Network. Affected versions of HumHub are vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, the attacker would need a permission to administer the Spaces feature. The names of individual “spaces” are not properly escaped and so an attacker with sufficient privilege could insert malicious javascript into a space name and exploit system users who visit that space. It is recommended that the HumHub is upgraded to 1.11.4, 1.10.5. There are no known workarounds for this issue. | 2022-07-07 | not yet calculated | CVE-2022-31133 MISC MISC MISC CONFIRM |
ibm — app_connect_enterprise_certified_container | IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221. | 2022-07-05 | not yet calculated | CVE-2022-31770 CONFIRM XF |
ibm — cics_tx_standard_and_advanced | IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site. IBM X-Force ID: 229330. | 2022-07-08 | not yet calculated | CVE-2022-34160 CONFIRM CONFIRM XF |
ibm — cics_tx_standard_and_advanced | IBM CICS TX Standard and Advanced 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229430. | 2022-07-08 | not yet calculated | CVE-2022-34166 CONFIRM XF CONFIRM |
ibm — cics_tx_standard_and_advanced | IBM CICS TX Standard and Advanced 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229432. | 2022-07-08 | not yet calculated | CVE-2022-34167 CONFIRM XF CONFIRM |
ibm — cics_tx_standard_and_advanced | IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229435. | 2022-07-08 | not yet calculated | CVE-2022-34306 XF CONFIRM CONFIRM |
ibm — security_access_manager_appliance |
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions. IBM X-Force ID: 225082. | 2022-07-08 | not yet calculated | CVE-2022-22465 CONFIRM XF |
ibm — security_access_manager_appliance |
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081. | 2022-07-08 | not yet calculated | CVE-2022-22464 CONFIRM XF |
ibm — security_access_manager_appliance |
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 225079. | 2022-07-08 | not yet calculated | CVE-2022-22463 CONFIRM XF |
ibm — security_verify_access |
IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221194. | 2022-07-08 | not yet calculated | CVE-2022-22370 CONFIRM XF |
ibm — websphere_application_server_liberty_and_open_liberty |
IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604. | 2022-07-08 | not yet calculated | CVE-2022-22476 CONFIRM XF |
immersive_labs — centos_web_panel | The password reset token in CWP v0.9.8.1126 is generated using known or predictable values. | 2022-07-07 | not yet calculated | CVE-2022-25047 MISC |
immersive_labs — centos_web_panel | Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root user. | 2022-07-07 | not yet calculated | CVE-2022-25048 MISC |
immersive_labs — centos_web_panel | A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request. | 2022-07-07 | not yet calculated | CVE-2022-25046 MISC |
ingredient_stock_management_system — ingredient_stock_management_system | An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over user accounts via a crafted POST request to /isms/classes/Users.php. | 2022-07-05 | not yet calculated | CVE-2022-32310 MISC |
ingredient_stock_management_system — ingredient_stock_management_system | Ingredient Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /isms/admin/stocks/view_stock.php. | 2022-07-05 | not yet calculated | CVE-2022-32311 MISC |
iobit — advanced_system_care |
In IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService’s named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to connect to the attacker which will lead to either escalation of privileges (through token manipulation and ImpersonateNamedPipeClient() ) from ADMIN -> SYSTEM or from Local ADMIN-> Domain ADMIN depending on the user and named pipe that is used. | 2022-07-06 | not yet calculated | CVE-2022-24139 MISC MISC MISC |
iobit — advanced_system_care_and_action_download_center |
IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has “rwx” permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with a malicious executable thus gaining code execution as a high privilege user (Low Privilege -> high integrity ADMIN). | 2022-07-06 | not yet calculated | CVE-2022-24138 MISC MISC MISC |
iobit — itop_vpn | The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient(). | 2022-07-06 | not yet calculated | CVE-2022-24141 MISC MISC MISC |
iobit — multiple_products |
IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot sends HTTP requests in their update procedure in order to download a config file. After downloading the config file, the products will parse the HTTP location of the update from the file and will try to install the update automatically with ADMIN privileges. An attacker Intercepting this communication can supply the product a fake config file with malicious locations for the updates thus gaining a remote code execution on an endpoint. | 2022-07-06 | not yet calculated | CVE-2022-24140 MISC MISC MISC |
jfrog — jfrog_artifactory |
JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.36.1 versions prior to 7.29.8; JFrog Artifactory versions before 6.23.41 versions prior to 6.23.38. | 2022-07-06 | not yet calculated | CVE-2021-45721 MISC MISC |
jfrog — jfrog_artifactory |
JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.31.10 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x. | 2022-07-06 | not yet calculated | CVE-2021-46687 MISC MISC |
jfrog — jfrog_artifactory |
JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.33.6 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x. | 2022-07-06 | not yet calculated | CVE-2021-23163 MISC MISC |
kddi_corporation — home_spot_cube2 | HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the product. | 2022-07-04 | not yet calculated | CVE-2022-33948 MISC MISC |
keycloak — keycloak |
A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could allow a client to gain unauthorized access to additional services. | 2022-07-08 | not yet calculated | CVE-2022-1245 MISC |
known — known | Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack. | 2022-07-08 | not yet calculated | CVE-2022-33011 MISC MISC MISC MISC |
known — known | A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field. | 2022-07-08 | not yet calculated | CVE-2022-31290 MISC MISC MISC MISC |
known — known |
An issue in the isSVG() function of Known v1.2.2+2020061101 allows attackers to execute arbitrary code via a crafted SVG file. | 2022-07-08 | not yet calculated | CVE-2022-32115 MISC MISC MISC |
known — known |
Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR). | 2022-07-08 | not yet calculated | CVE-2022-30852 MISC MISC MISC |
linux — hyperledger_fabric |
Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error to the consensus client should the message be missing. Users are advised to upgrade to versions 2.2.7 or v2.4.5. There are no known workarounds for this issue. | 2022-07-07 | not yet calculated | CVE-2022-31121 MISC MISC MISC CONFIRM |
linux — linux_kernel | There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. | 2022-07-06 | not yet calculated | CVE-2022-2318 MISC |
linux — linux_kernel |
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. | 2022-07-04 | not yet calculated | CVE-2022-34918 MISC MISC MISC MLIST |
lxml — lxml |
NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn’t be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered. | 2022-07-05 | not yet calculated | CVE-2022-2309 CONFIRM MISC |
magnolia_cms — magnolia_cms |
Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2022-07-07 | not yet calculated | CVE-2022-33098 MISC |
mat2 — mat2 |
mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive. | 2022-07-08 | not yet calculated | CVE-2022-35410 MISC MISC MISC |
mediatek — modem_2g_and_3g_cc |
In Modem 2G/3G CC, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when decoding combined FACILITY with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00803883; Issue ID: MOLY00803883. | 2022-07-06 | not yet calculated | CVE-2022-20083 MISC |
mediatek — modem_2g_rr |
In Modem 2G RR, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when decoding GPRS Packet Neighbour Cell Data (PNCD) improper neighbouring cell size with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00810064; Issue ID: ALPS06641626. | 2022-07-06 | not yet calculated | CVE-2022-21744 MISC |
mediawiki — mediawiki | An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won’t be escaped. | 2022-07-02 | not yet calculated | CVE-2022-34912 MISC |
mediawiki — mediawiki |
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to “Welcome” followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text(). | 2022-07-02 | not yet calculated | CVE-2022-34911 MISC |
microsoft — edge | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638, CVE-2022-33639. | 2022-07-07 | not yet calculated | CVE-2022-33680 N/A |
microweber — microweber | Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user. | 2022-07-09 | not yet calculated | CVE-2022-2353 MISC CONFIRM |
microweber — microweber | Cross-site Scripting (XSS) – Stored in GitHub repository microweber/microweber prior to 1.2.19. | 2022-07-04 | not yet calculated | CVE-2022-2300 CONFIRM MISC |
mini-tmall — mini-tmall |
Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper. | 2022-07-06 | not yet calculated | CVE-2022-30929 MISC MISC |
moment — moment |
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input. | 2022-07-06 | not yet calculated | CVE-2022-31129 MISC MISC CONFIRM MISC |
nacos — nacos |
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login. | 2022-07-05 | not yet calculated | CVE-2021-43116 MISC MISC |
nesote_technologies — inout_homestay_script |
Inout Homestay v2.2 was discovered to contain a SQL injection vulnerability via the guests parameter at /index.php?page=search/rentals. | 2022-07-07 | not yet calculated | CVE-2022-32055 MISC |
nextauth.js — nextauth.js |
NextAuth.js is a complete open source authentication solution for Next.js applications. An attacker can pass a compromised input to the e-mail [signin endpoint](https://next-auth.js.org/getting-started/rest-api#post-apiauthsigninprovider) that contains some malicious HTML, tricking the e-mail server to send it to the user, so they can perform a phishing attack. Eg.: `balazs@email.com, <a href=”http://attacker.com”>Before signing in, claim your money!</a>`. This was previously sent to `balazs@email.com`, and the content of the email containing a link to the attacker’s site was rendered in the HTML. This has been remedied in the following releases, by simply not rendering that e-mail in the HTML, since it should be obvious to the receiver what e-mail they used: next-auth v3 users before version 3.29.8 are impacted. (We recommend upgrading to v4, as v3 is considered unmaintained. next-auth v4 users before version 4.9.0 are impacted. If for some reason you cannot upgrade, the workaround requires you to sanitize the `email` parameter that is passed to `sendVerificationRequest` and rendered in the HTML. If you haven’t created a custom `sendVerificationRequest`, you only need to upgrade. Otherwise, make sure to either exclude `email` from the HTML body or efficiently sanitize it. | 2022-07-06 | not yet calculated | CVE-2022-31127 MISC CONFIRM MISC MISC MISC |
nextcloud — nextcloud_mail |
Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended that the Nextcloud Mail app is upgraded to 1.12.2. There are no known workarounds for this issue. ### Workarounds No workaround available ### References * [Pull request](https://github.com/nextcloud/mail/pull/6600) * [HackerOne](https://hackerone.com/reports/1579820) ### For more information If you have any questions or comments about this advisory: * Create a post in [nextcloud/security-advisories](https://github.com/nextcloud/security-advisories/discussions) * Customers: Open a support ticket at [support.nextcloud.com](https://support.nextcloud.com) | 2022-07-06 | not yet calculated | CVE-2022-31131 MISC CONFIRM MISC |
nextcloud — nextcloud_server |
Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection. The impact varies based on which commands are supported by the backend SMTP server. However, the main risk here is that the attacker can then hijack an already-authenticated SMTP session and run arbitrary SMTP commands as the email user, such as sending emails to other users, changing the FROM user, and so on. As before, this depends on the configuration of the server itself, but newlines should be sanitized to mitigate such arbitrary SMTP command injection. It is recommended that the Nextcloud Server is upgraded to 22.2.8 , 23.0.5 or 24.0.1. There are no known workarounds for this issue. | 2022-07-05 | not yet calculated | CVE-2022-31014 CONFIRM MISC MISC |
nocodb — nocodb | With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it’s contents. This attack can lead to leak of sensitive information. | 2022-07-07 | not yet calculated | CVE-2022-2339 CONFIRM MISC |
northern.tech — mender |
The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead of only the localhost interface. Therefore, any client on the same network can connect to this TCP port and send HTTP requests. The Mender Client will forward these requests to the Mender Server. Additionally, if mTLS is set up, the Mender Client will connect to the Mender Server using the device’s client certificate, making it possible for the attacker to bypass mTLS authentication and send requests to the Mender Server without direct access to the client certificate and related private key. Accessing the HTTP proxy from the local network doesn’t represent a direct threat, because it doesn’t expose any device or server-specific data. However, it increases the attack surface and can be a potential vector to exploit other vulnerabilities both on the Client and the Server. | 2022-07-06 | not yet calculated | CVE-2022-32290 MISC MISC |
nvidia — dgx_a100_firmware | NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure. | 2022-07-04 | not yet calculated | CVE-2022-31601 CONFIRM |
nvidia — dgx_a100_firmware | NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information disclosure. | 2022-07-04 | not yet calculated | CVE-2022-31603 CONFIRM |
nvidia — dgx_a100_firmware | NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to code execution, denial of service, data integrity impact, and information disclosure. | 2022-07-04 | not yet calculated | CVE-2022-31602 CONFIRM |
nvidia — dgx_a100_firmware | NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading to code execution, escalation of privileges, denial of service, compromised integrity, and information disclosure. The scope of impact can extend to other components. | 2022-07-04 | not yet calculated | CVE-2022-31600 CONFIRM |
nvidia — dgx_a100_firmware |
NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. | 2022-07-02 | not yet calculated | CVE-2022-28200 MISC |
nvidia — dgx_a100_firmware |
NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. | 2022-07-04 | not yet calculated | CVE-2022-31599 CONFIRM |
omron — machine_automation_controller |
Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software ‘Sysmac Studio’ all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller. | 2022-07-04 | not yet calculated | CVE-2022-34151 MISC MISC |
omron — machine_automation_controller |
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow an adjacent attacker who can analyze the communication between the controller and the specific software used by OMRON internally to cause a denial-of-service (DoS) condition or execute a malicious program. | 2022-07-04 | not yet calculated | CVE-2022-33971 MISC MISC |
omron — machine_automation_controller_nj_series_and_nx_series |
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software ‘Sysmac Studio’ all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software ‘Sysmac Studio’ and/or a Programmable Terminal (PT) to access the controller. | 2022-07-04 | not yet calculated | CVE-2022-33208 MISC MISC |
online_accreditation_management — online_accreditation_management |
Online Accreditation Management v1.0 was discovered to contain a SQL injection vulnerability via the USERNAME parameter at process.php. | 2022-07-07 | not yet calculated | CVE-2022-32056 MISC |
opencart — newsletter_module | Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php. | 2022-07-05 | not yet calculated | CVE-2022-31856 MISC |
opencti — opencti |
A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will then be executed by a victim when they open the file location. | 2022-07-05 | not yet calculated | CVE-2022-30289 MISC MISC |
opencti — opencti |
In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through the interface, legitimately. | 2022-07-05 | not yet calculated | CVE-2022-30290 MISC MISC |
openssh_key_parser — openssh_key_parser |
openssh_key_parser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker able to modify the declared length of a key’s sensitive field can thus expose the raw value of that field. Users are advised to upgrade to version 0.0.6, which no longer includes the raw field value in the error message. There are no known workarounds for this issue. | 2022-07-06 | not yet calculated | CVE-2022-31124 MISC CONFIRM MISC MISC MISC |
openssl — openssl |
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue. | 2022-07-01 | not yet calculated | CVE-2022-2274 CONFIRM CONFIRM CONFIRM |
openssl — openssl |
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn’t written. In the special case of “in place” encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). | 2022-07-05 | not yet calculated | CVE-2022-2097 CONFIRM CONFIRM CONFIRM FEDORA |
openvpn — openvpn_access_server | The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password | 2022-07-06 | not yet calculated | CVE-2022-33737 MISC |
openvpn — openvpn_access_server | OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal | 2022-07-06 | not yet calculated | CVE-2022-33738 MISC |
openvpn — openvpn_access_server |
OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack. | 2022-07-06 | not yet calculated | CVE-2021-4234 MISC |
otfcc — otfcc | OTFCC v0.10.4 was discovered to contain a heap buffer overflow after free via otfccbuild.c. | 2022-07-06 | not yet calculated | CVE-2022-33047 MISC MISC |
outline — outline | Cross-site Scripting (XSS) – Stored in GitHub repository outline/outline prior to v0.64.4. | 2022-07-07 | not yet calculated | CVE-2022-2342 MISC CONFIRM |
parity_technologies — frontier |
Frontier is Substrate’s Ethereum compatibility layer. In affected versions the truncation done when converting between EVM balance type and Substrate balance type was incorrectly implemented. This leads to possible discrepancy between appeared EVM transfer value and actual Substrate value transferred. It is recommended that an emergency upgrade to be planned and EVM execution temporarily paused in the mean time. The issue is patched in Frontier master branch commit fed5e0a9577c10bea021721e8c2c5c378e16bf66 and polkadot-v0.9.22 branch commit e3e427fa2e5d1200a784679f8015d4774cedc934. This vulnerability affects only EVM internal states, but not Substrate balance states or node. You can temporarily pause EVM execution (by setting up a Substrate `CallFilter` that disables `pallet-evm` and `pallet-ethereum` calls before the patch can be applied. | 2022-07-06 | not yet calculated | CVE-2022-31111 MISC CONFIRM MISC MISC |
pescms — pescms |
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that allows attackers to delete admin and other members’ account numbers. | 2022-07-06 | not yet calculated | CVE-2021-31679 MISC MISC MISC |
pescms — pescms |
A reflected XSS was discovered in PESCMS-V2.3.3. When combined with CSRF in the same file, they can cause bigger destruction. | 2022-07-06 | not yet calculated | CVE-2021-31676 MISC MISC MISC |
pescms — pescms |
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can delete import information about a user’s company. | 2022-07-06 | not yet calculated | CVE-2021-31678 MISC MISC MISC |
pescms — pescms |
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can modify admin and other members’ passwords. | 2022-07-06 | not yet calculated | CVE-2021-31677 MISC MISC MISC |
priority — priority | This vulnerability affect user that even not allowed to access via the web interface. First of all, the attacker needs to access the “Login menu – demo site” then he can see in this menu all the functionality of the application. If the attacker will try to click on one of the links, he will get an answer that he is not authorized because he needs to log in with credentials. after he performed log in to the system there are some functionalities that the specific user is not allowed to perform because he was configured with low privileges however all the attacker need to do in order to achieve his goals is to change the value of the prog step parameter from 0 to 1 or more and then the attacker could access to some of the functionality the web application that he couldn’t perform it before the parameter changed. | 2022-07-06 | not yet calculated | CVE-2022-23173 MISC |
priority — priority | An attacker can access to “Forgot my password” button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user. This way you can verify which users are in the system and which are not. | 2022-07-06 | not yet calculated | CVE-2022-23172 MISC |
redhat — cloudforms |
A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x. | 2022-07-06 | not yet calculated | CVE-2014-8164 MISC |
redhat — icedtea-web |
It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet’s actual origin, this allowed malicious site to bypass SOP via spoofed codebase value. | 2022-07-07 | not yet calculated | CVE-2015-5236 MISC |
redhat — openshift_origin |
In Openshift Origin 3 the cookies being set in console have no ‘secure’, ‘HttpOnly’ attributes. | 2022-07-07 | not yet calculated | CVE-2015-3207 MISC MISC MISC |
roxy-wi — roxy-wi | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Attackers need not be authenticated to exploit this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2022-07-08 | not yet calculated | CVE-2022-31137 CONFIRM MISC |
roxy-wi — roxy-wi |
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a specially crafted HTTP request to /app/options.py file. This affects Roxy-wi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-07-06 | not yet calculated | CVE-2022-31126 CONFIRM |
roxy-wi — roxy-wi |
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and access admin functionality by sending a specially crafted HTTP request. This affects Roxywi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-07-06 | not yet calculated | CVE-2022-31125 CONFIRM |
rpc.py — rpc.py |
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the “serializer: pickle” HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle. | 2022-07-08 | not yet calculated | CVE-2022-35411 MISC MISC MISC |
snipe_it — snipe_it_asset_management | An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file. | 2022-07-07 | not yet calculated | CVE-2022-32060 MISC |
snipe_it — snipe_it_asset_management | An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file. | 2022-07-07 | not yet calculated | CVE-2022-32061 MISC |
so_filter_shop — so_filter_shop |
So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id , manu_value_id , opt_value_id , and subcate_value_id parameters at /index.php?route=extension/module/so_filter_shop_by/filter_data. | 2022-07-05 | not yet calculated | CVE-2022-34972 MISC |
symantec — symantec_advanced_secure_gateway_and_proxysg |
Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N | 2022-07-07 | not yet calculated | CVE-2021-46825 MISC |
synology — photo_station | Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors. | 2022-07-06 | not yet calculated | CVE-2022-22681 CONFIRM |
t:mon — h3c_magic_r100_router |
The udpserver in H3C Magic R100 V200R004 and V100R005 has the 9034 port opened, allowing attackers to execute arbitrary commands. | 2022-07-06 | not yet calculated | CVE-2022-34598 MISC |
t:mon — h3c_magic_r100_v200r004_and_v100r005 |
SQL Injection vulnerability in admin interface (/vicidial/admin.php) of VICIdial via modify_email_accounts, access_recordings, and agentcall_email parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555. | 2022-07-05 | not yet calculated | CVE-2022-34876 CONFIRM MISC |
taocms — taocms |
Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category. | 2022-07-05 | not yet calculated | CVE-2021-44915 MISC |
tenda — ac10 | Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution (RCE) vulnerability via the lanIp parameter. | 2022-07-07 | not yet calculated | CVE-2022-32054 MISC |
tenda — ac1803 | Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting. | 2022-07-06 | not yet calculated | CVE-2022-34596 MISC |
tenda — ac1803 | Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status. | 2022-07-06 | not yet calculated | CVE-2022-34595 MISC |
tenda — ac1806 | Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting. | 2022-07-06 | not yet calculated | CVE-2022-34597 MISC |
tenda — ac23 | Tenda AC23 v16.03.07.44 is vulnerable to Stack Overflow that will allow for the execution of arbitrary code (remote). | 2022-07-06 | not yet calculated | CVE-2022-32385 MISC MISC MISC MISC |
tenda — ac23 | Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the AdvSetMacMtuWan function. | 2022-07-06 | not yet calculated | CVE-2022-32383 MISC MISC |
tenda — ac23 | Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow via fromAdvSetMacMtuWan. | 2022-07-06 | not yet calculated | CVE-2022-32386 MISC MISC MISC MISC |
totolink — ex300_firmware | TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet. | 2022-07-07 | not yet calculated | CVE-2022-32449 MISC |
totolink — multiple_products | Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability. | 2022-07-06 | not yet calculated | CVE-2022-28935 MISC MISC |
tp-link — tp-link_tl-wr741n_router_and_tl-wr742n_router |
An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-WR742N V1/V2/V3_130415 allows attackers to cause a Denial of Service (DoS) via a crafted packet. | 2022-07-07 | not yet calculated | CVE-2022-32058 MISC |
ultrajson — ultrajson | UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. This issue has been resolved in version 5.4.0 and all users should upgrade to UltraJSON 5.4.0. There are no known workarounds for this issue. | 2022-07-05 | not yet calculated | CVE-2022-31117 CONFIRM MISC |
ultrajson — ultrajson |
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key confusion and value overwriting in dictionaries. All users parsing JSON from untrusted sources are vulnerable. From version 5.4.0, UltraJSON decodes lone surrogates in the same way as the standard library’s `json` module does, preserving them in the parsed output. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-07-05 | not yet calculated | CVE-2022-31116 MISC CONFIRM |
vicidial — vicidial | Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_archived_data parameters. This issue affects: VICIdial 2.14b0.5 versions prior to 3555. | 2022-07-05 | not yet calculated | CVE-2022-34879 CONFIRM |
vicidial — vicidial |
SQL Injection vulnerability in User Stats interface (/vicidial/user_stats.php) of VICIdial via the file_download parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. | 2022-07-05 | not yet calculated | CVE-2022-34878 CONFIRM MISC |
vicidial — vicidial |
SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555. | 2022-07-05 | not yet calculated | CVE-2022-34877 CONFIRM MISC |
vim — vim | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. | 2022-07-08 | not yet calculated | CVE-2022-2344 MISC CONFIRM |
vim — vim | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. | 2022-07-08 | not yet calculated | CVE-2022-2343 CONFIRM MISC |
vim — vim | Use After Free in GitHub repository vim/vim prior to 9.0. | 2022-07-03 | not yet calculated | CVE-2022-2289 MISC CONFIRM |
vim — vim | Use After Free in GitHub repository vim/vim prior to 9.0.0046. | 2022-07-08 | not yet calculated | CVE-2022-2345 CONFIRM MISC |
vim — vim | Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. | 2022-07-03 | not yet calculated | CVE-2022-2288 CONFIRM MISC |
vim — vim | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | 2022-07-05 | not yet calculated | CVE-2022-2304 MISC CONFIRM |
wavlink — wavlink_wl-wn575a3_extender |
Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw. This vulnerability allows attackers to execute arbitrary commands via a crafted POST request. | 2022-07-07 | not yet calculated | CVE-2022-34592 MISC |
webswing — webswing |
Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The {clientIp} variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to store an arbitrary value that is used to replace the clientIp variable (without sanitization). A client can thus inject multiple arguments into the session startup. Systems that do not use the clientIP variable in the configuration are not vulnerable. The vulnerability is fixed in these versions: 20.1.16, 20.2.19, 21.1.8, 21.2.12, and 22.1.3. | 2022-07-08 | not yet calculated | CVE-2022-34914 MISC MISC |
wordpress — wordpress | The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE | 2022-07-04 | not yet calculated | CVE-2022-2268 MISC |
wordpress — wordpress |
The Gallery WordPress plugin before 2.0.0 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue | 2022-07-04 | not yet calculated | CVE-2022-1946 MISC |
wordpress — wordpress |
The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2022-07-04 | not yet calculated | CVE-2021-25066 MISC |
wordpress — wordpress |
The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | 2022-07-04 | not yet calculated | CVE-2022-1301 MISC |
wordpress — wordpress |
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests. | 2022-07-07 | not yet calculated | CVE-2015-1784 MISC MISC |
wordpress — wordpress |
The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2022-07-04 | not yet calculated | CVE-2021-25056 MISC |
wordpress — wordpress |
The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting | 2022-07-04 | not yet calculated | CVE-2022-0250 MISC |
wordpress — wordpress |
custom-content-type-manager WordPress plugin can be used by an administrator to achieve arbitrary PHP remote code execution. | 2022-07-06 | not yet calculated | CVE-2015-3173 MISC MISC MISC |
wordpress — wordpress |
The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin’s settings. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues | 2022-07-04 | not yet calculated | CVE-2022-1967 MISC |
wordpress — wordpress |
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests. | 2022-07-07 | not yet calculated | CVE-2015-1785 MISC MISC |
xen — xen | Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests’ memory pages. | 2022-07-05 | not yet calculated | CVE-2022-33744 MISC CONFIRM MLIST |
xen — xen |
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don’t zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn’t allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). | 2022-07-05 | not yet calculated | CVE-2022-33742 MISC CONFIRM MLIST |
xen — xen |
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don’t zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn’t allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). | 2022-07-05 | not yet calculated | CVE-2022-33741 MISC CONFIRM MLIST |
xen — xen |
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don’t zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn’t allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). | 2022-07-05 | not yet calculated | CVE-2022-33740 MISC CONFIRM MLIST |
xen — xen |
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don’t zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn’t allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). | 2022-07-05 | not yet calculated | CVE-2022-26365 MISC CONFIRM MLIST |
xen — xen |
network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. | 2022-07-05 | not yet calculated | CVE-2022-33743 MISC CONFIRM MLIST |
yokogawa — wide_area_communication_router_aw810d |
Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of YOKOGAWA Wide Area Communication Router (WAC Router) AW810D, which may allow a remote attacker to cause denial-of-service (DoS) condition by sending a specially crafted packet. | 2022-07-04 | not yet calculated | CVE-2022-32284 MISC MISC MISC MISC |
zabbix — zabbix | An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. | 2022-07-06 | not yet calculated | CVE-2022-35229 CONFIRM |
zabbix — zabbix | An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. | 2022-07-06 | not yet calculated | CVE-2022-35230 CONFIRM |
zadam — trilium | Cross-site Scripting (XSS) – Reflected in GitHub repository zadam/trilium prior to 0.52.4, 0.53.1-beta. | 2022-07-03 | not yet calculated | CVE-2022-2290 MISC CONFIRM |
zoho_manageengine — adselfservice_plus | Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API. | 2022-07-04 | not yet calculated | CVE-2022-34829 MISC |
zoho_manageengine — servicedesk_plus | Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml). | 2022-07-02 | not yet calculated | CVE-2022-32551 MISC |
zoo_management_system — zoo_management_system |
A stored cross-site scripting (XSS) vulnerability in the Add Classification function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via unspecified vectors. | 2022-07-05 | not yet calculated | CVE-2022-33075 MISC MISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.