Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Vulnerability Summary for the Week of June 27, 2022

admidio — admidio Admidio 4.1.2 version is affected by stored cross-site scripting (XSS). 2022-06-28 not yet calculated CVE-2022-23896

MISC aerogear — aerogear

  The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can’t be reached or can slow the server down by purposefully wasting it’s time with slow endpoints. Similarly, one can provide whatever HTTP end point they want. This turns the server into a DDOS vector or an anonymizer for the posting of malware and so on. 2022-07-01 not yet calculated CVE-2014-3648

MISC aerogear — aerogear

  Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input. 2022-07-01 not yet calculated CVE-2014-3650

MISC

MISC ampere — alta_and_altramax

  On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component. 2022-07-01 not yet calculated CVE-2022-32295

MISC

MISC android — ebook_app

  SQL Injection vulnerability in viaviwebtech Android EBook App (Books App, PDF, ePub, Online Book Reading, Download Books) 10 via the author_id parameter to api.php. 2022-07-01 not yet calculated CVE-2021-32428

MISC

MISC

MISC

MISC apache — shiro

  Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass. 2022-06-29 not yet calculated CVE-2022-32532

MISC apache — systemds The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a “low-priority but useful improvement”. SystemDS is a distributed system and needs to serialize/deserialize data but in many code paths (e.g., on Spark broadcast/shuffle or writing to sequence files) the byte stream is anyway protected by additional CRC fingerprints. In this particular case though, the number of decoders is upper-bounded by twice the number of columns, which means an attacker would need to modify two entries in the byte stream in a consistent manner. By adding these checks robustness was strictly improved with almost zero overhead. These code changes are available in versions higher than 2.2.1. 2022-06-27 not yet calculated CVE-2022-26477

MISC apache — apache

  The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1. 2022-06-27 not yet calculated CVE-2022-33879

MISC

MLIST apifest — oauth

  ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization code to the redirect URI submitted with the authorization request, without checking whether the redirect URI is registered by the client who initiated the request. This allows an attacker to craft a request with a manipulated redirect URI (redirect_uri parameter), which is under the attacker’s control, and consequently obtain the leaked authorization code when the server redirects the client to the manipulated redirect URI with an authorization code. NOTE: this is similar to CVE-2019-3778. 2022-06-29 not yet calculated CVE-2020-26877

MISC

MISC

MISC apple — air_transfer

  A vulnerability was found in Air Transfer 1.0.14/1.2.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2022-06-27 not yet calculated CVE-2017-20100

MISC

MISC apple — album_lock

  A vulnerability was found in Album Lock 4.0 and classified as critical. Affected by this issue is some unknown functionality of the file /getImage. The manipulation of the argument filePaht leads to path traversal. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. 2022-06-27 not yet calculated CVE-2017-20102

MISC

MISC apple — iphone

  A vulnerability was found in Apple iPhone up to 12.4.1. It has been declared as critical. Affected by this vulnerability is Siri. Playing an audio or video file might be able to initiate Siri on the same device which makes it possible to execute commands remotely. Exploit details have been disclosed to the public. The existence and implications of this vulnerability are doubted by Apple even though multiple public videos demonstrating the attack exist. Upgrading to version 13.0 migt be able to address this issue. It is recommended to upgrade affected devices. NOTE: Apple claims, that after examining the report they do not see any actual security implications. 2022-06-25 not yet calculated CVE-2019-25071

N/A

N/A

N/A argo — cd Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a `javascript:` link in the UI. When clicked by a victim user, the script will execute with the victim’s permissions (up to and including admin). The script would be capable of doing anything which is possible in the UI or via the API, such as creating, modifying, and deleting Kubernetes resources. A patch for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no completely-safe workarounds besides upgrading. 2022-06-27 not yet calculated CVE-2022-31035

MISC

MISC

CONFIRM argo — cd

  Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must be an authenticated Argo CD user authorized to deploy Applications from a repository which contains (or can be made to contain) a large file. The fix for this vulnerability is available in versions 2.3.5, 2.2.10, 2.1.16, and later. There are no known workarounds. Users are recommended to upgrade. 2022-06-25 not yet calculated CVE-2022-31016

CONFIRM argo — cd

  Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD’s repo-server. A malicious Argo CD user with write access for a repository which is (or may be) used in a Helm-type Application may commit a symlink which points to an out-of-bounds file. If the target file is a valid YAML file, the attacker can read the contents of that file. Sensitive files which could be leaked include manifest files from other Applications’ source repositories (potentially decrypted files, if you are using a decryption plugin) or any YAML-formatted secrets which have been mounted as files on the repo-server. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. If you are using a version >=v2.3.0 and do not have any Helm-type Applications you may disable the Helm config management tool as a workaround. 2022-06-27 not yet calculated CVE-2022-31036

MISC

CONFIRM argo — cd

  Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a relatively-predictable (time-based) seed in a non-cryptographically-secure pseudo-random number generator made the parameter less random than required by the relevant spec or by general best practices. In some cases, using too short a value made the entropy even less sufficient. The attacks on login flows which are meant to be mitigated by these parameters are difficult to accomplish but can have a high impact potentially granting an attacker admin access to Argo CD. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no known workarounds for this vulnerability. 2022-06-27 not yet calculated CVE-2022-31034

MISC

CONFIRM ast — parser An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input. 2022-06-30 not yet calculated CVE-2022-33082

MISC asus — dsl-n14u-b1

  Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the “*list” parameters (e.g. filter_lwlist, keyword_rulelist, etc) in every “.asp” page containing a list of stored strings. The following asp files are affected: (1) cgi-bin/APP_Installation.asp, (2) cgi-bin/Advanced_ACL_Content.asp, (3) cgi-bin/Advanced_ADSL_Content.asp, (4) cgi-bin/Advanced_ASUSDDNS_Content.asp, (5) cgi-bin/Advanced_AiDisk_ftp.asp, (6) cgi-bin/Advanced_AiDisk_samba.asp, (7) cgi-bin/Advanced_DSL_Content.asp, (8) cgi-bin/Advanced_Firewall_Content.asp, (9) cgi-bin/Advanced_FirmwareUpgrade_Content.asp, (10) cgi-bin/Advanced_GWStaticRoute_Content.asp, (11) cgi-bin/Advanced_IPTV_Content.asp, (12) cgi-bin/Advanced_IPv6_Content.asp, (13) cgi-bin/Advanced_KeywordFilter_Content.asp, (14) cgi-bin/Advanced_LAN_Content.asp, (15) cgi-bin/Advanced_Modem_Content.asp, (16) cgi-bin/Advanced_PortTrigger_Content.asp, (17) cgi-bin/Advanced_QOSUserPrio_Content.asp, (18) cgi-bin/Advanced_QOSUserRules_Content.asp, (19) cgi-bin/Advanced_SettingBackup_Content.asp, (20) cgi-bin/Advanced_System_Content.asp, (21) cgi-bin/Advanced_URLFilter_Content.asp, (22) cgi-bin/Advanced_VPN_PPTP.asp, (23) cgi-bin/Advanced_VirtualServer_Content.asp, (24) cgi-bin/Advanced_WANPort_Content.asp, (25) cgi-bin/Advanced_WAdvanced_Content.asp, (26) cgi-bin/Advanced_WMode_Content.asp, (27) cgi-bin/Advanced_WWPS_Content.asp, (28) cgi-bin/Advanced_Wireless_Content.asp, (29) cgi-bin/Bandwidth_Limiter.asp, (30) cgi-bin/Guest_network.asp, (31) cgi-bin/Main_AccessLog_Content.asp, (32) cgi-bin/Main_AdslStatus_Content.asp, (33) cgi-bin/Main_Spectrum_Content.asp, (34) cgi-bin/Main_WebHistory_Content.asp, (35) cgi-bin/ParentalControl.asp, (36) cgi-bin/QIS_wizard.asp, (37) cgi-bin/QoS_EZQoS.asp, (38) cgi-bin/aidisk.asp, (39) cgi-bin/aidisk/Aidisk-1.asp, (40) cgi-bin/aidisk/Aidisk-2.asp, (41) cgi-bin/aidisk/Aidisk-3.asp, (42) cgi-bin/aidisk/Aidisk-4.asp, (43) cgi-bin/blocking.asp, (44) cgi-bin/cloud_main.asp, (45) cgi-bin/cloud_router_sync.asp, (46) cgi-bin/cloud_settings.asp, (47) cgi-bin/cloud_sync.asp, (48) cgi-bin/device-map/DSL_dashboard.asp, (49) cgi-bin/device-map/clients.asp, (50) cgi-bin/device-map/disk.asp, (51) cgi-bin/device-map/internet.asp, (52) cgi-bin/error_page.asp, (53) cgi-bin/index.asp, (54) cgi-bin/index2.asp, (55) cgi-bin/qis/QIS_PTM_manual_setting.asp, (56) cgi-bin/qis/QIS_admin_pass.asp, (57) cgi-bin/qis/QIS_annex_setting.asp, (58) cgi-bin/qis/QIS_bridge_cfg_tmp.asp, (59) cgi-bin/qis/QIS_detect.asp, (60) cgi-bin/qis/QIS_finish.asp, (61) cgi-bin/qis/QIS_ipoa_cfg_tmp.asp, (62) cgi-bin/qis/QIS_manual_setting.asp, (63) cgi-bin/qis/QIS_mer_cfg.asp, (64) cgi-bin/qis/QIS_mer_cfg_tmp.asp, (65) cgi-bin/qis/QIS_ppp_cfg.asp, (66) cgi-bin/qis/QIS_ppp_cfg_tmp.asp, (67) cgi-bin/qis/QIS_wireless.asp, (68) cgi-bin/query_wan_status.asp, (69) cgi-bin/query_wan_status2.asp, and (70) cgi-bin/start_apply.asp. 2022-07-01 not yet calculated CVE-2022-32988

MISC

MISC automox — agent_for_osx The Automox Agent installation package before 37 on macOS allows an unprivileged user to obtain root access because of incorrect access control on a file used within the PostInstall script. 2022-07-01 not yet calculated CVE-2022-27904

MISC

MISC bento4 — bento4

  In Bento4 1.6.0-638, there is an allocator is out of memory in the function AP4_Array::EnsureCapacity in Ap4Array.h:172, as demonstrated by GPAC. This can cause a denial of service (DOS). 2022-06-27 not yet calculated CVE-2021-40941

MISC bento4 — bento4

  In Bento4 1.6.0-638, there is a null pointer reference in the function AP4_DescriptorListInspector::Action function in Ap4Descriptor.h:124 , as demonstrated by GPAC. This can cause a denial of service (DOS). 2022-06-28 not yet calculated CVE-2021-40943

MISC bestofinc — online_hotel_booking_system_pro A vulnerability classified as critical has been found in Online Hotel Booking System Pro Plugin 1.0. Affected is an unknown function of the file /front/roomtype-details.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2022-06-30 not yet calculated CVE-2017-20124

N/A

N/A bestofinc — online_hotel_booking_system_pro

  A vulnerability classified as critical was found in Online Hotel Booking System Pro 1.2. Affected by this vulnerability is an unknown functionality of the file /roomtype-details.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2022-06-30 not yet calculated CVE-2017-20125

N/A

N/A bfabiszewski — libmobi

  NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11. 2022-07-01 not yet calculated CVE-2022-2279

CONFIRM

MISC bigbluebutton — bigbluebutton

  BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim’s client. When a user receives a private chat from the attacker (whose username contains malicious JavaScript), the script gets executed. Additionally when the victim receives a notification that the attacker has left the session. This issue has been patched in version 2.4.8 and 2.5.0. There are no known workarounds for this issue. 2022-06-27 not yet calculated CVE-2022-31065

CONFIRM

MISC

MISC bigbluebutton — bigbluebutton

  BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker (with xss in the name) starts a chat. in the victim’s client the JavaScript will be executed. This issue has been addressed in version 2.4.8 and 2.5.0. There are no known workarounds for this issue. 2022-06-27 not yet calculated CVE-2022-31064

MISC

CONFIRM

MISC

MISC

FULLDISC

MISC bigbluebutton — greenlight

  Greenlight is a simple front-end interface for your BigBlueButton server. In affected versions an attacker can view any room’s settings even though they are not authorized to do so. Only the room owner and administrator should be able to view a room’s settings. This issue has been patched in release version 2.12.6. 2022-06-27 not yet calculated CVE-2022-31039

CONFIRM

MISC bitrix — site_manager

  A vulnerability classified as problematic was found in Bitrix Site Manager 12.06.2015. Affected by this vulnerability is an unknown functionality of the component Contact Form. The manipulation of the argument text with the input leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2022-06-30 not yet calculated CVE-2017-20122

N/A

N/A brocade — sannav

  Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log 2022-06-27 not yet calculated CVE-2022-28167

MISC

CONFIRM brocade — sannav

  In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082. 2022-06-27 not yet calculated CVE-2022-28166

MISC

CONFIRM brocade — sannav

  In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords. 2022-06-27 not yet calculated CVE-2022-28168

MISC

CONFIRM centum — multiple_versions

  Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 ‘For CENTUM VP Support CAMS for HIS’ is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration. 2022-06-28 not yet calculated CVE-2022-30707

MISC

MISC

MISC

MISC cilan2 — iot A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. 2022-06-30 not yet calculated CVE-2022-33087

MISC clever — underscore.deep

  Underscore.deep is a collection of Underscore mixins that operate on nested objects. Versions of `underscore.deep` prior to version 0.5.3 are vulnerable to a prototype pollution vulnerability. An attacker can craft a malicious payload and pass it to `deepFromFlat`, which would pollute any future Objects created. Any users that have `deepFromFlat` or `deepPick` (due to its dependency on `deepFromFlat`) in their code should upgrade to version 0.5.3 as soon as possible. Users unable to upgrade may mitigate this issue by modifying `deepFromFlat` to prevent specific keywords which will prevent this from happening. 2022-06-28 not yet calculated CVE-2022-31106

MISC

CONFIRM cloudflare — warp_client_for_windows Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files. 2022-06-28 not yet calculated CVE-2022-2145

MISC college_management_sytem — college_management_system

  College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file. 2022-07-01 not yet calculated CVE-2022-32420

MISC d-link — dir-645

  D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi. 2022-06-27 not yet calculated CVE-2022-32092

MISC

MISC dahuasecurity — dahuasecurity When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user’s login packet. 2022-06-28 not yet calculated CVE-2022-30563

MISC dahuasecurity –dahuasecurity When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash. 2022-06-28 not yet calculated CVE-2022-30560

MISC dahuasecurity –dahuasecurity When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user’s login packet. 2022-06-28 not yet calculated CVE-2022-30561

MISC dahuasecurity –dahuasecurity

  If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. 2022-06-28 not yet calculated CVE-2022-30562

MISC das — u-boot

  In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the “i2c md” command enables the corruption of the return address pointer of the do_i2c_md function. 2022-06-30 not yet calculated CVE-2022-34835

MISC

MISC

MISC das — u-boot

  Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir(). 2022-07-01 not yet calculated CVE-2022-33103

MISC

MISC dcmtk — dcmtk DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack. 2022-06-28 not yet calculated CVE-2021-41689

MISC

MISC dcmtk — dcmtk DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can use it to launch a DoS attack. 2022-06-28 not yet calculated CVE-2021-41690

MISC

MISC dcmtk — dcmtk

  DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack. 2022-06-28 not yet calculated CVE-2021-41688

MISC

MISC dcmtk — dcmtk

  DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack. 2022-06-28 not yet calculated CVE-2021-41687

MISC

MISC deep.assign — deep.assign deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’). 2022-06-30 not yet calculated CVE-2021-40663

MISC

MISC dell — powerscale_onefs Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources. 2022-06-28 not yet calculated CVE-2022-31229

MISC dell — powerscale_onefs

  Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access. 2022-06-28 not yet calculated CVE-2022-31230

MISC delta_electronics — diaenergie A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field. 2022-06-27 not yet calculated CVE-2022-33005

MISC devolutions — remote_desktop_manager

  Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8. 2022-06-27 not yet calculated CVE-2022-2221

MISC discourse — discourse

  Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn’t match the invite’s email or does not adhere to the email domain restriction of an invite link. The impact of this flaw is aggravated when the invite has been configured to add the user that accepts the invite into restricted groups. Once a user has been incorrectly added to a restricted group, the user may then be able to view content which that are restricted to the respective group. Users are advised to upgrade to the current stable releases. There are no known workarounds to this issue. 2022-06-27 not yet calculated CVE-2022-31096

CONFIRM distributed_data_systems — webhmi

  A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 can store a script that could impact other logged in users. 2022-07-01 not yet calculated CVE-2022-2254

CONFIRM distributed_data_systems — webhmi

  A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the host server. 2022-07-01 not yet calculated CVE-2022-2253

CONFIRM dompdf — dompdf Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0. 2022-06-28 not yet calculated CVE-2022-0085

MISC

CONFIRM easy_table_plugin — easy_table_plugin

  A vulnerability classified as problematic has been found in Easy Table Plugin 1.6. This affects an unknown part of the file /wordpress/wp-admin/options-general.php. The manipulation with the input “> leads to basic cross site scripting. It is possible to initiate the attack remotely. 2022-06-29 not yet calculated CVE-2017-20108

MISC

MISC ecshop — eschop

  ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information. 2022-06-28 not yet calculated CVE-2021-41460

MISC edimax — ic-3140w

  The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password. 2022-06-29 not yet calculated CVE-2021-40597

MISC

MISC

MISC elcomplus — smartics

  An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0. 2022-06-27 not yet calculated CVE-2022-2088

CONFIRM elcomplus — smartics

  Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files. 2022-06-27 not yet calculated CVE-2022-2106

CONFIRM elcomplus — smartics

  Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters. 2022-06-27 not yet calculated CVE-2022-2140

CONFIRM embarcadero — dev-cpp A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execute arbitrary code via a crafted .exe file. 2022-06-29 not yet calculated CVE-2022-33036

MISC ember.js — ember.js

  In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view’s `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain (“XSS”). This vulnerability only affects applications that assign or bind user-provided content to `tagName`. 2022-06-30 not yet calculated CVE-2013-4170

MISC

MISC

MISC espcms — espcms

  ESPCMS P8 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the fetch_filename function at espcms_publicespcms_templatesESPCMS_Templates. 2022-06-30 not yet calculated CVE-2022-33085

MISC espressif — bluetootj_mesh_sdk

  ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (`ESP-BLE-MESH`), a memory corruption vulnerability can be triggered during provisioning, because there is no check for the `SegN` field of the Transaction Start PDU. This can result in memory corruption related attacks and potentially attacker gaining control of the entire system. Patch commits are available on the 4.1, 4.2, 4.3 and 4.4 branches and users are recommended to upgrade. The upgrade is applicable for all applications and users of `ESP-BLE-MESH` component from `ESP-IDF`. As it is implemented in the Bluetooth Mesh stack, there is no workaround for the user to fix the application layer without upgrading the underlying firmware. 2022-06-25 not yet calculated CVE-2022-24893

CONFIRM exemys — rme1

  By using a specific credential string, an attacker with network access to the device’s web interface could circumvent the authentication scheme and perform administrative operations. 2022-06-30 not yet calculated CVE-2022-2197

MISC eyeofnetwork — eyeofnetwork

  EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the “sendmail” application in the “cacti” configuration page (by default/usr/sbin/sendmail) it is possible to execute any command, which will be executed when we make a test of the configuration (“send test mail”). 2022-06-30 not yet calculated CVE-2021-40643

MISC

MISC form –contact_form_wordpress_plugin The Form – Contact Form WordPress plugin through 1.2.0 does not sanitize and escape Custom text fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed 2022-06-27 not yet calculated CVE-2022-1326

MISC fusionpbx — fusionpbx

  Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized “path” parameter in resources/login.php. 2022-07-01 not yet calculated CVE-2021-37524

MISC

MISC getgrav — grav Code Injection in GitHub repository getgrav/grav prior to 1.7.34. 2022-06-29 not yet calculated CVE-2022-2073

MISC

CONFIRM gitee — gitee

  When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception. 2022-06-27 not yet calculated CVE-2021-33654

MISC gitee — gitee

  When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception. 2022-06-27 not yet calculated CVE-2021-33653

MISC gitee — gitee

  When the Reduce operator run operation is executed, if there is a value of 0 in the parameter axis_sizes element, it will cause a division by 0 exception. 2022-06-27 not yet calculated CVE-2021-33652

MISC gitee — gitee

  When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers. 2022-06-27 not yet calculated CVE-2021-33648

MISC gitee — gitee

  When performing the inference shape operation of the Tile operator, if the input data type is not int or int32, it will access data outside of bounds of heap allocated buffers. 2022-06-27 not yet calculated CVE-2021-33647

MISC gitee — gitee

  When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers. 2022-06-27 not yet calculated CVE-2021-33650

MISC gitee — gitee

  When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_multiplier is 0, it will cause a division by 0 exception. 2022-06-27 not yet calculated CVE-2021-33651

MISC gitee — gitee

  When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will access data outside of bounds of input_shape which allocated from heap buffers. 2022-06-27 not yet calculated CVE-2021-33649

MISC gitlab — ce/ee Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions 2022-07-01 not yet calculated CVE-2022-2227

MISC

MISC

CONFIRM gitlab — ce/ee

  An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they’re a member of. 2022-07-01 not yet calculated CVE-2022-2229

CONFIRM

MISC

MISC gitlab — ce/ee

  An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description. 2022-07-01 not yet calculated CVE-2022-1999

MISC

CONFIRM gitlab — ce/ee

  A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim’s behalf. 2022-07-01 not yet calculated CVE-2022-2230

MISC

CONFIRM

MISC gitlab — ee

  An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group milestones are associated with any project releases. 2022-07-01 not yet calculated CVE-2022-2281

MISC

MISC

CONFIRM gitlab — ee

  Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP address restrictions were configured. 2022-07-01 not yet calculated CVE-2022-1983

MISC

CONFIRM gitlab — ee

  Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling from outside the allowed IP range 2022-07-01 not yet calculated CVE-2022-2228

CONFIRM

MISC gitlab — ee

  Insufficient sanitization in GitLab EE’s external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link 2022-07-01 not yet calculated CVE-2022-2235

MISC

MISC

CONFIRM gitlab — ee

  An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains, that allow-list may be bypassed if a Maintainer uses the ‘Invite a group’ feature to invite a group that has members that don’t comply with domain allow-list. 2022-07-01 not yet calculated CVE-2022-1981

MISC

MISC

CONFIRM gitlab — ee/ce

  An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL. 2022-07-01 not yet calculated CVE-2022-2250

CONFIRM

MISC

MISC gitlab — ee/ce

  An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project’s error tracking feature. 2022-07-01 not yet calculated CVE-2022-2244

CONFIRM

MISC

MISC gitlab — ee/ce

  An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in non-linked sentry projects. 2022-07-01 not yet calculated CVE-2022-2243

MISC

MISC

CONFIRM gitlab — gitlab

  An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making it possible to be retrieved under certain conditions. 2022-07-01 not yet calculated CVE-2022-0167

MISC

CONFIRM gitlab — gitlab

  An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification. 2022-07-01 not yet calculated CVE-2022-2270

CONFIRM

MISC

MISC gitlab — ce/ee A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers 2022-07-01 not yet calculated CVE-2022-1954

MISC

CONFIRM

MISC gitlab — ce/ee

  An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab reveals if a user has enabled two-factor authentication on their account in the HTML source, to unauthenticated users. 2022-07-01 not yet calculated CVE-2022-1963

MISC

MISC

CONFIRM gitlab — gitlab

  A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where it was possible for an unauthorised user to execute arbitrary code on the server using the project import feature. 2022-07-01 not yet calculated CVE-2022-2185

CONFIRM

MISC

MISC glpi — glpi

  GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is not authenticated. This issue has been addressed in version 10.0.2 and all affected users are advised to upgrade. 2022-06-28 not yet calculated CVE-2022-31068

MISC

CONFIRM glpi — glpi

  GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a SQL injection can be made using package deployment tasks. This issue has been resolved in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should delete the `front/deploypackage.public.php` file if they are not using the `deploy tasks` feature. 2022-06-27 not yet calculated CVE-2022-31082

MISC

CONFIRM glpi — glpi

  GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms (Ticket/Change/Problem) permit sql injection on the actor fields. This issue has been resolved in version 10.0.2 and all affected users are advised to upgrade. 2022-06-28 not yet calculated CVE-2022-31056

CONFIRM glpi — glpi

  GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. 2022-06-28 not yet calculated CVE-2022-31061

CONFIRM

MISC gnupg — gnupg

  GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim’s keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. 2022-07-01 not yet calculated CVE-2022-34903

MISC

MISC

MISC

MLIST gpac — gpac

  The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. 2022-06-28 not yet calculated CVE-2021-40608

MISC gpac — gpac

  The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. 2022-06-28 not yet calculated CVE-2021-40606

MISC gpac — gpac

  The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. 2022-06-28 not yet calculated CVE-2021-40607

MISC gpac — gpac

  The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. 2022-06-28 not yet calculated CVE-2021-40609

MISC gpac — mp4box In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS). 2022-06-28 not yet calculated CVE-2021-40944

MISC gpac — mp4box

  In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c:1454, as demonstrated by GPAC. This can cause a denial of service (DOS). 2022-06-27 not yet calculated CVE-2021-40942

MISC gps-sdr-sim — gps-sdr-sim

  There is a buffer overflow in gps-sdr-sim v1.0 when parsing long command line parameters, which can lead to DoS or code execution. 2022-06-30 not yet calculated CVE-2021-37778

MISC gunet — open_eclass_platform An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal. 2022-06-27 not yet calculated CVE-2022-33116

MISC

MISC

MISC

MISC guzzle — guzzle

  Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify an `Authorization` header. On making a request which responds with a redirect to a URI with a different origin (change in host, scheme or port), if we choose to follow it, we should remove the `CURLOPT_HTTPAUTH` option before continuing, stopping curl from appending the `Authorization` header to the new request. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. If you do not require or expect redirects to be followed, one should simply disable redirects all together. Alternatively, one can specify to use the Guzzle steam handler backend, rather than curl. 2022-06-27 not yet calculated CVE-2022-31090

MISC

CONFIRM guzzle — guzzle

  Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the `Authorization` and `Cookie` headers from the request, before containing. Previously, we would only consider a change in host or scheme. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. An alternative approach would be to use your own redirect middleware, rather than ours, if you are unable to upgrade. If you do not require or expect redirects to be followed, one should simply disable redirects all together. 2022-06-27 not yet calculated CVE-2022-31091

MISC

CONFIRM halo_cms — halo_cms Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function. 2022-06-27 not yet calculated CVE-2022-32995

MISC halo_cms — halo_cms Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload. 2022-06-27 not yet calculated CVE-2022-32994

MISC hikvision — hybrid_san/cluster_storage

  The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device. 2022-06-27 not yet calculated CVE-2022-28171

MISC hikvision — hybrid_san_cluster_storage

  The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending messages with malicious commands to the affected device. 2022-06-27 not yet calculated CVE-2022-28172

MISC hongcms — hongcms An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell. 2022-07-01 not yet calculated CVE-2022-32412

MISC hongcms — hongcms An issue in the languages config file of HongCMS v3.0 allows attackers to getshell. 2022-07-01 not yet calculated CVE-2022-32411

MISC hospital_management_system — hospital_management_system Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php. 2022-07-01 not yet calculated CVE-2022-32094

MISC hospital_management_system — hospital_management_system Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php. 2022-07-01 not yet calculated CVE-2022-32093

MISC hospital_management_system — hospital_management_system Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php. 2022-07-01 not yet calculated CVE-2022-32095

MISC hpe — nonstop_dsm/scm

  A remote disclosure of sensitive information vulnerability was discovered in HPE NonStop DSM/SCM version: T6031H03^ADP. HPE has provided a software update to resolve this vulnerability in HPE NonStop DSM/SCM. 2022-06-28 not yet calculated CVE-2022-28621

MISC hpe — storeonce A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2. 2022-06-27 not yet calculated CVE-2022-28622

MISC ibm — cloudpak

  IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these containers could execute arbitrary commands. IBM X-Force ID: 211048. 2022-06-30 not yet calculated CVE-2021-38941

XF

CONFIRM ibm — infosphere_information_server

  An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system that may contain non-sensitive debugging information like stack traces. IBM X-Force ID: 221323. 2022-07-01 not yet calculated CVE-2022-22373

XF

CONFIRM ibm — security_guardium

  IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2022-06-29 not yet calculated CVE-2021-39074

CONFIRM

XF ibm — spectrum_protect IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets. This can result in a denial of service for IBM Spectrum Protect client operations. IBM X-Force ID: 225348. 2022-06-30 not yet calculated CVE-2022-22474

XF

CONFIRM ibm — spectrum_protect

  While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942. 2022-06-30 not yet calculated CVE-2022-22496

XF

CONFIRM ibm — spectrum_protect

  An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326. 2022-06-30 not yet calculated CVE-2022-22487

XF

CONFIRM ibm — spectrum_protect

  IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886. 2022-06-30 not yet calculated CVE-2022-22478

CONFIRM

XF ibm — spectrum_protect

  IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID: 226940. 2022-06-30 not yet calculated CVE-2022-22494

CONFIRM

XF ibm — spectrum_protect_plus_container_backup_and_restore IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper disclosure of session information. By retrieving the logs of a container an attacker could exploit this vulnerability to bypass login security of the IBM Spectrum Protect Plus server and gain unauthorized access based on the permissions of the IBM Spectrum Protect Plus user to the vulnerable Spectrum Protect Plus server software. IBM X-Force ID: 225340. 2022-06-30 not yet calculated CVE-2022-22472

CONFIRM

XF ibm — sterling_b2b_integrator

  IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could disclose sensitive version information that could aid in future attacks against the system. IBM X-Force ID: 211414. 2022-06-30 not yet calculated CVE-2021-38954

CONFIRM

XF ibm — urban_code_deploy

  IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008. 2022-07-01 not yet calculated CVE-2022-22367

CONFIRM

XF ibm — urban_code_deploy

  IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106. 2022-07-01 not yet calculated CVE-2022-22366

CONFIRM

XF ilias — ilias

  In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts. 2022-06-29 not yet calculated CVE-2022-31266

MISC

MISC image_galery — grid_gallery_ wordpress_ plugin The Image Gallery – Grid Gallery WordPress plugin through 1.1.1 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed 2022-06-27 not yet calculated CVE-2022-1327

MISC ionicabizau — parse-path Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0. 2022-06-27 not yet calculated CVE-2022-0722

MISC

CONFIRM ionicabizau — parse-path Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0. 2022-06-28 not yet calculated CVE-2022-0624

CONFIRM

MISC ionicabizau — parse-url

  Cross-site Scripting (XSS) – Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0. 2022-06-27 not yet calculated CVE-2022-2218

MISC

CONFIRM ionicabizau — parse-url

  Cross-site Scripting (XSS) – Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0. 2022-06-27 not yet calculated CVE-2022-2217

MISC

CONFIRM ionicabizau — parse-url

  Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0. 2022-06-27 not yet calculated CVE-2022-2216

MISC

CONFIRM ivpn — client

  A vulnerability has been found in IVPN Client 2.6.6120.33863 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument –up cmd leads to improper privilege management. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.6.2 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-29 not yet calculated CVE-2017-20112

MISC

MISC

MISC jaredhanson — passport

  This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed. 2022-07-01 not yet calculated CVE-2022-25896

CONFIRM

CONFIRM

CONFIRM jenkins — build-metrics_plugin Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them. 2022-06-30 not yet calculated CVE-2022-34785

CONFIRM jenkins — build-metrics_plugin Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission. 2022-06-30 not yet calculated CVE-2022-34784

CONFIRM jenkins — build_notifications_plugin Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. 2022-06-30 not yet calculated CVE-2022-34801

CONFIRM jenkins — build_notifications_plugin Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34800

CONFIRM jenkins — cisco_spark_plugin Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34808

CONFIRM jenkins — deployment_dashboard_plugin Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34799

CONFIRM jenkins — deployment_dashboard_plugin A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials. 2022-06-30 not yet calculated CVE-2022-34797

CONFIRM jenkins — deployment_dashboard_plugin Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. 2022-06-30 not yet calculated CVE-2022-34795

CONFIRM jenkins — deployment_dashboard_plugin A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 2022-06-30 not yet calculated CVE-2022-34796

CONFIRM jenkins — deployment_dashboard_plugin Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. 2022-06-30 not yet calculated CVE-2022-34798

CONFIRM jenkins — elasticsearch_query_plugin Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34807

CONFIRM jenkins — extreme_feedback_panel_plugin Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-06-30 not yet calculated CVE-2022-34790

CONFIRM jenkins — failed_job_deactivator_plugin Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints, allowing attackers with Overall/Read permission to disable jobs. 2022-06-30 not yet calculated CVE-2022-34818

CONFIRM jenkins — failed_job_deactivator_plugin A cross-site request forgery (CSRF) vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs. 2022-06-30 not yet calculated CVE-2022-34817

CONFIRM jenkins — gitlab_plugin

  Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-06-30 not yet calculated CVE-2022-34777

CONFIRM jenkins — hpe_network_virtualization_plugin Jenkins HPE Network Virtualization Plugin 1.0 stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34816

CONFIRM jenkins — jigomerge_plugin

  Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34806

CONFIRM jenkins — plot_plugin Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-06-30 not yet calculated CVE-2022-34783

CONFIRM jenkins — project_inheritance_plugin

  Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked. 2022-06-30 not yet calculated CVE-2022-34787

CONFIRM jenkins — recipe_plugin Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. 2022-06-30 not yet calculated CVE-2022-34794

CONFIRM jenkins — recipe_plugin Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2022-06-30 not yet calculated CVE-2022-34793

CONFIRM jenkins — recipe_plugin A cross-site request forgery (CSRF) vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML. 2022-06-30 not yet calculated CVE-2022-34792

CONFIRM jenkins — request_rename_or_delete_plugin A cross-site request forgery (CSRF) vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs. 2022-06-30 not yet calculated CVE-2022-34815

CONFIRM jenkins — request_rename_or_delete_plugin Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration page listing pending requests. 2022-06-30 not yet calculated CVE-2022-34814

CONFIRM jenkins — requests-plugin_plugin An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. 2022-06-30 not yet calculated CVE-2022-34782

CONFIRM jenkins — rocketchat_notifier_plugin Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34802

CONFIRM jenkins — rqm_plugin A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 2022-06-30 not yet calculated CVE-2022-34810

CONFIRM jenkins — rqm_plugin Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34809

CONFIRM jenkins — skype_notifier_plugin

  Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34805

CONFIRM jenkins — testng_results_plugin Jenkins TestNG Results Plugin 554.va4a552116332 and earlier renders the unescaped test descriptions and exception messages provided in test results if certain job-level options are set, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or control test results. 2022-06-30 not yet calculated CVE-2022-34778

CONFIRM jenkins — validating_email_parameter_plugin Jenkins Validating Email Parameter Plugin 1.10 and earlier does not escape the name and description of its parameter type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 2022-06-30 not yet calculated CVE-2022-34791

CONFIRM jenkins — xebialabs_xl_release_plugin A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2022-06-30 not yet calculated CVE-2022-34780

CONFIRM jenkins — xebialabs_xl_release_plugin A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 2022-06-30 not yet calculated CVE-2022-34779

CONFIRM jenkins — xebialabs_xl_release_plugin Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2022-06-30 not yet calculated CVE-2022-34781

CONFIRM jenkins — xpath_configuration_viewer_plugin A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions. 2022-06-30 not yet calculated CVE-2022-34812

CONFIRM jenkins — xpath_configuration_viewer_plugin A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. 2022-06-30 not yet calculated CVE-2022-34811

CONFIRM jenkins — xpath_configuration_viewer_plugin A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions. 2022-06-30 not yet calculated CVE-2022-34813

CONFIRM jenkins — matrix_reloaded_plugin A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds. 2022-06-30 not yet calculated CVE-2022-34789

CONFIRM jenkins — matrix_reloaded_plugin Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. 2022-06-30 not yet calculated CVE-2022-34788

CONFIRM jenkins — opsgenie_plugin Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission (config.xml), or access to the Jenkins controller file system. 2022-06-30 not yet calculated CVE-2022-34803

CONFIRM jenkins — opsgenie_plugin Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain text as part of the global Jenkins configuration form and job configuration forms, potentially resulting in their exposure. 2022-06-30 not yet calculated CVE-2022-34804

CONFIRM jenkins — rich_text_publisher_plugin

  Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs. 2022-06-30 not yet calculated CVE-2022-34786

CONFIRM jetbrains — hub

  In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services 2022-07-01 not yet calculated CVE-2022-34894

MISC jira — data_center_and_server_mobile_plugin

  A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4. 2022-06-30 not yet calculated CVE-2022-26135

MISC

MISC

MISC jorani — jorani Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php. 2022-06-28 not yet calculated CVE-2022-34133

MISC

MISC jorani — jorani Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php. 2022-06-28 not yet calculated CVE-2022-34134

MISC

MISC jorani — jorani Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php. 2022-06-28 not yet calculated CVE-2022-34132

MISC

MISC joy_ebike — wolf

  Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote attackers to jam the key fob request via RF. 2022-06-29 not yet calculated CVE-2022-30467

MISC

MISC jpegoptim — jpegoptim JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. 2022-07-01 not yet calculated CVE-2022-32325

MISC kjur — jsrsasign

  The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT signature if it has Base64URL and dot safe string before executing JWS.verify() or JWS.verifyJWT() method. 2022-07-01 not yet calculated CVE-2022-25898

CONFIRM

CONFIRM

CONFIRM

CONFIRM

CONFIRM

CONFIRM kubeedge — kubeedge

  KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates with the CSI Driver on the cloud side, the attack is limited to the local host network. As such, an attacker would already need to be an authenticated user of the Cloud. Additionally it will be affected only when users turn on the unixsocket switch in the config file cloudcore.yaml. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. Users unable to upgrade should sisable the unixsocket switch of CloudHub in the config file cloudcore.yaml. 2022-06-27 not yet calculated CVE-2022-31076

MISC

CONFIRM kubeedge — kubeedge

  KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a consequence, the CSI Driver controller will be in denial of service. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. At the time of writing, no workaround exists. 2022-06-27 not yet calculated CVE-2022-31077

MISC

CONFIRM

MISC l2blocker — l2blocker

  Authentication bypass vulnerability in the setup screen of L2Blocker(on-premise) Ver4.8.5 and earlier and L2Blocker(Cloud) Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative paths or channels for Sensor. 2022-06-27 not yet calculated CVE-2022-33202

MISC

MISC ldap — account_manager LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor argument. This can lead to code execution if non-LAM classes are instantiated that execute code during object creation. This issue has been fixed in version 8.0. 2022-06-27 not yet calculated CVE-2022-31084

MISC

CONFIRM ldap — account_manager

  LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Code Execution if the /config/templates/pdf/ directory is accessible for remote users. This is not a default configuration of LAM. This issue has been fixed in version 8.0. There are no known workarounds for this issue. 2022-06-27 not yet calculated CVE-2022-31086

CONFIRM

MISC ldap — account_manager

  LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by configuration. This issue has been fixed in version 8.0. Users unable to upgrade should install the PHP OpenSSL extension and make sure session encryption is enabled in LAM main configuration. 2022-06-27 not yet calculated CVE-2022-31085

CONFIRM

MISC ldap — account_manager

  LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LDAP search configuration. This issue has been fixed in version 8.0. 2022-06-27 not yet calculated CVE-2022-31088

MISC

CONFIRM ldap — account_manager

  LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php (and .php5/.php4/.phpt/etc) files. An attacker capable of writing files under www-data privileges can write a web-shell into this directory, and gain a Code Execution on the host. This issue has been fixed in version 8.0. Users unable to upgrade should disallow executing PHP scripts in (/var/lib/ldap-account-manager/)tmp directory. 2022-06-27 not yet calculated CVE-2022-31087

MISC

CONFIRM lettersanitizer — lettersantizer

  lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule `@keyframes`. This package is depended on by [react-letter](https://github.com/mat-sz/react-letter), therefore everyone using react-letter is also at risk. The problem has been patched in version 1.0.2. 2022-06-27 not yet calculated CVE-2022-31103

MISC

CONFIRM

MISC libtiff — libtiff Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. 2022-06-30 not yet calculated CVE-2022-2056

MISC

CONFIRM

MISC libtiff — libtiff

  Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. 2022-06-30 not yet calculated CVE-2022-2057

MISC

CONFIRM

MISC libtiff — libtiff

  Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. 2022-06-30 not yet calculated CVE-2022-2058

CONFIRM

MISC

MISC lightcms — lightcms

  A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file. 2022-06-27 not yet calculated CVE-2022-33009

MISC

MISC

MISC linux — linux_kernel rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. 2022-06-26 not yet calculated CVE-2022-34495

MISC

MISC linux — linux_kernel rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. 2022-06-26 not yet calculated CVE-2022-34494

MISC

MISC linux — linux_kernel

  A vulnerability was found in the Linux kernel’s nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. 2022-06-30 not yet calculated CVE-2022-2078

MISC linux — linux_kernel

  A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. 2022-06-30 not yet calculated CVE-2022-1852

MISC lirantal — git-clone All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the –upload-pack feature of git. 2022-07-01 not yet calculated CVE-2022-25900

CONFIRM

CONFIRM lithium_technologies — lithium_forum

  A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the argument upload_url leads to server-side request forgery. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. 2022-06-28 not yet calculated CVE-2017-20106

N/A

N/A lua — lua

  An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. 2022-07-01 not yet calculated CVE-2022-33099

MISC

MISC

MISC

MISC

MISC manageiq — awesome_spawn

  Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command. 2022-06-30 not yet calculated CVE-2014-0156

MISC

MISC mariadb — mariadb MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field. 2022-07-01 not yet calculated CVE-2022-32086

MISC mariadb — mariadb MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. 2022-07-01 not yet calculated CVE-2022-32082

MISC mariadb — mariadb MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. 2022-07-01 not yet calculated CVE-2022-32088

MISC mariadb — mariadb MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. 2022-07-01 not yet calculated CVE-2022-32089

MISC mariadb — mariadb MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. 2022-07-01 not yet calculated CVE-2022-32083

MISC mariadb — mariadb MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. 2022-07-01 not yet calculated CVE-2022-32085

MISC mariadb — mariadb MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. 2022-07-01 not yet calculated CVE-2022-32081

MISC mariadb — mariadb MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. 2022-07-01 not yet calculated CVE-2022-32087

MISC mariadb — mariadb

  MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. 2022-07-01 not yet calculated CVE-2022-32091

MISC mariadb — mariadb

  MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. 2022-07-01 not yet calculated CVE-2022-32084

MISC marval_global — marval_msm Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys. 2022-06-28 not yet calculated CVE-2022-31883

MISC

MISC

MISC marval_global — marval_msm Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form. 2022-06-28 not yet calculated CVE-2022-31886

MISC

MISC

MISC

MISC marval_global — marval_msm Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys. 2022-06-28 not yet calculated CVE-2022-31884

MISC

MISC

MISC marval_global — marval_msm

  Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user’s password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password. 2022-06-28 not yet calculated CVE-2022-31887

MISC

MISC

MISC marval_global — marval_msm

  Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts. 2022-06-28 not yet calculated CVE-2022-31885

MISC

MISC

MISC mcms — mcms

  MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability. 2022-07-01 not yet calculated CVE-2022-31943

MISC md2roff — md2roff

  ** DISPUTED ** md2roff 1.7 has a stack-based buffer overflow via a Markdown file containing a large number of consecutive characters to be processed. NOTE: the vendor’s position is that the product is not intended for untrusted input. 2022-07-02 not yet calculated CVE-2022-34913

MISC mediawiki — mediawiki

  An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack vectors within the Wikibase and WikibaseLexeme extensions. This is related to Special:NewLexeme and Special:NewProperty. 2022-06-28 not yet calculated CVE-2022-34750

MISC

MISC

MISC mediawiki — mediawiki

  An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won’t be escaped. 2022-07-02 not yet calculated CVE-2022-34912

MISC mediawiki — mediawiki

  An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to “Welcome” followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text(). 2022-07-02 not yet calculated CVE-2022-34911

MISC mermaid — mermaid

  Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary `CSS` into the generated graph allowing them to change the styling of elements outside of the generated graph, and potentially exfiltrate sensitive information by using specially crafted `CSS` selectors. The following example shows how an attacker can exfiltrate the contents of an input field by bruteforcing the `value` attribute one character at a time. Whenever there is an actual match, an `http` request will be made by the browser in order to “load” a background image that will let an attacker know what’s the value of the character. This issue may lead to `Information Disclosure` via CSS selectors and functions able to generate HTTP requests. This also allows an attacker to change the document in ways which may lead a user to perform unintended actions, such as clicking on a link, etc. This issue has been resolved in version 9.1.3. Users are advised to upgrade. Users unable to upgrade should ensure that user input is adequately escaped before embedding it in CSS blocks. 2022-06-28 not yet calculated CVE-2022-31108

MISC

CONFIRM metamask — metamask_extension

  MetaMask before 10.11.3 might allow an attacker to access a user’s secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue. 2022-06-29 not yet calculated CVE-2022-32969

MISC

MISC

MISC microsoft — edge Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638. 2022-06-29 not yet calculated CVE-2022-33639

N/A microsoft — edge Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33639. 2022-06-29 not yet calculated CVE-2022-33638

N/A microsoft — edge

  Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33638, CVE-2022-33639. 2022-06-29 not yet calculated CVE-2022-30192

N/A microweber — microweber

  Cross-site Scripting (XSS) – Stored in GitHub repository microweber/microweber prior to 1.2.19. 2022-07-01 not yet calculated CVE-2022-2280

MISC

CONFIRM microweber — microweber

  Open Redirect in GitHub repository microweber/microweber prior to 1.2.19. 2022-06-29 not yet calculated CVE-2022-2252

MISC

CONFIRM minicms — minicms

  File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php. 2022-06-28 not yet calculated CVE-2020-19896

MISC minioranges_google_authenticator — minioranges_google_authenticator_wordpress_plugin The miniOrange’s Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) 2022-06-27 not yet calculated CVE-2022-1321

MISC myadmin — myadmin

  MyAdmin v1.0 is affected by an incorrect access control vulnerability in viewing personal center in /api/user/userData?userCode=admin. 2022-06-30 not yet calculated CVE-2021-37791

MISC nagios — nagios_xi In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address. 2022-06-29 not yet calculated CVE-2022-29269

MISC

MISC

MISC

MISC nagios — nagios_xi

  In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing. 2022-06-29 not yet calculated CVE-2022-29272

MISC

MISC

MISC

MISC nagios — nagios_xi

  In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable all monitoring checks. 2022-06-29 not yet calculated CVE-2022-29271

MISC

MISC

MISC

MISC nagios — nagios_xi

  In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address. 2022-06-29 not yet calculated CVE-2022-29270

MISC

MISC

MISC

MISC naver — whale_browser_mobile_app

  NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode. 2022-06-27 not yet calculated CVE-2020-9754

CONFIRM neors — activex

  Origin validation error vulnerability in NeoRS’s ActiveX module allows attackers to download and execute arbitrary files. Remote attackers can use this vulerability to encourage users to access crafted web pages, causing damage such as malicious code infections. 2022-06-28 not yet calculated CVE-2022-23763

MISC nextauth.js — nextauth

  NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally is converted to a `URL` object. The URL instantiation would fail due to a malformed URL being passed into the constructor, causing it to throw an unhandled error which led to the **API route handler timing out and logging in to fail**. This has been remedied in versions 3.29.5 and 4.5.0. If for some reason you cannot upgrade, the workaround requires you to rely on Advanced Initialization. Please see the documentation for more. 2022-06-27 not yet calculated CVE-2022-31093

MISC

MISC

MISC

CONFIRM nomachine — nomachine

  Incorrect permissions for the folder C:ProgramDataNoMachinevaruninstall of Nomachine v7.9.2 allows attackers to perform a DLL hijacking attack and execute arbitrary code. 2022-06-29 not yet calculated CVE-2022-34043

MISC nucleus_cms — nucleus_cms

  Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload an Htaccess file and write it to AddType application / x-httpd-php.jpg. In this way, an attacker can upload a picture with shell, treat it as PHP, execute commands, so as to take down website resources. 2022-06-30 not yet calculated CVE-2021-37770

MISC

MISC nvflare — nvflare NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity. 2022-07-01 not yet calculated CVE-2022-31604

MISC nvflare — nvflare

  NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() instead of yaml.safe_load(). The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity. 2022-07-01 not yet calculated CVE-2022-31605

MISC nvidia — dgx_a100

  NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. 2022-07-02 not yet calculated CVE-2022-28200

MISC online_railway_reservation_system — online_railway_reservation_system Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/inquiries/view_details.php. 2022-06-29 not yet calculated CVE-2022-33042

MISC online_railway_reservation_system — online_railway_reservation_system Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_message. 2022-06-29 not yet calculated CVE-2022-33058

MISC online_railway_reservation_system — online_railway_reservation_system Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_train. 2022-06-29 not yet calculated CVE-2022-33059

MISC online_railway_reservation_system — online_railway_reservation_system Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_service. 2022-06-29 not yet calculated CVE-2022-33061

MISC online_railway_reservation_system — online_railway_reservation_system Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule. 2022-06-29 not yet calculated CVE-2022-33060

MISC online_railway_reservation_system — online_railway_reservation_system Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation. 2022-06-29 not yet calculated CVE-2022-33057

MISC openhwgroup — cva6 CVA6 commit 909d85a accesses invalid memory when reading the value of MHPMCOUNTER30. 2022-06-29 not yet calculated CVE-2022-33021

MISC openhwgroup — cva6 CVA6 commit 909d85a gives incorrect permission to use special multiplication units when the format of instructions is wrong. 2022-06-29 not yet calculated CVE-2022-33023

MISC opensearch-project — opensearch-ruby

  opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. An attacker must be in control of an opensearch server and convince the victim to connect to it in order to exploit this vulnerability. The problem has been patched in opensearch-ruby gem version 2.0.1. Users are advised to upgrade. There are no known workarounds for this issue. 2022-06-30 not yet calculated CVE-2022-31115

CONFIRM

MISC

MISC openshift — openshift

  In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity. 2022-06-30 not yet calculated CVE-2013-4561

MISC

MISC openshift — openshift

  It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission. 2022-06-30 not yet calculated CVE-2014-0068

MISC openssl –openssl

  The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue. 2022-07-01 not yet calculated CVE-2022-2274

CONFIRM

CONFIRM orwell-dev-cpp — orwell-dev-cpp A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file. 2022-06-29 not yet calculated CVE-2022-33037

MISC ospfranco — link-preview-js

  The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection. 2022-07-01 not yet calculated CVE-2022-25876

CONFIRM

CONFIRM

CONFIRM oxen_i/o — session_android Session 1.13.0 allows an attacker with physical access to the victim’s device to bypass the application’s password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation. 2022-06-30 not yet calculated CVE-2022-1955

MISC

MISC

MISC packagekit — packagekit A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists. 2022-06-28 not yet calculated CVE-2022-0987

MISC parse_community — parse_server Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability impact may be low; if you are running Parse Server as single instance without redundancy, the availability impact may be high. This issue has been addressed in versions 4.10.12 and 5.2.3. Users are advised to upgrade. There are no known workarounds for this issue. 2022-06-27 not yet calculated CVE-2022-31089

CONFIRM

MISC parse_server — parse_server

  Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client response. Users are advised to upgrade. Users unable t upgrade should use `Parse.Cloud.afterLiveQueryEvent` to manually remove protected fields. 2022-06-30 not yet calculated CVE-2022-31112

MISC

MISC

CONFIRM

MISC

MISC

MISC pdfalto — pdfalto PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc. 2022-07-01 not yet calculated CVE-2022-32324

MISC perl — perl

  HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served on top of Nginx or Apache, not on the `HTTP::Daemon`. This library is commonly used for local development and tests. Users are advised to update to resolve this issue. Users unable to upgrade may add additional request handling logic as a mitigation. After calling `my $rqst = $conn->get_request()` one could inspect the returned `HTTP::Request` object. Querying the ‘Content-Length’ (`my $cl = $rqst->header(‘Content-Length’)`) will show any abnormalities that should be dealt with by a `400` response. Expected strings of ‘Content-Length’ SHOULD consist of either a single non-negative integer, or, a comma separated repetition of that number. (that is `42` or `42, 42, 42`). Anything else MUST be rejected. 2022-06-27 not yet calculated CVE-2022-31081

MISC

MISC

MISC

MISC

CONFIRM

MISC

MISC pimcore — pimcore

  Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting is not done properly in both cases, so there’s the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the listing classes. This issue has been resolved in version 10.4.4. Users are advised to upgrade or to apple the patch manually. There are no known workarounds for this issue. 2022-06-27 not yet calculated CVE-2022-31092

MISC

MISC

CONFIRM pingid — windows_login PingID Windows Login prior to 2.8 is vulnerable to a denial of service condition on local machines when combined with using offline security keys as part of authentication. 2022-06-30 not yet calculated CVE-2022-23717

MISC

MISC pingid — windows_login

  PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances. 2022-06-30 not yet calculated CVE-2022-23725

MISC

MISC pingid — windows_login

  PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. An IT administrator could mistakenly deploy administrator privileged PingID API credentials, such as those typically used by PingFederate, into PingID Windows Login user endpoints. Using sensitive full permissions properties file outside of a privileged trust boundary leads to an increased risk of exposure or discovery, and an attacker could leverage these credentials to perform administrative actions against PingID APIs or endpoints. 2022-06-30 not yet calculated CVE-2022-23720

MISC

MISC pingid — windows_login

  PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromise Ping Identity web servers, could deliver malicious code that would be executed as SYSTEM by the PingID Windows Login application. 2022-06-30 not yet calculated CVE-2022-23718

MISC

MISC pingid — windows_login

  PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A successful attack can lead to code executed as SYSTEM by the PingID Windows Login application, or even a denial of service for offline security key authentication. 2022-06-30 not yet calculated CVE-2022-23719

MISC

MISC pingidentity — pingid_mac_login

  A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. 2022-06-30 not yet calculated CVE-2021-41995

MISC

MISC piwigo –piwigo

  piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor. 2022-06-28 not yet calculated CVE-2021-40553

MISC prestashop — blockwishlist

  prestashop/blockwishlist is a prestashop extension which adds a block containing the customer’s wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue. 2022-06-27 not yet calculated CVE-2022-31101

CONFIRM

MISC projectsend — r754

  A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely. 2022-06-27 not yet calculated CVE-2017-20101

MISC

MISC

MISC raytion — custom_security_manager

  Raytion 7.2.0 allows reflected Cross-site Scripting (XSS). 2022-06-25 not yet calculated CVE-2022-29931

MISC regexfn — regexfn A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in regexfn v1.0.5 when validating crafted invalid emails. 2022-06-27 not yet calculated CVE-2021-40900

MISC repo-git-downloader — repo-git-downloader A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in repo-git-downloader v0.1.1 when downloading crafted invalid git repositories. 2022-06-27 not yet calculated CVE-2021-40899

MISC rg-eg — rg-eg

  RG-EG series gateway EG350 EG_RGOS 11.1(6) was discovered to contain a SQL injection vulnerability via the function get_alarmAction at /alarm_pi/alarmService.php. 2022-06-25 not yet calculated CVE-2022-33128

MISC robustel — r1510

  A data removal vulnerability exists in the web_server /action/remove/ API functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability. 2022-06-30 not yet calculated CVE-2022-28127

MISC robustel — robustel_r1510 Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_sdk_file/` API is affected by command injection vulnerability. 2022-06-30 not yet calculated CVE-2022-33314

MISC robustel — robustel_r1510 Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_https_cert_file/` API is affected by command injection vulnerability. 2022-06-30 not yet calculated CVE-2022-33313

MISC robustel — robustel_r1510 Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_cert_file/` API is affected by command injection vulnerability. 2022-06-30 not yet calculated CVE-2022-33312

MISC robustel — robustel_r1510 Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/config_rollback/` API is affected by a command injection vulnerability. 2022-06-30 not yet calculated CVE-2022-33326

MISC robustel — robustel_r1510 Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/remove/` API is affected by a command injection vulnerability. 2022-06-30 not yet calculated CVE-2022-33328

MISC robustel — robustel_r1510

  A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. 2022-06-30 not yet calculated CVE-2022-32585

MISC robustel — robustel_r1510

  Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/clear_tools_log/` API is affected by command injection vulnerability. 2022-06-30 not yet calculated CVE-2022-33325

MISC robustel — robustel_r1510

  Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/set_sys_time/` API is affected by a command injection vulnerability. 2022-06-30 not yet calculated CVE-2022-33329

MISC robustel — robustel_r1510

  Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/remove_sniffer_raw_log/` API is affected by a command injection vulnerability. 2022-06-30 not yet calculated CVE-2022-33327

MISC rsshub — rsshub

  RSSHub is an open source, extensible RSS feed generator. In commits prior to 5c4177441417 passing some special values to the `filter` and `filterout` parameters can cause an abnormally high CPU. This results in an impact on the performance of the servers and RSSHub services which may lead to a denial of service. This issue has been fixed in commit 5c4177441417 and all users are advised to upgrade. There are no known workarounds for this issue. 2022-06-29 not yet calculated CVE-2022-31110

CONFIRM

MISC

MISC ruby-mysql — ruby-mysql

  A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later. 2022-06-28 not yet calculated CVE-2021-3779

MISC ruckus — wireless_zonedirector

  Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirector 9.8.3.0. 2022-06-27 not yet calculated CVE-2020-21161

MISC

MISC

MISC rulex — rulex rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately. This is a security concern for you, if your service parses untrusted rulex expressions (expressions provided by an untrusted user), and your service becomes unavailable when the process running rulex aborts due to a stack overflow. The crash is fixed in version **0.4.3**. Affected users are advised to update to this version. There are no known workarounds for this issue. 2022-06-27 not yet calculated CVE-2022-31099

CONFIRM

MISC rulex — rulex

  rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, rulex may crash, possibly enabling a Denial of Service attack. This happens when the expression contains a multi-byte UTF-8 code point in a string literal or after a backslash, because rulex tries to slice into the code point and panics as a result. This is a security concern for you, if your service parses untrusted rulex expressions (expressions provided by an untrusted user), and your service becomes unavailable when the thread running rulex panics. The crashes are fixed in version **0.4.3**. Affected users are advised to update to this version. The only known workaround for this issue is to assume that regular expression parsing will panic and to add logic to catch panics. 2022-06-27 not yet calculated CVE-2022-31100

MISC

CONFIRM sasstools — scss-tokenizer

  All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex. 2022-07-01 not yet calculated CVE-2022-25758

CONFIRM

CONFIRM

CONFIRM scaffold-helper — scaffold-helper A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scaffold-helper v1.2.0 when copying crafted invalid files. 2022-06-27 not yet calculated CVE-2021-40898

MISC scatchtools — scratchtools

  ScratchTools is a web extension designed to make interacting with the Scratch programming language community (Scratching) easier. In affected versions anybody who uses the Recently Viewed Projects feature is vulnerable to having their account taken over if they view a project that tries to. The issue is that if a user visits a project that includes Javascript in the title, then when the Recently Viewed Projects feature displays it, it could run the Javascript. This issue has been addressed in the 2.5.2 release. Users having issues scratching should open an issue in the project issue tracker https://github.com/STForScratch/ScratchTools/ 2022-06-27 not yet calculated CVE-2022-31094

CONFIRM

MISC

MISC shadeyouvpn — client

  A vulnerability, which was classified as problematic, was found in ShadeYouVPN.com Client 2.0.1.11. Affected is an unknown function. The manipulation leads to improper privilege management. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.1.12 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-28 not yet calculated CVE-2017-20107

N/A

N/A shopware — shopware

  Shopware is an open source e-commerce software made in Germany. Versions of Shopware 5 prior to version 5.7.12 are subject to an authenticated Stored XSS in Administration. Users are advised to upgrade. There are no known workarounds for this issue. 2022-06-27 not yet calculated CVE-2022-31057

MISC

CONFIRM

MISC

MISC silverstripe — framework

  Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document. 2022-06-28 not yet calculated CVE-2021-41559

MISC

MISC

MISC silverstripe — silverstripe/frameowrk

  In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR). 2022-06-29 not yet calculated CVE-2022-28803

MISC

MISC silverstripe — silverstripe/framework

  Silverstripe silverstripe/framework through 4.10 allows Session Fixation. 2022-06-28 not yet calculated CVE-2022-24444

MISC

MISC

MISC

MISC

MISC silverstripe — silverstripe/framework

  Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code. 2022-06-28 not yet calculated CVE-2022-25238

MISC

MISC

MISC

MISC silverstripe — silverstripe/assets

  Silverstripe silverstripe/assets through 1.10 allows XSS. 2022-06-28 not yet calculated CVE-2022-29858

MISC

MISC

MISC

MISC simplessus — simplessus

  A vulnerability was found in Simplessus 3.7.7. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument path with the input ..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.8.3 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-28 not yet calculated CVE-2017-20105

N/A

N/A simplessus — simplessus

  A vulnerability was found in Simplessus 3.7.7. It has been declared as critical. This vulnerability affects unknown code of the component Cookie Handler. The manipulation of the argument UWA_SID leads to sql injection (Time). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.8.3 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-28 not yet calculated CVE-2017-20104

N/A

N/A sniro-validator  — sniro-validator A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails. 2022-06-27 not yet calculated CVE-2021-40901

MISC sourcecodester — library_management_system A vulnerability was found in SourceCodester Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the component /card/index.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2022-06-27 not yet calculated CVE-2022-2212

MISC

MISC sourcecodester — library_management_system

  A vulnerability was found in SourceCodester Library Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /librarian/bookdetails.php. The manipulation of the argument id with the input ‘ AND (SELECT 9198 FROM (SELECT(SLEEP(5)))iqZA)– PbtB leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2022-06-27 not yet calculated CVE-2022-2214

MISC

MISC sourcecodester — library_management_system

  A vulnerability was found in SourceCodester Library Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_admin_details.php?id=admin. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2022-06-27 not yet calculated CVE-2022-2213

MISC

MISC sourcecodester — zoo_management_system

  SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=. 2022-06-29 not yet calculated CVE-2022-31897

MISC

MISC split-html-to-chars — split-html-to-chars A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in split-html-to-chars v1.0.5 when splitting crafted invalid htmls. 2022-06-27 not yet calculated CVE-2021-40897

MISC synapse — synapse

  Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the request causing the problem, but in other cases the Synapse process may crash altogether. It is possible to exploit this maliciously, either by malicious users on the homeserver, or by remote users sending URLs that a local user’s client may automatically request a URL preview for. Remote users are not able to exploit this directly, because the URL preview endpoint is authenticated. Deployments with `url_preview_enabled: false` set in configuration are not affected. Deployments with `url_preview_enabled: true` set in configuration **are** affected. Deployments with no configuration value set for `url_preview_enabled` are not affected, because the default is `false`. Administrators of homeservers with URL previews enabled are advised to upgrade to v1.61.1 or higher. Users unable to upgrade should set `url_preview_enabled` to false. 2022-06-28 not yet calculated CVE-2022-31052

CONFIRM

MISC

MISC teleopti — wfm

  A vulnerability classified as problematic was found in Teleopti WFM up to 7.1.0. Affected by this vulnerability is an unknown functionality of the file /TeleoptiWFM/Administration/GetOneTenant of the component Administration. The manipulation leads to information disclosure (Credentials). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. 2022-06-29 not yet calculated CVE-2017-20109

MISC

MISC teleopti — wfm

  A vulnerability, which was classified as problematic, has been found in Teleopti WFM up to 7.1.0. Affected by this issue is some unknown functionality of the component Administration. The manipulation as part of JSON leads to information disclosure (Credentials). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. 2022-06-29 not yet calculated CVE-2017-20110

MISC

MISC teleopti — wfm

  A vulnerability, which was classified as critical, was found in Teleopti WFM 7.1.0. This affects an unknown part of the component Administration. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. 2022-06-29 not yet calculated CVE-2017-20111

MISC

MISC tenda — ac23

  Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the security_5g parameter in the function formWifiBasicSet. 2022-07-01 not yet calculated CVE-2022-32384

MISC

MISC

MISC tenda — ax1806 Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule. 2022-07-01 not yet calculated CVE-2022-32032

MISC tenda — ax1806 Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand. 2022-07-01 not yet calculated CVE-2022-32030

MISC tenda — ax1806 Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the function formSetVirtualSer. 2022-07-01 not yet calculated CVE-2022-32033

MISC tenda — ax1806 Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetRouteStatic. 2022-07-01 not yet calculated CVE-2022-32031

MISC tenda — tenda_m3 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm. 2022-07-01 not yet calculated CVE-2022-32040

MISC tenda — tenda_m3 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg. 2022-07-01 not yet calculated CVE-2022-32037

MISC tenda — tenda_m3 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist. 2022-07-01 not yet calculated CVE-2022-32034

MISC tenda — tenda_m3 Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters in the function formSetStoreWeb. 2022-07-01 not yet calculated CVE-2022-32036

MISC tenda — tenda_m3 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng. 2022-07-01 not yet calculated CVE-2022-32035

MISC tenda — tenda_m3 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient. 2022-07-01 not yet calculated CVE-2022-32039

MISC tenda — tenda_m3 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo. 2022-07-01 not yet calculated CVE-2022-32043

MISC tenda — tenda_m3 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData. 2022-07-01 not yet calculated CVE-2022-32041

MISC teradici — management_console

  A vulnerability was found in Teradici Management Console 2.2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Database Management. The manipulation leads to improper privilege management. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. 2022-06-30 not yet calculated CVE-2017-20121

N/A

N/A textpattern — textpattern

  Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie’s scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. 2022-06-29 not yet calculated CVE-2021-40642

MISC

MISC that-value — that-value A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in that-value v0.1.3 when validating crafted invalid emails. 2022-06-27 not yet calculated CVE-2021-40896

MISC thinkphp — thinkphp

  ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendorleagueflysystem-cached-adaptersrcStorageAbstractCache.php. This vulnerability allows attackers to execute arbitrary code via a crafted payload. 2022-06-29 not yet calculated CVE-2022-33107

MISC thinkst — canarytokens

  Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens. This permits an attacker who recognised an HTTP-based Canarytoken (a URL) to execute Javascript in the Canarytoken’s history page (domain: canarytokens.org) when the history page is later visited by the Canarytoken’s creator. This vulnerability could be used to disable or delete the affected Canarytoken, or view its activation history. It might also be used as a stepping stone towards revealing more information about the Canarytoken’s creator to the attacker. For example, an attacker could recover the email address tied to the Canarytoken, or place Javascript on the history page that redirect the creator towards an attacker-controlled Canarytoken to show the creator’s network location. An attacker could only act on the discovered Canarytoken. This issue did not expose other Canarytokens or other Canarytoken creators. The issue has been patched on Canarytokens.org and in the latest release. No signs of successful exploitation of this vulnerability have been found. Users are advised to upgrade. There are no known workarounds for this issue. 2022-07-01 not yet calculated CVE-2022-31113

CONFIRM

MISC todo-regrex — todo-regrex A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in todo-regex v0.1.1 when matching crafted invalid TODO statements. 2022-06-27 not yet calculated CVE-2021-40895

MISC totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004137a4. 2022-07-01 not yet calculated CVE-2022-32052

MISC totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00412ef4. 2022-07-01 not yet calculated CVE-2022-32047

MISC totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00413be4. 2022-07-01 not yet calculated CVE-2022-32045

MISC totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password parameter in the function FUN_00413f80. 2022-07-01 not yet calculated CVE-2022-32044

MISC totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN_0041cc88. 2022-07-01 not yet calculated CVE-2022-32048

MISC totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN_00418540. 2022-07-01 not yet calculated CVE-2022-32049

MISC totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041af40. 2022-07-01 not yet calculated CVE-2022-32050

MISC totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN_004133c4. 2022-07-01 not yet calculated CVE-2022-32051

MISC totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_0041880c. 2022-07-01 not yet calculated CVE-2022-32046

MISC totolink — totolink_t6 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041621c. 2022-07-01 not yet calculated CVE-2022-32053

MISC trendnet — wi-fi_routers TRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discovered to contain a stack overflow via the function genacgi_main. 2022-06-27 not yet calculated CVE-2022-33007

MISC trueconf — server

  A vulnerability was found in TrueConf Server 4.3.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/group. The manipulation leads to basic cross site scripting (DOM). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2022-06-29 not yet calculated CVE-2017-20117

MISC

MISC trueconf — server

  A vulnerability was found in TrueConf Server 4.3.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/conferences/list/. The manipulation of the argument domxss leads to basic cross site scripting (DOM). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2022-06-29 not yet calculated CVE-2017-20118

MISC

MISC trueconf — server

  A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2022-06-29 not yet calculated CVE-2017-20120

MISC

MISC trueconf — server

  A vulnerability has been found in TrueConf Server 4.3.7 and classified as problematic. This vulnerability affects unknown code of the file /admin/conferences/get-all-status/. The manipulation of the argument keys[] leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2022-06-29 not yet calculated CVE-2017-20114

MISC

MISC trueconf — server

  A vulnerability, which was classified as problematic, was found in TrueConf Server 4.3.7. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2022-06-29 not yet calculated CVE-2017-20113

MISC

MISC trueconf — server

  A vulnerability was found in TrueConf Server 4.3.7 and classified as problematic. This issue affects some unknown processing of the file /admin/conferences/list/. The manipulation of the argument sort leads to basic cross site scripting (Reflected). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2022-06-29 not yet calculated CVE-2017-20115

MISC

MISC trueconf — server

  A vulnerability classified as problematic has been found in TrueConf Server 4.3.7. This affects an unknown part of the file /admin/general/change-lang. The manipulation of the argument redirect_url leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2022-06-29 not yet calculated CVE-2017-20119

MISC

MISC trurconf — server

  A vulnerability was found in TrueConf Server 4.3.7. It has been classified as problematic. Affected is an unknown function of the file /admin/group/list/. The manipulation of the argument checked_group_id leads to basic cross site scripting (Reflected). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2022-06-29 not yet calculated CVE-2017-20116

MISC

MISC tuleap — tuleap

  Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the tracker reports. An attacker with the capability to create a new tracker can execute arbitrary SQL queries. Users are advised to upgrade. There is no known workaround for this issue. 2022-06-29 not yet calculated CVE-2022-31058

MISC

CONFIRM

MISC

MISC tuleap — tuleap

  Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.111 the title of a document is not properly escaped in the search result of MyDocmanSearch widget and in the administration page of the locked documents. A malicious user with the capability to create a document could force victim to execute uncontrolled code. Users are advised to upgrade. There are no known workarounds for this issue. 2022-06-29 not yet calculated CVE-2022-31063

CONFIRM

MISC

MISC

MISC tuleap — tuleap

  Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can get access to information in those template projects because the permissions model is not properly enforced. Users are advised to upgrade. There are no known workarounds for this issue. 2022-06-29 not yet calculated CVE-2022-31032

MISC

CONFIRM

MISC

MISC

MISC

MISC vim — vim

  Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. 2022-06-30 not yet calculated CVE-2022-2257

MISC

CONFIRM vim — vim

  NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. 2022-06-27 not yet calculated CVE-2022-2208

MISC

CONFIRM

FEDORA

FEDORA vim — vim

  Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. 2022-06-26 not yet calculated CVE-2022-2206

CONFIRM

MISC

FEDORA

FEDORA vim — vim

  Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. 2022-06-27 not yet calculated CVE-2022-2210

CONFIRM

MISC

FEDORA

FEDORA vim — vim

  NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. 2022-06-28 not yet calculated CVE-2022-2231

CONFIRM

MISC

FEDORA

FEDORA vim — vim

  Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. 2022-07-01 not yet calculated CVE-2022-2264

MISC

CONFIRM vim — vim

  Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 2022-06-27 not yet calculated CVE-2022-2207

CONFIRM

MISC

FEDORA

FEDORA vim — vim

  A cross-site scripting (XSS) vulnerability in the batch add function of Urtracker Premium v4.0.1.1477 allows attackers to execute arbitrary web scripts or HTML via a crafted excel file. 2022-06-30 not yet calculated CVE-2022-33043

MISC vim — vim

  Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. 2022-07-02 not yet calculated CVE-2022-2285

MISC

CONFIRM vim — vim

  Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. 2022-07-02 not yet calculated CVE-2022-2286

CONFIRM

MISC vim — vim

  Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. 2022-07-02 not yet calculated CVE-2022-2287

MISC

CONFIRM vim — vim

  Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. 2022-07-02 not yet calculated CVE-2022-2284

CONFIRM

MISC viscosity — viscosity

  A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-30 not yet calculated CVE-2017-20123

N/A

N/A

N/A

N/A wasmtime — wasmtime

  Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime’s implementation of the SIMD proposal for WebAssembly on x86_64 contained two distinct bugs in the instruction lowerings implemented in Cranelift. The aarch64 implementation of the simd proposal is not affected. The bugs were presented in the `i8x16.swizzle` and `select` WebAssembly instructions. The `select` instruction is only affected when the inputs are of `v128` type. The correspondingly affected Cranelift instructions were `swizzle` and `select`. The `swizzle` instruction lowering in Cranelift erroneously overwrote the mask input register which could corrupt a constant value, for example. This means that future uses of the same constant may see a different value than the constant itself. The `select` instruction lowering in Cranelift wasn’t correctly implemented for vector types that are 128-bits wide. When the condition was 0 the wrong instruction was used to move the correct input to the output of the instruction meaning that only the low 32 bits were moved and the upper 96 bits of the result were left as whatever the register previously contained (instead of the input being moved from). The `select` instruction worked correctly if the condition was nonzero, however. This bug in Wasmtime’s implementation of these instructions on x86_64 represents an incorrect implementation of the specified semantics of these instructions according to the WebAssembly specification. The impact of this is benign for hosts running WebAssembly but represents possible vulnerabilities within the execution of a guest program. For example a WebAssembly program could take unintended branches or materialize incorrect values internally which runs the risk of exposing the program itself to other related vulnerabilities which can occur from miscompilations. We have released Wasmtime 0.38.1 and cranelift-codegen (and other associated cranelift crates) 0.85.1 which contain the corrected implementations of these two instructions in Cranelift. If upgrading is not an option for you at this time, you can avoid the vulnerability by disabling the Wasm simd proposal. Additionally the bug is only present on x86_64 hosts. Other aarch64 hosts are not affected. Note that s390x hosts don’t yet implement the simd proposal and are not affected. 2022-06-28 not yet calculated CVE-2022-31104

MISC

MISC

CONFIRM

MISC

MISC

MISC weaveworks — weave_gitops

  Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of registered Kubernetes clusters, including the service account tokens in plain text from Weave GitOps’s pod logs on the management cluster. An unauthorized remote attacker can also view these sensitive configurations from external log storage if enabled by the management cluster. This vulnerability is due to the client factory dumping cluster configurations and their service account tokens when the cluster manager tries to connect to an API server of a registered cluster, and a connection error occurs. An attacker could exploit this vulnerability by either accessing logs of a pod of Weave GitOps, or from external log storage and obtaining all cluster configurations of registered clusters. A successful exploit could allow the attacker to use those cluster configurations to manage the registered Kubernetes clusters. This vulnerability has been fixed by commit 567356f471353fb5c676c77f5abc2a04631d50ca. Users should upgrade to Weave GitOps core version v0.8.1-rc.6 or newer. There is no known workaround for this vulnerability. 2022-06-27 not yet calculated CVE-2022-31098

CONFIRM

MISC web2py — web2py

  Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. 2022-06-27 not yet calculated CVE-2022-33146

MISC

MISC

MISC

MISC wireapp — wire

  Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering `@mentions` in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim allowing the attacker to fully control the user account. Wire-desktop clients that are connected to a vulnerable wire-webapp version are also vulnerable to this attack. The issue has been fixed in wire-webapp 2022-05-04-production.0 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-05-04-production.0-v0.29.7-0-a6f2ded or wire-server 2022-05-04 (chart/4.11.0) or later. No known workarounds exist. 2022-06-25 not yet calculated CVE-2022-29168

CONFIRM wordpress — add_post_url

  The Add Post URL WordPress plugin through 2.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping 2022-06-27 not yet calculated CVE-2022-1913

MISC wordpress — analytics_stats_counter_statistics_plugin

  A vulnerability was found in Analytics Stats Counter Statistics Plugin 1.2.2.5 and classified as critical. This issue affects some unknown processing. The manipulation leads to code injection. The attack may be initiated remotely. 2022-06-27 not yet calculated CVE-2017-20099

MISC

MISC wordpress — armember_plugin

  The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username 2022-06-27 not yet calculated CVE-2022-1903

MISC wordpress — cimry_header_image_rotator_plugin The Cimy Header Image Rotator WordPress plugin through 6.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack 2022-06-27 not yet calculated CVE-2022-1885

MISC wordpress — clean_contact_plugin The Clean-Contact WordPress plugin through 1.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS due to the lack of sanitisation and escaping as well 2022-06-27 not yet calculated CVE-2022-1914

MISC wordpress — easy_svg_support_plugin The Easy SVG Support WordPress plugin before 3.3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads 2022-06-27 not yet calculated CVE-2022-1964

MISC wordpress — html2wp_plugin The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file 2022-06-27 not yet calculated CVE-2022-1572

MISC wordpress — html2wp_plugin

  The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on the remote server 2022-06-27 not yet calculated CVE-2022-1574

MISC wordpress — html2wp_plugin

  The HTML2WP WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them 2022-06-27 not yet calculated CVE-2022-1573

MISC wordpress — import_export_all_plugin The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks 2022-06-27 not yet calculated CVE-2022-1977

MISC wordpress — limit_login_attempts_wordpress_plugin The Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) 2022-06-27 not yet calculated CVE-2022-1029

MISC wordpress — login_with_otp_over_sms_email_whatsapp_and_google_authenticator_plugin

  The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed 2022-06-27 not yet calculated CVE-2022-1994

MISC wordpress — mailpress

  The MailPress WordPress plugin through 7.2.1 does not have CSRF checks in various places, which could allow attackers to make a logged in admin change the settings, purge log files and more via CSRF attacks 2022-06-27 not yet calculated CVE-2022-1843

MISC wordpress — malware_scanner The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) 2022-06-27 not yet calculated CVE-2022-1995

MISC wordpress — my_private_site_plugin The My Private Site WordPress plugin before 3.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack 2022-06-27 not yet calculated CVE-2022-1627

MISC wordpress — mycss_plugin

  The MyCSS WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack 2022-06-27 not yet calculated CVE-2022-1960

MISC wordpress — nested_pages_plugin The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltered_html is disallowed 2022-06-27 not yet calculated CVE-2022-1990

MISC wordpress — new_user_approve_plugin The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for bypassing the provided restrictions) and to change plugin settings by tricking admin users into visiting specially crafted websites. 2022-06-27 not yet calculated CVE-2022-1625

MISC wordpress — nextcellent_gallery_plugin

  The NextCellent Gallery WordPress plugin through 1.9.35 does not sanitise and escape some of its image settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-06-27 not yet calculated CVE-2022-1971

MISC wordpress — no_external_links_wordpress_plugin The Mihdan: No External Links WordPress plugin through 4.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-06-27 not yet calculated CVE-2022-1095

MISC wordpress — openbook_book_data_plugin The OpenBook Book Data WordPress plugin through 3.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well 2022-06-27 not yet calculated CVE-2022-1842

MISC wordpress — popups_welcome_bar_optins_and_lead_generation_plugin The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.1.8 does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks 2022-06-27 not yet calculated CVE-2022-1776

MISC wordpress — pricing_tables_plugin

  The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Reflected Cross-Site Scripting 2022-06-27 not yet calculated CVE-2022-1904

MISC wordpress — rotating_posts_plugin The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack 2022-06-27 not yet calculated CVE-2022-1847

MISC wordpress — site_offine_or_coming_soon_plugin The Site Offline or Coming Soon WordPress plugin through 1.6.6 does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads in them via a CSRF attack 2022-06-27 not yet calculated CVE-2022-1593

MISC wordpress — social_share_buttons_by_supsystic_plugin

  The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it’s ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks. 2022-06-27 not yet calculated CVE-2022-1653

MISC wordpress — tiny_contact_form_plugin

  The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack 2022-06-27 not yet calculated CVE-2022-1846

MISC wordpress — ultimate_woocommerce_csv_importer_plugin

  The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting 2022-06-27 not yet calculated CVE-2022-1470

MISC wordpress — woocommerce_plugin The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected cross-Site Scripting 2022-06-27 not yet calculated CVE-2022-1916

MISC wordpress — woocommerce_plugin

  The Product Configurator for WooCommerce WordPress plugin before 1.2.32 suffers from an arbitrary file deletion vulnerability via an AJAX action, accessible to unauthenticated users, which accepts user input that is being used in a path and passed to unlink() without validation first 2022-06-27 not yet calculated CVE-2022-1953

MISC wordpress — wp_post_styling_plugin The WP Post Styling WordPress plugin before 1.3.1 does not have CSRF checks in various actions, which could allow attackers to make a logged in admin delete plugin’s data, update the settings, add new entries and more via CSRF attacks 2022-06-27 not yet calculated CVE-2022-1845

MISC wordpress — wp_security_pro

  The WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before 4.2.1 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) 2022-06-27 not yet calculated CVE-2022-1028

MISC wordpress — wpsentry The WP Sentry WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well 2022-06-27 not yet calculated CVE-2022-1844

MISC wordpress — admin_custom_login_plugin

  A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely. 2022-06-27 not yet calculated CVE-2017-20098

MISC

MISC wordpress — brizy_plugin

  The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks 2022-06-27 not yet calculated CVE-2022-2040

MISC

MISC wordpress — brizy_plugin

  The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element content, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks 2022-06-27 not yet calculated CVE-2022-2041

MISC

MISC wordpress — flower_delivery_by_florist_ one_wordpress_plugin

  The Flower Delivery by Florist One WordPress plugin through 3.5.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setups) 2022-06-27 not yet calculated CVE-2022-1113

MISC wordpress — google_authenticator_word_presse

  The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks 2022-06-27 not yet calculated CVE-2022-0875

MISC wordpress — kama_click_counter_plugin

  A vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part of the file wp-admin/admin.php. The manipulation of the argument order_by/order with the input ASC%2c(select*from(select(sleep(2)))a) leads to sql injection (Blind). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.4.9 is able to address this issue. It is recommended to upgrade the affected component. 2022-06-27 not yet calculated CVE-2017-20103

MISC

MISC wordpress — wp_as_saml_idp_wordpress_plugin The Login using WordPress Users ( WP as SAML IDP ) WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-06-27 not yet calculated CVE-2022-1010

MISC wordpress — xcloner_plugin_wordpress_plugin

  The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key. 2022-06-27 not yet calculated CVE-2022-0444

MISC wordpress — secure_swfupload

  There is an object injection vulnerability in swfupload plugin for wordpress. 2022-06-30 not yet calculated CVE-2013-4144

MISC

MISC wuzhicms — wuzhicms

  A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter. 2022-06-28 not yet calculated CVE-2020-19897

MISC xiaongmai — multiple_versions

  Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20170327, V4.02.R11.Nat.Onvif.20161205, V4.02.R11.Nat.20170301, V4.02.R12.Nat.OnvifS.20170727 is affected by a backdoor in the macGuarder and dvrHelper binaries of DVR/NVR/IP camera firmware due to static root account credentials in the system. 2022-06-30 not yet calculated CVE-2021-41506

MISC

MISC

MISC

MISC xlpd — N/A

  XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. 2022-06-29 not yet calculated CVE-2022-33035

MISC

MISC xpdf — xpdf

  XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files. 2022-06-28 not yet calculated CVE-2022-33108

MISC

MISC

MISC yokogawa — stradom

  Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware. 2022-06-28 not yet calculated CVE-2022-29519

MISC

MISC

MISC

MISC yokogawa — stardom.fcn

  Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware. 2022-06-28 not yet calculated CVE-2022-30997

MISC

MISC

MISC

MISC zeypher_project — zepyher Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp 2022-06-28 not yet calculated CVE-2021-3433

MISC zeypher_project — zepyher

  Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr 2022-06-28 not yet calculated CVE-2021-3430

MISC zeypher_project — zepyher

  Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9 2022-06-28 not yet calculated CVE-2021-3431

MISC zeypher_project — zepyher

  Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4 2022-06-28 not yet calculated CVE-2021-3432

MISC zeypher_project — zepyher

  Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm 2022-06-28 not yet calculated CVE-2021-3434

MISC zeypher_project — zepyher

  Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh 2022-06-28 not yet calculated CVE-2021-3435

MISC zoho — manageengine_servicedesk_plus_msp Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml). 2022-07-02 not yet calculated CVE-2022-32551

MISC zulip — zulip

  Zulip is an open-source team collaboration tool. Versions 2.1.0 through and including 5.2 are vulnerable to a logic error. A stream configured as private with protected history, where new subscribers should not be allowed to see messages sent before they were subscribed, when edited causes the server to incorrectly send an API event that includes the edited message to all of the stream’s current subscribers. This API event is ignored by official clients, but can be observed by using a modified client or the browser’s developer tools. This bug will be fixed in Zulip Server 5.3. There are no known workarounds. 2022-06-25 not yet calculated CVE-2022-31017

CONFIRM

Related News

How to Craft Rich Data-Driven Infographics with Powered Template

How to Craft Rich Data-Driven Infographics with Powered Template

We’re living in a data-driven world, and this means that it’s imperative to share information in the most engaging and…
Meta Fined €265 million in Facebook Data Scraping Case in the EU

Meta Fined €265 million in Facebook Data Scraping Case in the EU

Ireland’s Data Protection Commissioner (DPC) has placed yet another fine of €265 million ($277 million) on Meta following Facebook’s data…
Critical Flaw Exploited to Bypass Fortinet Products and Compromise Orgs

Critical Flaw Exploited to Bypass Fortinet Products and Compromise Orgs

While performing routine monitoring, Cyble’s Global Sensor Intelligence (GIS) discovered a threat actor is distributing unauthorized access to several Fortinet…