Security Bulletin 16 Feb 2022 | #firefox | #chrome | #microsoftedge | #education | #technology | #infosec



CVE Number Description Base Score Reference CVE-2017-9380 OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-9380 CVE-2018-6383 Monstra CMS through 3.0.4 has an incomplete “forbidden types” list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2018-6383 CVE-2018-15139 Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2018-15139 CVE-2019-12257 Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-12257 CVE-2019-14530 An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-14530 CVE-2019-10174 A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan’s privileges. The attacker can use reflection to introduce new, malicious behavior into the application. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-10174 CVE-2020-13364 A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-13364 CVE-2020-13365 Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-13365 CVE-2019-11859 A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-11859 CVE-2020-35948 An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xcloner_restore.php write_file_action could overwrite wp-config.php, for example. Alternatively, an attacker could create an exploit chain to obtain a database dump. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-35948 CVE-2021-37343 A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-37343 CVE-2021-28816 A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS 4.5.4.1715 build 20210630 and later QTS 5.0.0.1716 build 20210701 and later QTS 4.3.3.1693 build 20210624 and later QTS 4.3.6.1750 build 20210730 and later QuTScloud c4.5.6.1755 and later QuTS hero h4.5.4.1771 build 20210825 and later 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28816 CVE-2021-37985 Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-37985 CVE-2021-37986 Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-37986 CVE-2021-37987 Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-37987 CVE-2021-37988 Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-37988 CVE-2021-4061 Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4061 CVE-2021-4062 Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4062 CVE-2021-4063 Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4063 CVE-2021-4064 Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4064 CVE-2021-4079 Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4079 CVE-2021-45960 In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45960 CVE-2022-21664 WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there’s potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 4.1.34. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21664 CVE-2022-22825 lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22825 CVE-2022-22826 nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22826 CVE-2022-22827 storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22827 CVE-2021-37197 A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.2.14 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS is vulnerable to SQL injections. This could allow an attacker to execute arbitrary SQL statements. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-37197 CVE-2021-37198 A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.2.14 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS uses a flawed implementation of CSRF prevention. An attacker could exploit this vulnerability to perform cross-site request forgery attacks. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-37198 CVE-2021-44648 GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44648 CVE-2022-0196 phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0196 CVE-2022-0197 phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0197 CVE-2022-22990 A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22990 CVE-2022-21392 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Policy Framework). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 8.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21392 CVE-2022-21699 IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21699 CVE-2021-45341 A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45341 CVE-2021-45897 SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45897 CVE-2022-21740 Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` is vulnerable to a heap overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21740 CVE-2021-46398 A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads to RCE. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46398 CVE-2022-23330 A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23330 CVE-2020-7534 A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions) 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7534 CVE-2021-22284 Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M allows an attacker to execute arbitrary code in the node running the AC800M OPC Server. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22284 CVE-2021-40420 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40420 CVE-2021-4154 A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel’s cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4154 CVE-2022-0484 Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0484 CVE-2022-22150 A memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger an exception which is improperly handled, leaving the engine in an invalid state, which can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22150 CVE-2022-22689 CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22689 CVE-2022-22723 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functions and tripping function via GOOSE can be impacted. Affected Product: Easergy P5 (All firmware versions prior to V01.401.101) 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22723 CVE-2022-22725 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functions and tripping function via GOOSE can be impacted. Affected Product: Easergy P3 (All versions prior to V30.205) 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22725 CVE-2022-22727 A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user?s local machine when the user clicks a specially crafted link. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior) 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22727 CVE-2022-23558 Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in `TfLiteIntArrayCreate`. The `TfLiteIntArrayGetSizeInBytes` returns an `int` instead of a `size_t. An attacker can control model inputs such that `computed_size` overflows the size of `int` datatype. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23558 CVE-2022-23559 Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both `embedding_size` and `lookup_size` are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write. Users are advised to upgrade to a patched version. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23559 CVE-2022-23560 Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Users are advised to upgrade as soon as possible. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23560 CVE-2022-23561 Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23561 CVE-2022-23562 Tensorflow is an Open Source Machine Learning Framework. The implementation of `Range` suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23562 CVE-2022-23566 Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in `Grappler`. The `set_output` function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23566 CVE-2022-23573 Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized (to minimize number of allocations), but does not check that the right hand side is also initialized. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23573 CVE-2022-23574 Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow’s `SpecializeType` which results in heap OOB read/write. Due to a typo, `arg` is initialized to the `i`th mutable argument in a loop where the loop index is `j`. Hence it is possible to assign to `arg` from outside the vector of arguments. Since this is a mutable proto value, it allows both read and write to outside of bounds data. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23574 CVE-2021-39280 Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through 2022-01-31. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39280 CVE-2022-24551 StarWind SAN and NAS before 0.2 build 1685 allows users to reset other users’ passwords. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24551 CVE-2021-43928 Improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability in mail sending and receiving component in Synology Mail Station before 7.0.1-42218-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43928 CVE-2021-24879 The SupportCandy WordPress plugin before 2.2.7 does not have CSRF check in the wpsc_tickets AJAX action, nor has any sanitisation or escaping in some of the filter fields which could allow attackers to make a logged in user having access to the ticket lists dashboard set an arbitrary filter (stored in their cookies) with an XSS payload in it. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24879 CVE-2021-42833 A Use of Hardcoded Credentials vulnerability exists in AquaView versions 1.60, 7.x, and 8.x that could allow an authenticated local attacker to manipulate users and system settings. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42833 CVE-2021-3835 Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3835 CVE-2022-23623 Frourio is a full stack framework, for TypeScript. Frourio users who uses frourio version prior to v0.26.0 and integration with class-validator through `validators/` folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install `class-transformer` and `reflect-metadata`. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23623 CVE-2022-23624 Frourio-express is a minimal full stack framework, for TypeScript. Frourio-express users who uses frourio-express version prior to v0.26.0 and integration with class-validator through `validators/` folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install `class-transformer` and `reflect-metadata`. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23624 CVE-2022-24450 NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the “dynamically provisioned sandbox accounts” feature. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24450 CVE-2022-21173 Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 firmware v1.05 and earlier, WRH-300WH3 firmware v1.05 and earlier, WRH-300BK3-S firmware v1.05 and earlier, WRH-300DR3-S firmware v1.05 and earlier, WRH-300LB3-S firmware v1.05 and earlier, WRH-300PN3-S firmware v1.05 and earlier, WRH-300WH3-S firmware v1.05 and earlier, and WRH-300YG3-S firmware v1.05 and earlier) allows an attacker on the adjacent network to execute an arbitrary OS command via unspecified vectors. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21173 CVE-2022-23331 In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23331 CVE-2021-45326 Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45326 CVE-2022-23626 m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file (that could contain a malicious payload) was kept on the disk. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23626 CVE-2022-24676 update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP archive. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24676 CVE-2021-46360 Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46360 CVE-2021-40360 A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The password hash of a local user account in the remote server could be granted via public API to a user on the affected system. An authenticated attacker could brute force the password hash and use it to login to the server. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40360 CVE-2022-21984 Windows DNS Server Remote Code Execution Vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21984 CVE-2022-22005 Microsoft SharePoint Server Remote Code Execution Vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22005 CVE-2022-23271 Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23272, CVE-2022-23273. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23271 CVE-2022-23272 Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23271, CVE-2022-23273. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23272 CVE-2022-23273 Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23271, CVE-2022-23272. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23273 CVE-2022-23274 Microsoft Dynamics GP Remote Code Execution Vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23274 CVE-2022-23616 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it’s possible for an unprivileged user to perform a remote code execution by injecting a groovy script in her own profile and by calling the Reset password feature since the feature is performing a save of the user profile with programming rights in the impacted versions of XWiki. The issue has been patched in XWiki 13.1RC1. There are two different possible workarounds, each consisting of modifying the XWiki/ResetPassword page. 1. The Reset password feature can be entirely disabled by deleting the XWiki/ResetPassword page. 2. The script in XWiki/ResetPassword can also be modified or removed: an administrator can replace it with a simple email contact to ask an administrator to reset the password. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23616 CVE-2021-0162 Improper input validation in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-0162 CVE-2021-0163 Improper Validation of Consistency within input in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-0163 CVE-2021-22954 A cross-site request forgery vulnerability exists in Concrete CMS <v9 that could allow an attacker to make requests on behalf of other users. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22954 CVE-2021-33115 Improper input validation for some Intel(R) PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33115 CVE-2021-4102 Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4102 CVE-2019-10942 A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X204RNA (HSR) (All versions), SCALANCE X204RNA (PRP) (All versions), SCALANCE X204RNA EEC (HSR) (All versions), SCALANCE X204RNA EEC (PRP) (All versions), SCALANCE X204RNA EEC (PRP/HSR) (All versions). The device contains a vulnerability that could allow an attacker to trigger a denial-of-service condition by sending large message packages repeatedly to the telnet service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2019-10942 CVE-2019-13933 A vulnerability has been identified in SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X204RNA (HSR) (All versions), SCALANCE X204RNA (PRP) (All versions), SCALANCE X204RNA EEC (HSR) (All versions), SCALANCE X204RNA EEC (PRP) (All versions), SCALANCE X204RNA EEC (PRP/HSR) (All versions). Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2019-13933 CVE-2021-30864 A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. A sandboxed process may be able to circumvent sandbox restrictions. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2021-30864 CVE-2021-43860 Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn’t properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there’s a null byte in the metadata file of an app. Therefore apps can grant themselves permissions without the consent of the user. Flatpak shows permissions to the user during install by reading them from the “xa.metadata” key in the commit metadata. This cannot contain a null terminator, because it is an untrusted GVariant. Flatpak compares these permissions to the *actual* metadata, from the “metadata” file to ensure it wasn’t lied to. However, the actual metadata contents are loaded in several places where they are read as simple C-style strings. That means that, if the metadata file includes a null terminator, only the content of the file from *before* the terminator gets compared to xa.metadata. Thus, any permissions that appear in the metadata file after a null terminator are applied at runtime but not shown to the user. So maliciously crafted apps can give themselves hidden permissions. Users who have Flatpaks installed from untrusted sources are at risk in case the Flatpak has a maliciously crafted metadata file, either initially or in an update. This issue is patched in versions 1.12.3 and 1.10.6. As a workaround, users can manually check the permissions of installed apps by checking the metadata file or the xa.metadata key on the commit metadata. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2021-43860 CVE-2021-0066 Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable escalation of privilege via local access. 8.4 https://nvd.nist.gov/vuln/detail/CVE-2021-0066 CVE-2013-20003 Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2013-20003 CVE-2016-10524 i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of Service or content injection. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2016-10524 CVE-2021-45970 An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the status code saved at the CommBuffer+4 location). 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-45970 CVE-2022-24069 An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.0 before 05.08.41, 5.1 before 05.16.29, 5.2 before 05.26.29, 5.3 before 05.35.29, 5.4 before 05.43.29, and 5.5 before 05.51.29. An SMM callout vulnerability allows an attacker to hijack the execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-24069 CVE-2021-33627 An issue was discovered in Insyde InsydeH2O 5.x, affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-33627 CVE-2021-41837 An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-41837 CVE-2021-41838 An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-41838 CVE-2021-41839 An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-41839 CVE-2021-41840 An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control Sphere. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-41840 CVE-2021-41841 An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control Sphere. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-41841 CVE-2021-42060 An issue was discovered in Insyde InsydeH2O Kernel 5.0 through 05.08.41, Kernel 5.1 through 05.16.41, Kernel 5.2 before 05.23.22, and Kernel 5.3 before 05.32.22. An Int15ServiceSmm SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-42060 CVE-2021-42113 An issue was discovered in StorageSecurityCommandDxe in Insyde InsydeH2O with Kernel 5.1 before 05.14.28, Kernel 5.2 before 05.24.28, and Kernel 5.3 before 05.32.25. An SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-42113 CVE-2021-43323 An issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel 5.5 before 05.51.45, 5.4 before 05.43.45, 5.3 before 05.35.45, 5.2 before 05.26.45, 5.1 before 05.16.45, and 5.0 before 05.08.45. An SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-43323 CVE-2021-43615 An issue was discovered in HddPassword in Insyde InsydeH2O with kernel 5.1 before 05.16.23, 5.2 before 05.26.23, 5.3 before 05.35.23, 5.4 before 05.43.22, and 5.5 before 05.51.22. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-43615 CVE-2022-24031 An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-24031 CVE-2022-24129 The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to interact with arbitrary third-party HTTP services. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-24129 CVE-2021-21965 A denial of service vulnerability exists in the SeaMax remote configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-21965 CVE-2019-12263 Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2019-12263 CVE-2021-37725 A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-37725 CVE-2021-3935 When PgBouncer is configured to use “cert” authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-3935 CVE-2021-43145 With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-43145 CVE-2018-25029 The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2018-25029 CVE-2021-21959 A misconfiguration exists in the MQTTS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. This misconfiguration significantly simplifies a man-in-the-middle attack, which directly leads to control of device functionality. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-21959 CVE-2021-21969 An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [4] the json_object_get_string to populate the p_payload global variable. The p_payload is only 0x100 bytes long, and the total MQTT message could be up to 0x201 bytes. Because the function json_object_get_string will fill str based on the length of the json’s value and not the actual str size, this would result in a possible out-of-bounds write. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-21969 CVE-2021-21970 An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [3] the json_object_get_string to populate the p_name global variable. The p_name is only 0x80 bytes long, and the total MQTT message could be up to 0x201 bytes. Because the function json_object_get_string will fill str based on the length of the json’s value and not the actual str size, this would result in a possible out-of-bounds write. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-21970 CVE-2022-23592 Tensorflow is an Open Source Machine Learning Framework. TensorFlow’s type inference can cause a heap out of bounds read as the bounds checking is done in a `DCHECK` (which is a no-op during production). An attacker can control the `input_idx` variable such that `ix` would be larger than the number of values in `node_t.args`. The fix will be included in TensorFlow 2.8.0. This is the only affected version. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-23592 CVE-2022-21703 Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-21703 CVE-2022-21660 Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the `setUserInfo` function. Users are advised to update as soon as possible. There are no known workarounds. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-21660 CVE-2021-33113 Improper input validation for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and Killer(TM) WiFi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-33113 CVE-2022-21987 Microsoft SharePoint Server Spoofing Vulnerability. 8 https://nvd.nist.gov/vuln/detail/CVE-2022-21987 CVE-2017-8036 An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 (only). The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-8036 CVE-2017-8033 An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a specially crafted application that can write arbitrary files to the Cloud Controller VM. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-8033 CVE-2018-13405 The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2018-13405 CVE-2018-14787 In Philips’ IntelliSpace Cardiovascular (ISCV) products (ISCV Version 2.x or prior and Xcelera Version 4.1 or prior), an attacker with escalated privileges could access folders which contain executables where authenticated users have write permissions, and could then execute arbitrary code with local administrative permissions. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2018-14787 CVE-2018-16301 The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2018-16301 CVE-2019-15349 The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user’s screen, factory reset the device, obtain the user’s notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user’s text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user’s Wi-Fi passwords, obtain the user’s notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user’s text messages, and more. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-15349 CVE-2020-8781 Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-8781 CVE-2020-12525 M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12525 CVE-2021-30900 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1. A malicious application may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30900 CVE-2021-30903 This issue was addressed with improved checks. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1. A local attacker may be able to cause unexpected application termination or arbitrary code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30903 CVE-2021-30939 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing a maliciously crafted image may lead to arbitrary code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30939 CVE-2021-30949 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30949 CVE-2021-30748 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. An application may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30748 CVE-2021-30772 This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to gain root privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30772 CVE-2021-30774 A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. A malicious application may be able to gain root privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30774 CVE-2021-30784 Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.5. A local attacker may be able to execute code on the Apple T2 Security Chip. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30784 CVE-2021-30792 An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Processing a maliciously crafted image may lead to arbitrary code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30792 CVE-2021-41864 prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41864 CVE-2021-30835 This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted image may lead to arbitrary code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30835 CVE-2021-30838 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to execute arbitrary code with system privileges on devices with an Apple Neural Engine. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30838 CVE-2021-30834 A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, Security Update 2021-007 Catalina. Processing a malicious audio file may result in unexpected application termination or arbitrary code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30834 CVE-2021-43336 An Out-of-Bounds Write vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43336 CVE-2020-16154 The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-16154 CVE-2021-40441 Windows Media Center Elevation of Privilege Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40441 CVE-2021-40452 HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40453, CVE-2021-41360. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40452 CVE-2021-40453 HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40452, CVE-2021-41360. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40453 CVE-2021-41333 Windows Print Spooler Elevation of Privilege Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41333 CVE-2021-41360 HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40452, CVE-2021-40453. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41360 CVE-2021-43207 Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43226. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43207 CVE-2021-43223 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43223 CVE-2021-43226 Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43207. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43226 CVE-2021-43240 NTFS Set Short Name Elevation of Privilege Vulnerability 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43240 CVE-2021-45469 In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45469 CVE-2021-46143 In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46143 CVE-2022-23222 kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23222 CVE-2021-23138 WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23138 CVE-2021-23157 WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23157 CVE-2021-45342 A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45342 CVE-2021-40158 A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability can be exploited to execute arbitrary code 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40158 CVE-2021-40159 An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 may lead to code execution through maliciously crafted JT files. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40159 CVE-2022-0392 Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 CVE-2022-0407 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 CVE-2022-0408 Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 CVE-2022-0413 Use After Free in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 CVE-2022-0417 Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 CVE-2022-0443 Use After Free in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 CVE-2022-24262 The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24262 CVE-2020-12891 AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12891 CVE-2021-29219 A potential local buffer overflow vulnerability has been identified in HPE FlexNetwork 5130 EL Switch Series version: Prior to 5130_EI_7.10.R3507P02. HPE has made the following software update to resolve the vulnerability in HPE FlexNetwork 5130 EL Switch Series version 5130_EL_7.10.R3507P02. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29219 CVE-2021-40401 A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40401 CVE-2021-44204 Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44204 CVE-2022-23946 A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23946 CVE-2022-23947 A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23947 CVE-2022-24113 Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24113 CVE-2022-24115 Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24115 CVE-2022-23613 xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in version 0.9.18.1 and above. Users are advised to upgrade. There are no known workarounds. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23613 CVE-2022-0520 Use After Free in NPM radare2.js prior to 5.6.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0520 CVE-2022-0523 Expired Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0523 CVE-2021-37852 ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\\SYSTEM. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-37852 CVE-2021-40363 A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V17 (All versions >= V17 Update 2), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The affected component stores the credentials of a local system account in a potentially publicly accessible project file using an outdated cipher algorithm. An attacker may use this to brute force the credentials and take over the system. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40363 CVE-2021-44000 A vulnerability has been identified in JT2Go (All versions), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V12.4 (All versions), Teamcenter Visualization V13.1 (All versions), Teamcenter Visualization V13.2 (All versions), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44000 CVE-2021-46151 A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14754, ZDI-CAN-15082) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46151 CVE-2021-46152 A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a type confusion vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14643, ZDI-CAN-14644, ZDI-CAN-14755, ZDI-CAN-15183) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46152 CVE-2021-46153 A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a memory corruption vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14645, ZDI-CAN-15305, ZDI-CAN-15589, ZDI-CAN-15599) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46153 CVE-2021-46154 A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14646, ZDI-CAN-14679, ZDI-CAN-15084, ZDI-CAN-15304) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46154 CVE-2021-46155 A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14683, ZDI-CAN-15283, ZDI-CAN-15303, ZDI-CAN-15593) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46155 CVE-2021-46156 A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14684) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46156 CVE-2021-46157 A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a memory corruption vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14757) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46157 CVE-2021-46158 A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15085, ZDI-CAN-15289, ZDI-CAN-15602) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46158 CVE-2021-46159 A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15050) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46159 CVE-2021-46160 A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15286) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46160 CVE-2021-46161 A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15302) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46161 CVE-2022-21844 HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21926, CVE-2022-21927. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21844 CVE-2022-21926 HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21844, CVE-2022-21927. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21926 CVE-2022-21927 HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21844, CVE-2022-21926. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21927 CVE-2022-21971 Windows Runtime Remote Code Execution Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21971 CVE-2022-21974 Roaming Security Rights Management Services Remote Code Execution Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21974 CVE-2022-21981 Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22000. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21981 CVE-2022-21988 Microsoft Office Visio Remote Code Execution Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21988 CVE-2022-21989 Windows Kernel Elevation of Privilege Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21989 CVE-2022-21992 Windows Mobile Device Management Remote Code Execution Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21992 CVE-2022-21994 Windows DWM Core Library Elevation of Privilege Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21994 CVE-2022-21996 Win32k Elevation of Privilege Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21996 CVE-2022-21999 Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21997, CVE-2022-22717, CVE-2022-22718. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21999 CVE-2022-22000 Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21981. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22000 CVE-2022-22001 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22001 CVE-2022-22003 Microsoft Office Graphics Remote Code Execution Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22003 CVE-2022-22004 Microsoft Office ClickToRun Remote Code Execution Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22004 CVE-2022-22709 VP9 Video Extensions Remote Code Execution Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22709 CVE-2022-22715 Named Pipe File System Elevation of Privilege Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22715 CVE-2022-22718 Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21997, CVE-2022-21999, CVE-2022-22717. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22718 CVE-2022-23276 SQL Server for Linux Containers Elevation of Privilege Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23276 CVE-2021-0156 Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-0156 CVE-2021-0164 Improper access control in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable escalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-0164 CVE-2021-23152 Improper access control in the Intel(R) Advisor software before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23152 CVE-2021-33101 Uncontrolled search path in the Intel(R) GPA software before version 21.2 may allow an authenticated user to potentially enable escalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33101 CVE-2021-33129 Incorrect default permissions in the software installer for the Intel(R) Advisor before version 2021.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33129 CVE-2021-33137 Out-of-bounds write in the Intel(R) Kernelflinger project may allow an authenticated user to potentially enable escalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33137 CVE-2021-37109 There is a security protection bypass vulnerability with the modem.Successful exploitation of this vulnerability may cause memory protection failure. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-37109 CVE-2022-20024 In system service, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219064; Issue ID: ALPS06219064. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20024 CVE-2022-20025 In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126832; Issue ID: ALPS06126832. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20025 CVE-2022-20026 In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126827; Issue ID: ALPS06126827. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20026 CVE-2022-20027 In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126826; Issue ID: ALPS06126826. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20027 CVE-2022-20028 In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198663; Issue ID: ALPS06198663. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20028 CVE-2022-20031 In fb driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05850708; Issue ID: ALPS05850708. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20031 CVE-2022-20040 In power_hal_manager_service, there is a possible permission bypass due to a stack-based buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219150; Issue ID: ALPS06219150. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20040 CVE-2022-20041 In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108596; Issue ID: ALPS06108596. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20041 CVE-2022-20043 In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06148177; Issue ID: ALPS06148177. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20043 CVE-2022-20044 In Bluetooth, there is a possible service crash due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126814; Issue ID: ALPS06126814. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20044 CVE-2022-20045 In Bluetooth, there is a possible service crash due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126820; Issue ID: ALPS06126820. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20045 CVE-2022-21204 Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21204 CVE-2022-21220 Improper restriction of XML external entity for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21220 CVE-2022-21825 An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 – 2111 with App Protection installed that can allow an attacker to perform local privilege escalation. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21825 CVE-2021-39619 In updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security and privacy settings of app usage due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197399948 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39619 CVE-2021-39662 In checkUriPermission of MediaProvider.java , there is a possible way to gain access to the content of media provider collections due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197302116 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39662 CVE-2021-39663 In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-200682135 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39663 CVE-2022-24348 Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2022-24348 CVE-2022-23263 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23262. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2022-23263 CVE-2017-8035 An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2017-8035 CVE-2017-12741 A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC Compact Field Unit, SIMATIC ET200AL, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200pro, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-200 SMART, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 CPU family and below (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX (F) 2010, SIMOCODE pro V EIP (incl. SIPLUS variants), SIMOCODE pro V PN (incl. SIPLUS variants), SIMOTION C, SIMOTION D (incl. SIPLUS variants), SIMOTION D4xx V4.4 for SINAMICS SM150i-2 w. PROFINET (incl. SIPLUS variants), SIMOTION P V4.4 and V4.5, SIMOTION P V5, SINAMICS DCM w. PN, SINAMICS DCP w. PN, SINAMICS G110M w. PN, SINAMICS G120(C/P/D) w. PN (incl. SIPLUS variants), SINAMICS G130 V4.7 w. PN, SINAMICS G130 V4.8 w. PN, SINAMICS G150 V4.7 w. PN, SINAMICS G150 V4.8 w. PN, SINAMICS GH150 V4.7 w. PROFINET, SINAMICS GL150 V4.7 w. PROFINET, SINAMICS GM150 V4.7 w. PROFINET, SINAMICS S110 w. PN, SINAMICS S120 V4.7 SP1 w. PN (incl. SIPLUS variants), SINAMICS S120 V4.7 w. PN (incl. SIPLUS variants), SINAMICS S120 V4.8 w. PN (incl. SIPLUS variants), SINAMICS S120 prior to V4.7 w. PN (incl. SIPLUS variants), SINAMICS S150 V4.7 w. PN, SINAMICS S150 V4.8 w. PN, SINAMICS SL150 V4.7.0 w. PROFINET, SINAMICS SL150 V4.7.4 w. PROFINET, SINAMICS SL150 V4.7.5 w. PROFINET, SINAMICS SM120 V4.7 w. PROFINET, SINAMICS V90 w. PN, SINUMERIK 840D sl, SIRIUS Soft Starter 3RW44 PN. Specially crafted packets sent to port 161/udp could cause a Denial-of-Service condition. The affected devices must be restarted manually. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2017-12741 CVE-2017-18214 The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2017-18214 CVE-2018-1000518 aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sending a specially crafted frame on an established connection. This vulnerability appears to have been fixed in 5. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-1000518 CVE-2019-6568 A vulnerability has been identified in RFID 181EIP, SIMATIC CP 1604, SIMATIC CP 1616, SIMATIC CP 343-1 Advanced, SIMATIC CP 443-1, SIMATIC CP 443-1 Advanced, SIMATIC CP 443-1 OPC UA, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7″ & 15″ (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4″ – 22″ (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F, SIMATIC IPC DiagMonitor, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600 family, SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP (incl. SIPLUS variants), SIMOCODE pro V PN (incl. SIPLUS variants), SINAMICS G130 V4.6 Control Unit, SINAMICS G130 V4.7 Control Unit, SINAMICS G130 V4.7 SP1 Control Unit, SINAMICS G130 V4.8 Control Unit, SINAMICS G130 V5.1 Control Unit, SINAMICS G130 V5.1 SP1 Control Unit, SINAMICS G150 V4.6 Control Unit, SINAMICS G150 V4.7 Control Unit, SINAMICS G150 V4.7 SP1 Control Unit, SINAMICS G150 V4.8 Control Unit, SINAMICS G150 V5.1 Control Unit, SINAMICS G150 V5.1 SP1 Control Unit, SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S150 V4.6 Control Unit, SINAMICS S150 V4.7 Control Unit, SINAMICS S150 V4.7 SP1 Control Unit, SINAMICS S150 V4.8 Control Unit, SINAMICS S150 V5.1 Control Unit, SINAMICS S150 V5.1 SP1 Control Unit, SINAMICS S210 V5.1 Control Unit, SINAMICS S210 V5.1 SP1 Control Unit, SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SIPLUS NET CP 343-1 Advanced, SIPLUS NET CP 443-1, SIPLUS NET CP 443-1 Advanced, SITOP Manager, SITOP PSU8600, SITOP UPS1600 (incl. SIPLUS variants), TIM 1531 IRC (incl. SIPLUS NET variants). The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-6568 CVE-2019-6575 A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7″ & 15″ (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4″ – 22″ (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions < V5.1.3), SIMATIC NET PC Software (All versions >= V7.1 < V16), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC-NMS (All versions < V1.0 SP1), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a denial of service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-6575 CVE-2019-10184 undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-10184 CVE-2019-12259 Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-12259 CVE-2019-12258 Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-12258 CVE-2019-10923 A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.2.1), SIMATIC ET200M (incl. SIPLUS variants) (All versions), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12 (All versions), SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12 (All versions), SIMATIC ET200ecoPN, 4AO U/I 4xM12 (All versions), SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12 (All versions), SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12 (All versions), SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12 (All versions), SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12 (All versions), SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12 (All versions), SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12 (All versions), SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12 (All versions), SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12 (All versions), SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12 (All versions), SIMATIC ET200ecoPN: IO-Link Master (All versions), SIMATIC ET200pro (All versions), SIMATIC NET CP 1604 (All versions < V2.8), SIMATIC NET CP 1616 (All versions < V2.8), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (incl. SIPLUS variants) (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions < V1.3), SINAMICS G110M V4.7 Control Unit (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 Control Unit (All versions < V4.7 HF29), SINAMICS G150 Control Unit (All versions < V4.8), SINAMICS GH150 V4.7 Control Unit (All versions), SINAMICS GL150 V4.7 Control Unit (All versions), SINAMICS GM150 V4.7 Control Unit (All versions), SINAMICS S110 Control Unit (All versions), SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants) (All versions < V4.7 HF34), SINAMICS S150 Control Unit (All versions < V4.8), SINAMICS SL150 V4.7 Control Unit (All versions < V4.7 HF33), SINAMICS SM120 V4.7 Control Unit (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). An attacker with network access to an affected product may cause a Denial-of-Service condition by breaking the real-time synchronization (IRT) of the affected installation. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-10923 CVE-2019-10936 A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC CFU PA, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET200AL, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200pro, SIMATIC HMI Comfort Outdoor Panels 7″ & 15″ (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4″ – 22″ (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC PROFINET Driver, SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX (F) 2010, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 PN Control Unit, SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl. Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of specially crafted UDP packets are sent to device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-10936 CVE-2019-14888 A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-14888 CVE-2019-13946 A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, PROFINET Driver for Controller, RUGGEDCOM RM1224, SCALANCE M-800, SCALANCE S615, SCALANCE W-700 IEEE 802.11n family, SCALANCE X-200 switch family (incl. SIPLUS NET variants), SCALANCE X-200IRT (incl. SIPLUS NET variants), SCALANCE X-300 (incl. X408 and SIPLUS NET variants), SCALANCE XB-200, SCALANCE XC-200, SCALANCE XF-200BA, SCALANCE XM-400, SCALANCE XP-200, SCALANCE XR-300WG, SCALANCE XR-500, SIMATIC CP 1616 and CP 1604, SIMATIC CP 343-1, SIMATIC CP 343-1 Advanced, SIMATIC CP 343-1 ERPC, SIMATIC CP 343-1 Lean, SIMATIC CP 443-1, SIMATIC CP 443-1 Advanced, SIMATIC CP 443-1 OPC UA, SIMATIC ET200AL IM 157-1 PN, SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants), SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200pro, IM 154-3 PN HF, SIMATIC ET200pro, IM 154-4 PN HF, SIMATIC IPC Support, Package for VxWorks, SIMATIC MV400, SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant), SIMATIC RF180C, SIMATIC RF182C, SIMATIC RF600, SIMOTION C, SIMOTION D (incl. SIPLUS variants), SIMOTION P, SINAMICS DCP, SIPLUS NET CP 343-1, SIPLUS NET CP 343-1 Advanced, SIPLUS NET CP 343-1 Lean, SIPLUS NET CP 443-1, SIPLUS NET CP 443-1 Advanced, SOFTNET-IE PNIO. Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-13946 CVE-2019-19301 A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SIMATIC CP 442-1 RNA (All versions), SIMATIC CP 443-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 RNA (All versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions). The VxWorks-based Profinet TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-19301 CVE-2020-10705 A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the “Expect: 100-continue” header may cause an out of memory error. This flaw may potentially lead to a denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-10705 CVE-2020-5675 Out-of-bounds read vulnerability in GT21 model of GOT2000 series (GT2107-WTBD V01.39.000 and earlier, GT2107-WTSD V01.39.000 and earlier, GT2104-RTBD V01.39.000 and earlier, GT2104-PMBD V01.39.000 and earlier, and GT2103-PMBD V01.39.000 and earlier), GS21 model of GOT series (GS2110-WTBD V01.39.000 and earlier, GS2107-WTBD V01.39.000 and earlier, GS2110-WTBD-N V01.39.000 and earlier, and GS2107-WTBD-N V01.39.000 and earlier), and Tension Controller LE7-40GU-L series (LE7-40GU-L Screen package data for CC-Link IEF Basic V1.00, LE7-40GU-L Screen package data for MODBUS/TCP V1.00, and LE7-40GU-L Screen package data for SLMP V1.00) allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted packet. As a result, deterioration of communication performance or a denial-of-service (DoS) condition of the TCP communication functions of the products may occur. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-5675 CVE-2019-19343 A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-19343 CVE-2021-31542 In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-31542 CVE-2021-33571 In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) . 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33571 CVE-2020-12988 A potential denial of service (DoS) vulnerability exists in the integrated chipset that may allow a malicious attacker to hang the system when it is rebooted. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12988 CVE-2020-28400 A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, RUGGEDCOM RM1224, SCALANCE M804PB, SCALANCE M812-1 ADSL-Router, SCALANCE M816-1 ADSL-Router, SCALANCE M826-2 SHDSL-Router, SCALANCE M874-2, SCALANCE M874-3, SCALANCE M876-3, SCALANCE M876-3 (ROK), SCALANCE M876-4 (EU), SCALANCE M876-4 (NAM), SCALANCE S615, SCALANCE W-1700 IEEE 802.11ac family, SCALANCE W-700 IEEE 802.11n family, SCALANCE X200-4 P IRT, SCALANCE X201-3P IRT, SCALANCE X201-3P IRT PRO, SCALANCE X202-2 IRT, SCALANCE X202-2P IRT (incl. SIPLUS NET variant), SCALANCE X202-2P IRT PRO, SCALANCE X204 IRT, SCALANCE X204 IRT PRO, SCALANCE X204-2 (incl. SIPLUS NET variant), SCALANCE X204-2FM, SCALANCE X204-2LD (incl. SIPLUS NET variant), SCALANCE X204-2LD TS, SCALANCE X204-2TS, SCALANCE X206-1, SCALANCE X206-1LD (incl. SIPLUS NET variant), SCALANCE X208 (incl. SIPLUS NET variant), SCALANCE X208PRO, SCALANCE X212-2, SCALANCE X212-2LD, SCALANCE X216, SCALANCE X224, SCALANCE X302-7EEC, SCALANCE X304-2FE, SCALANCE X306-1LDFE, SCALANCE X307-2EEC, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X308-2 (incl. SIPLUS NET variant), SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310FE, SCALANCE X320-1FE, SCALANCE X320-3LDFE, SCALANCE XB-200, SCALANCE XC-200, SCALANCE XF-200BA, SCALANCE XF201-3P IRT, SCALANCE XF202-2P IRT, SCALANCE XF204, SCALANCE XF204 IRT, SCALANCE XF204-2 (incl. SIPLUS NET variant), SCALANCE XF204-2BA IRT, SCALANCE XF206-1, SCALANCE XF208, SCALANCE XM400, SCALANCE XP-200, SCALANCE XR-300WG, SCALANCE XR324-12M, SCALANCE XR324-12M TS, SCALANCE XR324-4M EEC, SCALANCE XR324-4M PoE, SCALANCE XR324-4M PoE TS, SCALANCE XR500, SIMATIC CFU PA, SIMATIC CM 1542-1, SIMATIC CP1616/CP1604, SIMATIC CP1626, SIMATIC IE/PB-LINK V3, SIMATIC MV540 H, SIMATIC MV540 S, SIMATIC MV550 H, SIMATIC MV550 S, SIMATIC MV560 U, SIMATIC MV560 X, SIMATIC NET DK-16xx PN IO, SIMATIC PROFINET Driver, SIMATIC Power Line Booster PLB, Base Module, SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMOCODE proV Ethernet/IP, SIMOCODE proV PROFINET, SOFTNET-IE PNIO. Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-28400 CVE-2020-16839 On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-16839 CVE-2021-33196 In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive’s header) can cause a NewReader or OpenReader panic. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33196 CVE-2021-37714 jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37714 CVE-2021-30924 A denial of service issue was addressed with improved state handling. This issue is fixed in macOS Monterey 12.0.1. A remote attacker can cause a device to unexpectedly restart. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-30924 CVE-2021-40839 The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\\x2f\\x7f), enabling a remote attack that consumes CPU and memory. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40839 CVE-2021-37136 The Bzip2 decompression decoder function doesn’t allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37136 CVE-2021-37137 The Snappy frame decoder function doesn’t restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37137 CVE-2021-41771 ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41771 CVE-2021-40359 A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40359 CVE-2021-23201 NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure, data corruption, or denial of service of the device. The scope may extend to other components. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23201 CVE-2021-23217 NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or availability. The scope impact may extend to other components. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23217 CVE-2021-4044 Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-4044 CVE-2021-43219 DirectX Graphics Kernel File Denial of Service Vulnerability 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43219 CVE-2021-43222 Microsoft Message Queuing Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43236. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43222 CVE-2021-43228 SymCrypt Denial of Service Vulnerability 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43228 CVE-2021-45720 An issue was discovered in the lru crate before 0.7.1 for Rust. The iterators have a use-after-free, as demonstrated by an access after a pop operation. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45720 CVE-2021-44716 net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44716 CVE-2021-41819 CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41819 CVE-2021-24831 All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24831 CVE-2021-45115 An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45115 CVE-2021-45116 An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language’s variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45116 CVE-2022-21661 WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21661 CVE-2022-22161 An Uncontrolled Resource Consumption vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause 100% CPU load and the device to become unresponsive by sending a flood of traffic to the out-of-band management ethernet port. Continued receipted of a flood will create a sustained Denial of Service (DoS) condition. Once the flood subsides the system will recover by itself. An indication that the system is affected by this issue would be that an irq handled by the fman process is shown to be using a high percentage of CPU cycles like in the following example output: user@host> show system processes extensive … PID USERNAME PRI NICE SIZE RES STATE TIME WCPU COMMAND 31 root -84 -187 0K 16K WAIT 22.2H 56939.26% irq96: fman0 This issue affects Juniper Networks Junos OS: All versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S4; 19.4 versions prior to 19.4R2-S5, 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R2; 21.2 versions prior to 21.2R1-S1, 21.2R2. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22161 CVE-2022-21371 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21371 CVE-2021-44737 PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44737 CVE-2022-23837 In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23837 CVE-2022-23098 An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23098 CVE-2022-22993 A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. The vulnerability was addressed by creating a whitelist for valid parameters. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22993 CVE-2021-43859 XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43859 CVE-2021-43522 An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. A StorageSecurityCommandDxe SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43522 CVE-2020-5953 A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-5953 CVE-2021-33625 An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33625 CVE-2022-23833 An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23833 CVE-2021-44866 An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the ‘id’ paramter. An attacker can append SQL queries to the input to extract sensitive information from the database. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44866 CVE-2021-44246 Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain a stack overflow in the function setNoticeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IpTo parameter. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44246 CVE-2022-24143 Tenda AX3 v16.03.12.10_CN and AX12 22.03.01.2_CN was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24143 CVE-2021-46320 In OpenZeppelin <=v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible, breaking the expectation that there is a single execution. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46320 CVE-2020-12965 When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12965 CVE-2021-21964 A denial of service vulnerability exists in the Modbus configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21964 CVE-2021-22285 Improper Handling of Exceptional Conditions, Improper Check for Unusual or Exceptional Conditions vulnerability in the ABB SPIET800 and PNI800 module that allows an attacker to cause the denial of service or make the module unresponsive. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22285 CVE-2021-22286 Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22286 CVE-2021-22288 Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22288 CVE-2021-38960 IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information. IBM X-Force ID: 212047. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-38960 CVE-2022-0481 NULL Pointer Dereference in Homebrew mruby prior to 3.2. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0481 CVE-2022-22722 A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active control of the local operational network connected to the product they could potentially observe and manipulate traffic associated with product configuration. Affected Product: Easergy P5 (All firmware versions prior to V01.401.101) 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22722 CVE-2022-23590 Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorFlow `SavedModel` can be maliciously altered to cause a TensorFlow process to crash due to encountering a `StatusOr` value that is an error and forcibly extracting the value from it. We have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8.0 and TensorFlow 2.7.1, as both are affected. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23590 CVE-2022-23591 Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23591 CVE-2022-23593 Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then `maxRank` is 0, so we build an empty `SmallVector`. The fix will be included in TensorFlow 2.8.0. This is the only affected version. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23593 CVE-2022-23913 In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23913 CVE-2022-23206 In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23206 CVE-2007-20001 StarWind iSCSI SAN before 3.5 build 2007-08-09 allows socket exhaustion. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2007-20001 CVE-2022-22833 An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22833 CVE-2022-22680 Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to obtain sensitive information via unspecified vectors. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22680 CVE-2022-23320 XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23320 CVE-2021-46359 FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerability. Some transactions may not be committed successfully, and malicious users may use this to achieve double-spending attacks. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46359 CVE-2021-46389 IIPImage High Resolution Streaming Image Server prior to commit 882925b295a80ec992063deffc2a3b0d803c3195 is affected by an integer overflow in iipsrv.fcgi through malformed HTTP query parameters. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46389 CVE-2021-24839 The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CSRF checks in its wpsc_tickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action. Other actions may be affected as well. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24839 CVE-2022-21712 twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21712 CVE-2022-21193 Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allows a remote unauthenticated attacker to obtain an arbitrary file on the server via unspecified vectors. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21193 CVE-2021-45325 Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45325 CVE-2022-0524 Business Logic Errors in GitHub repository publify/publify prior to 9.2.7. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0524 CVE-2021-46354 Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter “Addr” in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increase the attack surface. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46354 CVE-2022-0538 Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0538 CVE-2021-37185 A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37185 CVE-2021-37194 A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.2.14 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS allows to upload and store arbitrary files at the webserver. This could allow an attacker to store malicious files. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37194 CVE-2021-37204 A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packet over port 102/tcp. A restart of the affected device is needed to restore normal operations. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37204 CVE-2021-37205 A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37205 CVE-2022-21965 Microsoft Teams Denial of Service Vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21965 CVE-2022-21986 .NET Denial of Service Vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21986 CVE-2022-21993 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21993 CVE-2021-41442 An HTTP smuggling attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41442 CVE-2022-23619 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it’s possible to guess if a user has an account on the wiki by using the “Forgot your password” form, even if the wiki is closed to guest users. This problem has been patched on XWiki 12.10.9, 13.4.1 and 13.6RC1. Users are advised yo update. There are no known workarounds for this issue. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23619 CVE-2021-26613 improper input validation vulnerability in nexacro permits copying file to the startup folder using rename method. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26613 CVE-2022-21205 Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an unauthenticated user to potentially enable information disclosure via network access. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21205 CVE-2022-22533 Due to improper error handling in SAP NetWeaver Application Server Java – versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22533 CVE-2021-21968 A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to arbitrary file overwrite. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-21968 CVE-2021-44420 In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-44420 CVE-2022-23132 During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level 7.3 https://nvd.nist.gov/vuln/detail/CVE-2022-23132 CVE-2021-44205 Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-44205 CVE-2021-44206 Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-44206 CVE-2019-11848 An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2019-11848 CVE-2019-11853 Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2019-11853 CVE-2019-11858 Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2019-11858 CVE-2021-37723 A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-37723 CVE-2021-37724 A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-37724 CVE-2021-34343 A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS 4.5.4.1715 build 20210630 and later QTS 5.0.0.1716 build 20210701 and later QuTScloud c4.5.6.1755 and later QuTS hero h4.5.4.1771 build 20210825 and later 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-34343 CVE-2021-42294 Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-42309. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-42294 CVE-2022-21663 WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-21663 CVE-2022-23046 PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the “subnet” parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-23046 CVE-2022-21957 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-21957 CVE-2021-43818 lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-43818 CVE-2022-0144 shelljs is vulnerable to Improper Privilege Management 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0144 CVE-2022-0393 Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 CVE-2021-32036 An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-32036 CVE-2022-23805 A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-23805 CVE-2021-25095 The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and CSRF checks in the ip2location_country_blocker_save_rules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing users from accessing the frontend. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25095 CVE-2022-0518 Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0518 CVE-2022-0519 Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0519 CVE-2022-0521 Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0521 CVE-2022-0522 Access of Memory Location Before Start of Buffer in NPM radare2.js prior to 5.6.2. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0522 CVE-2022-21995 Windows Hyper-V Remote Code Execution Vulnerability. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-21995 CVE-2022-21997 Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21999, CVE-2022-22717, CVE-2022-22718. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-21997 CVE-2021-30923 A race condition was addressed with improved locking. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to execute arbitrary code with kernel privileges. 7 https://nvd.nist.gov/vuln/detail/CVE-2021-30923 CVE-2022-24114 Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287 7 https://nvd.nist.gov/vuln/detail/CVE-2022-24114 CVE-2022-22717 Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21997, CVE-2022-21999, CVE-2022-22718. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-22717 CVE-2021-0308 In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158063095. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-0308 CVE-2021-20638 LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-20638 CVE-2021-20639 LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-20639 CVE-2021-20640 Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute an arbitrary OS command via unspecified vectors. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-20640 CVE-2021-3861 The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3861 CVE-2022-23255 Microsoft OneDrive for Android Security Feature Bypass Vulnerability. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23255 CVE-2022-20034 In Preloader XFLASH, there is a possible escalation of privilege due to an improper certificate validation. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160806. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20034 CVE-2018-14789 In Philips’ IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2018-14789 CVE-2019-11849 A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS before 4.11.0. The vulnerability may allow code execution. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2019-11849 CVE-2019-11850 A stack overflow vulnerabiltity exist in the AT command interface of ALEOS before 4.11.0. The vulnerability may allow code execution 6.7 https://nvd.nist.gov/vuln/detail/CVE-2019-11850 CVE-2021-0114 Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-0114 CVE-2021-42059 An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE driver. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-42059 CVE-2021-29218 A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentiality, integrity, and availability. HPE has provided software updates to resolve the vulnerability in HPE Agentless Management Service for Windows. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-29218 CVE-2021-0161 Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-0161 CVE-2021-0166 Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-0166 CVE-2021-0167 Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-0167 CVE-2021-0168 Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-0168 CVE-2021-0169 Uncontrolled Search Path Element in software for Intel(R) PROSet/Wireless Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-0169 CVE-2022-20030 In vow driver, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05837793; Issue ID: ALPS05837793. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-20030 CVE-2022-20038 In ccu driver, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06183335; Issue ID: ALPS06183335. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-20038 CVE-2022-20039 In ccu driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06183345; Issue ID: ALPS06183345. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-20039 CVE-2016-4530 OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote authenticated users to cause a denial of service (service outage and data loss) via a message. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2016-4530 CVE-2017-2680 Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2017-2680 CVE-2017-2681 Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2017-2681 CVE-2016-8219 An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with the SpaceAuditor role is over-privileged with the ability to restage applications. This could cause application downtime if the restage fails. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2016-8219 CVE-2020-10719 A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-10719 CVE-2019-14900 A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-14900 CVE-2020-25711 A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25711 CVE-2021-20635 Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20635 CVE-2021-20636 Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/PR5B allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20636 CVE-2021-20637 Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/PR5B allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20637 CVE-2021-20641 Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20641 CVE-2021-20642 Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20642 CVE-2021-30887 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-30887 CVE-2021-30897 An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented. This issue is fixed in macOS Monterey 12.0.1. A malicious website may exfiltrate data cross-origin. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-30897 CVE-2021-37728 A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13. Aruba has released patches for ArubaOS that address this security vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37728 CVE-2021-37989 Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37989 CVE-2021-42293 Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42293 CVE-2021-43216 Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43216 CVE-2021-38010 Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-38010 CVE-2021-45931 HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy). 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45931 CVE-2021-28715 Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel’s netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28715 CVE-2022-0155 follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0155 CVE-2021-37196 A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.2.14 only if web components are used), COMOS V10.3 (All versions >= V10.3.3.2.14 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability could allow an attacker to store files in any folder accessible by the COMOS Web webservice. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37196 CVE-2022-21682 Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory will have the full access that is specified in the manifest, so running `flatpak build` against it will gain those permissions. Normally this will not be done, so this is not problem. However, if `–mirror-screenshots-url` is specified, then flatpak-builder will launch `flatpak build –nofilesystem=host appstream-utils mirror-screenshots` after finalization, which can lead to issues even with the `–nofilesystem=host` protection. In normal use, the only issue is that these empty directories can be created wherever the user has write permissions. However, a malicious application could replace the `appstream-util` binary and potentially do something more hostile. This has been resolved in Flatpak 1.12.3 and 1.10.6 by changing the behaviour of `–nofilesystem=home` and `–nofilesystem=host`. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21682 CVE-2022-0273 Improper Access Control in Pypi calibreweb prior to 0.6.16. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0273 CVE-2021-25097 The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25097 CVE-2021-41571 In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated user. The Admin API get-message-by-id requires the user to input a topic and a ledger id. The ledger id is a pointer to the data, and it is supposed to be a valid it for the topic. Authorisation controls are performed against the topic name and there is not proper validation the that ledger id is valid in the context of such ledger. So it may happen that the user is able to read from a ledger that contains data owned by another tenant. This issue affects Apache Pulsar Apache Pulsar version 2.8.0 and prior versions; Apache Pulsar version 2.7.3 and prior versions; Apache Pulsar version 2.6.4 and prior versions. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41571 CVE-2022-24301 In Minetest before 5.4.0, players can add or subtract items from a different player’s inventory. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24301 CVE-2022-21731 Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ConcatV2` can be used to trigger a denial of service attack via a segfault caused by a type confusion. The `axis` argument is translated into `concat_dim` in the `ConcatShapeHelper` helper function. Then, a value for `min_rank` is computed based on `concat_dim`. This is then used to validate that the `values` tensor has at least the required rank. However, `WithRankAtLeast` receives the lower bound as a 64-bits value and then compares it against the maximum 32-bits integer value that could be represented. Due to the fact that `min_rank` is a 32-bits value and the value of `axis`, the `rank` argument is a negative value, so the error check is bypassed. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21731 CVE-2022-21732 Tensorflow is an Open Source Machine Learning Framework. The implementation of `ThreadPoolHandle` can be used to trigger a denial of service attack by allocating too much memory. This is because the `num_threads` argument is only checked to not be negative, but there is no upper bound on its value. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21732 CVE-2022-21733 Tensorflow is an Open Source Machine Learning Framework. The implementation of `StringNGrams` can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. We are missing a validation on `pad_witdh` and that result in computing a negative value for `ngram_width` which is later used to allocate parts of the output. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21733 CVE-2022-21736 Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseTensorSliceDataset` has an undefined behavior: under certain condition it can be made to dereference a `nullptr` value. The 3 input arguments to `SparseTensorSliceDataset` represent a sparse tensor. However, there are some preconditions that these arguments must satisfy but these are not validated in the implementation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21736 CVE-2022-23567 Tensorflow is an Open Source Machine Learning Framework. The implementations of `Sparse*Cwise*` ops are vulnerable to integer overflows. These can be used to trigger large allocations (so, OOM based denial of service) or `CHECK`-fails when building new `TensorShape` objects (so, assert failures based denial of service). We are missing some validation on the shapes of the input tensors as well as directly constructing a large `TensorShape` with user-provided dimensions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23567 CVE-2022-23568 Tensorflow is an Open Source Machine Learning Framework. The implementation of `AddManySparseToTensorsMap` is vulnerable to an integer overflow which results in a `CHECK`-fail when building new `TensorShape` objects (so, an assert failure based denial of service). We are missing some validation on the shapes of the input tensors as well as directly constructing a large `TensorShape` with user-provided dimensions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23568 CVE-2022-21725 Tensorflow is an Open Source Machine Learning Framework. The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add a check for the stride argument to ensure it is valid. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21725 CVE-2022-21729 Tensorflow is an Open Source Machine Learning Framework. The implementation of `UnravelIndex` is vulnerable to a division by zero caused by an integer overflow bug. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21729 CVE-2022-21734 Tensorflow is an Open Source Machine Learning Framework. The implementation of `MapStage` is vulnerable a `CHECK`-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21734 CVE-2022-21735 Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalMaxPool` can be made to crash a TensorFlow process via a division by 0. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21735 CVE-2022-23569 Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via `CHECK`-fails (i.e., assertion failures). This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. It is possible that other similar instances exist in TensorFlow, we will issue fixes as these are discovered. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23569 CVE-2022-21737 Tensorflow is an Open Source Machine Learning Framework. The implementation of `*Bincount` operations allows malicious users to cause denial of service by passing in arguments which would trigger a `CHECK`-fail. There are several conditions that the input arguments must satisfy. Some are not caught during shape inference and others are not caught during kernel implementation. This results in `CHECK` failures later when the output tensors get allocated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21737 CVE-2022-21738 Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21738 CVE-2022-21739 Tensorflow is an Open Source Machine Learning Framework. The implementation of `QuantizedMaxPool` has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21739 CVE-2022-21741 Tensorflow is an Open Source Machine Learning Framework. ### Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21741 CVE-2021-32732 ### Impact It’s possible to know if a user has or not an account in a wiki related to an email address, and which username(s) is actually tied to that email by forging a request to the Forgot username page. Note that since this page does not have a CSRF check it’s quite easy to perform a lot of those requests. ### Patches This issue has been patched in XWiki 12.10.5 and 13.2RC1. Two different patches are provided: – a first one to fix the CSRF problem – a more complex one that now relies on sending an email for the Forgot username process. ### Workarounds It’s possible to fix the problem without uprading by editing the ForgotUsername page in version below 13.x, to use the following code: https://github.com/xwiki/xwiki-platform/blob/69548c0320cbd772540cf4668743e69f879812cf/xwiki-platform-core/xwiki-platform-administration/xwiki-platform-administration-ui/src/main/resources/XWiki/ForgotUsername.xml#L39-L123 In version after 13.x it’s also possible to edit manually the forgotusername.vm file, but it’s really encouraged to upgrade the version here. ### References * https://jira.xwiki.org/browse/XWIKI-18384 * https://jira.xwiki.org/browse/XWIKI-18408 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Jira XWiki](https://jira.xwiki.org) * Email us at [security ML](mailto:security@xwiki.org) 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32732 CVE-2021-38130 A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage attack. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-38130 CVE-2022-22726 A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users through a limited operating system service account. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior) 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22726 CVE-2022-23557 Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in `BiasAndClamp` implementation. There is no check that the `bias_size` is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23557 CVE-2022-23564 Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23564 CVE-2022-23565 Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a `SavedModel` on disk such that `AttrDef`s of some operation are duplicated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23565 CVE-2022-23570 Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the dereferencing of the null pointer, whereas in the second case it results in a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23570 CVE-2022-23571 Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments, if the tensors have an invalid `dtype` and 0 elements or an invalid shape. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23571 CVE-2022-23572 Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the `DCHECK` function however, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the `ValueOrDie` line. This results in an assertion failure as `ret` contains an error `Status`, not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23572 CVE-2022-23575 Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23575 CVE-2022-23576 Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number of dimensions in `output_shape.dim()` or just a small number of dimensions being large enough to cause an overflow in the multiplication. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23576 CVE-2022-23577 Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23577 CVE-2022-23579 Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `SafeToRemoveIdentity` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23579 CVE-2022-23580 Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23580 CVE-2022-23581 Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `IsSimplifiableReshape` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23581 CVE-2022-23582 Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that `TensorByteSize` would trigger `CHECK` failures. `TensorShape` constructor throws a `CHECK`-fail if shape is partial or has a number of elements that would overflow the size of an `int`. The `PartialTensorShape` constructor instead does not cause a `CHECK`-abort if the shape is partial, which is exactly what this function needs to be able to return `-1`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23582 CVE-2022-23583 Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that any binary op would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the `dtype` no longer matches the `dtype` expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If `Tin` and `Tout` don’t match the type of data in `out` and `input_*` tensors then `flat<*>` would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a `CHECK` crash, hence a denial of service. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23583 CVE-2022-23584 Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23584 CVE-2022-23585 Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(…, &decode)`, the `decode` value contains allocated buffers which can only be freed by calling `png::CommonFreeDecode(&decode)`. However, several error case in the function implementation invoke the `OP_REQUIRES` macro which immediately terminates the execution of the function, without allowing for the memory free to occur. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23585 CVE-2022-23586 Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23586 CVE-2022-23588 Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that Grappler optimizer would attempt to build a tensor using a reference `dtype`. This would result in a crash due to a `CHECK`-fail in the `Tensor` constructor as reference types are not allowed. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23588 CVE-2022-23589 Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23589 CVE-2022-23595 Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so `flr->config_proto` is `nullptr`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23595 CVE-2022-23600 fleet is an open source device management, built on osquery. Versions prior to 4.9.1 expose a limited ability to spoof SAML authentication with missing audience verification. This impacts deployments using SAML SSO in two specific cases: 1. A malicious or compromised Service Provider (SP) could reuse the SAML response to log into Fleet as a user — only if the user has an account with the same email in Fleet, _and_ the user signs into the malicious SP via SAML SSO from the same Identity Provider (IdP) configured with Fleet. 2. A user with an account in Fleet could reuse a SAML response intended for another SP to log into Fleet. This is only a concern if the user is blocked from Fleet in the IdP, but continues to have an account in Fleet. If the user is blocked from the IdP entirely, this cannot be exploited. Fleet 4.9.1 resolves this issue. Users unable to upgrade should: Reduce the length of sessions on your IdP to reduce the window for malicious re-use, Limit the amount of SAML Service Providers/Applications used by user accounts with access to Fleet, and When removing access to Fleet in the IdP, delete the Fleet user from Fleet as well. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23600 CVE-2021-24843 The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX action, which could allow attackers to make a logged in admin call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24843 CVE-2021-24928 The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does not have proper access controls in the save_all_order AJAX action, nor validation and escaping when inserting user data in SQL statement, leading to an SQL injection, and allowing any authenticated user, such as subscriber, to modify arbitrary post content (for example with an XSS payload), as well as exfiltrate any data by copying it to another post. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24928 CVE-2021-24947 The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24947 CVE-2021-24993 The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them and add arbitrary products, or change the plugin’s settings for example 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24993 CVE-2021-25096 The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25096 CVE-2021-25108 The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the ip2location_country_blocker_save_rules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25108 CVE-2022-0504 Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0504 CVE-2022-0505 Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0505 CVE-2021-44864 TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buffer Overflow. Authenticated attackers can crash router httpd services via /userRpm/PingIframeRpm.htm request which contains redundant & in parameter. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44864 CVE-2021-44956 Two Heap based buffer overflow vulnerabilities exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23852. Issues that are in the jfif_decode function at ffjpeg/src/jfif.c (line 552) could cause a Denial of Service by using a crafted jpeg file. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44956 CVE-2021-44957 Global buffer overflow vulnerability exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23705. Issue is in the jfif_encode function at ffjpeg/src/jfif.c (line 708) could cause a Denial of Service by using a crafted jpeg file. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44957 CVE-2021-3813 Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3813 CVE-2022-23617 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit right can copy the content of a page it does not have access to by using it as template of a new page. This issue has been patched in XWiki 13.2CR1 and 12.10.6. Users are advised to update. There are no known workarounds for this issue. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23617 CVE-2021-0165 Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0165 CVE-2021-0172 Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0172 CVE-2021-0173 Improper Validation of Consistency within input in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a unauthenticated user to potentially enable denial of service via adjacent access. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0173 CVE-2021-0174 Improper Use of Validation Framework in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a unauthenticated user to potentially enable denial of service via adjacent access. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0174 CVE-2021-0175 Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0175 CVE-2021-0177 Improper Validation of Consistency within input in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0177 CVE-2021-0178 Improper input validation in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0178 CVE-2021-0179 Improper Use of Validation Framework in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0179 CVE-2021-0183 Improper Validation of Specified Index, Position, or Offset in Input in software for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0183 CVE-2021-33068 Null pointer dereference in subsystem for Intel(R) AMT before versions 15.0.35 may allow an authenticated user to potentially enable denial of service via network access. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33068 CVE-2021-33110 Improper input validation for some Intel(R) Wireless Bluetooth(R) products and Killer(TM) Bluetooth(R) products in Windows 10 and 11 before version 22.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33110 CVE-2022-21658 Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_dir_all` standard library function is vulnerable a race condition enabling symlink following (CWE-363). An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn’t otherwise access or delete. Rust 1.0.0 through Rust 1.58.0 is affected by this vulnerability with 1.58.1 containing a patch. Note that the following build targets don’t have usable APIs to properly mitigate the attack, and are thus still vulnerable even with a patched toolchain: macOS before version 10.10 (Yosemite) and REDOX. We recommend everyone to update to Rust 1.58.1 as soon as possible, especially people developing programs expected to run in privileged contexts (including system daemons and setuid binaries), as those have the highest risk of being affected by this. Note that adding checks in your codebase before calling remove_dir_all will not mitigate the vulnerability, as they would also be vulnerable to race conditions like remove_dir_all itself. The existing mitigation is working as intended outside of race conditions. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21658 CVE-2022-23563 Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses `tempfile.mktemp` to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in `mktemp` and the actual creation of the file by a subsequent operation (a TOC/TOU type of weakness). In several instances, TensorFlow was supposed to actually create a temporary directory instead of a file. This logic bug is hidden away by the `mktemp` function usage. We have patched the issue in several commits, replacing `mktemp` with the safer `mkstemp`/`mkdtemp` functions, according to the usage pattern. Users are advised to upgrade as soon as possible. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2022-23563 CVE-2022-23262 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23263. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2022-23262 CVE-2019-16307 A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKey parameter (deleteWebExMeetingCheck.jsp). 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-16307 CVE-2019-10219 A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-10219 CVE-2021-26698 OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-26698 CVE-2021-37402 OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-37402 CVE-2021-30890 A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-30890 CVE-2021-41184 jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-41184 CVE-2021-3641 Improper Link Resolution Before File Access (‘Link Following’) vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. This issue affects: Bitdefender GravityZone version 7.1.2.33 and prior versions. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-3641 CVE-2021-37195 A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.2.14 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to inject malicious code that is executed when loading the attachment. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-37195 CVE-2021-44829 Cross Site Scripting (XSS) vulnerability exists in index.html in AFI WebACMS through 2.1.0 via the the ID parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-44829 CVE-2022-0352 Cross-site Scripting (XSS) – Reflected in Pypi calibreweb prior to 0.6.16. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0352 CVE-2022-23598 laminas-form is a package for validating and displaying simple and complex forms. When rendering validation error messages via the `formElementErrors()` view helper shipped with laminas-form, many messages will contain the submitted value. However, in laminas-form prior to version 3.1.1, the value was not being escaped for HTML contexts, which could potentially lead to a reflected cross-site scripting attack. Versions 3.1.1 and above contain a patch to mitigate the vulnerability. A workaround is available. One may manually place code at the top of a view script where one calls the `formElementErrors()` view helper. More information about this workaround is available on the GitHub Security Advisory. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-23598 CVE-2022-22818 The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-22818 CVE-2021-45408 Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, which llows remote malicious users to redirect users to malicious sites using the “referuri” parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-45408 CVE-2022-0218 The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the ~/includes/class-template-designer.php file, in versions up to and including 3.0.9. This makes it possible for attackers with no privileges to execute the endpoint and add malicious JavaScript to a vulnerable WordPress site. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0218 CVE-2022-0380 The Fotobook WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping and the use of $_SERVER[‘PHP_SELF’] found in the ~/options-fotobook.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and including 3.2.3. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0380 CVE-2022-0381 The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping/sanitization and validation via the url parameter found in the ~/swagger-iframe.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and including 1.0.0. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0381 CVE-2022-23980 Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Yet Another Stars Rating WordPress plugin (versions <= 2.9.9), vulnerable at parameter ‘source’. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-23980 CVE-2022-0437 Cross-site Scripting (XSS) – DOM in NPM karma prior to 6.3.14. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0437 CVE-2022-0501 Cross-site Scripting (XSS) – Reflected in Packagist ptrofimov/beanstalk_console prior to 1.7.12. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0501 CVE-2022-23184 In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-23184 CVE-2021-24878 The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the [wpsc_create_ticket] shortcode embed, leading to a Reflected Cross-Site Scripting issue 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-24878 CVE-2021-25077 The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does not sanitise and escape the tab parameter before outputting it back in an admin page in an error message, leading to a Reflected Cross-Site Scripting 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25077 CVE-2022-0149 The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the woo_ce admin page. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0149 CVE-2022-21813 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-21813 CVE-2022-21814 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-21814 CVE-2021-45281 QuickBox Pro v2.4.8 contains a cross-site scripting (XSS) vulnerability at “adminuseredit.php?usertoedit=XSS”, as the user supplied input for the value of this parameter is not properly sanitized. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-45281 CVE-2022-21805 Reflected cross-site scripting vulnerability in the attached file name of php_mailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-21805 CVE-2022-22142 Reflected cross-site scripting vulnerability in the checkbox of php_mailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-22142 CVE-2022-22146 Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.1 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-22146 CVE-2021-45328 Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site (‘Open Redirect’) via internal URLs. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-45328 CVE-2021-45329 Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-45329 CVE-2022-24682 An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24682 CVE-2022-0526 Cross-site Scripting (XSS) – Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0526 CVE-2022-0527 Cross-site Scripting (XSS) – Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0527 CVE-2022-23618 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is no protection against URL redirection to untrusted sites, in particular some well known parameters (xredirect) can be used to perform url redirections. This problem has been patched in XWiki 12.10.7 and XWiki 13.3RC1. Users are advised to update. There are no known workarounds for this issue. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-23618 CVE-2022-23622 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting (XSS) vector in the `registerinline.vm` template related to the `xredirect` hidden field. This template is only used in the following conditions: 1. The wiki must be open to registration for anyone. 2. The wiki must be closed to view for Guest users or more specifically the XWiki.Registration page must be forbidden in View for guest user. A way to obtain the second condition is when administrators checked the “Prevent unregistered users from viewing pages, regardless of the page rights” box in the administration rights. This issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. There are two main ways for protecting against this vulnerability, the easiest and the best one is by applying a patch in the `registerinline.vm` template, the patch consists in checking the value of the xredirect field to ensure it matches: `<input type=”hidden” name=”xredirect” value=”$escapetool.xml($!request.xredirect)” />`. If for some reason it’s not possible to patch this file, another workaround is to ensure “Prevent unregistered users from viewing pages, regardless of the page rights” is not checked in the rights and apply a better right scheme using groups and rights on spaces. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-23622 CVE-2021-45357 Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the pwg_activity function in include/functions.inc.php. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-45357 CVE-2021-33880 The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=…). An attacker may be able to guess a password via a timing attack. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-33880 CVE-2021-36221 Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-36221 CVE-2021-21971 An out-of-bounds write vulnerability exists in the URL_decode functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to an out-of-bounds write. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-21971 CVE-2022-0536 Exposure of Sensitive Information to an Unauthorized Actor in NPM follow-redirects prior to 1.14.8. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-0536 CVE-2021-42320 Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-43242. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2021-42320 CVE-2021-43242 Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-42320. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2021-43242 CVE-2021-33114 Improper input validation for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and Killer(TM) WiFi in Windows 10 and 11 may allow an authenticated user to potentially enable denial of service via adjacent access. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2021-33114 CVE-2021-33139 Improper conditions check in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.100 may allow an authenticated user to potentially enable denial of service via adjacent access. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2021-33139 CVE-2021-33155 Improper input validation in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.100 may allow an authenticated user to potentially enable denial of service via adjacent access. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2021-33155 CVE-2022-22712 Windows Hyper-V Denial of Service Vulnerability. 5.6 https://nvd.nist.gov/vuln/detail/CVE-2022-22712 CVE-2019-15363 The Leagoo Power 5 Android device with a build fingerprint of LEAGOO/Power_5/Power_5:8.1.0/O11019/1532686195:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2019-15363 CVE-2021-21290 Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty’s multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method “File.createTempFile” on unix-like systems creates a random file, but, by default will create this file with the permissions “-rw-r–r–“. Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty’s “AbstractDiskHttpData” is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own “java.io.tmpdir” when you start the JVM or use “DefaultHttpDataFactory.setBaseDir(…)” to set the directory to something that is only readable by the current user. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21290 CVE-2021-30855 A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, iOS 15 and iPadOS 15, watchOS 8, macOS Big Sur 11.6. An application may be able to access restricted files. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-30855 CVE-2021-30905 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina. Processing a maliciously crafted file may disclose user information. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-30905 CVE-2021-30791 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Processing a maliciously crafted file may disclose user information. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-30791 CVE-2021-30811 This issue was addressed with improved checks. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8. A local attacker may be able to read sensitive information. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-30811 CVE-2021-30819 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 15 and iPadOS 15. Processing a maliciously crafted USD file may disclose memory contents. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-30819 CVE-2021-0706 In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-193444889 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0706 CVE-2021-30833 This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-30833 CVE-2021-37990 Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37990 CVE-2021-40364 A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). The affected systems store sensitive information in log files. An attacker with access to the log files could publicly expose the information or reuse it to develop further attacks on the system. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40364 CVE-2021-42295 Visual Basic for Applications Information Disclosure Vulnerability 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42295 CVE-2021-43224 Windows Common Log File System Driver Information Disclosure Vulnerability 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43224 CVE-2021-43227 Storage Spaces Controller Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43235. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43227 CVE-2021-43244 Windows Kernel Information Disclosure Vulnerability 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43244 CVE-2021-45095 pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45095 CVE-2021-45480 An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45480 CVE-2021-45958 UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45958 CVE-2021-45930 Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect). 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45930 CVE-2021-45942 OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45942 CVE-2021-46168 Spin v6.5.1 was discovered to contain an out-of-bounds write in lex() at spinlex.c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46168 CVE-2021-45343 In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45343 CVE-2022-0419 NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0419 CVE-2021-45429 A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yr_set_configuration in yara/libyara/libyara.c, which could cause a Denial of Service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45429 CVE-2022-24249 A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_write function in /box_code_base.c, which causes a Denial of Service. This vulnerability was fixed in commit 71f9871. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24249 CVE-2020-12966 AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State (SEV-ES) and Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). A local authenticated attacker could potentially exploit this vulnerability leading to leaking guest data by the malicious hypervisor. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12966 CVE-2021-36151 In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-36151 CVE-2021-40403 An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40403 CVE-2021-4043 NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-4043 CVE-2022-0264 A vulnerability was found in the Linux kernel’s eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. This flaws affects kernel versions < v5.16-rc6 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0264 CVE-2022-0487 A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0487 CVE-2022-23594 Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions about the incoming `GraphDef` before converting it to the MLIR-based dialect. If an attacker changes the `SavedModel` format on disk to invalidate these assumptions and the `GraphDef` is then converted to MLIR-based IR then they can cause a crash in the Python interpreter. Under certain scenarios, heap OOB read/writes are possible. These issues have been discovered via fuzzing and it is possible that more weaknesses exist. We will patch them as they are discovered. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23594 CVE-2022-21815 NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21815 CVE-2022-21816 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where a user in the guest OS can cause a GPU interrupt storm on the hypervisor host, leading to a denial of service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21816 CVE-2022-21985 Windows Remote Access Connection Manager Information Disclosure Vulnerability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21985 CVE-2022-21998 Windows Common Log File System Driver Information Disclosure Vulnerability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21998 CVE-2022-22002 Windows User Account Profile Picture Denial of Service Vulnerability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22002 CVE-2022-22710 Windows Common Log File System Driver Denial of Service Vulnerability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22710 CVE-2022-22716 Microsoft Excel Information Disclosure Vulnerability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22716 CVE-2022-23252 Microsoft Office Information Disclosure Vulnerability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23252 CVE-2021-0127 Insufficient control flow management in some Intel(R) Processors may allow an authenticated user to potentially enable a denial of service via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0127 CVE-2021-0145 Improper initialization of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0145 CVE-2021-0170 Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an authenticated user to potentially enable information disclosure via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0170 CVE-2021-0171 Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an authenticated user to potentially enable information disclosure via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0171 CVE-2021-33061 Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33061 CVE-2021-33096 Improper isolation of shared resources in network on chip for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33096 CVE-2021-33105 Out-of-bounds read in some Intel(R) Core(TM) processors with Radeon(TM) RX Vega M GL integrated graphics before version 21.10 may allow an authenticated user to potentially enable information disclosure via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33105 CVE-2021-33119 Improper access control in the Intel(R) RealSense(TM) DCM before version 20210625 may allow an authenticated user to potentially enable information disclosure via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33119 CVE-2021-33147 Improper conditions check in the Intel(R) IPP Crypto library before version 2021.2 may allow an authenticated user to potentially enable information disclosure via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33147 CVE-2021-33166 Incorrect default permissions for the Intel(R) RXT for Chromebook application, all versions, may allow an authenticated user to potentially enable information disclosure via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33166 CVE-2021-37115 There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37115 CVE-2022-20017 In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862991; Issue ID: ALPS05862991. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-20017 CVE-2022-20036 In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171689; Issue ID: ALPS06171689. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-20036 CVE-2022-20037 In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171705; Issue ID: ALPS06171705. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-20037 CVE-2022-20042 In Bluetooth, there is a possible information disclosure due to incorrect error handling. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108487; Issue ID: ALPS06108487. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-20042 CVE-2022-20046 In Bluetooth, there is a possible memory corruption due to a logic error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06142410; Issue ID: ALPS06142410. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-20046 CVE-2022-21133 Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21133 CVE-2022-21156 Access of uninitialized pointer in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21156 CVE-2022-21218 Uncaught exception in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable information disclosure via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21218 CVE-2022-21226 Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable information disclosure via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21226 CVE-2021-39631 In clear_data_dlg_text of strings.xml, there is a possible situation when “Clear storage” functionality sets up the wrong security/privacy expectations due to a misleading message. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-193890833 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39631 CVE-2021-39664 In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure when parsing an APK file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-203938029 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39664 CVE-2021-26699 OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-26699 CVE-2021-35478 Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All parameters used for filtering are affected. This affects users who open a crafted link or third-party web page. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-35478 CVE-2021-35479 Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-35479 CVE-2021-36787 The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 allows XSS via a crafted SVG document. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-36787 CVE-2021-37186 A vulnerability has been identified in LOGO! CMR2020 (All versions < V2.2), LOGO! CMR2040 (All versions < V2.2), SIMATIC RTU3010C (All versions < V4.0.9), SIMATIC RTU3030C (All versions < V4.0.9), SIMATIC RTU3031C (All versions < V4.0.9), SIMATIC RTU3041C (All versions < V4.0.9). The underlying TCP/IP stack does not properly calculate the random numbers used as ISN (Initial Sequence Numbers). An adjacent attacker with network access to the LAN interface could interfere with traffic, spoof the connection and gain access to sensitive information. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-37186 CVE-2022-21662 WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-21662 CVE-2022-0157 phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0157 CVE-2022-23133 An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation, the XSS payload will fire and the actor can steal session cookies and perform session hijacking to impersonate users or take over their accounts. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-23133 CVE-2022-0394 Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0394 CVE-2022-0395 Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0395 CVE-2021-43841 XWiki is a generic wiki platform offering runtime services for applications built on top of it. When using default XWiki configuration, it’s possible for an attacker to upload an SVG containing a script executed when executing the download action on the file. This problem has been patched so that the default configuration doesn’t allow to display the SVG files in the browser. Users are advised to update or to disallow uploads of SVG files. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-43841 CVE-2022-0472 Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/laracom prior to v2.0.9. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0472 CVE-2022-22804 A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists that could allow an authenticated attacker to view data, change settings, or impact availability of the software when the user visits a page containing the injected payload. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior) 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-22804 CVE-2022-0502 Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0502 CVE-2021-24880 The SupportCandy WordPress plugin before 2.2.7 does not validate and escape the page attribute of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24880 CVE-2021-25106 The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages WordPress plugin before 2.7.1 does not check for authorisation and has a flawed CSRF logic when saving its settings, allowing any authenticated users, such as subscriber, to update them. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored Cross-Site Scripting 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-25106 CVE-2022-0148 The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin before 2.0.4 was vulnerable to reflected XSS on the my-sticky-elements-leads admin page. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0148 CVE-2022-0506 Cross-site Scripting (XSS) – Stored in Packagist microweber/microweber prior to 1.2.11. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0506 CVE-2022-0509 Cross-site Scripting (XSS) – Stored in Packagist pimcore/pimcore prior to 10.3.1. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0509 CVE-2022-0510 Cross-site Scripting (XSS) – Reflected in Packagist pimcore/pimcore prior to 10.3.1. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0510 CVE-2022-21702 Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-21702 CVE-2021-45919 Studio 42 elFinder through 2.1.31 allows XSS via an SVG document. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-45919 CVE-2022-23378 A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 version of TastyIgniter. The “items%5B0%5D%5Bpath%5D” parameter of a request made to /admin/allergens/edit/1 is vulnerable. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-23378 CVE-2022-0539 Cross-site Scripting (XSS) – Stored in Packagist ptrofimov/beanstalk_console prior to 1.7.14. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0539 CVE-2021-33120 Out of bounds read under complex microarchitectural condition in memory subsystem for some Intel Atom(R) Processors may allow authenticated user to potentially enable information disclosure or cause denial of service via network access. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-33120 CVE-2022-21818 NVIDIA License System contains a vulnerability in the installation scripts for the DLS virtual appliance, where a user on a network after signing in to the portal can access other users’ credentials, allowing them to gain escalated privileges, resulting in limited impact to both confidentiality and integrity. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-21818 CVE-2019-12265 Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2019-12265 CVE-2020-1954 Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-1954 CVE-2020-13956 Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-13956 CVE-2021-45452 Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-45452 CVE-2021-35247 Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-35247 CVE-2022-23134 After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-23134 CVE-2022-21277 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21277 CVE-2022-21282 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21282 CVE-2022-21283 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21283 CVE-2022-21291 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21291 CVE-2022-21293 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21293 CVE-2022-21294 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21294 CVE-2022-21296 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21296 CVE-2022-21299 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21299 CVE-2022-21305 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21305 CVE-2022-21340 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21340 CVE-2022-21341 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21341 CVE-2022-21349 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21349 CVE-2022-21360 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21360 CVE-2022-21365 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21365 CVE-2022-21366 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21366 CVE-2021-44886 In Zammad 5.0.2, agents can configure “out of office” periods and substitute persons. If the substitute persons didn’t have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-44886 CVE-2021-46671 options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-46671 CVE-2022-23261 Microsoft Edge (Chromium-based) Tampering Vulnerability. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-23261 CVE-2022-0508 Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-0508 CVE-2021-40837 A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-40837 CVE-2022-23280 Microsoft Outlook for Mac Security Feature Bypass Vulnerability. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-23280 CVE-2021-45286 Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_index.php. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-45286 CVE-2022-21799 Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R firmware v1.13 and earlier allows an attacker on the adjacent network to inject an arbitrary script via unspecified vectors. 5.2 https://nvd.nist.gov/vuln/detail/CVE-2022-21799 CVE-2019-11857 Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2019-11857 CVE-2021-33203 Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-33203 CVE-2022-22939 VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-22939 CVE-2022-22679 Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-22679 CVE-2021-25004 The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-25004 CVE-2022-23254 Microsoft Power BI Information Disclosure Vulnerability. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-23254 CVE-2022-23621 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can read any file located in the XWiki WAR (for example xwiki.cfg and xwiki.properties) through XWiki#invokeServletAndReturnAsString as `$xwiki.invokeServletAndReturnAsString(“/WEB-INF/xwiki.cfg”)`. This issue has been patched in XWiki versions 12.10.9, 13.4.3 and 13.7-rc-1. Users are advised to update. The only workaround is to limit SCRIPT right. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-23621 CVE-2020-10687 A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10687 CVE-2021-20220 A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-20220 CVE-2021-29425 In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like “//../foo”, or “\\\\..\\foo”, the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus “limited” path traversal), if the calling code would use the result to construct a path value. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29425 CVE-2021-44717 Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44717 CVE-2022-0473 OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0473 CVE-2021-25029 The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does not sanitise and escape Course’s module, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25029 CVE-2021-25105 The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25105 CVE-2021-20877 Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) and imageCLASS LBP Series (LBP113W/LBP151DW/LBP162DW ) sold in the US, and iSENSYS (LBP162DW, LBP113W, LBP151DW, MF269dw, MF267dw, MF264dw, MF113w, MF249dw, MF247dw, MF244dw, MF237w, MF232w, MF229dw, MF217w, MF212w, MF4780w, and MF4890dw) and imageRUNNER (2206IF, 2204N, and 2204F) sold in Europe) allows remote attackers to inject an arbitrary script via unspecified vectors. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-20877 CVE-2021-25103 The Translate WordPress with GTranslate WordPress plugin before 2.9.7 does not sanitise and escape the body parameter in the url_addon/gtranslate-email.php file before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue. Note: exploitation of the issue requires knowledge of the NONCE_SALT and NONCE_KEY 4.7 https://nvd.nist.gov/vuln/detail/CVE-2021-25103 CVE-2022-23269 Microsoft Dynamics GP Spoofing Vulnerability. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2022-23269 CVE-2021-0147 Improper locking in the Power Management Controller (PMC) for some Intel Chipset firmware before versions pmc_fw_lbg_c1-21ww02a and pmc_fw_lbg_b0-21ww02a may allow a privileged user to potentially enable denial of service via local access. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-0147 CVE-2021-0176 Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable denial of service via local access. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-0176 CVE-2022-20029 In cmdq driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05747150; Issue ID: ALPS05747150. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-20029 CVE-2022-20033 In camera driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862973; Issue ID: ALPS05862973. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-20033 CVE-2022-20035 In vcu driver, there is a possible information disclosure due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171675; Issue ID: ALPS06171675. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-20035 CVE-2022-0238 phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-0238 CVE-2022-0414 Business Logic Errors in Packagist dolibarr/dolibarr prior to 16.0. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-0414 CVE-2022-0227 Business Logic Errors in GitHub repository silverstripe/silverstripe-framework prior to 4.10.1. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-0227 CVE-2022-23578 Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was previously allocated to it would leak. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-23578 CVE-2021-43929 Improper neutralization of special elements in output used by a downstream component (‘Injection’) vulnerability in work flow management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-43929 CVE-2021-25084 The Advanced Cron Manager WordPress plugin before 2.4.2 and Advanced Cron Manager Pro WordPress plugin before 2.5.3 do not have authorisation checks in some of their AJAX actions, allowing any authenticated users, such as subscriber to call them and add or remove events as well as schedules for example 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-25084 CVE-2022-22931 Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: – maildir mailbox store – Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used). 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-22931 CVE-2022-21713 Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21713 CVE-2022-24694 In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. (Only folder names are affected. Neither file names nor file contents are affected.) 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24694 CVE-2022-21968 Microsoft SharePoint Server Security Feature BypassVulnerability. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21968 CVE-2022-23256 Azure Data Explorer Spoofing Vulnerability. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-23256 CVE-2021-23219 NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to access protected information by identifying, exploiting, and loading vulnerable microcode. Such an attack may lead to information disclosure. 4.1 https://nvd.nist.gov/vuln/detail/CVE-2021-23219 CVE-2022-20032 In vow driver, there is a possible memory corruption due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05852822; Issue ID: ALPS05852822. 4.1 https://nvd.nist.gov/vuln/detail/CVE-2022-20032 CVE-2019-11856 A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials. 3.8 https://nvd.nist.gov/vuln/detail/CVE-2019-11856 CVE-2020-25684 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query’s attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. 3.7 https://nvd.nist.gov/vuln/detail/CVE-2020-25684 CVE-2020-25685 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. 3.7 https://nvd.nist.gov/vuln/detail/CVE-2020-25685 CVE-2020-25686 A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the “Birthday Attacks” section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. 3.7 https://nvd.nist.gov/vuln/detail/CVE-2020-25686 CVE-2022-21248 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). 3.7 https://nvd.nist.gov/vuln/detail/CVE-2022-21248 CVE-2022-0474 Full list of recipients from customer users in a contact field could be disclosed in notification emails event when the notification is set to be sent to each recipient individually. This issue affects: OTRS AG OTRSCustomContactFields 8.0.x version: 8.0.11 and prior versions. 3.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0474 CVE-2020-8908 A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime’s java.io.tmpdir system property to point to a location whose permissions are appropriately configured. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2020-8908 CVE-2022-24448 An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24448 CVE-2022-0317 An improper input validation vulnerability in go-attestation before 0.3.3 allows local users to provide a maliciously-formed Quote over no/some PCRs, causing AKPublic.Verify to succeed despite the inconsistency. Subsequent use of the same set of PCR values in Eventlog.Verify lacks the authentication performed by quote verification, meaning a local attacker could couple this vulnerability with a maliciously-crafted TCG log in Eventlog.Verify to spoof events in the TCG log, hence defeating remotely-attested measured-boot. We recommend upgrading to Version 0.4.0 or above. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-0317 CVE-2021-2175 Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any View, Select Any View privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Database Vault accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). 2.7 https://nvd.nist.gov/vuln/detail/CVE-2021-2175 CVE-2021-25939 In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly-privileged attacker to perform blind SSRF and send internal requests to localhost. 2.7 https://nvd.nist.gov/vuln/detail/CVE-2021-25939 CVE-2022-23605 Wire webapp is a web client for the wire messaging protocol. In versions prior to 2022-01-27-production.0 expired ephemeral messages were not reliably removed from local chat history of Wire Webapp. In versions before 2022-01-27-production.0 ephemeral messages and assets might still be accessible through the local search functionality. Any attempt to view one of these message in the chat view will then trigger the deletion. This issue only affects locally stored messages. On premise instances of wire-webapp need to be updated to 2022-01-27-production.0, so that their users are no longer affected. There are no known workarounds for this issue. 2.3 https://nvd.nist.gov/vuln/detail/CVE-2022-23605 CVE-2008-3471 Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a BIFF file with a malformed record that triggers a user-influenced size calculation, aka “File Format Parsing Vulnerability.” – https://nvd.nist.gov/vuln/detail/CVE-2008-3471 CVE-2008-4019 Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka “Formula Parsing Vulnerability.” – https://nvd.nist.gov/vuln/detail/CVE-2008-4019 CVE-2008-4250 The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka “Server Service Vulnerability.” – https://nvd.nist.gov/vuln/detail/CVE-2008-4250 CVE-2009-1270 libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang. – https://nvd.nist.gov/vuln/detail/CVE-2009-1270 CVE-2008-6976 MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request. – https://nvd.nist.gov/vuln/detail/CVE-2008-6976 CVE-2009-3856 Cross-site scripting (XSS) vulnerability in the default URI in news/ in Twilight CMS before 4.1 allows remote attackers to inject arbitrary web script or HTML via the calendar parameter. NOTE: some of these details are obtained from third party information. – https://nvd.nist.gov/vuln/detail/CVE-2009-3856 CVE-2010-0225 SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key. – https://nvd.nist.gov/vuln/detail/CVE-2010-0225 CVE-2012-1250 Logitec LAN-W300N/R routers with firmware before 2.27 do not properly restrict login access, which allows remote attackers to obtain administrative privileges and modify settings via vectors related to PPPoE authentication. – https://nvd.nist.gov/vuln/detail/CVE-2012-1250 CVE-2012-4329 The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart) via a crafted controller name. – https://nvd.nist.gov/vuln/detail/CVE-2012-4329 CVE-2014-0754 Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request. – https://nvd.nist.gov/vuln/detail/CVE-2014-0754 CVE-2015-3209 Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. – https://nvd.nist.gov/vuln/detail/CVE-2015-3209 CVE-2015-5165 The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. – https://nvd.nist.gov/vuln/detail/CVE-2015-5165 CVE-2022-23627 ArchiSteamFarm (ASF) is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Due to a bug in ASF code, introduced in version V5.2.2.2, the program didn’t adequately verify effective access of the user sending proxy (i.e. `[Bots]`) commands. In particular, a proxy-like command sent to bot `A` targeting bot `B` has incorrectly verified user’s access against bot `A` – instead of bot `B`, to which the command was originally designated. This in result allowed access to resources beyond those configured, being a security threat affecting confidentiality of other bot instances. A successful attack exploiting this bug requires a significant access granted explicitly by original owner of the ASF process prior to that, as attacker has to control at least a single bot in the process to make use of this inadequate access verification loophole. The issue is patched in ASF V5.2.2.5, V5.2.3.2 and future versions. Users are advised to update as soon as possible. – https://nvd.nist.gov/vuln/detail/CVE-2022-23627 CVE-2021-44016 A vulnerability has been identified in JT2Go (All versions), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V12.4 (All versions), Teamcenter Visualization V13.1 (All versions), Teamcenter Visualization V13.2 (All versions), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15110) – https://nvd.nist.gov/vuln/detail/CVE-2021-44016 CVE-2021-44018 A vulnerability has been identified in JT2Go (All versions), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V12.4 (All versions), Teamcenter Visualization V13.1 (All versions), Teamcenter Visualization V13.2 (All versions), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112) – https://nvd.nist.gov/vuln/detail/CVE-2021-44018 CVE-2021-44911 XE before 1.11.6 is vulnerable to Unrestricted file upload via modules/menu/menu.admin.controller.php. When uploading the Mouse over button and When selected button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities. – https://nvd.nist.gov/vuln/detail/CVE-2021-44911 CVE-2021-44912 In XE 1.116, when uploading the Normal button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities. If the .htaccess configuration is improper, for example before the XE 1.11.2 version, you can upload the PHP type file to GETSHELL. – https://nvd.nist.gov/vuln/detail/CVE-2021-44912 CVE-2021-45106 A vulnerability has been identified in SICAM TOOLBOX II (All versions). Affected applications use a circumventable access control within a database service. This could allow an attacker to access the database. – https://nvd.nist.gov/vuln/detail/CVE-2021-45106 CVE-2022-23102 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks. – https://nvd.nist.gov/vuln/detail/CVE-2022-23102 CVE-2022-23312 A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP9 Security Patch 1). The integrated web application “Online Help” in affected product contains a Cross-Site Scripting (XSS) vulnerability that could be exploited if unsuspecting users are tricked into accessing a malicious link. – https://nvd.nist.gov/vuln/detail/CVE-2022-23312 CVE-2021-41441 A DoS attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to reboot the router via sending a specially crafted URL to an authenticated victim. The authenticated victim need to visit this URL, for the router to reboot. – https://nvd.nist.gov/vuln/detail/CVE-2021-41441 CVE-2022-22566 Select Dell Client Commercial and Consumer platforms contain a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device. – https://nvd.nist.gov/vuln/detail/CVE-2022-22566 CVE-2022-22567 Select Dell Client Commercial and Consumer platforms are vulnerable to an insufficient verification of data authenticity vulnerability. An authenticated malicious user may exploit this vulnerability in order to install modified BIOS firmware. – https://nvd.nist.gov/vuln/detail/CVE-2022-22567 CVE-2022-23615 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can save a document with the right of the current user which allow accessing API requiring programming right if the current user has programming right. This has been patched in XWiki 13.0. Users are advised to update to resolve this issue. The only known workaround is to limit SCRIPT access. – https://nvd.nist.gov/vuln/detail/CVE-2022-23615 CVE-2022-23620 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML export process to contain reference elements containing filesystem syntax like “../”, “./”. or “/” in general. The referenced elements are not properly escaped. This issue has been resolved in version 13.6-rc-1. This issue can be worked around by limiting or disabling document export. – https://nvd.nist.gov/vuln/detail/CVE-2022-23620 CVE-2021-0060 Insufficient compartmentalization in HECI subsystem for the Intel(R) SPS before versions SPS_E5_04.01.04.516.0, SPS_E5_04.04.04.033.0, SPS_E5_04.04.03.281.0, SPS_E5_03.01.03.116.0, SPS_E3_05.01.04.309.0, SPS_02.04.00.101.0, SPS_SoC-A_05.00.03.114.0, SPS_SoC-X_04.00.04.326.0, SPS_SoC-X_03.00.03.117.0, IGN_E5_91.00.00.167.0, SPS_PHI_03.01.03.078.0 may allow an authenticated user to potentially enable escalation of privilege via physical access. – https://nvd.nist.gov/vuln/detail/CVE-2021-0060 CVE-2021-0072 Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable information disclosure via local access. – https://nvd.nist.gov/vuln/detail/CVE-2021-0072 CVE-2021-0076 Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable denial of service via local access. – https://nvd.nist.gov/vuln/detail/CVE-2021-0076 CVE-2021-0091 Improper access control in the firmware for some Intel(R) Processors may allow an unauthenticated user to potentially enable an escalation of privilege via local access. – https://nvd.nist.gov/vuln/detail/CVE-2021-0091 CVE-2021-0092 Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access. – https://nvd.nist.gov/vuln/detail/CVE-2021-0092 CVE-2021-0093 Incorrect default permissions in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access. – https://nvd.nist.gov/vuln/detail/CVE-2021-0093 CVE-2021-0099 Insufficient control flow management in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access. – https://nvd.nist.gov/vuln/detail/CVE-2021-0099 CVE-2021-0103 Insufficient control flow management in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. – https://nvd.nist.gov/vuln/detail/CVE-2021-0103 CVE-2021-0107 Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. – https://nvd.nist.gov/vuln/detail/CVE-2021-0107 CVE-2021-0111 NULL pointer dereference in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. – https://nvd.nist.gov/vuln/detail/CVE-2021-0111 CVE-2021-0115 Buffer overflow in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. – https://nvd.nist.gov/vuln/detail/CVE-2021-0115 CVE-2021-0116 Out-of-bounds write in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. – https://nvd.nist.gov/vuln/detail/CVE-2021-0116 CVE-2021-0117 Pointer issues in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. – https://nvd.nist.gov/vuln/detail/CVE-2021-0117 CVE-2021-0118 Out-of-bounds read in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. – https://nvd.nist.gov/vuln/detail/CVE-2021-0118 CVE-2021-0119 Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access. – https://nvd.nist.gov/vuln/detail/CVE-2021-0119 CVE-2021-0124 Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access. – https://nvd.nist.gov/vuln/detail/CVE-2021-0124 CVE-2021-0125 Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access. – https://nvd.nist.gov/vuln/detail/CVE-2021-0125 CVE-2021-22817 A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All Versions prior to V6.2 SP11 Multiple HotFix 4), Vijeo Designer Basic (All Versions prior to V1.2.1) – https://nvd.nist.gov/vuln/detail/CVE-2021-22817 CVE-2021-33107 Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure via physical access. – https://nvd.nist.gov/vuln/detail/CVE-2021-33107 CVE-2021-39943 An authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allowed a user to update the status of the check via an API call – https://nvd.nist.gov/vuln/detail/CVE-2021-39943 CVE-2021-39986 There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. – https://nvd.nist.gov/vuln/detail/CVE-2021-39986 CVE-2021-39991 There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. – https://nvd.nist.gov/vuln/detail/CVE-2021-39991 CVE-2021-39992 There is an improper security permission configuration vulnerability on ACPU.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. – https://nvd.nist.gov/vuln/detail/CVE-2021-39992 CVE-2021-39994 There is an arbitrary address access vulnerability with the product line test code.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. – https://nvd.nist.gov/vuln/detail/CVE-2021-39994 CVE-2021-39997 There is a vulnerability of unstrict input parameter verification in the audio assembly.Successful exploitation of this vulnerability may cause out-of-bounds access. – https://nvd.nist.gov/vuln/detail/CVE-2021-39997 CVE-2021-40015 There is a race condition vulnerability in the binder driver subsystem in the kernel.Successful exploitation of this vulnerability may affect kernel stability. – https://nvd.nist.gov/vuln/detail/CVE-2021-40015 CVE-2021-40044 There is a permission verification vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may cause unauthorized operations. – https://nvd.nist.gov/vuln/detail/CVE-2021-40044 CVE-2021-40045 There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality. – https://nvd.nist.gov/vuln/detail/CVE-2021-40045 CVE-2021-44454 Improper input validation in a third-party component for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. – https://nvd.nist.gov/vuln/detail/CVE-2021-44454 CVE-2022-0162 The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface. – https://nvd.nist.gov/vuln/detail/CVE-2022-0162 CVE-2022-0391 A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like ‘\\r’ and ‘\\n’ in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. – https://nvd.nist.gov/vuln/detail/CVE-2022-0391 CVE-2022-0529 A flaw was found in unzip 6.0. The vulnerability occurs during the conversion of wide string to local string that leads to a heap of out-of-bound writes. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-0529 CVE-2022-0530 A flaw was found in unzip 6.0. The vulnerability occurs during the conversion of an utf-8 string to a local string that leads to a segmentation fault. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-0530 CVE-2022-0532 An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of “safe” sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace. – https://nvd.nist.gov/vuln/detail/CVE-2022-0532 CVE-2022-0534 A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gif_get_code() and occurs when opening a malicious GIF file, which can result in a crash (segmentation fault). – https://nvd.nist.gov/vuln/detail/CVE-2022-0534 CVE-2022-21153 Improper access control in the Intel(R) Capital Global Summit Android application may allow an authenticated user to potentially enable information disclosure via local access. – https://nvd.nist.gov/vuln/detail/CVE-2022-21153 CVE-2022-21157 Improper access control in the Intel(R) Smart Campus Android application before version 6.1 may allow authenticated user to potentially enable information disclosure via local access. – https://nvd.nist.gov/vuln/detail/CVE-2022-21157 CVE-2022-21174 Improper access control in a third-party component of Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. – https://nvd.nist.gov/vuln/detail/CVE-2022-21174 CVE-2022-21203 Improper permissions in the SafeNet Sentinel driver for Intel(R) Quartus(R) Prime Standard Edition before version 21.1 may allow an authenticated user to potentially enable escalation of privilege via local access. – https://nvd.nist.gov/vuln/detail/CVE-2022-21203 CVE-2022-22528 SAP Adaptive Server Enterprise (ASE) – version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The issue is with the ASE installer and does not impact other ASE binaries. – https://nvd.nist.gov/vuln/detail/CVE-2022-22528 CVE-2022-22534 Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application. – https://nvd.nist.gov/vuln/detail/CVE-2022-22534 CVE-2022-22535 SAP ERP HCM Portugal – versions 600, 604, 608, does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts. – https://nvd.nist.gov/vuln/detail/CVE-2022-22535 CVE-2022-22537 When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3d)) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below. – https://nvd.nist.gov/vuln/detail/CVE-2022-22537 CVE-2022-22538 When a user opens a manipulated Adobe Illustrator file format (.ai, ai.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below. – https://nvd.nist.gov/vuln/detail/CVE-2022-22538 CVE-2022-22539 When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below. – https://nvd.nist.gov/vuln/detail/CVE-2022-22539 CVE-2022-22540 SAP NetWeaver AS ABAP (Workplace Server) – versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, but no risk of modification possible. – https://nvd.nist.gov/vuln/detail/CVE-2022-22540 CVE-2022-22542 S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality. – https://nvd.nist.gov/vuln/detail/CVE-2022-22542 CVE-2022-22543 SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) – versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected. – https://nvd.nist.gov/vuln/detail/CVE-2022-22543 CVE-2022-22544 Solution Manager (Diagnostics Root Cause Analysis Tools) – version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. An attacker could thereby control the managed systems. It is considered that this is a missing segregation of duty for the SAP Solution Manager administrator. Impacts of unauthorized execution of commands can lead to sensitive information disclosure, loss of system integrity and denial of service. – https://nvd.nist.gov/vuln/detail/CVE-2022-22544 CVE-2022-22545 A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform – versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756. – https://nvd.nist.gov/vuln/detail/CVE-2022-22545 CVE-2022-22546 Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad) – version 420. – https://nvd.nist.gov/vuln/detail/CVE-2022-22546 CVE-2022-22779 The Keybase Clients for macOS and Windows before version 5.9.0 fails to properly remove exploded messages initiated by a user. This can occur if the receiving user switches to a non-chat feature and places the host in a sleep state before the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from a user’s filesystem. – https://nvd.nist.gov/vuln/detail/CVE-2022-22779 CVE-2022-22780 The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3. This could lead to availability issues on the client host by exhausting system resources. – https://nvd.nist.gov/vuln/detail/CVE-2022-22780 CVE-2022-22807 A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13) – https://nvd.nist.gov/vuln/detail/CVE-2022-22807 CVE-2022-22808 A CWE-942: Permissive Cross-domain Policy with Untrusted Domains vulnerability exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13) – https://nvd.nist.gov/vuln/detail/CVE-2022-22808 CVE-2022-22809 A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) – https://nvd.nist.gov/vuln/detail/CVE-2022-22809 CVE-2022-22810 A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) – https://nvd.nist.gov/vuln/detail/CVE-2022-22810 CVE-2022-22811 A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could induce users to perform unintended actions, leading to the override of the system?s configurations when an attacker persuades a user to visit a rogue website. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) – https://nvd.nist.gov/vuln/detail/CVE-2022-22811 CVE-2022-22812 A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) – https://nvd.nist.gov/vuln/detail/CVE-2022-22812 CVE-2022-22813 A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the TLS cryptographic key and take active control of the Courier tunneling communication network, they could potentially observe and manipulate traffic associated with product configuration. – https://nvd.nist.gov/vuln/detail/CVE-2022-22813 CVE-2022-23047 Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the “Site/Organization Name”,”Site Title” and “Site Header” parameters while updating the site settings on “/exponentcms/administration/configure_site” – https://nvd.nist.gov/vuln/detail/CVE-2022-23047 CVE-2022-23048 Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at “themes/simpletheme/{rce}.php” from where can be accessed in order to execute commands. – https://nvd.nist.gov/vuln/detail/CVE-2022-23048 CVE-2022-23049 Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the “User-Agent” header when logging in. When an administrator user visits the “User Sessions” tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session. – https://nvd.nist.gov/vuln/detail/CVE-2022-23049 CVE-2022-24310 A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) – https://nvd.nist.gov/vuln/detail/CVE-2022-24310 CVE-2022-24311 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) – https://nvd.nist.gov/vuln/detail/CVE-2022-24311 CVE-2022-24312 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by adding at end of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) – https://nvd.nist.gov/vuln/detail/CVE-2022-24312 CVE-2022-24313 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) – https://nvd.nist.gov/vuln/detail/CVE-2022-24313 CVE-2022-24314 A CWE-125: Out-of-bounds Read vulnerability exists that could cause memory leaks potentially resulting in denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) – https://nvd.nist.gov/vuln/detail/CVE-2022-24314 CVE-2022-24315 A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) – https://nvd.nist.gov/vuln/detail/CVE-2022-24315 CVE-2022-24316 A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) – https://nvd.nist.gov/vuln/detail/CVE-2022-24316 CVE-2022-24317 A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) – https://nvd.nist.gov/vuln/detail/CVE-2022-24317 CVE-2022-24318 A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions) – https://nvd.nist.gov/vuln/detail/CVE-2022-24318 CVE-2022-24319 A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions) – https://nvd.nist.gov/vuln/detail/CVE-2022-24319 CVE-2022-24320 A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions) – https://nvd.nist.gov/vuln/detail/CVE-2022-24320 CVE-2022-24321 A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions) – https://nvd.nist.gov/vuln/detail/CVE-2022-24321 CVE-2022-24666 A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS frame where the frame contains priority information without any other data. This logical error caused confusion about the size of the frame, leading to a parsing error. This parsing error immediately crashes the entire process. Sending a HEADERS frame with HTTP/2 priority information does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted frame. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the frame in memory-safe code, so the crash is safe. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz. – https://nvd.nist.gov/vuln/detail/CVE-2022-24666 CVE-2022-24667 A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the parsing of HPACK-encoded header blocks that allow maliciously crafted HPACK header blocks to cause crashes in processes using swift-nio-http2. Each of these crashes is triggered instead of an integer overflow. A malicious HPACK header block could be sent on any of the HPACK-carrying frames in a HTTP/2 connection (HEADERS and PUSH_PROMISE), at any position. Sending a HPACK header block does not require any special permission, so any HTTP/2 connection peer may send one. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted field block. The impact on availability is high: receiving a frame carrying this field block immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted field blocks, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the field block in memory-safe code and the crash is triggered instead of an integer overflow. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle all conditions in the function. The principal issue was found by automated fuzzing by oss-fuzz, but several associated bugs in the same code were found by code audit and fixed at the same time – https://nvd.nist.gov/vuln/detail/CVE-2022-24667 CVE-2022-24668 A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error after frame parsing but before frame handling. ORIGIN and ALTSVC frames are not currently supported by swift-nio-http2, and should be ignored. However, one code path that encounters them has a deliberate trap instead. This was left behind from the original development process and was never removed. Sending an ALTSVC or ORIGIN frame does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send one of these frames. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send these frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself. This is a controlled, intentional crash. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz. – https://nvd.nist.gov/vuln/detail/CVE-2022-24668 CVE-2022-0558 Cross-site Scripting (XSS) – Stored in Packagist microweber/microweber prior to 1.2.11. – https://nvd.nist.gov/vuln/detail/CVE-2022-0558 CVE-2021-45901 The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists. – https://nvd.nist.gov/vuln/detail/CVE-2021-45901 CVE-2022-24111 In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be viewed without requiring a login if the URL to these portfolios is known. – https://nvd.nist.gov/vuln/detail/CVE-2022-24111 CVE-2021-31814 In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client. – https://nvd.nist.gov/vuln/detail/CVE-2021-31814 CVE-2021-37613 Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service. – https://nvd.nist.gov/vuln/detail/CVE-2021-37613 CVE-2021-3398 Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component. – https://nvd.nist.gov/vuln/detail/CVE-2021-3398 CVE-2021-41445 A reflected cross-site-scripting attack in web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to execute code in the device of the victim via sending a specific URL to the unauthenticated victim. – https://nvd.nist.gov/vuln/detail/CVE-2021-41445 CVE-2021-44892 A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x via value[_filename] in index.php, which could let a malicious user obtain server control privileges. – https://nvd.nist.gov/vuln/detail/CVE-2021-44892 CVE-2022-0011 PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on your rules) regardless of their associated URL category. This is done by creating a custom URL category list or by using an external dynamic list (EDL) in a URL Filtering profile. When the entries in these lists have a hostname pattern that does not end with a forward slash (/) or a hostname pattern that ends with an asterisk (*), any URL that starts with the specified pattern is considered a match. Entries with a caret (^) at the end of a hostname pattern match any top level domain. This may inadvertently allow or block more URLs than intended and allowing more URLs than intended represents a security risk. For example: example.com will match example.com.website.test example.com.* will match example.com.website.test example.com.^ will match example.com.test You should take special care when using such entries in policy rules that allow traffic. Where possible, use the exact list of hostname names ending with a forward slash (/) instead of using wildcards. PAN-OS 10.1 versions earlier than PAN-OS 10.1.3; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 9.1 versions earlier than PAN-OS 9.1.12; all PAN-OS 9.0 versions; PAN-OS 8.1 versions earlier than PAN-OS 8.1.21, and Prisma Access 2.2 and 2.1 versions do not allow customers to change this behavior without changing the URL category list or EDL. – https://nvd.nist.gov/vuln/detail/CVE-2022-0011 CVE-2022-0016 An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms. – https://nvd.nist.gov/vuln/detail/CVE-2022-0016 CVE-2022-0017 An improper link resolution before file access (‘link following’) vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows. GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.5 on Windows. This issue does not affect GlobalProtect app on other platforms. – https://nvd.nist.gov/vuln/detail/CVE-2022-0017 CVE-2022-0018 An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProtect portal configuration. This product behavior is intentional and poses no security risk when connecting to trusted GlobalProtect portals configured to use the same Single Sign-On credentials both for the local user account as well as the GlobalProtect login. However when the credentials are different, the local account credentials are inadvertently sent to the GlobalProtect portal for authentication. A third party MITM type of attacker cannot see these credentials in transit. This vulnerability is a concern where the GlobalProtect app is deployed on Bring-your-Own-Device (BYOD) type of clients with private local user accounts or GlobalProtect app is used to connect to different organizations. Fixed versions of GlobalProtect app have an app setting to prevent the transmission of the user’s local user credentials to the target GlobalProtect portal regardless of the portal configuration. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows and MacOS; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS This issue does not affect GlobalProtect app on other platforms. – https://nvd.nist.gov/vuln/detail/CVE-2022-0018 CVE-2022-0019 An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user’s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms. – https://nvd.nist.gov/vuln/detail/CVE-2022-0019 CVE-2022-0020 A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888. – https://nvd.nist.gov/vuln/detail/CVE-2022-0020 CVE-2022-0021 An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms. – https://nvd.nist.gov/vuln/detail/CVE-2022-0021 CVE-2022-20630 A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative privileges could exploit this vulnerability by accessing the audit logs through the CLI. A successful exploit could allow the attacker to retrieve sensitive information that includes user credentials. – https://nvd.nist.gov/vuln/detail/CVE-2022-20630 CVE-2022-20680 A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper enforcement of Administrator privilege levels for low-value sensitive data. An attacker with read-only Administrator access to the web-based management interface could exploit this vulnerability by sending a malicious HTTP request to the page that contains the sensitive data. A successful exploit could allow the attacker to collect sensitive information about users of the system and orders that have been placed using the application. – https://nvd.nist.gov/vuln/detail/CVE-2022-20680 CVE-2022-20699 Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. – https://nvd.nist.gov/vuln/detail/CVE-2022-20699 CVE-2022-20700 Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. – https://nvd.nist.gov/vuln/detail/CVE-2022-20700 CVE-2022-20701 Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. – https://nvd.nist.gov/vuln/detail/CVE-2022-20701 CVE-2022-20702 Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. – https://nvd.nist.gov/vuln/detail/CVE-2022-20702 CVE-2022-20703 Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. – https://nvd.nist.gov/vuln/detail/CVE-2022-20703 CVE-2022-20704 Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. – https://nvd.nist.gov/vuln/detail/CVE-2022-20704 CVE-2022-20705 Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. – https://nvd.nist.gov/vuln/detail/CVE-2022-20705 CVE-2022-20706 Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. – https://nvd.nist.gov/vuln/detail/CVE-2022-20706 CVE-2022-20707 Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. – https://nvd.nist.gov/vuln/detail/CVE-2022-20707 CVE-2022-20708 Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. – https://nvd.nist.gov/vuln/detail/CVE-2022-20708 CVE-2022-20709 Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. – https://nvd.nist.gov/vuln/detail/CVE-2022-20709 CVE-2022-20710 Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. – https://nvd.nist.gov/vuln/detail/CVE-2022-20710 CVE-2022-20711 Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. – https://nvd.nist.gov/vuln/detail/CVE-2022-20711 CVE-2022-20712 Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. – https://nvd.nist.gov/vuln/detail/CVE-2022-20712 CVE-2022-20738 A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature. This vulnerability is due to insufficient restrictions in the file inspection feature. An attacker could exploit this vulnerability by downloading a crafted payload through specific methods. A successful exploit could allow the attacker to bypass file inspection protections and download a malicious payload. – https://nvd.nist.gov/vuln/detail/CVE-2022-20738 CVE-2022-20749 Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. – https://nvd.nist.gov/vuln/detail/CVE-2022-20749 CVE-2021-44850 On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot image allows for a buffer overflow attack in the ROM. Because the Zynq-7000’s boot image header is unencrypted and unauthenticated before use, an attacker can modify the boot header stored on an SD card so that a secure image appears to be unencrypted, and they will be able to modify the full range of register initialization values. Normally, these registers will be restricted when booting securely. Of importance to this attack are two registers that control the SD card’s transfer type and transfer size. These registers could be modified a way that causes a buffer overflow in the ROM. – https://nvd.nist.gov/vuln/detail/CVE-2021-44850 CVE-2021-45364 A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php. – https://nvd.nist.gov/vuln/detail/CVE-2021-45364 CVE-2022-23321 A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0. – https://nvd.nist.gov/vuln/detail/CVE-2022-23321 CVE-2022-24568 Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user-supplied crafted input. – https://nvd.nist.gov/vuln/detail/CVE-2022-24568 CVE-2022-23630 Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled on one or more configurations and those configurations have common dependencies with other configurations that have dependency verification enabled. If the configuration that has dependency verification disabled is resolved first, Gradle does not verify the common dependencies for the configuration that has dependency verification enabled. Gradle 7.4 fixes that issue by validating artifacts at least once if they are present in a resolved configuration that has dependency verification active. For users who cannot update either do not use `ResolutionStrategy.disableDependencyVerification()` and do not use plugins that use that method to disable dependency verification for a single configuration or make sure resolution of configuration that disable that feature do not happen in builds that resolve configuration where the feature is enabled. – https://nvd.nist.gov/vuln/detail/CVE-2022-23630 CVE-2022-24916 Optimism before @eth-optimism/l2geth@0.5.11 allows economic griefing because a balance is duplicated upon contract self-destruction. – https://nvd.nist.gov/vuln/detail/CVE-2022-24916 CVE-2022-0554 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. – https://nvd.nist.gov/vuln/detail/CVE-2022-0554 CVE-2021-42000 When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password. – https://nvd.nist.gov/vuln/detail/CVE-2021-42000 CVE-2021-44969 Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component. – https://nvd.nist.gov/vuln/detail/CVE-2021-44969 CVE-2021-44970 MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) vulnerability via /mc-admin/page-edit.php. – https://nvd.nist.gov/vuln/detail/CVE-2021-44970 CVE-2022-24646 Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters. – https://nvd.nist.gov/vuln/detail/CVE-2022-24646 CVE-2022-24647 Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vulnerability via the unlink() function. – https://nvd.nist.gov/vuln/detail/CVE-2022-24647 CVE-2022-23772 Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. – https://nvd.nist.gov/vuln/detail/CVE-2022-23772 CVE-2022-23773 cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags. – https://nvd.nist.gov/vuln/detail/CVE-2022-23773 CVE-2022-23806 Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. – https://nvd.nist.gov/vuln/detail/CVE-2022-23806 CVE-2022-24954 Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have a Stack-Based Buffer Overflow related to XFA, for the ‘subform colSpan=”-2″‘ and ‘draw colSpan=”1″‘ substrings. – https://nvd.nist.gov/vuln/detail/CVE-2022-24954 CVE-2022-24955 Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have an Uncontrolled Search Path Element for DLL files. – https://nvd.nist.gov/vuln/detail/CVE-2022-24955 CVE-2022-24958 drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. – https://nvd.nist.gov/vuln/detail/CVE-2022-24958 CVE-2022-24959 An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. – https://nvd.nist.gov/vuln/detail/CVE-2022-24959 CVE-2022-24961 In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days. – https://nvd.nist.gov/vuln/detail/CVE-2022-24961 CVE-2022-0557 OS Command Injection in Packagist microweber/microweber prior to 1.2.11. – https://nvd.nist.gov/vuln/detail/CVE-2022-0557 CVE-2021-30309 Improper size validation of QXDM commands can lead to memory corruption in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile – https://nvd.nist.gov/vuln/detail/CVE-2021-30309 CVE-2021-30317 Improper validation of program headers containing ELF metadata can lead to image verification bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking – https://nvd.nist.gov/vuln/detail/CVE-2021-30317 CVE-2021-30318 Improper validation of input when provisioning the HDCP key can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables – https://nvd.nist.gov/vuln/detail/CVE-2021-30318 CVE-2021-30322 Possible out of bounds write due to improper validation of number of GPIOs configured in an internal parameters array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile – https://nvd.nist.gov/vuln/detail/CVE-2021-30322 CVE-2021-30323 Improper validation of maximum size of data write to EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables – https://nvd.nist.gov/vuln/detail/CVE-2021-30323 CVE-2021-30324 Possible out of bound write due to lack of boundary check for the maximum size of buffer when sending a DCI packet to remote process in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking – https://nvd.nist.gov/vuln/detail/CVE-2021-30324 CVE-2021-30325 Possible out of bound access of DCI resources due to lack of validation process and resource allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking – https://nvd.nist.gov/vuln/detail/CVE-2021-30325 CVE-2021-30326 Possible assertion due to improper size validation while processing the DownlinkPreemption IE in an RRC Reconfiguration/RRC Setup message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile – https://nvd.nist.gov/vuln/detail/CVE-2021-30326 CVE-2021-35068 Lack of null check while freeing the device information buffer in the Bluetooth HFP protocol can lead to a NULL pointer dereference in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables – https://nvd.nist.gov/vuln/detail/CVE-2021-35068 CVE-2021-35069 Improper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking – https://nvd.nist.gov/vuln/detail/CVE-2021-35069 CVE-2021-35074 Possible integer overflow due to improper fragment datatype while calculating number of fragments in a request message in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile – https://nvd.nist.gov/vuln/detail/CVE-2021-35074 CVE-2021-35075 Possible null pointer dereference due to lack of WDOG structure validation during registration in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile – https://nvd.nist.gov/vuln/detail/CVE-2021-35075 CVE-2021-35077 Possible use after free scenario in compute offloads to DSP while multiple calls spawn a dynamic process in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile – https://nvd.nist.gov/vuln/detail/CVE-2021-35077 CVE-2021-44521 When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE. – https://nvd.nist.gov/vuln/detail/CVE-2021-44521 CVE-2021-46355 OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To exploit the vulnerability, the attacker needs to manipulate the name of some device on your computer, such as a printer, replacing the device name with some malicious code that allows the execution of Stored Cross-site Scripting (XSS). – https://nvd.nist.gov/vuln/detail/CVE-2021-46355 CVE-2022-0560 Open Redirect in Packagist microweber/microweber prior to 1.2.11. – https://nvd.nist.gov/vuln/detail/CVE-2022-0560 CVE-2022-24112 An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX’s data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed. – https://nvd.nist.gov/vuln/detail/CVE-2022-24112 CVE-2022-24289 Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne’s optional Remote Object Persistence (ROP) feature is a web services-based technology that provides object persistence and query functionality to ‘remote’ applications. In Apache Cayenne 4.1 and earlier, running on non-current patch versions of Java, an attacker with client access to Cayenne ROP can transmit a malicious payload to any vulnerable third-party dependency on the server. This can result in arbitrary code execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-24289 CVE-2021-38679 An improper authentication vulnerability has been reported to affect QNAP NAS running Kazoo Server. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Kazoo Server: Kazoo Server 4.11.22 and later – https://nvd.nist.gov/vuln/detail/CVE-2021-38679 CVE-2021-45402 The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction, which allows local users to obtain potentially sensitive address information, aka a “pointer leak.” – https://nvd.nist.gov/vuln/detail/CVE-2021-45402 CVE-2020-13668 Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6. – https://nvd.nist.gov/vuln/detail/CVE-2020-13668 CVE-2020-13669 Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6. – https://nvd.nist.gov/vuln/detail/CVE-2020-13669 CVE-2020-13670 Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6. – https://nvd.nist.gov/vuln/detail/CVE-2020-13670 CVE-2020-13672 Cross-site Scripting (XSS) vulnerability in Drupal core’s sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7; 9.0.x versions prior to 9.0.12; 8.9.x versions prior to 8.9.14; 7.x versions prior to 7.80. – https://nvd.nist.gov/vuln/detail/CVE-2020-13672 CVE-2020-13673 The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed entities. In some cases, this could lead to cross-site scripting. – https://nvd.nist.gov/vuln/detail/CVE-2020-13673 CVE-2020-13674 The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the “access in-place editing” permission from untrusted users will not fully mitigate the vulnerability. – https://nvd.nist.gov/vuln/detail/CVE-2020-13674 CVE-2020-13675 Drupal’s JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site. – https://nvd.nist.gov/vuln/detail/CVE-2020-13675 CVE-2020-13676 The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. – https://nvd.nist.gov/vuln/detail/CVE-2020-13676 CVE-2020-13677 Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected. – https://nvd.nist.gov/vuln/detail/CVE-2020-13677 CVE-2020-36062 Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised. – https://nvd.nist.gov/vuln/detail/CVE-2020-36062 CVE-2021-42940 A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code. – https://nvd.nist.gov/vuln/detail/CVE-2021-42940 CVE-2021-45385 A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021-12-06) in bmp_load(). When the size information in metadata of the bmp is out of range, it returns without assign memory buffer to `pb->pdata` and did not exit the program. So the program crashes when it tries to access the pb->data, in jfif_encode() at jfif.c:763. This is due to the incomplete patch for CVE-2020-13438. – https://nvd.nist.gov/vuln/detail/CVE-2021-45385 CVE-2021-45386 tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c – https://nvd.nist.gov/vuln/detail/CVE-2021-45386 CVE-2021-45387 tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c. – https://nvd.nist.gov/vuln/detail/CVE-2021-45387 CVE-2020-14521 Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition. – https://nvd.nist.gov/vuln/detail/CVE-2020-14521 CVE-2020-14523 Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code. – https://nvd.nist.gov/vuln/detail/CVE-2020-14523 CVE-2021-0524 In isServiceDistractionOptimized of CarPackageManagerService.java, there is a possible disclosure of installed packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-180418334 – https://nvd.nist.gov/vuln/detail/CVE-2021-0524 CVE-2021-22748 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow a remote code execution when a file is saved. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior) – https://nvd.nist.gov/vuln/detail/CVE-2021-22748 CVE-2021-22785 A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) – https://nvd.nist.gov/vuln/detail/CVE-2021-22785 CVE-2021-22787 A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) – https://nvd.nist.gov/vuln/detail/CVE-2021-22787 CVE-2021-22788 A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) – https://nvd.nist.gov/vuln/detail/CVE-2021-22788 CVE-2021-22796 A CWE-287: Improper Authentication vulnerability exists that could allow remote code execution when a malicious file is uploaded. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior) – https://nvd.nist.gov/vuln/detail/CVE-2021-22796 CVE-2021-22798 A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposed when a Network is sniffed. Affected Product: Conext? ComBox (All Versions) – https://nvd.nist.gov/vuln/detail/CVE-2021-22798 CVE-2021-22800 A CWE-20: Improper Input Validation vulnerability exists that could cause a Denial of Service when a crafted packet is sent to the controller over network port 1105/TCP. Affected Product: Modicon M218 Logic Controller (V5.1.0.6 and prior) – https://nvd.nist.gov/vuln/detail/CVE-2021-22800 CVE-2021-22801 A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. Affected Product: ConneXium Network Manager Software (All Versions) – https://nvd.nist.gov/vuln/detail/CVE-2021-22801 CVE-2021-22802 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) – https://nvd.nist.gov/vuln/detail/CVE-2021-22802 CVE-2021-22803 A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) – https://nvd.nist.gov/vuln/detail/CVE-2021-22803 CVE-2021-22804 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) – https://nvd.nist.gov/vuln/detail/CVE-2021-22804 CVE-2021-22805 A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) – https://nvd.nist.gov/vuln/detail/CVE-2021-22805 CVE-2021-22806 A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and prior) – https://nvd.nist.gov/vuln/detail/CVE-2021-22806 CVE-2021-22823 A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior) – https://nvd.nist.gov/vuln/detail/CVE-2021-22823 CVE-2021-22824 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior) – https://nvd.nist.gov/vuln/detail/CVE-2021-22824 CVE-2021-31932 Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for the . (dot) character. – https://nvd.nist.gov/vuln/detail/CVE-2021-31932 CVE-2021-34235 Tokheim Profleet DiaLOG 11.005.02 is affected by SQL Injection. The component is the Field__UserLogin parameter on the logon page. – https://nvd.nist.gov/vuln/detail/CVE-2021-34235 CVE-2021-39665 In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-204077881 – https://nvd.nist.gov/vuln/detail/CVE-2021-39665 CVE-2021-39666 In extract of MediaMetricsItem.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-204445255 – https://nvd.nist.gov/vuln/detail/CVE-2021-39666 CVE-2021-39668 In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused deputy. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-193445603 – https://nvd.nist.gov/vuln/detail/CVE-2021-39668 CVE-2021-39669 In onCreate of InstallCaCertificateWarning.java, there is a possible way to mislead an user about CA installation circumstances due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-196969991 – https://nvd.nist.gov/vuln/detail/CVE-2021-39669 CVE-2021-39671 In code generated by aidl_const_expressions.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206718630 – https://nvd.nist.gov/vuln/detail/CVE-2021-39671 CVE-2021-39672 In fastboot, there is a possible secure boot bypass due to a configuration error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android SoC Android ID: A-202018701 – https://nvd.nist.gov/vuln/detail/CVE-2021-39672 CVE-2021-39674 In btm_sec_connected and btm_sec_disconnected of btm_sec.cc file , there is a possible use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-201083442 – https://nvd.nist.gov/vuln/detail/CVE-2021-39674 CVE-2021-39675 In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-205729183 – https://nvd.nist.gov/vuln/detail/CVE-2021-39675 CVE-2021-39676 In writeThrowable of AndroidFuture.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-197228210 – https://nvd.nist.gov/vuln/detail/CVE-2021-39676 CVE-2021-39677 In startVideoStream() there is a possibility of an OOB Read in the heap, when the camera buffer is ‘zero’ in size.Product: AndroidVersions: Android-11Android ID: A-205097028 – https://nvd.nist.gov/vuln/detail/CVE-2021-39677 CVE-2021-39687 In HandleTransactionIoEvent of actuator_driver.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204421047References: N/A – https://nvd.nist.gov/vuln/detail/CVE-2021-39687 CVE-2021-39688 In TBD of TBD, there is a possible out of bounds read due to TBD. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206039140References: N/A – https://nvd.nist.gov/vuln/detail/CVE-2021-39688 CVE-2021-44111 A Directory Traversal vulnerability exists in S-Cart 6.7 via download in sc-admin/backup. – https://nvd.nist.gov/vuln/detail/CVE-2021-44111 CVE-2021-4035 A stored cross site scripting have been identified at the comments in the report creation due to an obsolote version of tinymce editor. In order to exploit this vulnerability, the attackers needs an account with enough privileges to view and edit reports. – https://nvd.nist.gov/vuln/detail/CVE-2021-4035 CVE-2021-4046 The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data. – https://nvd.nist.gov/vuln/detail/CVE-2021-4046 CVE-2022-0185 A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system. – https://nvd.nist.gov/vuln/detail/CVE-2022-0185 CVE-2022-0382 An information leak flaw was found due to uninitialized memory in the Linux kernel’s TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a local user to read some kernel memory. This issue is limited to no more than 7 bytes, and the user cannot control what is read. This flaw affects the Linux kernel versions prior to 5.17-rc1. – https://nvd.nist.gov/vuln/detail/CVE-2022-0382 CVE-2022-0483 Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis VSS Doctor (Windows) before build 53 – https://nvd.nist.gov/vuln/detail/CVE-2022-0483 CVE-2022-0561 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712. – https://nvd.nist.gov/vuln/detail/CVE-2022-0561 CVE-2022-0562 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c. – https://nvd.nist.gov/vuln/detail/CVE-2022-0562 CVE-2022-22291 Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device. – https://nvd.nist.gov/vuln/detail/CVE-2022-22291 CVE-2022-22292 Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity. – https://nvd.nist.gov/vuln/detail/CVE-2022-22292 CVE-2022-23425 Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station. – https://nvd.nist.gov/vuln/detail/CVE-2022-23425 CVE-2022-23426 A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege. – https://nvd.nist.gov/vuln/detail/CVE-2022-23426 CVE-2022-23427 PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent. – https://nvd.nist.gov/vuln/detail/CVE-2022-23427 CVE-2022-23428 An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-23428 CVE-2022-23429 An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application crash. – https://nvd.nist.gov/vuln/detail/CVE-2022-23429 CVE-2022-23431 An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-23431 CVE-2022-23432 An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-23432 CVE-2022-23433 Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities remotely. – https://nvd.nist.gov/vuln/detail/CVE-2022-23433 CVE-2022-23434 A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modifying the intent. – https://nvd.nist.gov/vuln/detail/CVE-2022-23434 CVE-2022-23707 An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users – https://nvd.nist.gov/vuln/detail/CVE-2022-23707 CVE-2022-23853 The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it will try running the LSP server binary in the directory of the file that was just opened (due to a misunderstanding of the QProcess API, that was never intended). This can be an untrusted directory. – https://nvd.nist.gov/vuln/detail/CVE-2022-23853 CVE-2022-23994 An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission. – https://nvd.nist.gov/vuln/detail/CVE-2022-23994 CVE-2022-23995 Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission. – https://nvd.nist.gov/vuln/detail/CVE-2022-23995 CVE-2022-23996 Unprotected component vulnerability in StTheaterModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to enable bedtime mode without a proper permission. – https://nvd.nist.gov/vuln/detail/CVE-2022-23996 CVE-2022-23997 Unprotected component vulnerability in StTheaterModeDurationAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to disable theater mode without a proper permission. – https://nvd.nist.gov/vuln/detail/CVE-2022-23997 CVE-2022-23998 Improper access control vulnerability in Camera prior to versions 11.1.02.16 in Android R(11), 10.5.03.77 in Android Q(10) and 9.0.6.68 in Android P(9) allows untrusted applications to take a picture in screenlock status. – https://nvd.nist.gov/vuln/detail/CVE-2022-23998 CVE-2022-23999 PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. – https://nvd.nist.gov/vuln/detail/CVE-2022-23999 CVE-2022-24000 PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. – https://nvd.nist.gov/vuln/detail/CVE-2022-24000 CVE-2022-24001 Information disclosure vulnerability in Edge Panel prior to Android S(12) allows physical attackers to access screenshot in clipboard via Edge Panel. – https://nvd.nist.gov/vuln/detail/CVE-2022-24001 CVE-2022-24002 Improper Authorization vulnerability in Link Sharing prior to version 12.4.00.3 allows attackers to open protected activity via PreconditionActivity. – https://nvd.nist.gov/vuln/detail/CVE-2022-24002 CVE-2022-24003 Exposure of Sensitive Information vulnerability in Bixby Vision prior to version 3.7.50.6 allows attackers to access internal data of Bixby Vision via unprotected intent. – https://nvd.nist.gov/vuln/detail/CVE-2022-24003 CVE-2022-24923 Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview. – https://nvd.nist.gov/vuln/detail/CVE-2022-24923 CVE-2022-24924 An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission. – https://nvd.nist.gov/vuln/detail/CVE-2022-24924 CVE-2022-24925 Improper input validation vulnerability in SettingsProvider prior to Android S(12) allows privileged attackers to trigger a permanent denial of service attack on a victim’s devices. – https://nvd.nist.gov/vuln/detail/CVE-2022-24925 CVE-2022-24926 Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.15-6 allows privileged attackers to trigger a XSS on a victim’s devices. – https://nvd.nist.gov/vuln/detail/CVE-2022-24926 CVE-2022-24927 Improper privilege management vulnerability in Samsung Video Player prior to version 7.3.15.30 allows attackers to execute video files without permission. – https://nvd.nist.gov/vuln/detail/CVE-2022-24927 CVE-2020-26728 A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remote code execution via shell metacharacters in the guestuser field to the __fastcall function with a POST request. – https://nvd.nist.gov/vuln/detail/CVE-2020-26728 CVE-2022-22766 Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information. – https://nvd.nist.gov/vuln/detail/CVE-2022-22766 CVE-2021-20001 It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation. – https://nvd.nist.gov/vuln/detail/CVE-2021-20001 CVE-2021-23555 The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine. – https://nvd.nist.gov/vuln/detail/CVE-2021-23555 CVE-2022-24975 The –mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the “GitBleed” issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the –mirror option. – https://nvd.nist.gov/vuln/detail/CVE-2022-24975 CVE-2021-46361 An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload. – https://nvd.nist.gov/vuln/detail/CVE-2021-46361 CVE-2021-46362 A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter. – https://nvd.nist.gov/vuln/detail/CVE-2021-46362 CVE-2021-46363 An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted CSV/XLS file. – https://nvd.nist.gov/vuln/detail/CVE-2021-46363 CVE-2021-46364 A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file. – https://nvd.nist.gov/vuln/detail/CVE-2021-46364 CVE-2021-46365 An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted XLF file. – https://nvd.nist.gov/vuln/detail/CVE-2021-46365 CVE-2021-46366 An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users’ credentials. – https://nvd.nist.gov/vuln/detail/CVE-2021-46366 CVE-2022-23633 Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used. – https://nvd.nist.gov/vuln/detail/CVE-2022-23633 CVE-2022-23634 Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails’ Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails _or_ Puma version fixes the vulnerability. – https://nvd.nist.gov/vuln/detail/CVE-2022-23634 CVE-2022-24968 In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification. – https://nvd.nist.gov/vuln/detail/CVE-2022-24968 CVE-2021-4098 Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2021-4098 CVE-2021-4099 Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2021-4099 CVE-2021-4100 Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2021-4100 CVE-2021-4101 Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2021-4101 CVE-2022-0096 Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0096 CVE-2022-0097 Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0097 CVE-2022-0098 Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures. – https://nvd.nist.gov/vuln/detail/CVE-2022-0098 CVE-2022-0099 Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gesture. – https://nvd.nist.gov/vuln/detail/CVE-2022-0099 CVE-2022-0100 Heap buffer overflow in Media streams API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0100 CVE-2022-0101 Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via specific user gesture. – https://nvd.nist.gov/vuln/detail/CVE-2022-0101 CVE-2022-0102 Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0102 CVE-2022-0103 Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0103 CVE-2022-0104 Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0104 CVE-2022-0105 Use after free in PDF Accessibility in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0105 CVE-2022-0106 Use after free in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0106 CVE-2022-0107 Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0107 CVE-2022-0108 Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0108 CVE-2022-0109 Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0109 CVE-2022-0110 Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0110 CVE-2022-0111 Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to incorrectly set origin via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0111 CVE-2022-0112 Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL. – https://nvd.nist.gov/vuln/detail/CVE-2022-0112 CVE-2022-0113 Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0113 CVE-2022-0114 Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver. – https://nvd.nist.gov/vuln/detail/CVE-2022-0114 CVE-2022-0115 Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0115 CVE-2022-0116 Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0116 CVE-2022-0117 Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0117 CVE-2022-0118 Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0118 CVE-2022-0120 Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data via a malicious website. – https://nvd.nist.gov/vuln/detail/CVE-2022-0120 CVE-2022-0289 Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0289 CVE-2022-0290 Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0290 CVE-2022-0291 Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0291 CVE-2022-0292 Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0292 CVE-2022-0293 Use after free in Web packaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0293 CVE-2022-0294 Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0294 CVE-2022-0295 Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0295 CVE-2022-0296 Use after free in Printing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0296 CVE-2022-0297 Use after free in Vulkan in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0297 CVE-2022-0298 Use after free in Scheduling in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0298 CVE-2022-0300 Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0300 CVE-2022-0301 Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0301 CVE-2022-0302 Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0302 CVE-2022-0304 Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0304 CVE-2022-0305 Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0305 CVE-2022-0306 Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0306 CVE-2022-0307 Use after free in Optimization Guide in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0307 CVE-2022-0308 Use after free in Data Transfer in Google Chrome on Chrome OS prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0308 CVE-2022-0309 Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0309 CVE-2022-0310 Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via specific user interactions. – https://nvd.nist.gov/vuln/detail/CVE-2022-0310 CVE-2022-0311 Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. – https://nvd.nist.gov/vuln/detail/CVE-2022-0311 CVE-2022-22765 BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). BD Viper LT system versions 4.0 and later utilize Microsoft Windows 10 and have additional Operating System hardening configurations which increase the attack complexity required to exploit this vulnerability. – https://nvd.nist.gov/vuln/detail/CVE-2022-22765 CVE-2021-24446 The Remove Footer Credit WordPress plugin before 1.0.6 does not have CSRF check in place when saving its settings, which could allow attacker to make logged in admins change them and lead to Stored XSS issue as well due to the lack of sanitisation – https://nvd.nist.gov/vuln/detail/CVE-2021-24446 CVE-2021-24874 The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.31 does not escape the lang and pid parameter before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues – https://nvd.nist.gov/vuln/detail/CVE-2021-24874 CVE-2021-24904 The Mortgage Calculators WP WordPress plugin before 1.56 does not implement any sanitisation on the color setting of the background of a calculator, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. – https://nvd.nist.gov/vuln/detail/CVE-2021-24904 CVE-2021-25014 The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation and CSRF checks in the ive_save_general_settings AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin’s settings which could lead to Stored Cross-Site Scripting issue. – https://nvd.nist.gov/vuln/detail/CVE-2021-25014 CVE-2021-25018 The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks in the ppom_settings_panel_action AJAX action, allowing any authenticated to call it and set arbitrary settings. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored XSS issues – https://nvd.nist.gov/vuln/detail/CVE-2021-25018 CVE-2021-25033 The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue – https://nvd.nist.gov/vuln/detail/CVE-2021-25033 CVE-2021-25050 The Remove Footer Credit WordPress plugin before 1.0.11 does properly sanitise its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. – https://nvd.nist.gov/vuln/detail/CVE-2021-25050 CVE-2021-25107 The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin – https://nvd.nist.gov/vuln/detail/CVE-2021-25107 CVE-2021-25109 The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link. – https://nvd.nist.gov/vuln/detail/CVE-2021-25109 CVE-2021-25110 The Futurio Extra WordPress plugin before 1.6.3 allows any logged in user, such as subscriber, to extract any other user’s email address. – https://nvd.nist.gov/vuln/detail/CVE-2021-25110 CVE-2021-25115 The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable to Stored Cross-Site Scripting (XSS). Error log content was handled improperly, therefore any user, even unauthenticated, could cause arbitrary javascript to be executed in the admin panel. – https://nvd.nist.gov/vuln/detail/CVE-2021-25115 CVE-2021-44879 In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. – https://nvd.nist.gov/vuln/detail/CVE-2021-44879 CVE-2021-45444 In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion. – https://nvd.nist.gov/vuln/detail/CVE-2021-45444 CVE-2022-0176 The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting – https://nvd.nist.gov/vuln/detail/CVE-2022-0176 CVE-2022-0188 The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, to arbitrarily change the coming soon page layout. – https://nvd.nist.gov/vuln/detail/CVE-2022-0188 CVE-2022-0190 The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is affected by a SQL Injection in the id parameter of the delete action. – https://nvd.nist.gov/vuln/detail/CVE-2022-0190 CVE-2022-0193 The Complianz WordPress plugin before 6.0.0 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting – https://nvd.nist.gov/vuln/detail/CVE-2022-0193 CVE-2022-0200 Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the num_of_pages parameter before outputting it back the response of the themify_create_popup_page_pagination AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting – https://nvd.nist.gov/vuln/detail/CVE-2022-0200 CVE-2022-0201 The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue – https://nvd.nist.gov/vuln/detail/CVE-2022-0201 CVE-2022-0206 The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues – https://nvd.nist.gov/vuln/detail/CVE-2022-0206 CVE-2022-0208 The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the “Bad mapid” error message, leading to a Reflected Cross-Site Scripting – https://nvd.nist.gov/vuln/detail/CVE-2022-0208 CVE-2022-0212 The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue. – https://nvd.nist.gov/vuln/detail/CVE-2022-0212 CVE-2022-0214 The Popup | Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog – https://nvd.nist.gov/vuln/detail/CVE-2022-0214 CVE-2022-0565 Exposure of Sensitive Information to an Unauthorized Actor in Packagist pimcore/pimcore prior to 10.3.1. – https://nvd.nist.gov/vuln/detail/CVE-2022-0565 CVE-2022-0569 Exposure of Sensitive Information to an Unauthorized Actor in Packagist snipe/snipe-it prior to v5.3.9. – https://nvd.nist.gov/vuln/detail/CVE-2022-0569 CVE-2022-0570 Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. – https://nvd.nist.gov/vuln/detail/CVE-2022-0570 CVE-2022-0571 Cross-site Scripting (XSS) – Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2. – https://nvd.nist.gov/vuln/detail/CVE-2022-0571 CVE-2022-0572 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. – https://nvd.nist.gov/vuln/detail/CVE-2022-0572 CVE-2022-0575 Cross-site Scripting (XSS) – Stored in Packagist librenms/librenms prior to 22.2.0. – https://nvd.nist.gov/vuln/detail/CVE-2022-0575 CVE-2022-0576 Cross-site Scripting (XSS) – Generic in Packagist librenms/librenms prior to 22.1.0. – https://nvd.nist.gov/vuln/detail/CVE-2022-0576 CVE-2022-24110 Kiteworks MFT 7.5 may allow an unauthorized user to reset other users’ passwords. This is fixed in version 7.6 and later. – https://nvd.nist.gov/vuln/detail/CVE-2022-24110 CVE-2022-24976 Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence. – https://nvd.nist.gov/vuln/detail/CVE-2022-24976 CVE-2022-24977 ImpressCMS before 1.4.2 allows unauthenticated remote code execution via …../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHP_SESSION_UPLOAD_PROGRESS when the PHP installation supports upload_progress. – https://nvd.nist.gov/vuln/detail/CVE-2022-24977 CVE-2022-24686 HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. Fixed in 1.0.18, 1.1.12, and 1.2.6 – https://nvd.nist.gov/vuln/detail/CVE-2022-24686 CVE-2021-46371 antd-admin 5.5.0 is affected by an incorrect access control vulnerability. Unauthorized access to some interfaces in the foreground leads to leakage of sensitive information. – https://nvd.nist.gov/vuln/detail/CVE-2021-46371 CVE-2022-0512 Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6. – https://nvd.nist.gov/vuln/detail/CVE-2022-0512 CVE-2021-45392 A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in page /goform/setIPv6Status via the prefixDelegate parameter, which causes a Denial of Service. – https://nvd.nist.gov/vuln/detail/CVE-2021-45392 CVE-2021-39079 IBM Cognos Analytics Mobile for Android applications prior to version 1.1.14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215592. – https://nvd.nist.gov/vuln/detail/CVE-2021-39079 CVE-2021-39080 Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. IBM X-Force ID: 215593. – https://nvd.nist.gov/vuln/detail/CVE-2021-39080 CVE-2022-22854 An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management System v1.0 allows attackers to escalate privileges via accessing and editing the user list. – https://nvd.nist.gov/vuln/detail/CVE-2022-22854 CVE-2022-23367 Fulusso v1.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in /BindAccount/SuccessTips.js. This vulnerability allows attackers to inject malicious code into a victim user’s device via open redirection. – https://nvd.nist.gov/vuln/detail/CVE-2022-23367 CVE-2021-45346 A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicous user obtain sensitive information.. – https://nvd.nist.gov/vuln/detail/CVE-2021-45346 CVE-2021-45347 An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password. – https://nvd.nist.gov/vuln/detail/CVE-2021-45347 CVE-2022-0579 Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3.9. – https://nvd.nist.gov/vuln/detail/CVE-2022-0579 CVE-2022-25150 In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges. – https://nvd.nist.gov/vuln/detail/CVE-2022-25150 CVE-2019-16864 CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code Execution by leveraging a Windows user account that has SSH access. The exec command is always run as SYSTEM. – https://nvd.nist.gov/vuln/detail/CVE-2019-16864 CVE-2021-43106 A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface Tranzware Online (TWO) 5.3.33.3 F38 and FIMI 4.2.19.4 25.The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address. This is due to that the server implicitly trusts the Host header, and fails to validate or escape it properly. An attacker can use this input to redirect target users to a malicious domain/web page. This would result in expanding the potential to further attacks and malicious actions. – https://nvd.nist.gov/vuln/detail/CVE-2021-43106 CVE-2021-45348 An Arbitrary File Deletion vulnerability exists in SourceCodester Attendance Management System v1.0 via the csv parameter in admin/pageUploadCSV.php, which can cause a Denial of Service (crash). – https://nvd.nist.gov/vuln/detail/CVE-2021-45348 CVE-2022-24988 In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an off-by-one buffer overflow for a vector. – https://nvd.nist.gov/vuln/detail/CVE-2022-24988 CVE-2019-25057 In Corda before 4.1, the meaning of serialized data can be modified via an attacker-controlled CustomSerializer. – https://nvd.nist.gov/vuln/detail/CVE-2019-25057 CVE-2021-45310 Sangoma Technologies Corporation Switchvox Version 102409 is affected by an information disclosure vulnerability due to an improper access restriction. Users information such as first name, last name, acount id, server uuid, email address, profile image, number, timestamps, etc can be extracted by sending an unauthenticated HTTP GET request to the https://Switchvox-IP/main?cmd=invalid_browser. – https://nvd.nist.gov/vuln/detail/CVE-2021-45310 CVE-2022-22295 Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para parameter. – https://nvd.nist.gov/vuln/detail/CVE-2022-22295 CVE-2022-23335 Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter. – https://nvd.nist.gov/vuln/detail/CVE-2022-23335 CVE-2022-23336 S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter. – https://nvd.nist.gov/vuln/detail/CVE-2022-23336 CVE-2022-23337 DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter. – https://nvd.nist.gov/vuln/detail/CVE-2022-23337 CVE-2022-23389 PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter. – https://nvd.nist.gov/vuln/detail/CVE-2022-23389 CVE-2022-23390 An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary files. – https://nvd.nist.gov/vuln/detail/CVE-2022-23390 CVE-2022-23391 A cross-site scripting (XSS) vulnerability in Pybbs v6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Search box. – https://nvd.nist.gov/vuln/detail/CVE-2022-23391 CVE-2022-23637 K-Box is a web-based application to manage documents, images, videos and geodata. Prior to version 0.33.1, a stored Cross-Site-Scripting (XSS) vulnerability is present in the markdown editor used by the document abstract and markdown file preview. A specifically crafted anchor link can, if clicked, execute untrusted javascript actions, like retrieving user cookies. Version 0.33.1 includes a patch that allows discarding unsafe links. – https://nvd.nist.gov/vuln/detail/CVE-2022-23637 CVE-2022-23638 svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the `svg-sanitizer` library prior to version 0.15.0. This issue is fixed in version 0.15.0. There is currently no workaround available. – https://nvd.nist.gov/vuln/detail/CVE-2022-23638 CVE-2022-23902 Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in export_data.php via the d_name parameter. – https://nvd.nist.gov/vuln/detail/CVE-2022-23902 CVE-2022-24206 Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in /mobile_seal/get_seal.php via the DEVICE_LIST parameter. – https://nvd.nist.gov/vuln/detail/CVE-2022-24206 CVE-2021-45005 Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow which is caused by conflicting JumpList of nested try/finally statements. – https://nvd.nist.gov/vuln/detail/CVE-2021-45005 CVE-2021-46461 njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode.c. – https://nvd.nist.gov/vuln/detail/CVE-2021-46461 CVE-2021-46462 njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c. – https://nvd.nist.gov/vuln/detail/CVE-2021-46462 CVE-2021-46463 njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then(). – https://nvd.nist.gov/vuln/detail/CVE-2021-46463 CVE-2021-4201 Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions. This issue affects: ForgeRock Access Management 7.1 versions prior to 7.1.1; 6.5 versions prior to 6.5.4; all previous versions. – https://nvd.nist.gov/vuln/detail/CVE-2021-4201 CVE-2022-0581 Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file – https://nvd.nist.gov/vuln/detail/CVE-2022-0581 CVE-2022-0582 Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file – https://nvd.nist.gov/vuln/detail/CVE-2022-0582 CVE-2022-0583 Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file – https://nvd.nist.gov/vuln/detail/CVE-2022-0583 CVE-2022-0586 Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file – https://nvd.nist.gov/vuln/detail/CVE-2022-0586 CVE-2022-23410 AXIS IP Utility prior to 4.17.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working directory which could allow for remote code execution if a compromised DLL would be placed in the same folder. – https://nvd.nist.gov/vuln/detail/CVE-2022-23410 CVE-2022-23992 XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges. – https://nvd.nist.gov/vuln/detail/CVE-2022-23992 CVE-2022-24704 The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suffers from a buffer overflow vulnerability, whereby user input len is copied into a fixed buffer &attr->val.integer without any bound checks. If the client connects to the server and sends a large radius packet, a buffer overflow vulnerability will be triggered. – https://nvd.nist.gov/vuln/detail/CVE-2022-24704 CVE-2022-24705 The rad_packet_recv function in radius/packet.c suffers from a memcpy buffer overflow, resulting in an overly-large recvfrom into a fixed buffer that causes a buffer overflow and overwrites arbitrary memory. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability. – https://nvd.nist.gov/vuln/detail/CVE-2022-24705 CVE-2022-25139 njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled. – https://nvd.nist.gov/vuln/detail/CVE-2022-25139 CVE-2022-0580 Improper Access Control in Packagist librenms/librenms prior to 22.2.0. – https://nvd.nist.gov/vuln/detail/CVE-2022-0580 CVE-2021-43952 Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint. The affected versions are before version 8.21.0. – https://nvd.nist.gov/vuln/detail/CVE-2021-43952 CVE-2021-43950 Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import source configuration information via a Broken Access Control vulnerability in the Insight Import Source feature. The affected versions are before version 4.21.0. – https://nvd.nist.gov/vuln/detail/CVE-2021-43950 CVE-2021-43953 Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.21.0. – https://nvd.nist.gov/vuln/detail/CVE-2021-43953 CVE-2021-43940 Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3. – https://nvd.nist.gov/vuln/detail/CVE-2021-43940 CVE-2021-43941 Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. – https://nvd.nist.gov/vuln/detail/CVE-2021-43941 CVE-2021-43948 Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an Improper Authorization vulnerability in the “Move objects” feature. The affected versions are before version 4.21.0. – https://nvd.nist.gov/vuln/detail/CVE-2021-43948 CVE-2022-0587 Improper Authorization in Packagist librenms/librenms prior to 22.2.0. – https://nvd.nist.gov/vuln/detail/CVE-2022-0587 CVE-2022-0588 Exposure of Sensitive Information to an Unauthorized Actor in Packagist librenms/librenms prior to 22.2.0. – https://nvd.nist.gov/vuln/detail/CVE-2022-0588 CVE-2022-0589 Cross-site Scripting (XSS) – Stored in Packagist librenms/librenms prior to 22.1.0. – https://nvd.nist.gov/vuln/detail/CVE-2022-0589 CVE-2021-46557 Vicidial 2.14-783a was discovered to contain a cross-site scripting (XSS) vulnerability via the input tabs. – https://nvd.nist.gov/vuln/detail/CVE-2021-46557 CVE-2021-46558 Multiple cross-site scripting (XSS) vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields. – https://nvd.nist.gov/vuln/detail/CVE-2021-46558 CVE-2022-23317 CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with “/”, and attackers can obtain relevant information by specifying the URL. – https://nvd.nist.gov/vuln/detail/CVE-2022-23317 CVE-2022-23384 YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add – https://nvd.nist.gov/vuln/detail/CVE-2022-23384 CVE-2021-41552 CommScope URFboard SBG6950AC2 9.1.103AA23 devices allow Command Injection. – https://nvd.nist.gov/vuln/detail/CVE-2021-41552 CVE-2021-42712 Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions. – https://nvd.nist.gov/vuln/detail/CVE-2021-42712 CVE-2021-43734 kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host. – https://nvd.nist.gov/vuln/detail/CVE-2021-43734 CVE-2022-0596 Business Logic Errors in Packagist microweber/microweber prior to 1.2.11. – https://nvd.nist.gov/vuln/detail/CVE-2022-0596 CVE-2022-0597 Open Redirect in Packagist microweber/microweber prior to 1.2.11. – https://nvd.nist.gov/vuln/detail/CVE-2022-0597 CVE-2022-24586 A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters. – https://nvd.nist.gov/vuln/detail/CVE-2022-24586 CVE-2022-24227 A cross-site scripting (XSS) vulnerability in BoltWire v7.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters. – https://nvd.nist.gov/vuln/detail/CVE-2022-24227 CVE-2022-24684 HashiCorp Nomad and Nomad Enterprise before 1.0.17, 1.1.x before 1.1.12, and 1.2.x before 1.2.6 has Uncontrolled Resource Consumption. – https://nvd.nist.gov/vuln/detail/CVE-2022-24684 CVE-2021-44960 In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the renderDocument function handled the XMLDocument object improperly, returning a null pointer in advance at the second if, resulting in a null pointer reference behind the renderDocument function. – https://nvd.nist.gov/vuln/detail/CVE-2021-44960 CVE-2022-21698 client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods. – https://nvd.nist.gov/vuln/detail/CVE-2022-21698 CVE-2022-23604 x26-Cogs is a repository of cogs made by Twentysix for the Red Discord bot. Among these cogs is the Defender cog, a tool for Discord server moderation. A vulnerability in the Defender cog prior to version 1.10.0 allows users with admin privileges to issue commands as other users who share the same server. If a bot owner shares the same server as the attacker, it is possible for the attacker to issue bot-owner restricted commands. The issue has been patched in version 1.10.0. One may unload the Defender cog as a workaround. – https://nvd.nist.gov/vuln/detail/CVE-2022-23604 CVE-2022-24226 Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php. – https://nvd.nist.gov/vuln/detail/CVE-2022-24226 CVE-2022-24585 A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter. – https://nvd.nist.gov/vuln/detail/CVE-2022-24585 CVE-2022-24587 A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML. – https://nvd.nist.gov/vuln/detail/CVE-2022-24587 CVE-2022-24588 Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function. – https://nvd.nist.gov/vuln/detail/CVE-2022-24588 CVE-2022-24590 A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML. – https://nvd.nist.gov/vuln/detail/CVE-2022-24590 CVE-2022-25173 Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. – https://nvd.nist.gov/vuln/detail/CVE-2022-25173 CVE-2022-25174 Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. – https://nvd.nist.gov/vuln/detail/CVE-2022-25174 CVE-2022-25175 Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses distinct checkout directories per SCM for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. – https://nvd.nist.gov/vuln/detail/CVE-2022-25175 CVE-2022-25176 Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system. – https://nvd.nist.gov/vuln/detail/CVE-2022-25176 CVE-2022-25177 Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system. – https://nvd.nist.gov/vuln/detail/CVE-2022-25177 CVE-2022-25178 Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system. – https://nvd.nist.gov/vuln/detail/CVE-2022-25178 CVE-2022-25179 Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system. – https://nvd.nist.gov/vuln/detail/CVE-2022-25179 CVE-2022-25180 Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline. – https://nvd.nist.gov/vuln/detail/CVE-2022-25180 CVE-2022-25181 A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM through crafted SCM contents, if a global Pipeline library already exists. – https://nvd.nist.gov/vuln/detail/CVE-2022-25181 CVE-2022-25182 A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller JVM using specially crafted library names if a global Pipeline library is already configured. – https://nvd.nist.gov/vuln/detail/CVE-2022-25182 CVE-2022-25183 Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create cache directories without any sanitization, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM using specially crafted library names if a global Pipeline library configured to use caching already exists. – https://nvd.nist.gov/vuln/detail/CVE-2022-25183 CVE-2022-25184 Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs. – https://nvd.nist.gov/vuln/detail/CVE-2022-25184 CVE-2022-25185 Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. – https://nvd.nist.gov/vuln/detail/CVE-2022-25185 CVE-2022-25186 Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key. – https://nvd.nist.gov/vuln/detail/CVE-2022-25186 CVE-2022-25187 Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle. – https://nvd.nist.gov/vuln/detail/CVE-2022-25187 CVE-2022-25188 Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the attacker. – https://nvd.nist.gov/vuln/detail/CVE-2022-25188 CVE-2022-25189 Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not escape parameter names of custom checkbox parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. – https://nvd.nist.gov/vuln/detail/CVE-2022-25189 CVE-2022-25190 A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. – https://nvd.nist.gov/vuln/detail/CVE-2022-25190 CVE-2022-25191 Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape parameter names of agent server parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. – https://nvd.nist.gov/vuln/detail/CVE-2022-25191 CVE-2022-25192 A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Commander Plugin 2.0 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. – https://nvd.nist.gov/vuln/detail/CVE-2022-25192 CVE-2022-25193 Missing permission checks in Jenkins Snow Commander Plugin 2.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. – https://nvd.nist.gov/vuln/detail/CVE-2022-25193 CVE-2022-25194 A cross-site request forgery (CSRF) vulnerability in Jenkins autonomiq Plugin 1.15 and earlier allows attackers to connect to an attacker-specified URL server using attacker-specified credentials. – https://nvd.nist.gov/vuln/detail/CVE-2022-25194 CVE-2022-25195 A missing permission check in Jenkins autonomiq Plugin 1.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. – https://nvd.nist.gov/vuln/detail/CVE-2022-25195 CVE-2022-25196 Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in. – https://nvd.nist.gov/vuln/detail/CVE-2022-25196 CVE-2022-25197 Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. – https://nvd.nist.gov/vuln/detail/CVE-2022-25197 CVE-2022-25198 A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. – https://nvd.nist.gov/vuln/detail/CVE-2022-25198 CVE-2022-25199 A missing permission check in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. – https://nvd.nist.gov/vuln/detail/CVE-2022-25199 CVE-2022-25200 A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. – https://nvd.nist.gov/vuln/detail/CVE-2022-25200 CVE-2022-25201 Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. – https://nvd.nist.gov/vuln/detail/CVE-2022-25201 CVE-2022-25202 Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name of custom promotion levels, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. – https://nvd.nist.gov/vuln/detail/CVE-2022-25202 CVE-2022-25203 Jenkins Team Views Plugin 0.9.0 and earlier does not escape team names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Read permission. – https://nvd.nist.gov/vuln/detail/CVE-2022-25203 CVE-2022-25204 Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists. – https://nvd.nist.gov/vuln/detail/CVE-2022-25204 CVE-2022-25205 A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if a class is available in the Jenkins instance. – https://nvd.nist.gov/vuln/detail/CVE-2022-25205 CVE-2022-25206 A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials. – https://nvd.nist.gov/vuln/detail/CVE-2022-25206 CVE-2022-25207 A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response. – https://nvd.nist.gov/vuln/detail/CVE-2022-25207 CVE-2022-25208 A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response. – https://nvd.nist.gov/vuln/detail/CVE-2022-25208 CVE-2022-25209 Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. – https://nvd.nist.gov/vuln/detail/CVE-2022-25209 CVE-2022-25210 Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured. – https://nvd.nist.gov/vuln/detail/CVE-2022-25210 CVE-2022-25211 A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server using attacker-specified credentials. – https://nvd.nist.gov/vuln/detail/CVE-2022-25211 CVE-2022-25212 A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials. – https://nvd.nist.gov/vuln/detail/CVE-2022-25212 CVE-2021-43049 The Database component of TIBCO Software Inc.’s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain the usernames and passwords of users of the affected system. Affected releases are TIBCO Software Inc.’s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below. – https://nvd.nist.gov/vuln/detail/CVE-2021-43049 CVE-2021-43050 The Auth Server component of TIBCO Software Inc.’s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system. Affected releases are TIBCO Software Inc.’s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below. – https://nvd.nist.gov/vuln/detail/CVE-2021-43050 CVE-2022-22770 The Web Server component of TIBCO Software Inc.’s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO AuditSafe: versions 1.1.0 and below. – https://nvd.nist.gov/vuln/detail/CVE-2022-22770 CVE-2021-42713 Splashtop Remote Client (Personal Edition) through 3.4.6.1 creates a Temporary File in a Directory with Insecure Permissions. – https://nvd.nist.gov/vuln/detail/CVE-2021-42713 CVE-2021-42714 Splashtop Remote Client (Business Edition) through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions. – https://nvd.nist.gov/vuln/detail/CVE-2021-42714 CVE-2022-23639 crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was always the same as `Atomic{I,U}64`. However, the alignment of `{i,u}64` on a 32-bit target can be smaller than `Atomic{I,U}64`. This can cause unaligned memory accesses and data race. Crates using `fetch_*` methods with `AtomicCell<{i,u}64>` are affected by this issue. 32-bit targets without `Atomic{I,U}64` and 64-bit targets are not affected by this issue. This has been fixed in crossbeam-utils 0.8.7. There are currently no known workarounds. – https://nvd.nist.gov/vuln/detail/CVE-2022-23639 CVE-2022-24589 Burden v3.0 was discovered to contain a stored cross-site scripting (XSS) in the Add Category function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the task parameter. – https://nvd.nist.gov/vuln/detail/CVE-2022-24589 CVE-2021-33945 RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, SP 320SFN, SP 325SNw, SP 325SFNw, SP 330SN, Aficio SP 3500SF, SP 221S, SP 220SNw, SP 221SNw, SP 221SF, SP 220SFNw, SP 221SFNw v1.06 were discovered to contain a stack buffer overflow in the file /etc/wpa_supplicant.conf. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. – https://nvd.nist.gov/vuln/detail/CVE-2021-33945 CVE-2021-37354 Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer overflow in the function sub_3226AC via the TIMEZONE variable. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. – https://nvd.nist.gov/vuln/detail/CVE-2021-37354 CVE-2021-46262 Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the PPPoE module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. – https://nvd.nist.gov/vuln/detail/CVE-2021-46262 CVE-2021-46263 Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wifiTime module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. – https://nvd.nist.gov/vuln/detail/CVE-2021-46263 CVE-2021-46264 Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the onlineList module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. – https://nvd.nist.gov/vuln/detail/CVE-2021-46264 CVE-2021-46265 Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wanBasicCfg module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. – https://nvd.nist.gov/vuln/detail/CVE-2021-46265 CVE-2021-46321 Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wifiBasicCfg module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. – https://nvd.nist.gov/vuln/detail/CVE-2021-46321 CVE-2022-23641 Discourse is an open source discussion platform. In versions prior to 2.8.1 in the `stable` branch, 2.9.0.beta2 in the `beta` branch, and 2.9.0.beta2 in the `tests-passed` branch, users can trigger a Denial of Service attack by posting a streaming URL. Parsing Oneboxes in the background job trigger an infinite loop, which cause memory leaks. This issue is patched in version 2.8.1 of the `stable` branch, 2.9.0.beta2 of the `beta` branch, and 2.9.0.beta2 of the `tests-passed` branch. As a workaround, disable onebox in admin panel completely or specify allow list of domains that will be oneboxed. – https://nvd.nist.gov/vuln/detail/CVE-2022-23641 CVE-2021-35380 A Directory Traversal vulnerability exists in Solari di Udine TermTalk Server (TTServer) 3.24.0.2, which lets an unauthenticated malicious user gain access to the files on the remote system by gaining access to the relative path of the file they want to download (http://url:port/file?valore). – https://nvd.nist.gov/vuln/detail/CVE-2021-35380 CVE-2022-23643 Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects only the Code Monitoring feature, whereas CVE-2021-43823 also affected saved searches. A successful attack would require an authenticated bad actor to create many Code Monitors to receive confirmation that a specific string exists. This could allow an attacker to guess formatted tokens in source code, such as API keys. This issue was patched in versions 3.35.2 and 3.36.3 of Sourcegraph. Those who are unable to upgrade may disable the Code Monitor feature in their installation. – https://nvd.nist.gov/vuln/detail/CVE-2022-23643



Source link